/*
* Copyright 2009, OpenIAM LLC
* This file is part of the OpenIAM Identity and Access Management Suite
*
* OpenIAM Identity and Access Management Suite is free software:
* you can redistribute it and/or modify
* it under the terms of the Lesser GNU General Public License
* version 3 as published by the Free Software Foundation.
*
* OpenIAM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* Lesser GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with OpenIAM. If not, see <http://www.gnu.org/licenses/>. *
*/
/**
*
*/
package org.openiam.provision.service;
import java.net.URL;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.xml.ws.Service;
import javax.xml.ws.soap.SOAPBinding;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openiam.base.AttributeOperationEnum;
import org.openiam.base.SysConfiguration;
import org.openiam.base.id.UUIDGen;
import org.openiam.base.ws.Response;
import org.openiam.base.ws.ResponseCode;
import org.openiam.base.ws.ResponseStatus;
import org.openiam.exception.EncryptionException;
import org.openiam.exception.ObjectNotFoundException;
import org.openiam.idm.srvc.audit.service.AuditHelper;
import org.openiam.idm.srvc.audit.dto.IdmAuditLog;
import org.openiam.idm.srvc.audit.service.IdmAuditLogDataService;
import org.openiam.idm.srvc.auth.dto.Login;
import org.openiam.idm.srvc.auth.dto.LoginId;
import org.openiam.idm.srvc.auth.login.LoginDAO;
import org.openiam.idm.srvc.auth.login.LoginDataService;
import org.openiam.idm.srvc.continfo.dto.Address;
import org.openiam.idm.srvc.continfo.dto.EmailAddress;
import org.openiam.idm.srvc.continfo.dto.Phone;
import org.openiam.idm.srvc.grp.dto.Group;
import org.openiam.idm.srvc.grp.service.GroupDataService;
import org.openiam.idm.srvc.mngsys.dto.AttributeMap;
import org.openiam.idm.srvc.mngsys.dto.ManagedSys;
import org.openiam.idm.srvc.mngsys.dto.ProvisionConnector;
import org.openiam.idm.srvc.mngsys.service.ConnectorDataService;
import org.openiam.idm.srvc.mngsys.service.ManagedSystemDataService;
import org.openiam.idm.srvc.org.dto.Organization;
import org.openiam.idm.srvc.org.service.OrganizationDataService;
import org.openiam.idm.srvc.policy.dto.Policy;
import org.openiam.idm.srvc.pswd.dto.Password;
import org.openiam.idm.srvc.pswd.dto.PasswordValidationCode;
import org.openiam.idm.srvc.pswd.service.PasswordGenerator;
import org.openiam.idm.srvc.pswd.service.PasswordService;
import org.openiam.idm.srvc.res.dto.Resource;
import org.openiam.idm.srvc.res.dto.ResourceProp;
import org.openiam.idm.srvc.res.dto.ResourceRole;
import org.openiam.idm.srvc.res.service.ResourceDataService;
import org.openiam.idm.srvc.role.dto.Role;
import org.openiam.idm.srvc.role.service.RoleDataService;
import org.openiam.idm.srvc.user.dto.Supervisor;
import org.openiam.idm.srvc.user.dto.User;
import org.openiam.idm.srvc.user.dto.UserAttribute;
import org.openiam.idm.srvc.user.dto.UserStatusEnum;
import org.openiam.idm.srvc.user.service.UserDataService;
import org.openiam.provision.dto.AccountLockEnum;
import org.openiam.provision.dto.PasswordSync;
import org.openiam.provision.dto.ProvisionGroup;
import org.openiam.provision.dto.ProvisionModelEnum;
import org.openiam.provision.dto.ProvisionUser;
import org.openiam.provision.resp.LookupUserResponse;
import org.openiam.provision.resp.PasswordResponse;
import org.openiam.provision.resp.ProvisionUserResponse;
import org.openiam.provision.type.ExtensibleObject;
import org.openiam.provision.type.ExtensibleUser;
import org.openiam.provision.type.ExtensibleAttribute;
import org.openiam.script.ScriptFactory;
import org.openiam.script.ScriptIntegration;
import org.openiam.spml2.interf.ConnectorService;
import org.openiam.spml2.msg.AddRequestType;
import org.openiam.spml2.msg.DeleteRequestType;
import org.openiam.spml2.msg.ExtensibleType;
import org.openiam.spml2.msg.ModificationType;
import org.openiam.spml2.msg.ModifyRequestType;
import org.openiam.spml2.msg.PSOIdentifierType;
import org.openiam.spml2.msg.ResponseType;
import org.openiam.spml2.msg.StatusCodeType;
import org.openiam.spml2.msg.password.SetPasswordRequestType;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.apache.cxf.frontend.ClientProxyFactoryBean;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
/**
* @author suneet
*
*/
@WebService(endpointInterface = "org.openiam.provision.service.ProvisionService",
targetNamespace = "http://www.openiam.org/service/provision",
portName = "ProvisionControllerServicePort",
serviceName = "ProvisionControllerService")
public class ProvisionServiceImpl
implements ProvisionService, ApplicationContextAware {
protected static final Log log = LogFactory.getLog(ProvisionServiceImpl.class);
public static ApplicationContext ac;
protected UserDataService userMgr;
protected LoginDataService loginManager;
protected LoginDAO loginDao;
protected IdmAuditLogDataService auditDataService;
protected ConnectorDataService connectorService;
protected ManagedSystemDataService managedSysService;
protected RoleDataService roleDataService;
protected GroupDataService groupManager;
protected String connectorWsdl;
protected String defaultProvisioningModel;
protected SysConfiguration sysConfiguration;
protected ResourceDataService resourceDataService;
protected String scriptEngine;
protected OrganizationDataService orgManager;
protected PasswordService passwordDS;
protected AuditHelper auditHelper;
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#addGroup(org.openiam.provision.dto.ProvisionGroup)
*/
public ProvisionGroup addGroup(ProvisionGroup group) {
// TODO Auto-generated method stub
return null;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#addUser(org.openiam.provision.dto.ProvisionUser)
*/
public ProvisionUserResponse addUser(ProvisionUser provUser) {
Organization org = null;
Map<String, ManagedSysAttributes> managedSysMap = new HashMap<String, ManagedSysAttributes>();
ScriptIntegration se = null;
String secDomain = null;
String password = null;
Login primaryLogin = null;
Map<String, Object> bindingMap = new HashMap<String, Object>();
password = PasswordGenerator.generatePassword(10);
try {
se = ScriptFactory.createModule(this.scriptEngine);
}catch(Exception e) {
e.printStackTrace();
}
bindingMap.put("context", ac);
String gmSysKey = (String)se.execute(bindingMap, "provision/globalManagerSyskey.groovy");
//TODO: Add policies to validate the request
//TODO: Add policies to enhance the request
// add the gmsyskey attribute
UserAttribute uAttr = new UserAttribute();
uAttr.setName("GM_SYSKEY");
uAttr.setValue(gmSysKey);
provUser.getUserAttributes().put("GM_SYSKEY", uAttr);
log.info("addUser called.");
log.info("Creating user in openiam repository");
// create a user in the openiam repository
User user = provUser.getUser();
log.info("User alternate in addUser=" + user.getAlternateContactId());
// temp hack
if (user.getCompanyId() != null) {
org = orgManager.getOrganization(user.getCompanyId());
}
List<Login> principalList = provUser.getPrincipalList();
if ( principalList == null) {
principalList = new ArrayList<Login>();
}
bindingMap.put("sysId", "1");
bindingMap.put("user", user);
bindingMap.put("org", org);
bindingMap.put("password", password);
if (principalList.get(0) != null) {
primaryLogin = principalList.get(0);
log.info("primary login=" + primaryLogin);
bindingMap.put("lg",primaryLogin);
secDomain = primaryLogin.getId().getDomainId();
}
/* -- Temp hack -- */
String networxId = (String)se.execute(bindingMap, "provision/networxId.groovy");
String globalManagerId = (String)se.execute(bindingMap, "provision/globalManagerId.groovy");
/* LoginId networkLgId = new LoginId(secDomain, networxId, "1" );
Login networxLg = new Login();
networxLg.setId(networkLgId);
networxLg.setPassword(password);
networxLg.setStatus("ACTIVE");
principalList.add(networxLg);
LoginId gmLgId = new LoginId(secDomain, globalManagerId, "2" );
Login gmLg = new Login();
gmLg.setId(gmLgId);
gmLg.setStatus("ACTIVE");
principalList.add(gmLg);
*/
//
User newUser = userMgr.addUser(user);
if (newUser == null || newUser.getUserId() == null) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
}
log.info("User created in openiam repository");
Supervisor supervisor = provUser.getSupervisor();
if (supervisor != null && supervisor.getSupervisor() != null) {
supervisor.setEmployee(user);
userMgr.addSupervisor(supervisor);
log.info("created user supervisor");
}
log.info("Associated a user to a group");
List<Group> groupList = provUser.getMemberOfGroups();
log.info("Group list = " + groupList);
if (groupList != null) {
for ( Group g : groupList) {
// check if the group id is valid
if (g.getGrpId() == null) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode( ResponseCode.GROUP_ID_NULL);
return resp;
}
if ( groupManager.getGroup(g.getGrpId()) == null) {
if (g.getGrpId() == null) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.GROUP_ID_NULL);
return resp;
}
}
groupManager.addUserToGroup(g.getGrpId(), newUser.getUserId());
}
}
log.info("Associating users to a role");
List<Role> roleList = provUser.getMemberOfRoles();
log.info("Role list = " + roleList);
if (roleList != null && roleList.size() > 0) {
for (Role r: roleList) {
// check if the roleId is valid
if (r.getId().getServiceId() == null || r.getId().getRoleId() == null) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode( ResponseCode.ROLE_ID_NULL);
return resp;
}
if (roleDataService.getRole(r.getId().getServiceId(), r.getId().getRoleId()) == null ) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.ROLE_ID_INVALID);
return resp;
}
roleDataService.addUserToRole(r.getId().getServiceId(), r.getId().getRoleId(), newUser.getUserId());
}
}
// determine if this is role based, rule base or static list for provisioning the apps
// for now, assume that its role based.
log.info("default provisioning model=" + defaultProvisioningModel);
log.info("create user identities");
// temp hack - tack on the network identity
//ManagedSysAttributes sysAttribute = null;
/* Start with 1 role first and build from there. */
if (roleList != null && roleList.size() > 0) {
List<Resource> roleResource = getResourcesForRole(roleList);
// collect all the resources that belong to a managed system execute their policies
if (roleResource != null) {
log.info("List of resources for roles = " + roleResource.size());
// for each resource, get the list of polices and execute them.
for (Resource res : roleResource) {
if (res.getName().equalsIgnoreCase("GLOBAL MANAGER")) {
LoginId gmLgId = new LoginId(secDomain, globalManagerId, "2" );
Login gmLg = new Login();
gmLg.setId(gmLgId);
gmLg.setStatus("ACTIVE");
principalList.add(gmLg);
}
if (res.getName().equalsIgnoreCase("NETWORX")) {
LoginId networkLgId = new LoginId(secDomain, networxId, "1" );
Login networxLg = new Login();
networxLg.setId(networkLgId);
networxLg.setPassword(password);
networxLg.setStatus("ACTIVE");
principalList.add(networxLg);
}
}
}
}
// persist the list of identities in the openiam repository
log.info("Persisting identity count=" + principalList.size());
if (principalList != null) {
for (Login lg : principalList) {
Login newLg = new Login();
LoginId newLgId = new LoginId();
newLgId = lg.getId();
newLg.setId(newLgId);
newLg.setUserId(newUser.getUserId());
newLg.setFirstTimeLogin(1);
newLg.setStatus("ACTIVE");
String pswd = lg.getPassword();
if (pswd != null) {
try {
newLg.setPassword(loginManager.encryptPassword(pswd));
}catch(EncryptionException e) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.FAIL_ENCRYPTION);
return resp;
}
}
//lg.setUserId(newUser.getUserId());
//lg.setFirstTimeLogin(1);
//lg.setStatus("ACTIVE");
//log.info("--Principal=" + lg);
loginManager.addLogin(newLg);
log.info("--added identity:" + lg.getId());
}
}
log.info("Creating user in managed systems..");
//TODO add the capability to get the list of applications if a role is specified
//TODO - if the configuration on the form is based on rules, then process that to get the list of apps
//TODO - get the list of apps from the user.
String requestId = null;
List<Login> appList = provUser.getPrincipalList();
boolean syncCalled = false;
if (principalList != null) {
log.info("principal list size=" + principalList.size());
for (Login lg : principalList) {
log.info("Login object=" + lg);
if (!lg.getId().getManagedSysId().equals("0") && !syncCalled) {
log.info("Login managedsys is =" + lg.getId().getManagedSysId());
// get the managed system for the identity - ignore the managed system id that is linked to openiam's repository
//ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId());
ManagedSys managedSys = managedSysService.getManagedSys("1");
log.info("Managedsys object= " + managedSys);
if (managedSys != null) {
log.info("Managed sys found for managedSysId=" + lg.getId() );
// collection of attributes that were determined earlier
ManagedSysAttributes sysAttribute = managedSysMap.get(managedSys.getManagedSysId());
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
log.info("Connector found for " + connector.getConnectorId() );
if (connector != null) {
//Service service = Service.create(QName.valueOf("http://localhost:8080/idm-connector-ws/ExampleConnectorService"));
Service service = Service.create(QName.valueOf(connector.getServiceUrl()));
service.addPort(new QName(connector.getServiceNameSpace(),
connector.getServicePort()),
SOAPBinding.SOAP11HTTP_BINDING,
connector.getServiceUrl());
ConnectorService port = service.getPort(new QName(connector.getServiceNameSpace(),
connector.getServicePort()),
ConnectorService.class);
log.info("connector service client " + port);
AddRequestType addReqType = new AddRequestType();
PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(),null, "target");
addReqType.setPsoID(idType);
requestId = "R" + System.currentTimeMillis();
addReqType.setRequestID(requestId);
addReqType.setTargetID(lg.getId().getManagedSysId());
ExtensibleUser extUser = null;
//TODO - Move to use groovy script based on attribute policies so that this is dynamic.
try {
extUser = UserAttributeHelper.newUser(provUser);
}catch(Exception e) {
e.printStackTrace();
log.error(e);
}
// ExtensibleUser extUser = sysAttribute.getExtUser();
// log.info("Ext user being sent to connector = " + extUser);
//addReqType.getData().getAny().add(sysAttribute.getExtUser());
addReqType.getData().getAny().add(extUser);
port.add(addReqType);
syncCalled = true;
}
}else {
log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId() );
}
}
// get the connector
}
}
auditHelper.addLog("NEW USER", provUser.getSecurityDomain(), primaryLogin.getId().getLogin(),
"IDM SERVICE", provUser.getCreatedBy(), "0", "USER", newUser.getUserId(),
null, "SUCCESS", null, "USER_STATUS",
provUser.getUser().getStatus().toString(),
requestId, null, null, null);
/* String action,String domainId, String principal,
String srcSystem, String userId, String targetSystem, String objectType, String objectId, String objectName,
String actionStatus, String linkedLogId, String attrName, String attrValue,
String requestId, String reason
*/
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.SUCCESS);
provUser.setUserId(newUser.getUserId());
resp.setUser(provUser);
return resp;
}
private String getResProperty(Set<ResourceProp> resPropSet, String propertyName) {
String value = null;
if (resPropSet == null) {
return null;
}
Iterator<ResourceProp> propIt = resPropSet.iterator();
while (propIt.hasNext()) {
ResourceProp prop = propIt.next();
if (prop.getName().equalsIgnoreCase(propertyName)) {
return prop.getPropValue();
}
}
return value;
}
private List<Resource> getResourcesForRole(List<Role> roleList) {
log.info("GetResourcesForRole().....");
// get the list of ids
String domainId = null;
List<String> roleIdList = new ArrayList<String>();
if (roleList == null) {
return null;
}
for (Role rl : roleList) {
if (domainId == null) {
domainId = rl.getId().getServiceId();
}
log.info("-Adding role." + rl.getId().getRoleId());
roleIdList.add( rl.getId().getRoleId() );
}
List<Resource> roleResources =
resourceDataService.getResourcesForRoles(domainId, roleIdList);
//getResourcesForRoleList(domainId, roleIdList);
return roleResources;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#deleteGroup(java.lang.String)
*/
public ProvisionGroup deleteGroup(String groupId) {
// TODO Auto-generated method stub
return null;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#deleteUser(java.lang.String, java.lang.String, java.lang.String)
*/
public ProvisionUserResponse deleteUser(String securityDomain,
String managedSystemId, String principal, UserStatusEnum status,
String requestorId ) {
log.info("deleteUser called.");
ProvisionUserResponse resp = new ProvisionUserResponse();
Login login = loginManager.getLoginByManagedSys(securityDomain,
principal, managedSystemId);
if (login == null) {
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.PRINCIPAL_NOT_FOUND);
return resp;
}
// change the status on the identity
login.setStatus("INACTIVE");
loginManager.updateLogin(login);
if (login.getId().getManagedSysId().equals("0") ) {
// Turning off the primary identity - change the status on the user
String userId = login.getUserId();
if (userId != null) {
User usr = userMgr.getUserWithDependent(userId, false);
usr.setStatus(UserStatusEnum.DELETED);
userMgr.updateUser(usr);
}
}
List<Login> principalList = loginManager.getLoginByUser(login.getUserId());
if (principalList != null) {
for ( Login lg : principalList) {
// get the managed system for the identity - ignore the managed system id that is linked to openiam's repository
if (!lg.getId().getManagedSysId().equalsIgnoreCase(this.sysConfiguration.getDefaultManagedSysId())) {
//if (!lg.getId().getManagedSysId().equalsIgnoreCase(passwordSync.getManagedSystemId())) {
ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId());
if (managedSys != null) {
log.debug("Managed sys found for managedSysId=" + lg.getId().getManagedSysId() );
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
if (connector != null) {
ClientProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(ConnectorService.class);
log.info("Service endpoint : " + connector.getServiceUrl() );
factory.setAddress(connector.getServiceUrl());
javax.xml.namespace.QName qname = javax.xml.namespace.QName.valueOf(connector.getServiceNameSpace());
factory.setEndpointName(qname);
ConnectorService client = (ConnectorService) factory.create();
log.info("connector service client " + client);
DeleteRequestType deleteRequest = new DeleteRequestType();
PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(),null, lg.getId().getManagedSysId());
deleteRequest.setRequestID("R" + System.currentTimeMillis());
deleteRequest.setRecursive(new Boolean(true));
deleteRequest.setPsoID(idType);
ResponseType respType = client.delete(deleteRequest);
if (respType == null) {
log.info("Response object from set password is null");
resp.setStatus(ResponseStatus.FAILURE);
return resp;
}
if (respType.getStatus() == null) {
log.info("Response status is null");
resp.setStatus(ResponseStatus.FAILURE);
return resp;
}
log.info("Response status=" + resp.getStatus());
}
}else {
log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId() );
}
}
// get the connector
}
}
resp.setStatus(ResponseStatus.SUCCESS);
return resp;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#modifyGroup(org.openiam.provision.dto.ProvisionGroup)
*/
public ProvisionGroup modifyGroup(ProvisionGroup group) {
// TODO Auto-generated method stub
return null;
}
private void showRoles(List<Role> activeRoleList) {
log.info("show the roles:");
if (activeRoleList != null) {
for (Role r: activeRoleList) {
log.info("-active role id: " + r.getId().getRoleId());
}
}
}
private List<String> removeFromInactiveResList(String managedSysId, List<String> inactiveResourceList) {
List<String> resList = new ArrayList<String>();
resList.addAll(inactiveResourceList);
// int ctr = 0;
for (String s : resList) {
if (s.equalsIgnoreCase(managedSysId)) {
log.info("-- Removing resource: " + s);
inactiveResourceList.remove(s);
// inactiveResourceList.remove(ctr);
// ctr++;
}
}
return inactiveResourceList;
}
private boolean onInactiveList(String managedSysId, List<String> inactiveResourceList ) {
boolean gmActive = false;
boolean networx = false;
for (String s : inactiveResourceList) {
if (s.equalsIgnoreCase("2")) {
gmActive = true;
}
if (s.equalsIgnoreCase("1")) {
networx = true;
}
}
if (gmActive == true && networx == true) {
return true;
}
return false;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#modifyUser(org.openiam.provision.dto.ProvisionUser)
*/
public ProvisionUserResponse modifyUser(ProvisionUser provUser) {
log.info("modifyUser called.");
List<String> inactiveResourceList = new ArrayList<String>();
//TODO: Add policies to validate the request
//TODO: Add policies to enhance the request
// get the current user object - update it with the new values and then save it
User origUser = userMgr.getUserWithDependent(provUser.getUserId(), true);
if (origUser == null || origUser.getUserId() == null) {
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.FAILURE);
return resp;
}
// origUser2 is used for comparison purposes in the sync process
//User currentUser2 = userMgr.getUserWithDependent(provUser.getUserId(), true);
User currentUser2 = UserAttributeHelper.cloneUser(origUser);
List<Role> curRoleList = roleDataService.getUserRolesAsFlatList(provUser.getUserId());
List<Group> curGroupList = this.groupManager.getUserInGroupsAsFlatList(provUser.getUserId());
log.info("** 1) Deptcd in Orig=" + currentUser2.getDeptCd());
User newUser = provUser.getUser();
log.info("** 1a) Deptcd in Orig=" + currentUser2.getDeptCd());
log.info("** Deptcd in new=" + newUser.getDeptCd());
updateUserObject(origUser, newUser);
log.info("Modifying user in openiam repository");
String requestId = "R" + System.currentTimeMillis();
userMgr.updateUserWithDependent(origUser, true);
// get the primary identity
Login primaryLg = loginManager.getPrimaryIdentity(origUser.getUserId());
String primaryId = null;
if (primaryLg != null) {
primaryId = primaryLg.getId().getLogin();
}
log.info("Primary id=" + primaryId);
log.info("logging primary modify user" );
String logId = auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(), primaryId,
"IDM SERVICE", provUser.getUser().getLastUpdatedBy(), "0","USER", provUser.getUserId(), null,"SUCCESS", null, "USER_STATUS",
provUser.getUser().getStatus().toString(),
requestId, null,null, null).getLogId();
updateGroupAssociation(origUser.getUserId(), provUser.getMemberOfGroups(), logId, requestId, provUser.getUser().getLastUpdatedBy(), primaryId);
updateRoleAssociation(origUser.getUserId(), provUser.getMemberOfRoles(), logId, requestId, provUser.getUser().getLastUpdatedBy(), primaryId);
updateSupervisor(newUser, provUser.getSupervisor());
// update the identities
List<Login> tempPrincipalList = provUser.getPrincipalList();
log.info("pricipallist = " + tempPrincipalList);
if ( tempPrincipalList != null && tempPrincipalList.size() > 0) {
updatePrincipals(newUser, provUser.getPrincipalList());
}
// temp hack
List<Login> curPrincipalList = loginManager.getLoginByUser(origUser.getUserId());
Login primaryLogin = null;
String secDomain = null;
for ( Login lg : curPrincipalList) {
if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) {
primaryLogin = lg;
secDomain = primaryLogin.getId().getDomainId();
//rolePrincipalList.add(lg);
}
// build the active-inactive list of resources
if (lg.getStatus() != null && lg.getStatus().equalsIgnoreCase("INACTIVE")) {
inactiveResourceList.add(lg.getId().getManagedSysId());
}
}
List<Login>principalList = provUser.getPrincipalList();
String password = PasswordGenerator.generatePassword(10);
ScriptIntegration se = null;
Organization org = null;
if (origUser.getCompanyId() != null) {
org = orgManager.getOrganization(origUser.getCompanyId());
}
Map<String, Object> bindingMap = new HashMap<String, Object>();
bindingMap.put("context", ac);
bindingMap.put("sysId", "1");
bindingMap.put("user", newUser);
bindingMap.put("org", org);
bindingMap.put("password", password);
bindingMap.put("lg", primaryLogin);
try {
se = ScriptFactory.createModule(this.scriptEngine);
}catch(Exception e) {
e.printStackTrace();
}
String networxId = (String)se.execute(bindingMap, "provision/networxId.groovy");
String globalManagerId = (String)se.execute(bindingMap, "provision/globalManagerId.groovy");
String gmSysKey = (String)se.execute(bindingMap, "provision/globalManagerSyskey.groovy");
/* -- Temp hack -- */
//
// send message to the connectors.
log.info("User created in openiam repository");
List<Role> activeRoleList = this.roleDataService.getUserRolesAsFlatList(origUser.getUserId()); // provUser.getActiveMemberOfRoles();
showRoles(activeRoleList);
//List<Role> roleList = provUser.getMemberOfRoles();
List<Login> rolePrincipalList = new ArrayList<Login>();
if (activeRoleList != null && activeRoleList.size() > 0) {
log.info("Active role List= " + activeRoleList.size());
List<Resource> roleResource = getResourcesForRole(activeRoleList);
// collect all the resources that belong to a managed system execute their policies
if (roleResource != null) {
log.info("**** List of resources for roles = " + roleResource.size());
// for each resource, get the list of polices and execute them.
for (Resource res : roleResource) {
// CHECK IF this resource is in the rolePrincipal list
// if it is make sure that its active
// if its not there, the add it.
log.info("Checking resource id = " + res.getResourceId());
log.info("Role principal list size = " + rolePrincipalList.size());
boolean found = false;
for ( Login l : curPrincipalList ) {
log.info("checking identity: " + l.getId() + " " + l.getId().getManagedSysId() );
if (l.getId().getManagedSysId().equalsIgnoreCase(res.getResourceId())) {
// found
log.info("-Match for resource found. Setting status to active.");
l.setPasswordChangeCount(0);
l.setAuthFailCount(0);
l.setStatus("ACTIVE");
found = true;
rolePrincipalList.add(l);
// remove from the inactive list
log.info("Res made active....=" + l.getId().getManagedSysId());
log.info("InactiveResoruceList size=" + inactiveResourceList);
inactiveResourceList = removeFromInactiveResList(l.getId().getManagedSysId(),inactiveResourceList);
log.info("InactiveResoruceList after update size=" + inactiveResourceList);
}
}
if (!found) {
log.info("-Match for resource not found. added identity for " + res.getName());
if (res.getName().equalsIgnoreCase("GLOBAL MANAGER")) {
LoginId gmLgId = new LoginId(secDomain, globalManagerId, "2" );
Login gmLg = new Login();
gmLg.setId(gmLgId);
gmLg.setPasswordChangeCount(0);
gmLg.setAuthFailCount(0);
gmLg.setStatus("ACTIVE");
rolePrincipalList.add(gmLg);
log.info("GM made active....");
log.info("InactiveResoruceList size=" + inactiveResourceList);
inactiveResourceList = removeFromInactiveResList(gmLg.getId().getManagedSysId(),inactiveResourceList);
auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(),
primaryId, "IDM SERVICE",
provUser.getUser().getLastUpdatedBy(), "0",
"USER", provUser.getUserId(), null ,"SUCCESS", logId, "NEW IDENTITY",
res.getName(),
requestId, null, null, null);
}
if (res.getName().equalsIgnoreCase("NETWORX")) {
LoginId networkLgId = new LoginId(secDomain, networxId, "1" );
Login networxLg = new Login();
networxLg.setId(networkLgId);
networxLg.setPassword(password);
networxLg.setPasswordChangeCount(0);
networxLg.setAuthFailCount(0);
networxLg.setStatus("ACTIVE");
rolePrincipalList.add(networxLg);
auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(),
primaryId, "IDM SERVICE",
provUser.getUser().getLastUpdatedBy(), "0",
"USER", provUser.getUserId(), null, "SUCCESS", logId, "NEW IDENTITY",
res.getName(),
requestId, null, null, null);
}
}
}
}
}
// determine if there are modifications to be made to the list of identities
if (curPrincipalList != null) {
for ( Login lg : curPrincipalList) {
if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) {
rolePrincipalList.add(lg);
}
}
// IF A VALUE IS IN THE CURRENT LIST, BUT NOT in the rolelist, then delete it
log.info("Searching the curent principal list...");
for (Login curLg : curPrincipalList) {
log.info("cur lg sysid = " + curLg.getId().getManagedSysId());
boolean found = false;
for (Login roleLg : rolePrincipalList) {
if (roleLg.getId().getManagedSysId().equalsIgnoreCase(curLg.getId().getManagedSysId())) {
found = true;
}
}
if (!found) {
curLg.setOperation(AttributeOperationEnum.DELETE);
curLg.setStatus("INACTIVE");
rolePrincipalList.add(curLg);
auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(),
primaryId, "IDM SERVICE",
provUser.getUser().getLastUpdatedBy(), "0",
"USER", provUser.getUserId(), null,"SUCCESS", logId, "DISABLE IDENTITY",
curLg.getId().getLogin(),
requestId, null, null, null);
}
}
}
log.info("** A) Deptcd in Orig=" + currentUser2.getDeptCd());
// IF A VALUE IS IN THE CURRENT LIST, BUT NOT in the rolelist, then delete it
// if a role is define
if (activeRoleList != null) {
log.info("-- updatePrincipals will be called.");
updatePrincipals(newUser, rolePrincipalList);
}
log.info("--Check the status of this request.");
// if the status has been set to TERMINATE - THEN SET THE IDENTITIES TO INACTIVE
if ( isTerminate(newUser)) {
log.info("--Status has been changed to terminate.");
for ( Login lg : rolePrincipalList) {
lg.setStatus("INACTIVE");
log.info("Updating status for login=" + lg.getId());
loginManager.updateLogin(lg);
}
}else {
log.info("-- Status is not TERMINATE.");
for ( Login lg : rolePrincipalList) {
if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) {
lg.setStatus("ACTIVE");
lg.setPasswordChangeCount(0);
lg.setAuthFailCount(0);
log.info("Updating status TO ACTIVE for login=" + lg.getId());
loginManager.updateLogin(lg);
}
}
}
// pass 2 - check the current list with the role list
provUser.setPrincipalList(rolePrincipalList);
log.info("ROLE principal list (Before SPML block) = " + rolePrincipalList);
// show inactive list
log.info ("---- show inactivelist ----");
for (String s : inactiveResourceList) {
log.info("Inactive resource: " + s);
}
//
//List<Login> principalList = provUser.getPrincipalList();
if (rolePrincipalList != null) {
log.info("Role based principal list size=" + rolePrincipalList.size());
for (Login lg : rolePrincipalList) {
log.info("Login object=" + lg);
if (!lg.getId().getManagedSysId().equals("0") &&
//lg.getStatus().equalsIgnoreCase("ACTIVE") ) {
!onInactiveList(lg.getId().getManagedSysId(),inactiveResourceList ) ) {
//lg.getStatus().equalsIgnoreCase("ACTIVE")) {
log.info("Login managedsys is =" + lg.getId().getManagedSysId());
// get the managed system for the identity - ignore the managed system id that is linked to openiam's repository
ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId());
log.info("Managedsys object= " + managedSys);
// CHECK IF WE HAVE A NETWORX ID. IF WE DO, THEN LEAVE IT ALONE.
// IF WE DONT, THEN HARD CODE THE CALL.
if (!networx(rolePrincipalList)) {
managedSys = managedSysService.getManagedSys("1");
log.info("Get the connector =" + managedSys);
}
if (managedSys != null) {
log.info("Managed sys found for managedSysId=" + lg.getId() );
// collection of attributes that were determined earlier
//ManagedSysAttributes sysAttribute = managedSysMap.get(managedSys.getManagedSysId());
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
log.info("Connector found for " + connector.getConnectorId() );
if (connector != null) {
//Service service = Service.create(QName.valueOf("http://localhost:8080/idm-connector-ws/ExampleConnectorService"));
Service service = Service.create(QName.valueOf(connector.getServiceUrl()));
service.addPort(new QName(connector.getServiceNameSpace(),
connector.getServicePort()),
SOAPBinding.SOAP11HTTP_BINDING,
connector.getServiceUrl());
ConnectorService port = service.getPort(new QName(connector.getServiceNameSpace(),
connector.getServicePort()),
ConnectorService.class);
log.info("connector service client " + port);
ModifyRequestType modReqType = new ModifyRequestType();
PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(),null, "target");
idType.setTargetID(lg.getId().getManagedSysId());
modReqType.setPsoID(idType);
modReqType.setRequestID(requestId);
ExtensibleUser extUser = null;
//TODO - Move to use groovy script based on attribute policies so that this is dynamic.
// check if we have the syskey in this
UserAttribute gmAtt = currentUser2.getAttribute("GM_SYSKEY");
log.info("gmAtt=" + gmAtt.getValue());
log.info("** b) Deptcd in Orig=" + currentUser2.getDeptCd());
try {
extUser = UserAttributeHelper.modifyUser(currentUser2, curRoleList, curGroupList, provUser);
}catch(Exception e) {
e.printStackTrace();
log.error(e);
}
// ExtensibleUser extUser = sysAttribute.getExtUser();
// log.info("Ext user being sent to connector = " + extUser);
log.info("Ext user attributes=" + extUser.getAttributes().size());
ModificationType mod = new ModificationType();
mod.getData().getAny().add(extUser);
List<ModificationType> modTypeList = modReqType.getModification();
modTypeList.add(mod);
port.modify(modReqType);
//addReqType.getData().getAny().add(sysAttribute.getExtUser());
//port.add(addReqType);
}
}else {
log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId() );
}
}
// get the connector
}
}
ProvisionUserResponse resp = new ProvisionUserResponse();
resp.setStatus(ResponseStatus.SUCCESS);
return resp;
}
private boolean isTerminate(User newUser) {
if (newUser.getStatus() == UserStatusEnum.TERMINATE ||
newUser.getStatus() == UserStatusEnum.LEAVE ||
newUser.getStatus() == UserStatusEnum.INACTIVE ||
newUser.getStatus() == UserStatusEnum.DELETED) {
return true;
}
return false;
}
private boolean networx(List<Login> rolePrincipalList) {
if (rolePrincipalList == null) {
return false;
}
for ( Login l : rolePrincipalList) {
if (l.getId().getManagedSysId().equalsIgnoreCase("1")) {
return true;
}
}
return false;
}
private void updatePrincipals(User newUser, List<Login> principalList) {
log.info(" -- Update principals called...");
if (principalList == null) {
return;
}
// get the primary users identity and set that as the new identity
String newLogin = null;
for (Login lg: principalList) {
if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) {
newLogin = lg.getId().getLogin();
}
}
log.info("----New identity=" + newLogin);
//
for (Login lg: principalList) {
// check if its new / updated or to be removed
Login l = loginDao.findLoginByManagedSys(lg.getId().getDomainId(), lg.getId().getManagedSysId(), newUser.getUserId());
//List<Login> currentPrincipalList = loginManager.getLoginByUser(newUser.getUserId());
//int result = checkPrincipal(lg, currentPrincipalList);
if (l == null) {
// new
log.info("New Login");
lg.setUserId(newUser.getUserId());
lg.setIsLocked(0);
lg.setCreateDate(new Date(System.currentTimeMillis()));
loginManager.addLogin(lg);
}else {
//if (!l.getId().getLogin().equalsIgnoreCase(lg.getId().getLogin())) {
if (!l.getId().getManagedSysId().equalsIgnoreCase("1")) {
// update
log.info("removed Identity");
loginDao.remove(l);
log.info("adding newidentity");
Login newIdentity = new Login();
LoginId newIdentityId = new LoginId();
newIdentityId.setDomainId(l.getId().getDomainId());
newIdentityId.setLogin(newLogin);
newIdentityId.setManagedSysId(l.getId().getManagedSysId());
//newIdentityId.
newIdentity.setId(newIdentityId);
newIdentity.setUserId(newUser.getUserId());
newIdentity.getId().setLogin(newLogin);
newIdentity.setAuthFailCount(l.getAuthFailCount());
newIdentity.setCanonicalName(l.getCanonicalName());
newIdentity.setCreateDate(l.getCreateDate());
newIdentity.setCreatedBy(l.getCreatedBy());
newIdentity.setFirstTimeLogin(l.getFirstTimeLogin());
newIdentity.setGracePeriod(l.getGracePeriod());
newIdentity.setIsDefault(l.getIsDefault());
newIdentity.setIsLocked(l.getIsLocked());
newIdentity.setLastAuthAttempt(l.getLastAuthAttempt());
newIdentity.setLastLogin(l.getLastLogin());
newIdentity.setPassword(l.getPassword());
newIdentity.setPasswordChangeCount(l.getPasswordChangeCount());
newIdentity.setPwdChanged(l.getPwdChanged());
newIdentity.setPwdExp(l.getPwdExp());
newIdentity.setStatus(l.getStatus());
log.info("Updating identity: " + newIdentity.getId().getLogin() + " " + newIdentity.getId().getManagedSysId());
loginManager.addLogin(newIdentity);
}
// do nothing
}
//}
}
}
private int checkPrincipal(Login lg, List<Login> currentPrincipalList) {
if (currentPrincipalList == null ) {
// add this identity - its new
return 1;
}
for (Login currentLg : currentPrincipalList) {
if (currentLg.getId().getDomainId().equalsIgnoreCase(lg.getId().getDomainId()) &&
currentLg.getId().getManagedSysId().equalsIgnoreCase(lg.getId().getManagedSysId())) {
// found - now check if a change has occurred
if (currentLg.getId().getLogin().equalsIgnoreCase(lg.getId().getLogin())) {
// do nothing
return 0;
}else {
// update the identity
return 2;
}
}
}
return 1;
}
public void updateUserObject(User origUser, User newUser) {
updatePrimaryUserInfo(origUser, newUser);
updateUserAttributes(origUser, newUser);
updateUserEmail(origUser, newUser);
updateUserPhone(origUser, newUser);
updateUserAddress(origUser, newUser);
}
private void updatePrimaryUserInfo(User origUser, User newUser) {
origUser.setAddress1(newUser.getAddress1());
origUser.setAddress2(newUser.getAddress2());
origUser.setAddress3(newUser.getAddress3());
origUser.setAddress4(newUser.getAddress4());
origUser.setAddress5(newUser.getAddress5());
origUser.setAddress6(newUser.getAddress6());
origUser.setAddress7(newUser.getAddress7());
origUser.setAreaCd(newUser.getAreaCd());
origUser.setBirthdate(newUser.getBirthdate());
origUser.setBldgNum(newUser.getBldgNum());
origUser.setCity(newUser.getCity());
origUser.setClassification(newUser.getClassification());
origUser.setCompanyId(newUser.getCompanyId());
origUser.setCostCenter(newUser.getCostCenter());
origUser.setCountry(newUser.getCountry());
origUser.setCountryCd(newUser.getCountryCd());
origUser.setDeptCd(newUser.getDeptCd());
origUser.setDeptName(newUser.getDeptName());
origUser.setDivision(newUser.getDivision());
origUser.setEmail(newUser.getEmail());
origUser.setEmployeeId(newUser.getEmployeeId());
origUser.setEmployeeType(newUser.getEmployeeType());
origUser.setFirstName(newUser.getFirstName());
origUser.setJobCode(newUser.getJobCode());
origUser.setLastName(newUser.getLastName());
origUser.setLastDate(newUser.getLastDate());
origUser.setLocationCd(newUser.getLocationCd());
origUser.setLocationName(newUser.getLocationName());
origUser.setMaidenName(newUser.getMaidenName());
origUser.setMailCode(newUser.getMailCode());
origUser.setMetadataTypeId(newUser.getMetadataTypeId());
origUser.setMiddleInit(newUser.getMiddleInit());
origUser.setNickname(newUser.getNickname());
origUser.setPasswordTheme(newUser.getPasswordTheme());
origUser.setPhoneExt(newUser.getPhoneExt());
origUser.setPhoneNbr(newUser.getPhoneNbr());
origUser.setPostalCd(newUser.getPostalCd());
origUser.setPrefix(newUser.getPrefix());
origUser.setSecondaryStatus(newUser.getSecondaryStatus());
origUser.setSex(newUser.getSex());
origUser.setStartDate(newUser.getStartDate());
origUser.setStatus(newUser.getStatus());
origUser.setStreetDirection(newUser.getStreetDirection());
origUser.setState(newUser.getState());
origUser.setSuffix(newUser.getSuffix());
origUser.setTitle(newUser.getTitle());
origUser.setUserTypeInd(newUser.getUserTypeInd());
origUser.setManagerId(newUser.getManagerId());
origUser.setAlternateContactId(newUser.getAlternateContactId());
}
private void updateUserAttributes(User origUser, User newUser) {
Map<String, UserAttribute> origAttributes = origUser.getUserAttributes();
if (origAttributes == null) {
origAttributes = new HashMap<String, UserAttribute>();
}
Map<String, UserAttribute> newAttributes = newUser.getUserAttributes();
if (newAttributes == null) {
return;
}
Iterator<UserAttribute> attrIt = newAttributes.values().iterator();
while (attrIt.hasNext()) {
UserAttribute newAttr = attrIt.next();
if (newAttr.getOperation() == AttributeOperationEnum.DELETE) {
log.info("size before remove: " + origAttributes.size());
origAttributes.remove(newAttr.getName());
log.info("size after remove: " + origAttributes.size());
}else {
UserAttribute origAttr = origAttributes.get(newAttr.getName());
if (origAttr != null) {
origAttr.setValue(newAttr.getValue());
origAttributes.put(origAttr.getName(),origAttr);
}else {
origAttributes.put(newAttr.getName(), newAttr);
}
}
}
}
private void updateUserEmail(User origUser, User newUser) {
Set<EmailAddress> origEmailSet = origUser.getEmailAddress();
if (origEmailSet == null) {
origEmailSet = new HashSet<EmailAddress>();
}
Set<EmailAddress> newEmailSet = newUser.getEmailAddress();
if (newEmailSet == null) {
return;
}
Iterator<EmailAddress> it = newEmailSet.iterator();
while (it.hasNext()) {
EmailAddress newEmail = it.next();
EmailAddress e = getEmailAddress(newEmail.getEmailId(), origEmailSet);
if (newEmail.getOperation() == AttributeOperationEnum.DELETE) {
log.info("removing email :" + newEmail.getEmailAddress() );
// get the email object from the original set of emails
origEmailSet.remove(e);
}else {
if ( e != null) {
// update the existing object
log.info("emailSet size before update: " + newEmail.getEmailAddress() + " " + origEmailSet.size());
e.setEmailAddress(newEmail.getEmailAddress());
e.setDescription(newEmail.getDescription());
e.setIsDefault(newEmail.getIsDefault());
e.setName(newEmail.getName());
origEmailSet.add(e);
log.info("emailSet size after update: " + origEmailSet.size());
}else {
// new object
log.info("adding email :" + newEmail.getEmailAddress() );
origEmailSet.add(newEmail);
log.info("emailSet size after add: " + origEmailSet.size());
}
}
}
}
private void updateUserPhone(User origUser, User newUser) {
Set<Phone> origPhoneSet = origUser.getPhone();
if (origPhoneSet == null) {
origPhoneSet = new HashSet<Phone>();
}
Set<Phone> newPhoneSet = newUser.getPhone();
if (newPhoneSet == null) {
return;
}
Iterator<Phone> it = newPhoneSet.iterator();
while (it.hasNext()) {
Phone newPhone = it.next();
Phone p = getPhone(newPhone.getPhoneId(), origPhoneSet);
if (newPhone.getOperation() == AttributeOperationEnum.DELETE) {
log.info("removing phone :" + newPhone.getPhoneNbr() );
// get the email object from the original set of emails
origPhoneSet.remove(p);
}else {
if ( p != null) {
// update the existing object
log.info("emailSet size before update: " + newPhone.getPhoneNbr() + " " + origPhoneSet.size());
p.setAreaCd(newPhone.getAreaCd());
p.setCountryCd(newPhone.getCountryCd());
p.setDescription(newPhone.getDescription());
p.setIsDefault(newPhone.getIsDefault());
p.setPhoneExt(newPhone.getPhoneExt());
p.setPhoneNbr(newPhone.getPhoneNbr());
p.setPhoneType(newPhone.getPhoneType());
p.setName(newPhone.getName());
origPhoneSet.add(p);
log.info("emailSet size after update: " + origPhoneSet.size());
}else {
// new object
log.info("adding email :" + newPhone.getPhoneNbr() );
origPhoneSet.add(newPhone);
log.info("emailSet size after add: " + origPhoneSet.size());
}
}
}
}
private void updateUserAddress(User origUser, User newUser) {
Set<Address> origAddressSet = origUser.getAddresses();
if (origAddressSet == null) {
origAddressSet = new HashSet<Address>();
}
Set<Address> newAddressSet = newUser.getAddresses();
if (newAddressSet == null) {
return;
}
Iterator<Address> it = newAddressSet.iterator();
while (it.hasNext()) {
Address newAddress = it.next();
Address a = getAddress(newAddress.getAddressId(), origAddressSet);
if (newAddress.getOperation() == AttributeOperationEnum.DELETE) {
log.info("removing address :" + newAddress.getAddress1() );
// get the email object from the original set of emails
origAddressSet.remove(a);
}else {
if ( a != null) {
// update the existing object
log.info("emailSet size before update: " + newAddress.getAddress1() + " " + origAddressSet.size());
a.setAddress1(newAddress.getAddress1());
a.setAddress2(newAddress.getAddress2());
a.setAddress3(newAddress.getAddress3());
a.setAddress4(newAddress.getAddress4());
a.setAddress5(newAddress.getAddress5());
a.setAddress6(newAddress.getAddress6());
a.setAddress7(newAddress.getAddress7());
a.setBldgNumber(newAddress.getBldgNumber());
a.setCity(newAddress.getCity());
a.setCountry(newAddress.getCountry());
a.setDescription(newAddress.getDescription());
a.setIsDefault(newAddress.getIsDefault());
a.setName(newAddress.getName());
origAddressSet.add(a);
log.info("emailSet size after update: " + origAddressSet.size());
}else {
// new object
log.info("adding email :" + newAddress.getAddress1() );
origAddressSet.add(newAddress);
log.info("emailSet size after add: " + origAddressSet.size());
}
}
}
}
private EmailAddress getEmailAddress(String id, Set<EmailAddress> emailSet) {
Iterator<EmailAddress> emailIt = emailSet.iterator();
while (emailIt.hasNext()) {
EmailAddress email = emailIt.next();
if (email.getEmailId() != null) {
if (email.getEmailId().equals(id) && (id != null && id.length() > 0)) {
log.info("Match >> email.getEmailId = " + email.getEmailId() + " - " + id);
return email;
}
}
}
return null;
}
private Phone getPhone(String id, Set<Phone> phoneSet) {
Iterator<Phone> phoneIt = phoneSet.iterator();
while (phoneIt.hasNext()) {
Phone phone = phoneIt.next();
if (phone.getPhoneId() != null) {
if (phone.getPhoneId().equals(id) && (id != null && id.length() > 0)) {
log.info("Match >> phone.getPhoneId = " + phone.getPhoneId() + " - " + id);
return phone;
}
}
}
return null;
}
private Address getAddress(String id, Set<Address> addressSet) {
Iterator<Address> addressIt = addressSet.iterator();
while (addressIt.hasNext()) {
Address adr = addressIt.next();
if (adr.getAddressId() != null ) {
if (adr.getAddressId().equals(id) && (id != null && id.length() > 0)) {
log.info("Match >> adr.getAdrId = " + adr.getAddressId() + " - " + id);
return adr;
}
}
}
return null;
}
private void updateGroupAssociation(String userId, List<Group> newGroupList,
String logId, String requestId, String updatedBy, String primaryId) {
// loop through the new list
// if its marked - delete then delete the user-group association
// otherwise - check if the group is already linked to the user. iF its not, then add it.
if (newGroupList == null) {
return;
}
for (Group g : newGroupList) {
if (g.getOperation() == AttributeOperationEnum.DELETE) {
this.groupManager.removeUserFromGroup(g.getGrpId(), userId);
auditHelper.addLog("MODIFY USER", null,
primaryId, "IDM SERVICE",
updatedBy, "0",
"USER", userId,null, "SUCCESS", logId, "REMOVE GROUP",
g.getGrpId(),
requestId, null, null, null);
}else {
if (!groupManager.isUserInGroup(g.getGrpId(), userId)) {
groupManager.addUserToGroup(g.getGrpId(), userId);
auditHelper.addLog("MODIFY USER", null,
primaryId, "IDM SERVICE",
updatedBy, "0",
"USER", userId, null ,"SUCCESS", logId, "ADD GROUP",
g.getGrpId(),
requestId, null, null, null);
}
}
}
}
private void updateRoleAssociation(String userId, List<Role> newRoleList,
String logId, String requestId, String updatedBy, String primaryId) {
if (newRoleList == null) {
return;
}
for (Role r : newRoleList) {
if (r.getOperation() == AttributeOperationEnum.DELETE) {
roleDataService.removeUserFromRole(r.getId().getServiceId(),
r.getId().getRoleId(), userId);
auditHelper.addLog("MODIFY USER", null,
primaryId, "IDM SERVICE",
updatedBy, "0",
"USER", userId, null ,"SUCCESS", logId, "REMOVE ROLE",
r.getRoleName(),
requestId, null, null, null);
}else {
if (!roleDataService.isUserInRole(r.getId().getServiceId(), r.getId().getRoleId(), userId)) {
roleDataService.addUserToRole(r.getId().getServiceId(),
r.getId().getRoleId(), userId);
auditHelper.addLog("MODIFY USER", null,
primaryId, "IDM SERVICE",
updatedBy, "0",
"USER", userId, null ,"SUCCESS", logId, "ADD ROLE",
r.getRoleName(),
requestId, null,null, null);
}
}
}
}
private void updateSupervisor(User user, Supervisor supervisor) {
if (supervisor == null) {
return;
}
// check the current supervisor - if different - remove it and add the new one.
List<Supervisor> supervisorList = userMgr.getSupervisors(user.getUserId());
for (Supervisor s : supervisorList) {
log.info("looking to match supervisor ids = " + s.getSupervisor().getUserId() + " " + supervisor.getSupervisor().getUserId());
if (s.getSupervisor().getUserId().equalsIgnoreCase(supervisor.getSupervisor().getUserId())) {
return;
}
userMgr.removeSupervisor(s);
}
log.info("adding supervisor: " + supervisor.getSupervisor().getUserId());
supervisor.setEmployee(user);
userMgr.addSupervisor(supervisor);
}
public PasswordResponse resetPassword(PasswordSync passwordSync) {
log.info("----resetPassword called.------");
PasswordResponse response = new PasswordResponse(ResponseStatus.SUCCESS);
String primaryLogId = null;
String requestorId = passwordSync.getRequestorId();
// get the user object associated with this principal
Login login = loginManager.getLoginByManagedSys(passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(), passwordSync.getManagedSystemId());
if (login == null) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.PRINCIPAL_NOT_FOUND);
return response;
}
String userId = login.getUserId();
if (userId == null) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.USER_NOT_FOUND);
return response;
}
User usr = this.userMgr.getUserWithDependent(userId, false);
if (usr == null) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.USER_NOT_FOUND);
return response;
}
/* if (!usr.getStatus().equals(UserStatusEnum.ACTIVE)) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.USER_STATUS);
return response;
}
*/
// determine which password policy to use
// validate the password against password policy
String requestId = "R" + System.currentTimeMillis();
// update the openIAM repository
String password = passwordSync.getPassword();
if (password == null || password.length() ==0) {
// autogenerate the password
password = String.valueOf( PasswordGenerator.generatePassword(8));
}
if (!passwordSync.getManagedSystemId().equals("0") ) {
// update the connector directly
String encPassword = null;
try {
encPassword = loginManager.encryptPassword(password);
}catch(EncryptionException e) {
PasswordResponse resp = new PasswordResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.FAIL_ENCRYPTION);
return resp;
}
boolean retval = loginManager.resetPassword( passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(), passwordSync.getManagedSystemId(),
encPassword);
//Login lg = loginManager.getLoginByManagedSys(passwordSync.getSecurityDomain(),
// passwordSync.getPrincipal(), passwordSync.getManagedSystemId());
ManagedSys managedSys = managedSysService.getManagedSys(passwordSync.getManagedSystemId());
if (managedSys != null) {
log.debug("Managed sys found for managedSysId=" + passwordSync.getManagedSystemId() );
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
if (connector != null) {
ClientProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(ConnectorService.class);
log.info("Service endpoint : " + connector.getServiceUrl() );
factory.setAddress(connector.getServiceUrl());
javax.xml.namespace.QName qname = javax.xml.namespace.QName.valueOf(connector.getServiceNameSpace());
factory.setEndpointName(qname);
ConnectorService client = (ConnectorService) factory.create();
log.info("connector service client " + client);
SetPasswordRequestType pswdReqType = new SetPasswordRequestType();
PSOIdentifierType idType = new PSOIdentifierType(passwordSync.getPrincipal(),null, passwordSync.getManagedSystemId() );
pswdReqType.setPsoID(idType);
//pswdReqType.setRequestID(UUIDGen.getUUID());
pswdReqType.setRequestID(requestId);
pswdReqType.setPassword(password);
log.info("Setting password on target system:" + passwordSync.getManagedSystemId());
ResponseType resp = client.setPassword(pswdReqType);
if (resp == null) {
log.info("Response object from set password is null");
response.setStatus(ResponseStatus.FAILURE);
return response;
}
if (resp.getStatus() == null) {
log.info("Response status is null");
response.setStatus(ResponseStatus.FAILURE);
return response;
}
log.info("Response status=" + resp.getStatus());
if (resp.getStatus().equals(StatusCodeType.FAILURE)) {
response.setStatus(ResponseStatus.FAILURE);
/* logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(),
passwordSync.getSrcSystemId(), lg, "PASSWORD", "FAILURE", primaryLogId );
*/
}else {
/*
logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
lg.getId().getLogin(),
passwordSync.getSrcSystemId(), lg, "PASSWORD", "SUCCESS", primaryLogId );
*/
}
}
}
}else {
String encPassword = null;
try{
encPassword =loginManager.encryptPassword(password);
}catch(EncryptionException e) {
PasswordResponse resp = new PasswordResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.FAIL_ENCRYPTION);
return resp;
}
boolean retval = loginManager.resetPassword(passwordSync.getSecurityDomain(), passwordSync.getPrincipal(),
passwordSync.getManagedSystemId(), encPassword);
if (retval) {
log.info("-Password changed in openiam repository for user:" + passwordSync.getPrincipal());
Login l = loginManager.getLoginByManagedSys(passwordSync.getSecurityDomain(), passwordSync.getPrincipal(),
passwordSync.getManagedSystemId());
auditHelper.addLog("RESET PASSWORD", passwordSync.getSecurityDomain(), passwordSync.getPrincipal(),
"IDM SERVICE", requestorId, "PASSWORD","PASSWORD" ,
l.getUserId(), null, "SUCCESS", null, null,
null,
requestId, null, null, null);
/* String action,String domainId, String principal,
String srcSystem, String userId, String targetSystem, String objectType, String objectId, String objectName,
String actionStatus, String linkedLogId, String attrName, String attrValue,
String requestId, String reason
*/
// audit log the success
//primaryLogId = logEvent(passwordSync, login,"PASSWORD", "SUCCESS", null);
//primaryLogId = "SP"+ primaryLogId;
// reset the user
//User usr = userMgr.getUserWithDependent(login.getUserId(), false);
usr.setSecondaryStatus(null);
response.setPassword(password);
} else {
// audit log the failure and stop the process
//logEvent(passwordSync, login,"PASSWORD", "FAILURE", null);
Response resp = new Response();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.PRINCIPAL_NOT_FOUND);
}
// update the connected systems
List<Login> principalList = loginManager.getLoginByUser(login.getUserId());
if (principalList != null) {
for ( Login lg : principalList) {
log.info("PrincipalList size =" + principalList.size());
// get the managed system for the identity - ignore the managed system id that is linked to openiam's repository
if (!lg.getId().getManagedSysId().equalsIgnoreCase(passwordSync.getManagedSystemId())) {
String managedSysId = lg.getId().getManagedSysId();
Resource res = resourceDataService.getResource(managedSysId);
log.info(" - managedsys id = " + managedSysId);
log.info(" - Resource for sysId =" + res);
// check the sync flag
Set<ResourceProp> resPropSet = null;
String syncFlag = null;
boolean syncAllowed = false;
if (res != null) {
resPropSet = res.getResourceProps();
syncFlag = getResProperty(resPropSet, "INCLUDE_PSWD_SYNC");
log.info(" - SyncFlag=" + syncFlag);
}
if ( res == null) {
syncAllowed = true;
}else {
if (syncFlag == null || !syncFlag.equalsIgnoreCase("N")) {
log.info(" - Sync allowed=true" );
syncAllowed = true;
}
}
if (syncAllowed) {
log.info("Sync allowed for sys=" + managedSysId);
retval = loginManager.resetPassword(lg.getId().getDomainId(),
lg.getId().getLogin(), lg.getId().getManagedSysId(),
encPassword);
ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId());
if (managedSys != null) {
log.debug("Managed sys found for managedSysId=" + lg.getId().getManagedSysId() );
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
if (connector != null) {
ClientProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(ConnectorService.class);
log.info("Service endpoint : " + connector.getServiceUrl() );
factory.setAddress(connector.getServiceUrl());
javax.xml.namespace.QName qname = javax.xml.namespace.QName.valueOf(connector.getServiceNameSpace());
factory.setEndpointName(qname);
ConnectorService client = (ConnectorService) factory.create();
log.info("connector service client " + client);
SetPasswordRequestType pswdReqType = new SetPasswordRequestType();
PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(),null, lg.getId().getManagedSysId());
pswdReqType.setPsoID(idType);
pswdReqType.setRequestID(primaryLogId);
pswdReqType.setPassword(password);
log.info("Setting password on target system:" + lg.getId().getManagedSysId());
ResponseType resp = client.setPassword(pswdReqType);
if (resp.getStatus().equals(StatusCodeType.FAILURE)) {
response.setStatus(ResponseStatus.FAILURE);
// logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
// lg.getId().getLogin(),
// passwordSync.getSrcSystemId(), lg, "PASSWORD", "FAILURE", primaryLogId );
}else {
// logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
// lg.getId().getLogin(),
// passwordSync.getSrcSystemId(), lg, "PASSWORD", "SUCCESS", primaryLogId );
}
}
}else {
log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId() );
}
}
}
// get the connector
}
}
}
return response;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#setPassword(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
*/
public Response setPassword(PasswordSync passwordSync) {
log.info("setPassword called.");
Response response = new Response(ResponseStatus.SUCCESS);
String primaryLogId = null;
// get the user object associated with this principal
Login login = loginManager.getLoginByManagedSys(passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(), passwordSync.getManagedSystemId());
if (login == null) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.PRINCIPAL_NOT_FOUND);
return response;
}
// check if the user active
String userId = login.getUserId();
if (userId == null) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.USER_NOT_FOUND);
return response;
}
User usr = this.userMgr.getUserWithDependent(userId, false);
if (usr == null) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.USER_NOT_FOUND);
return response;
}
/* if (!usr.getStatus().equals(UserStatusEnum.ACTIVE)) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.USER_STATUS);
return response;
}
*/
// determine which password policy to use
// validate the password against password policy
Password pswd = new Password();
pswd.setDomainId(passwordSync.getSecurityDomain());
pswd.setManagedSysId(passwordSync.getManagedSystemId());
pswd.setPrincipal(passwordSync.getPrincipal());
pswd.setPassword(passwordSync.getPassword());
try {
PasswordValidationCode rtVal = passwordDS.isPasswordValid(pswd);
if (rtVal != PasswordValidationCode.SUCCESS) {
response.setStatus(ResponseStatus.FAILURE);
response.setErrorCode(ResponseCode.valueOf(rtVal.getValue() ));
return response;
}
}catch(ObjectNotFoundException oe) {
oe.printStackTrace();
log.error(oe);
}
// update the openIAM repository
String requestId = "R" + System.currentTimeMillis();
if (!passwordSync.getManagedSystemId().equals("0") ) {
// update the connector directly
String encPassword = null;
try {
encPassword = loginManager.encryptPassword(passwordSync.getPassword());
}catch(EncryptionException e) {
PasswordResponse resp = new PasswordResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.FAIL_ENCRYPTION);
return resp;
}
boolean retval = loginManager.setPassword( passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(), passwordSync.getManagedSystemId(),
encPassword);
log.info("Setting password for principal = " + passwordSync.getPrincipal());
auditHelper.addLog("SET PASSWORD", passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(),"IDM SERVICE",
passwordSync.getRequestorId(), "PASSWORD",
login.getId().getLogin(), null, null,"SUCCESS", null, null,
null,
requestId, null, null, null);
ManagedSys managedSys = managedSysService.getManagedSys(passwordSync.getManagedSystemId());
if (managedSys != null) {
log.debug("Managed sys found for managedSysId=" + passwordSync.getManagedSystemId() );
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
if (connector != null) {
ClientProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(ConnectorService.class);
log.info("Service endpoint : " + connector.getServiceUrl() );
factory.setAddress(connector.getServiceUrl());
javax.xml.namespace.QName qname = javax.xml.namespace.QName.valueOf(connector.getServiceNameSpace());
factory.setEndpointName(qname);
ConnectorService client = (ConnectorService) factory.create();
log.info("connector service client " + client);
SetPasswordRequestType pswdReqType = new SetPasswordRequestType();
PSOIdentifierType idType = new PSOIdentifierType(passwordSync.getPrincipal(),null, passwordSync.getManagedSystemId() );
pswdReqType.setPsoID(idType);
//pswdReqType.setRequestID(UUIDGen.getUUID());
pswdReqType.setRequestID(requestId);
pswdReqType.setPassword(passwordSync.getPassword());
log.info("Setting password on target system:" + passwordSync.getManagedSystemId());
ResponseType resp = client.setPassword(pswdReqType);
if (resp == null) {
log.info("Response object from set password is null");
response.setStatus(ResponseStatus.FAILURE);
return response;
}
if (resp.getStatus() == null) {
log.info("Response status is null");
response.setStatus(ResponseStatus.FAILURE);
return response;
}
log.info("Response status=" + resp.getStatus());
if (resp.getStatus().equals(StatusCodeType.FAILURE)) {
response.setStatus(ResponseStatus.FAILURE);
/* logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
passwordSync.getPrincipal(),
passwordSync.getSrcSystemId(), lg, "PASSWORD", "FAILURE", primaryLogId );
*/
}else {
/*
logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
lg.getId().getLogin(),
passwordSync.getSrcSystemId(), lg, "PASSWORD", "SUCCESS", primaryLogId );
*/
}
}
}
}else {
String encPassword = null;
try {
encPassword =loginManager.encryptPassword(passwordSync.getPassword());
}catch(EncryptionException e) {
PasswordResponse resp = new PasswordResponse();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.FAIL_ENCRYPTION);
return resp;
}
boolean retval = loginManager.setPassword(passwordSync.getSecurityDomain(), passwordSync.getPrincipal(),
passwordSync.getManagedSystemId(), encPassword);
if (retval) {
log.info("-Password changed in openiam repository for user:" + passwordSync.getPrincipal());
Login l = loginManager.getLoginByManagedSys(passwordSync.getSecurityDomain(), passwordSync.getPrincipal(),
passwordSync.getManagedSystemId());
auditHelper.addLog("SET PASSWORD", passwordSync.getSecurityDomain(), passwordSync.getPrincipal(),
"IDM SERVICE", passwordSync.getRequestorId(), "PASSWORD", "PASSWORD", l.getUserId(),
null, "SUCCESS", null, null,
null,
requestId, null, null, null);
// audit log the success
//primaryLogId = logEvent(passwordSync, login,"PASSWORD", "SUCCESS", null);
} else {
// audit log the failure and stop the process
//logEvent(passwordSync, login,"PASSWORD", "FAILURE", null);
Response resp = new Response();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.PRINCIPAL_NOT_FOUND);
}
// update the connected systems
List<Login> principalList = loginManager.getLoginByUser(login.getUserId());
if (principalList != null) {
log.info("PrincipalList size =" + principalList.size());
for ( Login lg : principalList) {
// get the managed system for the identity - ignore the managed system id that is linked to openiam's repository
log.info("**** Managed System Id in passwordsync object=" + passwordSync.getManagedSystemId());
if (!lg.getId().getManagedSysId().equalsIgnoreCase(passwordSync.getManagedSystemId())) {
// determine if you should sync the password or not
String managedSysId = lg.getId().getManagedSysId();
Resource res = resourceDataService.getResource(managedSysId);
log.info(" - managedsys id = " + managedSysId);
log.info(" - Resource for sysId =" + res);
// check the sync flag
Set<ResourceProp> resPropSet = null;
String syncFlag = null;
boolean syncAllowed = false;
if (res != null) {
resPropSet = res.getResourceProps();
syncFlag = getResProperty(resPropSet, "INCLUDE_PSWD_SYNC");
log.info(" - SyncFlag=" + syncFlag);
}
if ( res == null) {
syncAllowed = true;
}else {
if (syncFlag == null || !syncFlag.equalsIgnoreCase("N")) {
log.info(" - Sync allowed=true" );
syncAllowed = true;
}
}
if (syncAllowed) {
log.info("Sync allowed for sys=" + managedSysId);
retval = loginManager.setPassword(lg.getId().getDomainId(),
lg.getId().getLogin(), lg.getId().getManagedSysId(),
encPassword);
ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId());
if (managedSys != null) {
log.debug("Managed sys found for managedSysId=" + lg.getId().getManagedSysId() );
ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId());
if (connector != null) {
ClientProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(ConnectorService.class);
log.info("Service endpoint : " + connector.getServiceUrl() );
factory.setAddress(connector.getServiceUrl());
javax.xml.namespace.QName qname = javax.xml.namespace.QName.valueOf(connector.getServiceNameSpace());
factory.setEndpointName(qname);
ConnectorService client = (ConnectorService) factory.create();
log.info("connector service client " + client);
SetPasswordRequestType pswdReqType = new SetPasswordRequestType();
PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(),null, lg.getId().getManagedSysId());
pswdReqType.setPsoID(idType);
//pswdReqType.setRequestID(UUIDGen.getUUID());
pswdReqType.setRequestID("R" + System.currentTimeMillis());
pswdReqType.setPassword(passwordSync.getPassword());
log.info("Setting password on target system:" + lg.getId().getManagedSysId());
ResponseType resp = client.setPassword(pswdReqType);
if (resp == null) {
log.info("Response object from set password is null");
response.setStatus(ResponseStatus.FAILURE);
return response;
}
if (resp.getStatus() == null) {
log.info("Response status is null");
response.setStatus(ResponseStatus.FAILURE);
return response;
}
log.info("Response status=" + resp.getStatus());
if (resp.getStatus().equals(StatusCodeType.FAILURE)) {
response.setStatus(ResponseStatus.FAILURE);
// logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
// lg.getId().getLogin(),
// passwordSync.getSrcSystemId(), lg, "PASSWORD", "FAILURE", primaryLogId );
}else {
// logManagedSysEvent(passwordSync.getAction(), passwordSync.getSecurityDomain(),
// lg.getId().getLogin(),
// passwordSync.getSrcSystemId(), lg, "PASSWORD", "SUCCESS", primaryLogId );
}
}
}else {
log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId() );
}
}
}
// get the connector
}
}
}
return response;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#disableUser(java.lang.String, boolean)
*/
public Response disableUser(String userId, boolean operation, String requestorId) {
// get the user
User user = userMgr.getUserWithDependent(userId, false);
if (user == null) {
log.error("UserId " + userId + " not found");
Response resp = new Response();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.OBJECT_NOT_FOUND);
return resp;
}
if (operation) {
user.setSecondaryStatus(UserStatusEnum.DISABLED);
}else {
user.setSecondaryStatus(null);
}
userMgr.updateUserWithDependent(user,false);
Response resp = new Response();
resp.setStatus(ResponseStatus.SUCCESS);
return resp;
}
/* (non-Javadoc)
* @see org.openiam.provision.service.ProvisionService#lockUser(java.lang.String, boolean)
*/
public Response lockUser(String userId, AccountLockEnum operation, String requestorId) {
String auditReason = null;
if (userId == null) {
throw new NullPointerException("userId is null");
}
if (operation == null) {
throw new NullPointerException("Operation parameter is null");
}
User user = userMgr.getUserWithDependent(userId, false);
if (user == null) {
log.error("UserId " + userId + " not found");
Response resp = new Response();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.OBJECT_NOT_FOUND);
return resp;
}
Login lg = getPrimaryIdentity(userId);
if (operation.equals(AccountLockEnum.LOCKED)) {
user.setSecondaryStatus(UserStatusEnum.LOCKED);
if (lg != null) {
log.info("Identity flag set to locked.");
lg.setIsLocked(1);
}
auditReason = "LOCKED";
}else if (operation.equals(AccountLockEnum.LOCKED_ADMIN)) {
user.setSecondaryStatus(UserStatusEnum.LOCKED_ADMIN);
if (lg != null) {
lg.setIsLocked(2);
}
auditReason = "LOCKED_ADMIN";
}else {
user.setSecondaryStatus(null);
if (lg == null) {
log.error("Primary identity for UserId " + userId + " not found");
Response resp = new Response();
resp.setStatus(ResponseStatus.FAILURE);
resp.setErrorCode(ResponseCode.PRINCIPAL_NOT_FOUND);
return resp;
}
lg.setAuthFailCount(0);
lg.setIsLocked(0);
auditReason = "UNLOCK";
}
loginManager.updateLogin(lg);
userMgr.updateUserWithDependent(user,false);
String requestId = "R" + System.currentTimeMillis();
auditHelper.addLog("LOCK USER", lg.getId().getDomainId(), lg.getId().getLogin(),
"IDM SERVICE",requestorId, "USER", "USER", user.getUserId(),null, "SUCCESS", null, null,
null,
requestId, auditReason, null, null);
Response resp = new Response();
resp.setStatus(ResponseStatus.SUCCESS);
return resp;
}
private Login getPrimaryIdentity(String userId) {
List<Login> loginList = loginManager.getLoginByUser(userId);
for ( Login lg : loginList) {
if (lg.getId().getManagedSysId().equalsIgnoreCase(sysConfiguration.getDefaultManagedSysId())) {
return lg;
}
}
return null;
}
/*private String logEvent(PasswordSync passwordSync, Login login, String object, String actionStatus, String linkedLogId) {
IdmAuditLog log = new IdmAuditLog();
log.setObjectTypeId(object);
log.setActionId(passwordSync.getAction());
log.setActionStatus(actionStatus);
log.setDomainId(passwordSync.getSecurityDomain());
log.setUserId(login.getUserId());
log.setPrincipal(passwordSync.getPrincipal());
log.setLinkedLogId(linkedLogId);
log.setSrcSystemId(passwordSync.getSrcSystemId());
log.setTargetSystemId(passwordSync.getManagedSystemId());
auditDataService.addLog(log);
return log.getLogId();
}
*/
public UserDataService getUserMgr() {
return userMgr;
}
public void setUserMgr(UserDataService userMgr) {
this.userMgr = userMgr;
}
public LoginDataService getLoginManager() {
return loginManager;
}
public void setLoginManager(LoginDataService loginManager) {
this.loginManager = loginManager;
}
public IdmAuditLogDataService getAuditDataService() {
return auditDataService;
}
public void setAuditDataService(IdmAuditLogDataService auditDataService) {
this.auditDataService = auditDataService;
}
public ConnectorDataService getConnectorService() {
return connectorService;
}
public void setConnectorService(ConnectorDataService connectorService) {
this.connectorService = connectorService;
}
public ManagedSystemDataService getManagedSysService() {
return managedSysService;
}
public void setManagedSysService(ManagedSystemDataService managedSysService) {
this.managedSysService = managedSysService;
}
public RoleDataService getRoleDataService() {
return roleDataService;
}
public void setRoleDataService(RoleDataService roleDataService) {
this.roleDataService = roleDataService;
}
public GroupDataService getGroupManager() {
return groupManager;
}
public void setGroupManager(GroupDataService groupManager) {
this.groupManager = groupManager;
}
public String getConnectorWsdl() {
return connectorWsdl;
}
public void setConnectorWsdl(String connectorWsdl) {
this.connectorWsdl = connectorWsdl;
}
public SysConfiguration getSysConfiguration() {
return sysConfiguration;
}
public void setSysConfiguration(SysConfiguration sysConfiguration) {
this.sysConfiguration = sysConfiguration;
}
public LoginDAO getLoginDao() {
return loginDao;
}
public void setLoginDao(LoginDAO loginDao) {
this.loginDao = loginDao;
}
public String getDefaultProvisioningModel() {
return defaultProvisioningModel;
}
public void setDefaultProvisioningModel(String defaultProvisioningModel) {
this.defaultProvisioningModel = defaultProvisioningModel;
}
public ResourceDataService getResourceDataService() {
return resourceDataService;
}
public void setResourceDataService(ResourceDataService resourceDataService) {
this.resourceDataService = resourceDataService;
}
public String getScriptEngine() {
return scriptEngine;
}
public void setScriptEngine(String scriptEngine) {
this.scriptEngine = scriptEngine;
}
public OrganizationDataService getOrgManager() {
return orgManager;
}
public void setOrgManager(OrganizationDataService orgManager) {
this.orgManager = orgManager;
}
public PasswordService getPasswordDS() {
return passwordDS;
}
public void setPasswordDS(PasswordService passwordDS) {
this.passwordDS = passwordDS;
}
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
ac = applicationContext;
}
public AuditHelper getAuditHelper() {
return auditHelper;
}
public void setAuditHelper(AuditHelper auditHelper) {
this.auditHelper = auditHelper;
}
public ProvisionUserResponse deleteByUserId(String userId,
UserStatusEnum status, String requestorId) {
// TODO Auto-generated method stub
return null;
}
public ProvisionUserResponse deleteByUserId(ProvisionUser user,
UserStatusEnum status, String requestorId) {
// TODO Auto-generated method stub
return null;
}
public LookupUserResponse getTargetSystemUser(@WebParam(name = "principalName", targetNamespace = "") String principalName, @WebParam(name = "managedSysId", targetNamespace = "") String managedSysId) {
return null; //To change body of implemented methods use File | Settings | File Templates.
}
public LookupUserResponse getTargetSystemUserWithUserId(@WebParam(name = "userId", targetNamespace = "") String userId, @WebParam(name = "managedSysId", targetNamespace = "") String managedSysId) {
return null; //To change body of implemented methods use File | Settings | File Templates.
}
public Response testConnectionConfig(@WebParam(name = "managedSysId", targetNamespace = "") String managedSysId) {
return null; //To change body of implemented methods use File | Settings | File Templates.
}
public Response syncPasswordFromSrc(@WebParam(name = "passwordSync", targetNamespace = "") PasswordSync passwordSync) {
return null; //To change body of implemented methods use File | Settings | File Templates.
}
}