List of usage examples for javax.xml.ws Service getPort
public <T> T getPort(Class<T> serviceEndpointInterface, WebServiceFeature... features)
From source file:org.apache.coheigea.cxf.ldap.authorization.AuthorizationTest.java
@org.junit.Test public void testUnauthorizedRequestViaKaraf() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = AuthorizationTest.class.getResource("cxf-client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); URL wsdl = AuthorizationTest.class.getResource("DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportKarafPort"); DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class); TestUtil.updateAddressPort(transportPort, PORT); Client client = ClientProxy.getClient(transportPort); client.getRequestContext().put("ws-security.username", "bob"); try {//from ww w. jav a 2 s. co m doubleIt(transportPort, 25); Assert.fail("Failure expected on bob"); } catch (Exception ex) { // expected } }
From source file:org.apache.cxf.systest.coloc.AbstractColocTest.java
/** * Create client and return the port// w w w. ja va 2 s .c o m * @return port for a interface represented by cls. */ protected <T> T getPort(QName serviceName, QName portName, String wsdlLocation, Class<T> cls) { Service srv = Service.create(AbstractColocTest.class.getResource(wsdlLocation), serviceName); T t = srv.getPort(portName, cls); ((BindingProvider) t).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, getTransportURI()); return t; }
From source file:org.apache.cxf.systest.kerberos.wssec.kerberos.KerberosTokenTest.java
private void runKerberosTest(String portName, boolean streaming, String portNumber) throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = KerberosTokenTest.class.getResource("client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); URL wsdl = KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, portName); DoubleItPortType kerberosPort = service.getPort(portQName, DoubleItPortType.class); TestUtil.updateAddressPort(kerberosPort, portNumber); if (streaming) { SecurityTestUtil.enableStreaming(kerberosPort); }/*from ww w.jav a 2 s. com*/ Assert.assertEquals(50, kerberosPort.doubleIt(25)); ((java.io.Closeable) kerberosPort).close(); bus.shutdown(true); }
From source file:org.apache.cxf.systest.kerberos.wssec.kerberos.KerberosTokenTest.java
private void runKerberosSTSTest(String portName, boolean streaming, String portNumber, String stsPortNumber) throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = KerberosTokenTest.class.getResource("sts-client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); URL wsdl = KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, portName); DoubleItPortType kerberosPort = service.getPort(portQName, DoubleItPortType.class); TestUtil.updateAddressPort(kerberosPort, portNumber); SecurityTestUtil.updateSTSPort((BindingProvider) kerberosPort, stsPortNumber); if (streaming) { SecurityTestUtil.enableStreaming(kerberosPort); }//from w w w.j a va2 s . c o m Assert.assertEquals(50, kerberosPort.doubleIt(25)); ((java.io.Closeable) kerberosPort).close(); bus.shutdown(true); }
From source file:org.apache.cxf.systest.kerberos.wssec.spnego.SpnegoTokenTest.java
private void runKerberosTest(String portName, boolean streaming, String portNumber) throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = SpnegoTokenTest.class.getResource("client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, portName); DoubleItPortType kerberosPort = service.getPort(portQName, DoubleItPortType.class); TestUtil.updateAddressPort(kerberosPort, portNumber); if (streaming) { SecurityTestUtil.enableStreaming(kerberosPort); }/*from www . j a v a 2 s . co m*/ Assert.assertEquals(50, kerberosPort.doubleIt(25)); ((java.io.Closeable) kerberosPort).close(); bus.shutdown(true); }
From source file:org.atricore.idbus.capabilities.sso.main.binding.SamlR2SoapBinding.java
@Override public Object sendMessage(MediationMessage message) throws IdentityMediationException { if (logger.isTraceEnabled()) logger.trace("Sending new SAML 2.0 message using SOAP Binding"); EndpointDescriptor endpoint = message.getDestination(); String soapEndpoint = endpoint.getLocation(); // --------------------------------------------------------- // Setup CXF Client // --------------------------------------------------------- Service service = Service.create(SAMLR2MessagingConstants.SERVICE_NAME); service.addPort(SAMLR2MessagingConstants.PORT_NAME, javax.xml.ws.soap.SOAPBinding.SOAP11HTTP_BINDING, endpoint.getLocation());//w w w . jav a 2s . co m Object content = message.getContent(); if (!(content instanceof RequestAbstractType)) { throw new IdentityMediationException("Unsupported content " + content); } String soapMethodName = content.getClass().getSimpleName(); soapMethodName = "saml" + soapMethodName.substring(0, soapMethodName.length() - 4); // Remove Type if (logger.isTraceEnabled()) logger.trace("Using soap method [" + soapMethodName + "]"); SAMLRequestPortType port = service.getPort(SAMLR2MessagingConstants.PORT_NAME, SAMLRequestPortType.class); if (logger.isTraceEnabled()) logger.trace("Sending SSO SOAP Request: " + content); try { Method soapMethod = port.getClass().getMethod(soapMethodName, content.getClass()); Object o = soapMethod.invoke(port, content); if (logger.isTraceEnabled()) logger.trace("Received SSO SOAP Response: " + o); return o; } catch (NoSuchMethodException e) { throw new IdentityMediationException( "SOAP Method not impelmented " + soapMethodName + ": " + e.getMessage(), e); } catch (Exception e) { throw new IdentityMediationException("SOAP error: " + e.getMessage(), e); } }
From source file:org.jboss.as.test.integration.ws.authentication.policy.AuthenticationPolicyContextTestCase.java
/** * Test gets SAML assertion by token using the web service in deployment picketlink-sts.war. * Afterwards web service EchoService from the deployment picketlink-sts-ws.war is called using role testRole and * security domain sp created during test initialization. * * @throws Exception/*from w w w . java 2 s . co m*/ */ @Test @RunAsClient public void test() throws Exception { Element assertion = null; try { LOGGER.debug("Invoking token service to get SAML assertion for " + USERNAME); assertion = wsClient.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); String domElementAsString = DocumentUtil.getDOMElementAsString(assertion); LOGGER.debug("assertion: " + domElementAsString); LOGGER.debug("SAML assertion for " + USERNAME + " successfully obtained!"); } catch (WSTrustException wse) { LOGGER.error("Unable to issue assertion: " + wse.getMessage()); wse.printStackTrace(); System.exit(1); } try { URL wsdl = new URL("http://" + TestSuiteEnvironment.getServerAddress() + ":" + TestSuiteEnvironment.getHttpPort() + "/picketlink-sts-ws/EchoService?wsdl"); QName serviceName = new QName("http://ws.picketlink.sts.jboss.org/", "EchoServiceService"); Service service = Service.create(wsdl, serviceName); EchoServiceRemote port = service.getPort( new QName("http://ws.picketlink.sts.jboss.org/", "EchoServicePort"), EchoServiceRemote.class); BindingProvider bp = (BindingProvider) port; ClientConfigUtil.setConfigHandlers(bp, "standard-jaxws-client-config.xml", "SAML WSSecurity Client"); bp.getRequestContext().put(SAML2Constants.SAML2_ASSERTION_PROPERTY, assertion); port.echo("Test"); } finally { if (wsClient != null) { wsClient.close(); } } }
From source file:org.openhie.openempi.nhinproxy.OpenempiAdapterComponentProxy.java
/** * This method retrieves and initializes the port. * * @param url The URL for the web service. * @param serviceAction The action for the web service. * @param wsAddressingAction The action assigned to the input parameter for the web service operation. * @param assertion The assertion information for the web service * @return The port object for the web service. *//*w w w . j a v a 2 s . co m*/ protected AdapterComponentMpiPortType getPort(String url, String serviceAction, String wsAddressingAction, AssertionType assertion) { AdapterComponentMpiPortType port = null; Service service = getService(); if (service != null) { log.debug("Obtained service - creating port."); port = service.getPort(new QName(NAMESPACE_URI, PORT_LOCAL_PART), AdapterComponentMpiPortType.class); proxyHelper.initializeUnsecurePort((javax.xml.ws.BindingProvider) port, url, wsAddressingAction, assertion); } else { log.error("Unable to obtain serivce - no port created."); } return port; }
From source file:org.openiam.provision.service.ProvisionServiceImpl.java
public ProvisionUserResponse addUser(ProvisionUser provUser) { Organization org = null;// w w w. j av a 2 s . c o m Map<String, ManagedSysAttributes> managedSysMap = new HashMap<String, ManagedSysAttributes>(); ScriptIntegration se = null; String secDomain = null; String password = null; Login primaryLogin = null; Map<String, Object> bindingMap = new HashMap<String, Object>(); password = PasswordGenerator.generatePassword(10); try { se = ScriptFactory.createModule(this.scriptEngine); } catch (Exception e) { e.printStackTrace(); } bindingMap.put("context", ac); String gmSysKey = (String) se.execute(bindingMap, "provision/globalManagerSyskey.groovy"); //TODO: Add policies to validate the request //TODO: Add policies to enhance the request // add the gmsyskey attribute UserAttribute uAttr = new UserAttribute(); uAttr.setName("GM_SYSKEY"); uAttr.setValue(gmSysKey); provUser.getUserAttributes().put("GM_SYSKEY", uAttr); log.info("addUser called."); log.info("Creating user in openiam repository"); // create a user in the openiam repository User user = provUser.getUser(); log.info("User alternate in addUser=" + user.getAlternateContactId()); // temp hack if (user.getCompanyId() != null) { org = orgManager.getOrganization(user.getCompanyId()); } List<Login> principalList = provUser.getPrincipalList(); if (principalList == null) { principalList = new ArrayList<Login>(); } bindingMap.put("sysId", "1"); bindingMap.put("user", user); bindingMap.put("org", org); bindingMap.put("password", password); if (principalList.get(0) != null) { primaryLogin = principalList.get(0); log.info("primary login=" + primaryLogin); bindingMap.put("lg", primaryLogin); secDomain = primaryLogin.getId().getDomainId(); } /* -- Temp hack -- */ String networxId = (String) se.execute(bindingMap, "provision/networxId.groovy"); String globalManagerId = (String) se.execute(bindingMap, "provision/globalManagerId.groovy"); /* LoginId networkLgId = new LoginId(secDomain, networxId, "1" ); Login networxLg = new Login(); networxLg.setId(networkLgId); networxLg.setPassword(password); networxLg.setStatus("ACTIVE"); principalList.add(networxLg); LoginId gmLgId = new LoginId(secDomain, globalManagerId, "2" ); Login gmLg = new Login(); gmLg.setId(gmLgId); gmLg.setStatus("ACTIVE"); principalList.add(gmLg); */ // User newUser = userMgr.addUser(user); if (newUser == null || newUser.getUserId() == null) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); } log.info("User created in openiam repository"); Supervisor supervisor = provUser.getSupervisor(); if (supervisor != null && supervisor.getSupervisor() != null) { supervisor.setEmployee(user); userMgr.addSupervisor(supervisor); log.info("created user supervisor"); } log.info("Associated a user to a group"); List<Group> groupList = provUser.getMemberOfGroups(); log.info("Group list = " + groupList); if (groupList != null) { for (Group g : groupList) { // check if the group id is valid if (g.getGrpId() == null) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); resp.setErrorCode(ResponseCode.GROUP_ID_NULL); return resp; } if (groupManager.getGroup(g.getGrpId()) == null) { if (g.getGrpId() == null) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); resp.setErrorCode(ResponseCode.GROUP_ID_NULL); return resp; } } groupManager.addUserToGroup(g.getGrpId(), newUser.getUserId()); } } log.info("Associating users to a role"); List<Role> roleList = provUser.getMemberOfRoles(); log.info("Role list = " + roleList); if (roleList != null && roleList.size() > 0) { for (Role r : roleList) { // check if the roleId is valid if (r.getId().getServiceId() == null || r.getId().getRoleId() == null) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); resp.setErrorCode(ResponseCode.ROLE_ID_NULL); return resp; } if (roleDataService.getRole(r.getId().getServiceId(), r.getId().getRoleId()) == null) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); resp.setErrorCode(ResponseCode.ROLE_ID_INVALID); return resp; } roleDataService.addUserToRole(r.getId().getServiceId(), r.getId().getRoleId(), newUser.getUserId()); } } // determine if this is role based, rule base or static list for provisioning the apps // for now, assume that its role based. log.info("default provisioning model=" + defaultProvisioningModel); log.info("create user identities"); // temp hack - tack on the network identity //ManagedSysAttributes sysAttribute = null; /* Start with 1 role first and build from there. */ if (roleList != null && roleList.size() > 0) { List<Resource> roleResource = getResourcesForRole(roleList); // collect all the resources that belong to a managed system execute their policies if (roleResource != null) { log.info("List of resources for roles = " + roleResource.size()); // for each resource, get the list of polices and execute them. for (Resource res : roleResource) { if (res.getName().equalsIgnoreCase("GLOBAL MANAGER")) { LoginId gmLgId = new LoginId(secDomain, globalManagerId, "2"); Login gmLg = new Login(); gmLg.setId(gmLgId); gmLg.setStatus("ACTIVE"); principalList.add(gmLg); } if (res.getName().equalsIgnoreCase("NETWORX")) { LoginId networkLgId = new LoginId(secDomain, networxId, "1"); Login networxLg = new Login(); networxLg.setId(networkLgId); networxLg.setPassword(password); networxLg.setStatus("ACTIVE"); principalList.add(networxLg); } } } } // persist the list of identities in the openiam repository log.info("Persisting identity count=" + principalList.size()); if (principalList != null) { for (Login lg : principalList) { Login newLg = new Login(); LoginId newLgId = new LoginId(); newLgId = lg.getId(); newLg.setId(newLgId); newLg.setUserId(newUser.getUserId()); newLg.setFirstTimeLogin(1); newLg.setStatus("ACTIVE"); String pswd = lg.getPassword(); if (pswd != null) { try { newLg.setPassword(loginManager.encryptPassword(pswd)); } catch (EncryptionException e) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); resp.setErrorCode(ResponseCode.FAIL_ENCRYPTION); return resp; } } //lg.setUserId(newUser.getUserId()); //lg.setFirstTimeLogin(1); //lg.setStatus("ACTIVE"); //log.info("--Principal=" + lg); loginManager.addLogin(newLg); log.info("--added identity:" + lg.getId()); } } log.info("Creating user in managed systems.."); //TODO add the capability to get the list of applications if a role is specified //TODO - if the configuration on the form is based on rules, then process that to get the list of apps //TODO - get the list of apps from the user. String requestId = null; List<Login> appList = provUser.getPrincipalList(); boolean syncCalled = false; if (principalList != null) { log.info("principal list size=" + principalList.size()); for (Login lg : principalList) { log.info("Login object=" + lg); if (!lg.getId().getManagedSysId().equals("0") && !syncCalled) { log.info("Login managedsys is =" + lg.getId().getManagedSysId()); // get the managed system for the identity - ignore the managed system id that is linked to openiam's repository //ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId()); ManagedSys managedSys = managedSysService.getManagedSys("1"); log.info("Managedsys object= " + managedSys); if (managedSys != null) { log.info("Managed sys found for managedSysId=" + lg.getId()); // collection of attributes that were determined earlier ManagedSysAttributes sysAttribute = managedSysMap.get(managedSys.getManagedSysId()); ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId()); log.info("Connector found for " + connector.getConnectorId()); if (connector != null) { //Service service = Service.create(QName.valueOf("http://localhost:8080/idm-connector-ws/ExampleConnectorService")); Service service = Service.create(QName.valueOf(connector.getServiceUrl())); service.addPort(new QName(connector.getServiceNameSpace(), connector.getServicePort()), SOAPBinding.SOAP11HTTP_BINDING, connector.getServiceUrl()); ConnectorService port = service.getPort( new QName(connector.getServiceNameSpace(), connector.getServicePort()), ConnectorService.class); log.info("connector service client " + port); AddRequestType addReqType = new AddRequestType(); PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(), null, "target"); addReqType.setPsoID(idType); requestId = "R" + System.currentTimeMillis(); addReqType.setRequestID(requestId); addReqType.setTargetID(lg.getId().getManagedSysId()); ExtensibleUser extUser = null; //TODO - Move to use groovy script based on attribute policies so that this is dynamic. try { extUser = UserAttributeHelper.newUser(provUser); } catch (Exception e) { e.printStackTrace(); log.error(e); } // ExtensibleUser extUser = sysAttribute.getExtUser(); // log.info("Ext user being sent to connector = " + extUser); //addReqType.getData().getAny().add(sysAttribute.getExtUser()); addReqType.getData().getAny().add(extUser); port.add(addReqType); syncCalled = true; } } else { log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId()); } } // get the connector } } auditHelper.addLog("NEW USER", provUser.getSecurityDomain(), primaryLogin.getId().getLogin(), "IDM SERVICE", provUser.getCreatedBy(), "0", "USER", newUser.getUserId(), null, "SUCCESS", null, "USER_STATUS", provUser.getUser().getStatus().toString(), requestId, null, null, null); /* String action,String domainId, String principal, String srcSystem, String userId, String targetSystem, String objectType, String objectId, String objectName, String actionStatus, String linkedLogId, String attrName, String attrValue, String requestId, String reason */ ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.SUCCESS); provUser.setUserId(newUser.getUserId()); resp.setUser(provUser); return resp; }
From source file:org.openiam.provision.service.ProvisionServiceImpl.java
public ProvisionUserResponse modifyUser(ProvisionUser provUser) { log.info("modifyUser called."); List<String> inactiveResourceList = new ArrayList<String>(); //TODO: Add policies to validate the request //TODO: Add policies to enhance the request // get the current user object - update it with the new values and then save it User origUser = userMgr.getUserWithDependent(provUser.getUserId(), true); if (origUser == null || origUser.getUserId() == null) { ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.FAILURE); return resp; }//from w w w . ja v a 2s . com // origUser2 is used for comparison purposes in the sync process //User currentUser2 = userMgr.getUserWithDependent(provUser.getUserId(), true); User currentUser2 = UserAttributeHelper.cloneUser(origUser); List<Role> curRoleList = roleDataService.getUserRolesAsFlatList(provUser.getUserId()); List<Group> curGroupList = this.groupManager.getUserInGroupsAsFlatList(provUser.getUserId()); log.info("** 1) Deptcd in Orig=" + currentUser2.getDeptCd()); User newUser = provUser.getUser(); log.info("** 1a) Deptcd in Orig=" + currentUser2.getDeptCd()); log.info("** Deptcd in new=" + newUser.getDeptCd()); updateUserObject(origUser, newUser); log.info("Modifying user in openiam repository"); String requestId = "R" + System.currentTimeMillis(); userMgr.updateUserWithDependent(origUser, true); // get the primary identity Login primaryLg = loginManager.getPrimaryIdentity(origUser.getUserId()); String primaryId = null; if (primaryLg != null) { primaryId = primaryLg.getId().getLogin(); } log.info("Primary id=" + primaryId); log.info("logging primary modify user"); String logId = auditHelper .addLog("MODIFY USER", provUser.getSecurityDomain(), primaryId, "IDM SERVICE", provUser.getUser().getLastUpdatedBy(), "0", "USER", provUser.getUserId(), null, "SUCCESS", null, "USER_STATUS", provUser.getUser().getStatus().toString(), requestId, null, null, null) .getLogId(); updateGroupAssociation(origUser.getUserId(), provUser.getMemberOfGroups(), logId, requestId, provUser.getUser().getLastUpdatedBy(), primaryId); updateRoleAssociation(origUser.getUserId(), provUser.getMemberOfRoles(), logId, requestId, provUser.getUser().getLastUpdatedBy(), primaryId); updateSupervisor(newUser, provUser.getSupervisor()); // update the identities List<Login> tempPrincipalList = provUser.getPrincipalList(); log.info("pricipallist = " + tempPrincipalList); if (tempPrincipalList != null && tempPrincipalList.size() > 0) { updatePrincipals(newUser, provUser.getPrincipalList()); } // temp hack List<Login> curPrincipalList = loginManager.getLoginByUser(origUser.getUserId()); Login primaryLogin = null; String secDomain = null; for (Login lg : curPrincipalList) { if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) { primaryLogin = lg; secDomain = primaryLogin.getId().getDomainId(); //rolePrincipalList.add(lg); } // build the active-inactive list of resources if (lg.getStatus() != null && lg.getStatus().equalsIgnoreCase("INACTIVE")) { inactiveResourceList.add(lg.getId().getManagedSysId()); } } List<Login> principalList = provUser.getPrincipalList(); String password = PasswordGenerator.generatePassword(10); ScriptIntegration se = null; Organization org = null; if (origUser.getCompanyId() != null) { org = orgManager.getOrganization(origUser.getCompanyId()); } Map<String, Object> bindingMap = new HashMap<String, Object>(); bindingMap.put("context", ac); bindingMap.put("sysId", "1"); bindingMap.put("user", newUser); bindingMap.put("org", org); bindingMap.put("password", password); bindingMap.put("lg", primaryLogin); try { se = ScriptFactory.createModule(this.scriptEngine); } catch (Exception e) { e.printStackTrace(); } String networxId = (String) se.execute(bindingMap, "provision/networxId.groovy"); String globalManagerId = (String) se.execute(bindingMap, "provision/globalManagerId.groovy"); String gmSysKey = (String) se.execute(bindingMap, "provision/globalManagerSyskey.groovy"); /* -- Temp hack -- */ // // send message to the connectors. log.info("User created in openiam repository"); List<Role> activeRoleList = this.roleDataService.getUserRolesAsFlatList(origUser.getUserId()); // provUser.getActiveMemberOfRoles(); showRoles(activeRoleList); //List<Role> roleList = provUser.getMemberOfRoles(); List<Login> rolePrincipalList = new ArrayList<Login>(); if (activeRoleList != null && activeRoleList.size() > 0) { log.info("Active role List= " + activeRoleList.size()); List<Resource> roleResource = getResourcesForRole(activeRoleList); // collect all the resources that belong to a managed system execute their policies if (roleResource != null) { log.info("**** List of resources for roles = " + roleResource.size()); // for each resource, get the list of polices and execute them. for (Resource res : roleResource) { // CHECK IF this resource is in the rolePrincipal list // if it is make sure that its active // if its not there, the add it. log.info("Checking resource id = " + res.getResourceId()); log.info("Role principal list size = " + rolePrincipalList.size()); boolean found = false; for (Login l : curPrincipalList) { log.info("checking identity: " + l.getId() + " " + l.getId().getManagedSysId()); if (l.getId().getManagedSysId().equalsIgnoreCase(res.getResourceId())) { // found log.info("-Match for resource found. Setting status to active."); l.setPasswordChangeCount(0); l.setAuthFailCount(0); l.setStatus("ACTIVE"); found = true; rolePrincipalList.add(l); // remove from the inactive list log.info("Res made active....=" + l.getId().getManagedSysId()); log.info("InactiveResoruceList size=" + inactiveResourceList); inactiveResourceList = removeFromInactiveResList(l.getId().getManagedSysId(), inactiveResourceList); log.info("InactiveResoruceList after update size=" + inactiveResourceList); } } if (!found) { log.info("-Match for resource not found. added identity for " + res.getName()); if (res.getName().equalsIgnoreCase("GLOBAL MANAGER")) { LoginId gmLgId = new LoginId(secDomain, globalManagerId, "2"); Login gmLg = new Login(); gmLg.setId(gmLgId); gmLg.setPasswordChangeCount(0); gmLg.setAuthFailCount(0); gmLg.setStatus("ACTIVE"); rolePrincipalList.add(gmLg); log.info("GM made active...."); log.info("InactiveResoruceList size=" + inactiveResourceList); inactiveResourceList = removeFromInactiveResList(gmLg.getId().getManagedSysId(), inactiveResourceList); auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(), primaryId, "IDM SERVICE", provUser.getUser().getLastUpdatedBy(), "0", "USER", provUser.getUserId(), null, "SUCCESS", logId, "NEW IDENTITY", res.getName(), requestId, null, null, null); } if (res.getName().equalsIgnoreCase("NETWORX")) { LoginId networkLgId = new LoginId(secDomain, networxId, "1"); Login networxLg = new Login(); networxLg.setId(networkLgId); networxLg.setPassword(password); networxLg.setPasswordChangeCount(0); networxLg.setAuthFailCount(0); networxLg.setStatus("ACTIVE"); rolePrincipalList.add(networxLg); auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(), primaryId, "IDM SERVICE", provUser.getUser().getLastUpdatedBy(), "0", "USER", provUser.getUserId(), null, "SUCCESS", logId, "NEW IDENTITY", res.getName(), requestId, null, null, null); } } } } } // determine if there are modifications to be made to the list of identities if (curPrincipalList != null) { for (Login lg : curPrincipalList) { if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) { rolePrincipalList.add(lg); } } // IF A VALUE IS IN THE CURRENT LIST, BUT NOT in the rolelist, then delete it log.info("Searching the curent principal list..."); for (Login curLg : curPrincipalList) { log.info("cur lg sysid = " + curLg.getId().getManagedSysId()); boolean found = false; for (Login roleLg : rolePrincipalList) { if (roleLg.getId().getManagedSysId().equalsIgnoreCase(curLg.getId().getManagedSysId())) { found = true; } } if (!found) { curLg.setOperation(AttributeOperationEnum.DELETE); curLg.setStatus("INACTIVE"); rolePrincipalList.add(curLg); auditHelper.addLog("MODIFY USER", provUser.getSecurityDomain(), primaryId, "IDM SERVICE", provUser.getUser().getLastUpdatedBy(), "0", "USER", provUser.getUserId(), null, "SUCCESS", logId, "DISABLE IDENTITY", curLg.getId().getLogin(), requestId, null, null, null); } } } log.info("** A) Deptcd in Orig=" + currentUser2.getDeptCd()); // IF A VALUE IS IN THE CURRENT LIST, BUT NOT in the rolelist, then delete it // if a role is define if (activeRoleList != null) { log.info("-- updatePrincipals will be called."); updatePrincipals(newUser, rolePrincipalList); } log.info("--Check the status of this request."); // if the status has been set to TERMINATE - THEN SET THE IDENTITIES TO INACTIVE if (isTerminate(newUser)) { log.info("--Status has been changed to terminate."); for (Login lg : rolePrincipalList) { lg.setStatus("INACTIVE"); log.info("Updating status for login=" + lg.getId()); loginManager.updateLogin(lg); } } else { log.info("-- Status is not TERMINATE."); for (Login lg : rolePrincipalList) { if (lg.getId().getManagedSysId().equalsIgnoreCase("0")) { lg.setStatus("ACTIVE"); lg.setPasswordChangeCount(0); lg.setAuthFailCount(0); log.info("Updating status TO ACTIVE for login=" + lg.getId()); loginManager.updateLogin(lg); } } } // pass 2 - check the current list with the role list provUser.setPrincipalList(rolePrincipalList); log.info("ROLE principal list (Before SPML block) = " + rolePrincipalList); // show inactive list log.info("---- show inactivelist ----"); for (String s : inactiveResourceList) { log.info("Inactive resource: " + s); } // //List<Login> principalList = provUser.getPrincipalList(); if (rolePrincipalList != null) { log.info("Role based principal list size=" + rolePrincipalList.size()); for (Login lg : rolePrincipalList) { log.info("Login object=" + lg); if (!lg.getId().getManagedSysId().equals("0") && //lg.getStatus().equalsIgnoreCase("ACTIVE") ) { !onInactiveList(lg.getId().getManagedSysId(), inactiveResourceList)) { //lg.getStatus().equalsIgnoreCase("ACTIVE")) { log.info("Login managedsys is =" + lg.getId().getManagedSysId()); // get the managed system for the identity - ignore the managed system id that is linked to openiam's repository ManagedSys managedSys = managedSysService.getManagedSys(lg.getId().getManagedSysId()); log.info("Managedsys object= " + managedSys); // CHECK IF WE HAVE A NETWORX ID. IF WE DO, THEN LEAVE IT ALONE. // IF WE DONT, THEN HARD CODE THE CALL. if (!networx(rolePrincipalList)) { managedSys = managedSysService.getManagedSys("1"); log.info("Get the connector =" + managedSys); } if (managedSys != null) { log.info("Managed sys found for managedSysId=" + lg.getId()); // collection of attributes that were determined earlier //ManagedSysAttributes sysAttribute = managedSysMap.get(managedSys.getManagedSysId()); ProvisionConnector connector = connectorService.getConnector(managedSys.getConnectorId()); log.info("Connector found for " + connector.getConnectorId()); if (connector != null) { //Service service = Service.create(QName.valueOf("http://localhost:8080/idm-connector-ws/ExampleConnectorService")); Service service = Service.create(QName.valueOf(connector.getServiceUrl())); service.addPort(new QName(connector.getServiceNameSpace(), connector.getServicePort()), SOAPBinding.SOAP11HTTP_BINDING, connector.getServiceUrl()); ConnectorService port = service.getPort( new QName(connector.getServiceNameSpace(), connector.getServicePort()), ConnectorService.class); log.info("connector service client " + port); ModifyRequestType modReqType = new ModifyRequestType(); PSOIdentifierType idType = new PSOIdentifierType(lg.getId().getLogin(), null, "target"); idType.setTargetID(lg.getId().getManagedSysId()); modReqType.setPsoID(idType); modReqType.setRequestID(requestId); ExtensibleUser extUser = null; //TODO - Move to use groovy script based on attribute policies so that this is dynamic. // check if we have the syskey in this UserAttribute gmAtt = currentUser2.getAttribute("GM_SYSKEY"); log.info("gmAtt=" + gmAtt.getValue()); log.info("** b) Deptcd in Orig=" + currentUser2.getDeptCd()); try { extUser = UserAttributeHelper.modifyUser(currentUser2, curRoleList, curGroupList, provUser); } catch (Exception e) { e.printStackTrace(); log.error(e); } // ExtensibleUser extUser = sysAttribute.getExtUser(); // log.info("Ext user being sent to connector = " + extUser); log.info("Ext user attributes=" + extUser.getAttributes().size()); ModificationType mod = new ModificationType(); mod.getData().getAny().add(extUser); List<ModificationType> modTypeList = modReqType.getModification(); modTypeList.add(mod); port.modify(modReqType); //addReqType.getData().getAny().add(sysAttribute.getExtUser()); //port.add(addReqType); } } else { log.debug("Managed sys not found for managedSysId=" + lg.getId().getManagedSysId()); } } // get the connector } } ProvisionUserResponse resp = new ProvisionUserResponse(); resp.setStatus(ResponseStatus.SUCCESS); return resp; }