You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2012/10/24 13:52:55 UTC
svn commit: r1401636 - in /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util: ConnObjectUtil.java PasswordGenerator.java

Author: ilgrosso
Date: Wed Oct 24 11:52:55 2012
New Revision: 1401636

URL: http://svn.apache.org/viewvc?rev=1401636&view=rev
Log:
Using new PasswordGenerator from SYNCOPE-121 for generating policy-compliant random passwords during synchronization from external resources (if needed)

Modified:
    incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java
    incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java

Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java?rev=1401636&r1=1401635&r2=1401636&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java Wed Oct 24 11:52:55 2012
@@ -18,10 +18,12 @@
  */
 package org.apache.syncope.core.util;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.apache.commons.lang.RandomStringUtils;
@@ -39,10 +41,15 @@ import org.apache.syncope.core.persisten
 import org.apache.syncope.core.persistence.beans.ExternalResource;
 import org.apache.syncope.core.persistence.beans.SchemaMapping;
 import org.apache.syncope.core.persistence.beans.SyncTask;
+import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
 import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.PolicyDAO;
+import org.apache.syncope.core.persistence.dao.ResourceDAO;
+import org.apache.syncope.core.persistence.dao.RoleDAO;
 import org.apache.syncope.core.propagation.ConnectorFacadeProxy;
 import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
 import org.apache.syncope.core.rest.data.UserDataBinder;
+import org.apache.syncope.types.PasswordPolicySpec;
 import org.identityconnectors.common.security.GuardedByteArray;
 import org.identityconnectors.common.security.GuardedString;
 import org.identityconnectors.framework.common.objects.Attribute;
@@ -77,6 +84,18 @@ public class ConnObjectUtil {
     @Autowired
     private UserDataBinder userDataBinder;
 
+    @Autowired
+    private PolicyDAO policyDAO;
+
+    @Autowired
+    private RoleDAO roleDAO;
+
+    @Autowired
+    private ResourceDAO resourceDAO;
+
+    @Autowired
+    private PasswordGenerator pwdGen;
+
     /**
      * Build an UserTO out of connector object attributes and schema mapping.
      *
@@ -88,9 +107,37 @@ public class ConnObjectUtil {
     public UserTO getUserTO(final ConnectorObject obj, final SyncTask syncTask) {
         UserTO userTO = getUserTOFromConnObject(obj, syncTask);
 
-        // if password was not set above, generate a random string
+        // if password was not set above, generate
         if (StringUtils.isBlank(userTO.getPassword())) {
-            userTO.setPassword(RandomStringUtils.randomAlphanumeric(16));
+            List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>();
+            ppSpecs.add((PasswordPolicySpec) policyDAO.getGlobalPasswordPolicy().getSpecification());
+
+            for (MembershipTO memb : userTO.getMemberships()) {
+                SyncopeRole role = roleDAO.find(memb.getRoleId());
+                if (role != null && role.getPasswordPolicy() != null
+                        && role.getPasswordPolicy().getSpecification() != null) {
+
+                    ppSpecs.add((PasswordPolicySpec) role.getPasswordPolicy().getSpecification());
+                }
+            }
+            for (String resName : userTO.getResources()) {
+                ExternalResource resource = resourceDAO.find(resName);
+                if (resource != null && resource.getPasswordPolicy() != null
+                        && resource.getPasswordPolicy().getSpecification() != null) {
+
+                    ppSpecs.add((PasswordPolicySpec) resource.getPasswordPolicy().getSpecification());
+                }
+            }
+
+            String password;
+            try {
+                password = pwdGen.generatePasswordFromPwdSpec(ppSpecs);
+            } catch (IncompatiblePolicyException e) {
+                LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
+
+                password = RandomStringUtils.randomAlphanumeric(16);
+            }
+            userTO.setPassword(password);
         }
 
         return userTO;

Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java?rev=1401636&r1=1401635&r2=1401636&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java Wed Oct 24 11:52:55 2012
@@ -21,7 +21,7 @@ package org.apache.syncope.core.util;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
-import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang.RandomStringUtils;
 import org.apache.syncope.core.persistence.beans.ExternalResource;
 import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
 import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
@@ -45,6 +45,7 @@ public class PasswordGenerator {
 
     public String generatePasswordFromPwdSpec(final List<PasswordPolicySpec> passwordPolicySpecs)
             throws IncompatiblePolicyException {
+
         PasswordPolicySpec policySpec = mergePolicySpecs(passwordPolicySpecs);
 
         evaluateFinalPolicySpec(policySpec);
@@ -53,6 +54,7 @@ public class PasswordGenerator {
 
     public String generateUserPassword(final SyncopeUser user)
             throws IncompatiblePolicyException {
+
         List<PasswordPolicySpec> userPasswordPolicies = new ArrayList<PasswordPolicySpec>();
         PasswordPolicySpec passwordPolicySpec = policyDAO.getGlobalPasswordPolicy().getSpecification();
 
@@ -86,8 +88,7 @@ public class PasswordGenerator {
         return generatePassword(policySpec);
     }
 
-    private PasswordPolicySpec mergePolicySpecs(List<PasswordPolicySpec> userPasswordPolicies) {
-
+    private PasswordPolicySpec mergePolicySpecs(final List<PasswordPolicySpec> userPasswordPolicies) {
         PasswordPolicySpec fpps = new PasswordPolicySpec();
         fpps.setMinLength(0);
         fpps.setMaxLength(1000);
@@ -163,6 +164,7 @@ public class PasswordGenerator {
 
     private void evaluateFinalPolicySpec(final PasswordPolicySpec policySpec)
             throws IncompatiblePolicyException {
+        
         if (policySpec.getMinLength() == 0) {
             LOG.error("Minimum lenght given is zero");
             throw new IncompatiblePolicyException("Minimum lenght given is zero");
@@ -280,7 +282,7 @@ public class PasswordGenerator {
         return generatedPassword.toString();
     }
 
-    private int randomNumber(int range) {
+    private int randomNumber(final int range) {
         int randomNumber = (int) (Math.random() * (range - 1));
         return randomNumber == 0 ? 1 : randomNumber;
     }