Versions Compared

Old Version 2

changes.mady.by.user Marco Di Diodoro

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Chicchiriccò

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
titleVersion Warning

The content below is for Apache Syncope <= 1.2 - for later versions the Reference Guide is available.

This page explains how you can configure a PasswordExpirationJob inside Apache Syncope. The PasswordExpirationJob searches all users whose passwords are expired from a certain number of days and suspends them.

...

  1. Create a new Java class for your Scheduled Job.
  2. Configure a new Scheduled Task [1].
  3. Create new configuration schema
  4. Go to Configuration Page
  5. Click on the rigth side on the Bullet List Icon
    6. Set the value for your new configuration parameter
    Image Removed
  6. From the Apache Syncope console, create a new configuration schema:
  7. Go to Schema Page
    8. Click on tab Configuration
    Image Removed
  8. and set the expiration days.



Code Block
languagejava
titlePasswordExpirationJob
public class PasswordExpirationJob extends AbstractTransactionalTaskJob {

    @Autowired
    private UserController userController;

    @Autowired
    private ConfDAO confDAO;

    @Autowired
    private EntitlementDAO entitlementDAO;

    @Autowired
    private EntityManager entityManager;

    @Override
    protected String doExecute(final boolean dryRun) throws JobExecutionException {
        if (!(task instanceof SchedTask)) {
            throw new JobExecutionException("Task " + taskId + " isn't a SchedTask");
        }

        //Take the xDays parameter from Syncope configuration
        final CAttr expirationDays = confDAO.find("expirationDays", 10);

        // Build your time condition with expirationDays parameter
        final Calendar yourTimeCondition = ....

        // Search all user that match your condition
        final Query query = entityManager.createNativeQuery(
                "SELECT id FROM SyncopeUser WHERE changePwdDate < ?1");
        query.setParameter(1, yourTimeCondition);

        @SuppressWarnings("unchecked")
        final List<Long> users = (List<Long>) query.getResultList();

        if (!dryRun) {
            try {
                // Exec the operation with admin user
                final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
                for (Entitlement entitlement : entitlementDAO.findAll()) {
                    authorities.add(new SimpleGrantedAuthority(entitlement.getName()));
                }
                final UserDetails userDetails = new User("admin", "FAKE_PASSWORD", true, true, true, true, authorities);
                SecurityContextHolder.getContext().setAuthentication(
                        new UsernamePasswordAuthenticationToken(userDetails, "FAKE_PASSWORD", authorities));

                // for all user
                for (Long userId : users) {
                    final StatusMod statusMod = new StatusMod();
                    statusMod.setId(userId);
                    statusMod.setOnSyncope(true);
                    statusMod.setType(StatusMod.ModType.SUSPEND);
                    userController.status(statusMod);

                }
            } finally {
                // Remove admin permission
                SecurityContextHolder.clearContext();
            }
        }

        return (dryRun
                ? "Will Suspend"
                : "Suspended") + " " + users.size() + " utenti";
    }

    @Override
    protected boolean hasToBeRegistered(final TaskExec execution) {
        return true;
    }
}