You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2014/06/20 13:37:05 UTC
svn commit: r1604144 - in
/syncope/trunk/core/src/main/java/org/apache/syncope/core:
propagation/impl/DBPasswordPropagationActions.java
sync/impl/DBPasswordSyncActions.java
Author: coheigea
Date: Fri Jun 20 11:37:05 2014
New Revision: 1604144
URL: http://svn.apache.org/r1604144
Log:
[SYNCOPE-505] - Finished with DB Propagation Action
Modified:
syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/DBPasswordPropagationActions.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/DBPasswordSyncActions.java
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/DBPasswordPropagationActions.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/DBPasswordPropagationActions.java?rev=1604144&r1=1604143&r2=1604144&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/DBPasswordPropagationActions.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/propagation/impl/DBPasswordPropagationActions.java Fri Jun 20 11:37:05 2014
@@ -19,9 +19,13 @@
package org.apache.syncope.core.propagation.impl;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Set;
import org.apache.syncope.common.types.AttributableType;
+import org.apache.syncope.common.types.CipherAlgorithm;
+import org.apache.syncope.common.types.ConnConfProperty;
+import org.apache.syncope.core.persistence.beans.ConnInstance;
import org.apache.syncope.core.persistence.beans.PropagationTask;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.UserDAO;
@@ -38,9 +42,12 @@ import org.springframework.transaction.a
/**
* Propagate a non-cleartext password out to a resource, if the PropagationManager has not already
- * added a password.
+ * added a password. The CipherAlgorithm associated with the password must match the password
+ * cipher algorithm property of the DB Connector.
*/
public class DBPasswordPropagationActions extends DefaultPropagationActions {
+
+ private static final String CLEARTEXT = "CLEARTEXT";
@Autowired
private UserDAO userDAO;
@@ -52,12 +59,16 @@ public class DBPasswordPropagationAction
if (AttributableType.USER == task.getSubjectType()) {
SyncopeUser user = userDAO.find(task.getSubjectId());
+
if (user != null && user.getPassword() != null) {
Attribute missing = AttributeUtil.find(
PropagationTaskExecutor.MANDATORY_MISSING_ATTR_NAME,
task.getAttributes());
+
+ ConnInstance connInstance = task.getResource().getConnector();
if (missing != null && missing.getValue() != null && missing.getValue().size() == 1
- && missing.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME)) {
+ && missing.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME)
+ && cipherAlgorithmMatches(getCipherAlgorithm(connInstance), user.getCipherAlgorithm())) {
Attribute passwordAttribute = AttributeBuilder.buildPassword(
new GuardedString(user.getPassword().toCharArray()));
@@ -75,5 +86,37 @@ public class DBPasswordPropagationAction
}
}
}
+
+ private String getCipherAlgorithm(ConnInstance connInstance) {
+ String cipherAlgorithm = CLEARTEXT;
+ for (Iterator<ConnConfProperty> propertyIterator = connInstance.getConfiguration().iterator();
+ propertyIterator.hasNext();) {
+
+ ConnConfProperty property = propertyIterator.next();
+ if ("cipherAlgorithm".equals(property.getSchema().getName())
+ && property.getValues() != null && !property.getValues().isEmpty()) {
+
+ return (String) property.getValues().get(0);
+ }
+ }
+ return cipherAlgorithm;
+ }
+
+ private boolean cipherAlgorithmMatches(String connectorAlgorithm, CipherAlgorithm userAlgorithm) {
+ if (userAlgorithm == null) {
+ return false;
+ }
+
+ if (connectorAlgorithm.equals(userAlgorithm.name())) {
+ return true;
+ }
+
+ // Special check for "SHA" (user sync'd from LDAP)
+ if ("SHA1".equals(connectorAlgorithm) && "SHA".equals(userAlgorithm.name())) {
+ return true;
+ }
+
+ return false;
+ }
}
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/DBPasswordSyncActions.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/DBPasswordSyncActions.java?rev=1604144&r1=1604143&r2=1604144&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/DBPasswordSyncActions.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/DBPasswordSyncActions.java Fri Jun 20 11:37:05 2014
@@ -68,18 +68,7 @@ public class DBPasswordSyncActions exten
Connector connector = handler.getConnector();
ConnInstance connInstance = connector.getActiveConnInstance();
- String cipherAlgorithm = CLEARTEXT;
- boolean found = false;
- for (Iterator<ConnConfProperty> propertyIterator = connInstance.getConfiguration().iterator();
- propertyIterator.hasNext() && !found;) {
-
- ConnConfProperty property = propertyIterator.next();
- if ("cipherAlgorithm".equals(property.getSchema().getName())
- && property.getValues() != null && !property.getValues().isEmpty()) {
-
- cipherAlgorithm = (String) property.getValues().get(0);
- }
- }
+ String cipherAlgorithm = getCipherAlgorithm(connInstance);
if (!CLEARTEXT.equals(cipherAlgorithm)) {
try {
encodedPassword = password;
@@ -94,6 +83,21 @@ public class DBPasswordSyncActions exten
return delta;
}
+
+ private String getCipherAlgorithm(ConnInstance connInstance) {
+ String cipherAlgorithm = CLEARTEXT;
+ for (Iterator<ConnConfProperty> propertyIterator = connInstance.getConfiguration().iterator();
+ propertyIterator.hasNext();) {
+
+ ConnConfProperty property = propertyIterator.next();
+ if ("cipherAlgorithm".equals(property.getSchema().getName())
+ && property.getValues() != null && !property.getValues().isEmpty()) {
+
+ return (String) property.getValues().get(0);
+ }
+ }
+ return cipherAlgorithm;
+ }
@Transactional(readOnly = true)
@Override