You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2012/10/24 13:52:55 UTC
svn commit: r1401636 - in
/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util:
ConnObjectUtil.java PasswordGenerator.java
Author: ilgrosso
Date: Wed Oct 24 11:52:55 2012
New Revision: 1401636
URL: http://svn.apache.org/viewvc?rev=1401636&view=rev
Log:
Using new PasswordGenerator from SYNCOPE-121 for generating policy-compliant random passwords during synchronization from external resources (if needed)
Modified:
incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java
incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java
Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java?rev=1401636&r1=1401635&r2=1401636&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/ConnObjectUtil.java Wed Oct 24 11:52:55 2012
@@ -18,10 +18,12 @@
*/
package org.apache.syncope.core.util;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.RandomStringUtils;
@@ -39,10 +41,15 @@ import org.apache.syncope.core.persisten
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.SchemaMapping;
import org.apache.syncope.core.persistence.beans.SyncTask;
+import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.PolicyDAO;
+import org.apache.syncope.core.persistence.dao.ResourceDAO;
+import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.propagation.ConnectorFacadeProxy;
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
import org.apache.syncope.core.rest.data.UserDataBinder;
+import org.apache.syncope.types.PasswordPolicySpec;
import org.identityconnectors.common.security.GuardedByteArray;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.objects.Attribute;
@@ -77,6 +84,18 @@ public class ConnObjectUtil {
@Autowired
private UserDataBinder userDataBinder;
+ @Autowired
+ private PolicyDAO policyDAO;
+
+ @Autowired
+ private RoleDAO roleDAO;
+
+ @Autowired
+ private ResourceDAO resourceDAO;
+
+ @Autowired
+ private PasswordGenerator pwdGen;
+
/**
* Build an UserTO out of connector object attributes and schema mapping.
*
@@ -88,9 +107,37 @@ public class ConnObjectUtil {
public UserTO getUserTO(final ConnectorObject obj, final SyncTask syncTask) {
UserTO userTO = getUserTOFromConnObject(obj, syncTask);
- // if password was not set above, generate a random string
+ // if password was not set above, generate
if (StringUtils.isBlank(userTO.getPassword())) {
- userTO.setPassword(RandomStringUtils.randomAlphanumeric(16));
+ List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>();
+ ppSpecs.add((PasswordPolicySpec) policyDAO.getGlobalPasswordPolicy().getSpecification());
+
+ for (MembershipTO memb : userTO.getMemberships()) {
+ SyncopeRole role = roleDAO.find(memb.getRoleId());
+ if (role != null && role.getPasswordPolicy() != null
+ && role.getPasswordPolicy().getSpecification() != null) {
+
+ ppSpecs.add((PasswordPolicySpec) role.getPasswordPolicy().getSpecification());
+ }
+ }
+ for (String resName : userTO.getResources()) {
+ ExternalResource resource = resourceDAO.find(resName);
+ if (resource != null && resource.getPasswordPolicy() != null
+ && resource.getPasswordPolicy().getSpecification() != null) {
+
+ ppSpecs.add((PasswordPolicySpec) resource.getPasswordPolicy().getSpecification());
+ }
+ }
+
+ String password;
+ try {
+ password = pwdGen.generatePasswordFromPwdSpec(ppSpecs);
+ } catch (IncompatiblePolicyException e) {
+ LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
+
+ password = RandomStringUtils.randomAlphanumeric(16);
+ }
+ userTO.setPassword(password);
}
return userTO;
Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java?rev=1401636&r1=1401635&r2=1401636&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordGenerator.java Wed Oct 24 11:52:55 2012
@@ -21,7 +21,7 @@ package org.apache.syncope.core.util;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang.RandomStringUtils;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
@@ -45,6 +45,7 @@ public class PasswordGenerator {
public String generatePasswordFromPwdSpec(final List<PasswordPolicySpec> passwordPolicySpecs)
throws IncompatiblePolicyException {
+
PasswordPolicySpec policySpec = mergePolicySpecs(passwordPolicySpecs);
evaluateFinalPolicySpec(policySpec);
@@ -53,6 +54,7 @@ public class PasswordGenerator {
public String generateUserPassword(final SyncopeUser user)
throws IncompatiblePolicyException {
+
List<PasswordPolicySpec> userPasswordPolicies = new ArrayList<PasswordPolicySpec>();
PasswordPolicySpec passwordPolicySpec = policyDAO.getGlobalPasswordPolicy().getSpecification();
@@ -86,8 +88,7 @@ public class PasswordGenerator {
return generatePassword(policySpec);
}
- private PasswordPolicySpec mergePolicySpecs(List<PasswordPolicySpec> userPasswordPolicies) {
-
+ private PasswordPolicySpec mergePolicySpecs(final List<PasswordPolicySpec> userPasswordPolicies) {
PasswordPolicySpec fpps = new PasswordPolicySpec();
fpps.setMinLength(0);
fpps.setMaxLength(1000);
@@ -163,6 +164,7 @@ public class PasswordGenerator {
private void evaluateFinalPolicySpec(final PasswordPolicySpec policySpec)
throws IncompatiblePolicyException {
+
if (policySpec.getMinLength() == 0) {
LOG.error("Minimum lenght given is zero");
throw new IncompatiblePolicyException("Minimum lenght given is zero");
@@ -280,7 +282,7 @@ public class PasswordGenerator {
return generatedPassword.toString();
}
- private int randomNumber(int range) {
+ private int randomNumber(final int range) {
int randomNumber = (int) (Math.random() * (range - 1));
return randomNumber == 0 ? 1 : randomNumber;
}