private void validateRequest(String groupId, ScimGroupMember member) {
    if (!StringUtils.hasText(groupId)
        || !StringUtils.hasText(member.getMemberId())
        || !StringUtils.hasText(member.getOrigin())) {
      throw new InvalidScimResourceException(
          "group-id, member-id, origin and member-type must be non-empty");
    }

    if (groupId.equals(member.getMemberId())) { // oops! cycle detected
      throw new InvalidScimResourceException("trying to nest group within itself, aborting");
    }

    // check if the group exists and the member-id is a valid group or user
    // id
    ScimGroup group = groupProvisioning.retrieve(groupId); // this will throw a ScimException
    String memberZoneId;
    // if the group does not exist
    // this will throw a ScimException if the group or user does not exist
    if (member.getType() == ScimGroupMember.Type.GROUP) {
      memberZoneId = groupProvisioning.retrieve(member.getMemberId()).getZoneId();
    } else {
      memberZoneId = userProvisioning.retrieve(member.getMemberId()).getZoneId();
    }
    if (!memberZoneId.equals(group.getZoneId())) {
      throw new ScimResourceConstraintFailedException(
          "The zone of the group and the member must be the same.");
    }
    if (!memberZoneId.equals(IdentityZoneHolder.get().getId())) {
      throw new ScimResourceConstraintFailedException(
          "Unable to make membership changes in a different zone");
    }
  }
  @Override
  public ScimGroupMember updateMember(final String groupId, final ScimGroupMember member)
      throws ScimResourceNotFoundException, MemberNotFoundException {
    validateRequest(groupId, member);
    final String authorities = getGroupAuthorities(member);
    int updated =
        jdbcTemplate.update(
            UPDATE_MEMBER_SQL,
            new PreparedStatementSetter() {
              @Override
              public void setValues(PreparedStatement ps) throws SQLException {
                ps.setString(1, authorities);
                ps.setString(2, groupId);
                ps.setString(3, member.getMemberId());
              }
            });

    if (updated == 0) {
      throw new MemberNotFoundException(
          "Member " + member.getMemberId() + " does not exist in group " + groupId);
    }

    if (updated != 1) {
      throw new IncorrectResultSizeDataAccessException(
          "unexpected number of members updated", 1, updated);
    }

    return getMemberById(groupId, member.getMemberId());
  }
  @Override
  public ScimGroupMember addMember(final String groupId, final ScimGroupMember member)
      throws ScimResourceNotFoundException, MemberAlreadyExistsException {

    if (isDefaultGroup(groupId)) {
      throw new MemberAlreadyExistsException("Trying to add member to default group");
    }
    // first validate the supplied groupId, memberId
    validateRequest(groupId, member);
    final String authorities = getGroupAuthorities(member);
    final String type =
        (member.getType() == null ? ScimGroupMember.Type.USER : member.getType()).toString();
    try {
      logger.debug("Associating group:" + groupId + " with member:" + member);
      jdbcTemplate.update(
          ADD_MEMBER_SQL,
          new PreparedStatementSetter() {
            @Override
            public void setValues(PreparedStatement ps) throws SQLException {
              ps.setString(1, groupId);
              ps.setString(2, member.getMemberId());
              ps.setString(3, type);
              ps.setString(4, authorities);
              ps.setTimestamp(5, new Timestamp(new Date().getTime()));
              ps.setString(6, member.getOrigin());
            }
          });
    } catch (DuplicateKeyException e) {
      throw new MemberAlreadyExistsException(
          member.getMemberId() + " is already part of the group: " + groupId);
    }
    return getMemberById(groupId, member.getMemberId());
  }
Beispiel #4
0
  @Override
  public boolean equals(Object o) {
    if (this == o) return true;
    if (o == null || getClass() != o.getClass()) return false;

    ScimGroupMember member = (ScimGroupMember) o;
    if (getMemberId() != null
        ? !getMemberId().equals(member.getMemberId())
        : member.getMemberId() != null) return false;
    return getType() == member.getType();
  }
  @Override
  public List<ScimGroupMember> updateOrAddMembers(String groupId, List<ScimGroupMember> members)
      throws ScimResourceNotFoundException {
    List<ScimGroupMember> currentMembers = getMembers(groupId);
    logger.debug("current-members: " + currentMembers + ", in request: " + members);

    List<ScimGroupMember> currentMembersToRemove = new ArrayList<>(currentMembers);
    currentMembersToRemove.removeAll(members);
    logger.debug("removing members: " + currentMembersToRemove);
    for (ScimGroupMember member : currentMembersToRemove) {
      removeMemberById(groupId, member.getMemberId());
    }

    List<ScimGroupMember> newMembersToAdd = new ArrayList<>(members);
    newMembersToAdd.removeAll(currentMembers);
    logger.debug("adding new members: " + newMembersToAdd);
    for (ScimGroupMember member : newMembersToAdd) {
      addMember(groupId, member);
    }

    List<ScimGroupMember> membersToUpdate = new ArrayList<>(members);
    membersToUpdate.retainAll(currentMembers);
    logger.debug("updating members: " + membersToUpdate);
    for (ScimGroupMember member : membersToUpdate) {
      updateMember(groupId, member);
    }

    return getMembers(groupId);
  }
 @Test
 public void canAddMember() throws Exception {
   validateCount(0);
   ScimGroupMember m1 = new ScimGroupMember("m1", ScimGroupMember.Type.USER, null);
   ScimGroupMember m2 = dao.addMember("g2", m1);
   validateCount(1);
   assertEquals(ScimGroupMember.Type.USER, m2.getType());
   assertEquals(ScimGroupMember.GROUP_MEMBER, m2.getRoles());
   assertEquals("m1", m2.getMemberId());
   validateUserGroups("m1", "test2");
 }
  @Test
  public void canAddNestedGroupMember() {
    addMember("g2", "m1", "USER", "READER");

    ScimGroupMember g2 =
        new ScimGroupMember("g2", ScimGroupMember.Type.GROUP, ScimGroupMember.GROUP_ADMIN);
    g2 = dao.addMember("g1", g2);
    assertEquals(ScimGroupMember.Type.GROUP, g2.getType());
    assertEquals(ScimGroupMember.GROUP_ADMIN, g2.getRoles());
    assertEquals("g2", g2.getMemberId());
    validateUserGroups("m1", "test1.i", "test2");
  }