SearchScript.groovy revision 69684909313b92c40bb70f8c315ebc15766469de
4bff34e37def8a90f9194d81bc345c52ba20086athurlow/*
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * Copyright (c) 2013-2015 ForgeRock AS. All rights reserved.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * The contents of this file are subject to the terms
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * of the Common Development and Distribution License
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * (the License). You may not use this file except in
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * compliance with the License.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * You can obtain a copy of the License at
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * http://forgerock.org/license/CDDLv1.0.html
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * See the License for the specific language governing
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * permission and limitations under the License.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * When distributing Covered Code, include this CDDL
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * Header Notice in each file and include the License file
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * at http://forgerock.org/license/CDDLv1.0.html
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * If applicable, add the following below the CDDL Header,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * with the fields enclosed by brackets [] replaced by
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * your own identifying information:
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross * "Portions Copyrighted [year] [name of copyright owner]"
4bff34e37def8a90f9194d81bc345c52ba20086athurlow */
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport static org.forgerock.json.JsonValue.*;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport groovy.sql.Sql
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport java.sql.Connection;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport org.identityconnectors.framework.common.objects.AttributeUtil;
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport org.identityconnectors.framework.common.objects.ObjectClass;
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossimport org.identityconnectors.framework.common.objects.Uid;
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossimport org.identityconnectors.framework.common.objects.SearchResult;
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport org.identityconnectors.framework.common.objects.filter.EqualsFilter;
4bff34e37def8a90f9194d81bc345c52ba20086athurlowimport org.identityconnectors.framework.common.objects.filter.Filter;
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossdef sql = new Sql(connection as Connection);
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossdef where = "";
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossdef filter = filter as Filter;
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossdef auditauthentication = new ObjectClass("auditauthentication");
4bff34e37def8a90f9194d81bc345c52ba20086athurlowdef auditrecon = new ObjectClass("auditrecon");
4bff34e37def8a90f9194d81bc345c52ba20086athurlowdef auditactivity = new ObjectClass("auditactivity");
4bff34e37def8a90f9194d81bc345c52ba20086athurlowdef auditaccess = new ObjectClass("auditaccess");
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossdef auditsync = new ObjectClass("auditsync");
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossif (filter instanceof EqualsFilter && ((EqualsFilter) filter).getAttribute().is(Uid.NAME)) {
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross def id = AttributeUtil.getStringValue(((EqualsFilter) filter).getAttribute());
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross where = " WHERE objectid = '${id}'";
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowlog.info("Search: ObjectClass {0}, where {1}", objectClass, where);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Rossswitch ( objectClass ) {
4bff34e37def8a90f9194d81bc345c52ba20086athurlow case auditaccess:
4bff34e37def8a90f9194d81bc345c52ba20086athurlow sql.eachRow("SELECT * FROM auditaccess" + where,
a547be5daca7e465ca82df6d179f6b1f8e0cda72Gordon Ross { row ->
handler {
uid row.objectid
id row.objectid // Name is required by OpenICF connector
attribute 'activity', row.activity
attribute 'activitydate', row.activitydate
attribute 'transactionid', row.transactionid
attribute 'eventname', row.eventname
attribute 'server',
JsonValueUtil.fromEntries(
field("ip", row.server_ip),
field("port", row.server_port)
).getObject()
attribute 'client',
JsonValueUtil.fromEntries(
field("host", row.client_host),
field("ip", row.client_ip),
field("port", row.client_port)
).getObject()
attribute 'authentication',
JsonValueUtil.fromEntries(
field("id", row.userid)
).getObject()
attribute 'authorization',
JsonValueUtil.fromEntries(
field("id", row.principal),
field("roles",
JsonValueUtil.fromJsonString(row.roles)?.getObject()),
field("component", row.auth_component)
).getObject()
attribute 'resource',
JsonValueUtil.fromEntries(
field("uri", row.resource_uri),
field("protocol", row.resource_protocol),
field("method", row.resource_method),
field("detail", row.resource_detail)
).getObject()
attribute 'http',
JsonValueUtil.fromEntries(
field("method", row.http_method),
field("path", row.http_path),
field("querystring", row.http_querystring),
field("headers",
JsonValueUtil.fromJsonString(row.http_headers)?.getObject())
).getObject()
attribute 'response',
JsonValueUtil.fromEntries(
field("status", row.status),
field("elapsedTime", row.elapsedtime)
).getObject()
}
}
);
break
case auditauthentication:
sql.eachRow("SELECT * FROM auditauthentication" + where,
{ row ->
handler {
uid row.objectid
id row.objectid
attribute 'transactionid', row.transactionid
attribute 'activitydate', row.activitydate
attribute 'authentication',
JsonValueUtil.fromEntries(
field("id", row.userid)
).getObject()
attribute 'eventname', row.eventname
attribute 'result', row.result
attribute 'principal', row.principals
attribute 'context',
JsonValueUtil.fromJsonString(row.context)?.getObject()
attribute 'sessionid', row.sessionid
attribute 'entries',
JsonValueUtil.fromJsonString(row.entries)?.getObject()
}
}
);
break;
case auditactivity:
sql.eachRow("SELECT * FROM auditactivity" + where,
{ row ->
handler {
uid row.objectid
id row.objectid // Name is required by OpenICF connector
attribute 'activitydate', row.activitydate
attribute 'activity', row.activity
attribute 'transactionid', row.transactionid
attribute 'eventname', row.eventname
attribute 'authentication',
JsonValueUtil.fromEntries(
field("id", row.userid)
).getObject()
attribute 'runas', row.runas
attribute 'resourceOperation',
JsonValueUtil.fromEntries(
field("uri", row.resource_uri),
field("protocol", row.resource_protocol),
field("operation", JsonValueUtil.fromEntries(
field("method", row.resource_method),
field("detail", row.resource_detail)
).getObject())
).getObject()
attribute 'subjectbefore', row.subjectbefore
attribute 'subjectafter', row.subjectafter
attribute 'changedfields',
JsonValueUtil.fromJsonString(row.changedfields)?.getObject()
attribute 'passwordchanged', JsonValueUtil.booleanFromString(row.passwordchanged)
attribute 'subjectrev', row.subjectrev
attribute 'message', row.message
attribute 'activityobjectid', row.activityobjectid
attribute 'status', row.status
}
}
);
break
case auditrecon:
sql.eachRow("SELECT * FROM auditrecon" + where,
{ row ->
handler {
uid row.objectid
id row.objectid // Name is required by OpenICF connector
attribute 'transactionid', row.transactionid
attribute 'activitydate', row.activitydate
attribute 'eventname', row.eventname
attribute 'authentication',
JsonValueUtil.fromEntries(
field("id", row.userid)
).getObject()
attribute 'activity', row.activity
attribute 'exceptiondetail', row.exceptiondetail
attribute 'linkqualifier', row.linkqualifier
attribute 'mapping', row.mapping
attribute 'message', row.message
attribute 'messagedetail',
JsonValueUtil.fromJsonString(row.messagedetail)?.getObject()
attribute 'situation', row.situation
attribute 'sourceobjectid', row.sourceobjectid
attribute 'status', row.status
attribute 'targetobjectid', row.targetobjectid
attribute 'reconciling', row.reconciling
attribute 'ambiguoustargetobjectids', row.ambiguoustargetobjectids
attribute 'reconaction', row.reconaction
attribute 'entrytype', row.entrytype
attribute 'reconid', row.reconid
}
}
);
break
case auditsync:
sql.eachRow("SELECT * FROM auditsync" + where,
{ row ->
handler {
uid row.objectid
id row.objectid
attribute 'transactionid', row.transactionid
attribute 'activitydate', row.activitydate
attribute 'eventname', row.eventname
attribute 'authentication',
JsonValueUtil.fromEntries(
field("id", row.userid)
).getObject()
attribute 'activity', row.activity
attribute 'exceptiondetail', row.exceptiondetail
attribute 'linkqualifier', row.linkqualifier
attribute 'mapping', row.mapping
attribute 'message', row.message
attribute 'messagedetail',
JsonValueUtil.fromJsonString(row.messagedetail)?.getObject()
attribute 'situation', row.situation
attribute 'sourceobjectid', row.sourceobjectid
attribute 'status', row.status
attribute 'targetobjectid', row.targetobjectid
}
}
);
break;
default:
log.warn("Didn't match objectClass " + objectClass);
}
return new SearchResult();