API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 19th, 2016
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.47 KB | None | 0 0
raw download clone embed print report
  1. package com.blogspot.oraclestack.eventhandlers;
  2.  
  3. import java.io.Serializable;
  4. import java.util.HashMap;
  5. import oracle.core.ojdl.logging.ODLLevel;
  6. import oracle.core.ojdl.logging.ODLLogger;
  7. import oracle.iam.platform.context.ContextAware;
  8. import oracle.iam.platform.kernel.ValidationFailedException;
  9. import oracle.iam.platform.kernel.spi.ValidationHandler;
  10. import oracle.iam.platform.kernel.vo.BulkOrchestration;
  11. import oracle.iam.platform.kernel.vo.Orchestration;
  12. import com.thortech.xl.crypto.tcCryptoUtil;
  13. import java.sql.Connection;
  14. import java.sql.PreparedStatement;
  15. import java.sql.ResultSet;
  16. import java.sql.SQLException;
  17. import java.util.HashSet;
  18. import javax.sql.DataSource;
  19. import oracle.iam.identity.usermgmt.api.UserManager;
  20. import oracle.iam.identity.usermgmt.api.UserManagerConstants;
  21. import oracle.iam.identity.usermgmt.vo.User;
  22. import oracle.iam.platform.Platform;
  23. import oracle.iam.platform.context.ContextManager;
  24. import oracle.iam.platform.kernel.ValidationException;
  25.  
  26. /**
  27. * Additional password rules which are not handled by the OOTB Password Policy.
  28. * Validate if the new password meets the custom password rules.
  29. * @author rayedchan
  30. */
  31. public class ChangePasswordValidationEH implements ValidationHandler
  32. {
  33. // Logger
  34. private static final ODLLogger LOGGER = ODLLogger.getODLLogger(ChangePasswordValidationEH.class.getName());
  35.  
  36. // OIM API Services
  37. // private static final UserManager USRMGR = Platform.getService(UserManager.class);
  38. private static final UserManager USRMGR = Platform.getServiceForEventHandlers(UserManager.class, null, "ADMIN","ChangePasswordValidationEH", null);
  39.  
  40. // SQL Query
  41. private static final String USER_ATTRS_SQL_QUERY = "SELECT usr_login, usr_middle_name, usr_email FROM usr where usr_key=?";
  42.  
  43. @Override
  44. public void validate(long processId, long eventId, Orchestration orchestration)
  45. {
  46. LOGGER.log(ODLLevel.NOTIFICATION, "Version 1.0");
  47. LOGGER.log(ODLLevel.NOTIFICATION, "Enter validate() with parameters: Process Id = [{0}], Event Id = [{1}], Orchestration = [{2}]", new Object[]{processId, eventId, orchestration});
  48.  
  49. Connection conn = null;
  50. PreparedStatement ps = null;
  51. User user = null;
  52.  
  53. try
  54. {
  55. // Get usr_key of target user
  56. String usrKey = orchestration.getTarget().getEntityId();
  57. LOGGER.log(ODLLevel.NOTIFICATION, "Target User USR_KEY: {0}", new Object[]{usrKey});
  58.  
  59. // Get actor
  60. String actorLogin = ContextManager.getOIMUser();
  61. LOGGER.log(ODLLevel.NOTIFICATION, "Actor Login: {0}", new Object[]{actorLogin});
  62.  
  63. // Contains only the new values
  64. HashMap<String, Serializable> newParameters = orchestration.getParameters();
  65. LOGGER.log(ODLLevel.TRACE, "Parameters: {0}", new Object[]{newParameters});
  66. LOGGER.log(ODLLevel.TRACE, "InterEventData: {0}", new Object[]{orchestration.getInterEventData()}); // password policy info
  67. LOGGER.log(ODLLevel.TRACE, "Context: {0}", new Object[]{orchestration.getContextVal()});
  68.  
  69. // Decrypt new password using the default secret key
  70. String newPasswordEncrypted = getParamaterValue(newParameters, "usr_password");
  71. String newPasswordDecrypted = tcCryptoUtil.decrypt(newPasswordEncrypted, "DBSecretKey");
  72. LOGGER.log(ODLLevel.TRACE, "New Password: {0}", new Object[]{newPasswordDecrypted}); // TODO: Remove
  73.  
  74. // Anonymous user case E.g. Scenario Forget Password?
  75. /*if("<anonymous>".equalsIgnoreCase(actorLogin))
  76. {
  77. // Get OIM database connection from data source
  78. LOGGER.log(ODLLevel.NOTIFICATION, "Anonymous User");
  79. DataSource ds = Platform.getOperationalDS(); // Get OIM datasource
  80. conn = ds.getConnection(); // Get connection
  81. LOGGER.log(ODLLevel.TRACE, "Got database connection.");
  82.  
  83. // Construct Prepared Statement
  84. ps = conn.prepareStatement(USER_ATTRS_SQL_QUERY);
  85. ps.setString(1, usrKey); // Set parametized value usr_key
  86.  
  87. // Execute query
  88. ResultSet rs = ps.executeQuery();
  89.  
  90. // Iterate record; should be only one since usr_key is a primary key
  91. while(rs.next())
  92. {
  93. // Get data from record
  94. String middleName = rs.getString("usr_middle_name");
  95. String email = rs.getString("usr_email");
  96. String userLogin = rs.getString("usr_login");
  97.  
  98. // Construct user object
  99. user = new User(usrKey);
  100. user.setEmail(email);
  101. user.setLogin(userLogin);
  102. user.setMiddleName(middleName);
  103. }
  104.  
  105. }
  106.  
  107. // All other cases (E.g. Administrator, Self)
  108. else
  109. {*/
  110. // Get OIM User
  111. HashSet<String> attrs = new HashSet<String>();
  112. attrs.add(UserManagerConstants.AttributeName.MIDDLENAME.getId()); // Middle Name
  113. attrs.add(UserManagerConstants.AttributeName.EMAIL.getId()); // Email
  114. boolean useUserLogin = false;
  115. user = USRMGR.getDetails(usrKey, attrs, useUserLogin);
  116. //}
  117.  
  118. LOGGER.log(ODLLevel.NOTIFICATION, "User: {0}", new Object[]{user});
  119.  
  120. // Check password against custom rules
  121. boolean validatePassword = this.customPasswordPolicy(newPasswordDecrypted, user);
  122. LOGGER.log(ODLLevel.NOTIFICATION, "Is new password validate? {0}", new Object[]{validatePassword});
  123.  
  124. // Validation failed
  125. if(!validatePassword)
  126. {
  127. throw new ValidationException("The following requirements have not been met. " + "(1) Must not contain middle name. (2) Must not contain email. ");
  128. }
  129. }
  130.  
  131. catch(Exception e)
  132. {
  133. LOGGER.log(ODLLevel.ERROR, "", e);
  134. throw new ValidationFailedException(e);
  135. }
  136.  
  137. finally
  138. {
  139. // Close statement
  140. if(ps != null)
  141. {
  142. try
  143. {
  144. ps.close();
  145. }
  146.  
  147. catch (SQLException ex)
  148. {
  149. LOGGER.log(ODLLevel.ERROR, "", ex);
  150. }
  151. }
  152.  
  153. // Close database connection
  154. if(conn != null)
  155. {
  156. try
  157. {
  158. conn.close();
  159. }
  160.  
  161. catch (SQLException ex)
  162. {
  163. LOGGER.log(ODLLevel.ERROR, "", ex);
  164. }
  165. }
  166. }
  167. }
  168.  
  169. @Override
  170. public void validate(long processId, long eventId, BulkOrchestration bulkOrchestration)
  171. {
  172. LOGGER.log(ODLLevel.NOTIFICATION, "[NOT SUPPORTED] Enter validate() with parameters: Process Id = [{0}], Event Id = [{1}], Bulk Orchestration = [{2}]", new Object[]{processId, eventId, bulkOrchestration});
  173. }
  174.  
  175. @Override
  176. public void initialize(HashMap<String, String> hm)
  177. {
  178. LOGGER.log(ODLLevel.NOTIFICATION, "Enter initialize: {0}", new Object[]{hm});
  179. }
  180.  
  181. /**
  182. * ContextAware object is obtained when the actor is a regular user.
  183. * If the actor is an administrator, the exact value of the attribute is obtained.
  184. * @param parameters parameters from the orchestration object
  185. * @param key name of User Attribute in OIM Profile or column in USR table
  186. * @return value of the corresponding key in parameters
  187. */
  188. private String getParamaterValue(HashMap<String, Serializable> parameters, String key)
  189. {
  190. String value = (parameters.get(key) instanceof ContextAware)
  191. ? (String) ((ContextAware) parameters.get(key)).getObjectValue()
  192. : (String) parameters.get(key);
  193. return value;
  194. }
  195.  
  196. /**
  197. * Custom Password Policy
  198. * - Does not contain middle name
  199. * - Does not contain email
  200. * @param password Plain text password to validate
  201. * @param user OIM User
  202. * @return true if password requirements are met; false otherwise
  203. */
  204. private boolean customPasswordPolicy(String password, User user)
  205. {
  206. // Fetch user's attributes
  207. String middleName = user.getMiddleName(); // Get user's middle name
  208. String email = user.getEmail(); // Get user's email
  209.  
  210. // Construct Regular Expression
  211. String middleNameRegex = (middleName == null || "".equalsIgnoreCase(middleName)) ? "" : ".*(?i)" + middleName + ".*"; // contains, ignore case
  212. String emailRegex = (email == null || "".equalsIgnoreCase(email)) ? "" : ".*(?i)" + email + ".*"; // contains, ignore case
  213.  
  214. // Check if password valid
  215. boolean containsMiddleName = password.matches(middleNameRegex);
  216. boolean containsEmail = password.matches(emailRegex);
  217. boolean isValidatePassword = (!containsMiddleName) && (!containsEmail);
  218.  
  219. LOGGER.log(ODLLevel.TRACE, "Password contains middle name? {0}", new Object[]{containsMiddleName});
  220. LOGGER.log(ODLLevel.TRACE, "Password contains email? {0}", new Object[]{containsEmail});
  221.  
  222. return isValidatePassword;
  223. }
  224. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!