Commit c7dcc764 authored by michael.simon's avatar michael.simon
Browse files

Create job to scrub user data from ON_HOLD users

parent d2dde30c
......@@ -60,4 +60,12 @@ public class SamlUserEntity extends UserEntity {
public void setIdp(SamlIdpMetadataEntity idp) {
this.idp = idp;
}
public Set<SamlAssertionEntity> getAssertions() {
return assertions;
}
public void setAssertions(Set<SamlAssertionEntity> assertions) {
this.assertions = assertions;
}
}
......@@ -10,10 +10,13 @@
******************************************************************************/
package edu.kit.scc.webreg.dao;
import java.util.List;
import edu.kit.scc.webreg.entity.SamlUserEntity;
public interface SamlUserDao extends BaseDao<SamlUserEntity, Long> {
List<SamlUserEntity> findUsersForPseudo(Long onHoldSince, int limit);
SamlUserEntity findByPersistentWithRoles(String spId, String idpId,
String persistentId);
SamlUserEntity findByEppn(String eppn);
......
......@@ -11,6 +11,8 @@
package edu.kit.scc.webreg.dao.jpa;
import java.io.Serializable;
import java.util.Date;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;
......@@ -22,6 +24,7 @@ import javax.persistence.criteria.Root;
import edu.kit.scc.webreg.dao.SamlUserDao;
import edu.kit.scc.webreg.entity.SamlUserEntity;
import edu.kit.scc.webreg.entity.UserStatus;
@Named
@ApplicationScoped
......@@ -29,6 +32,25 @@ public class JpaSamlUserDao extends JpaBaseDao<SamlUserEntity, Long> implements
private static final long serialVersionUID = 1L;
@Override
public List<SamlUserEntity> findUsersForPseudo(Long onHoldSince, int limit) {
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<SamlUserEntity> criteria = builder.createQuery(SamlUserEntity.class);
Root<SamlUserEntity> user = criteria.from(SamlUserEntity.class);
criteria.where(builder.and(
builder.equal(user.get("userStatus"), UserStatus.ON_HOLD),
builder.lessThanOrEqualTo(user.<Date>get("lastStatusChange"), new Date(System.currentTimeMillis() - onHoldSince)),
builder.isNotNull(user.get("eppn")),
builder.isNotNull(user.get("email")),
builder.isNotNull(user.get("givenName")),
builder.isNotNull(user.get("surName"))
));
criteria.select(user);
criteria.orderBy(builder.asc(user.<Date>get("lastStatusChange")));
return em.createQuery(criteria).setMaxResults(limit).getResultList();
}
@Override
public SamlUserEntity findByPersistentWithRoles(String spId, String idpId, String persistentId) {
CriteriaBuilder builder = em.getCriteriaBuilder();
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.job;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.entity.SamlUserEntity;
import edu.kit.scc.webreg.service.saml.SamlUserDeprovisionService;
public class PseudonymizeOnHoldSamlUsers extends AbstractExecutableJob {
private static final long serialVersionUID = 1L;
@Override
public void execute() {
Logger logger = LoggerFactory.getLogger(PseudonymizeOnHoldSamlUsers.class);
if (! getJobStore().containsKey("on_hold_since_millis")) {
logger.warn("DeregisterInvalidRegistries Job is not configured correctly. invalid_since_millis Parameter is missing in JobMap");
return;
}
Long lastUpdate = Long.parseLong(getJobStore().get("on_hold_since_millis"));
int limit = 1;
if (getJobStore().containsKey("limit")) {
limit = Integer.parseInt(getJobStore().get("limit"));
}
try {
InitialContext ic = new InitialContext();
SamlUserDeprovisionService service = (SamlUserDeprovisionService) ic.lookup("global/bwreg/bwreg-service/SamlUserDeprovisionServiceImpl!edu.kit.scc.webreg.service.saml.SamlUserDeprovisionService");
List<SamlUserEntity> userList = service.findUsersForPseudo(lastUpdate, limit);
logger.debug("Found {} users suitable for pseudonymisation", userList.size());
for (SamlUserEntity user : userList) {
logger.debug("Inspecting user {} - {} - {} - {} - {}", user.getId(), user.getEppn(), user.getEmail(), user.getUserStatus(), user.getLastStatusChange());
service.pseudoUser(user);
}
} catch (NamingException e) {
logger.warn("Could not pseudo saml users: {}", e);
}
}
}
package edu.kit.scc.webreg.service.saml;
import java.io.Serializable;
import java.util.List;
import edu.kit.scc.webreg.entity.SamlUserEntity;
public interface SamlUserDeprovisionService extends Serializable {
List<SamlUserEntity> findUsersForPseudo(Long onHoldSince, int limit);
SamlUserEntity pseudoUser(SamlUserEntity user);
}
package edu.kit.scc.webreg.service.saml;
import java.util.Date;
import java.util.List;
import javax.ejb.Stateless;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.dao.SamlUserDao;
import edu.kit.scc.webreg.entity.SamlUserEntity;
@Stateless
public class SamlUserDeprovisionServiceImpl implements SamlUserDeprovisionService {
private static final long serialVersionUID = 1L;
private static final Logger logger = LoggerFactory.getLogger(SamlUserDeprovisionServiceImpl.class);
@Inject
private SamlUserDao dao;
@Override
public List<SamlUserEntity> findUsersForPseudo(Long onHoldSince, int limit) {
return dao.findUsersForPseudo(onHoldSince, limit);
}
@Override
public SamlUserEntity pseudoUser(SamlUserEntity user) {
user = dao.findById(user.getId());
logger.info("Pseudonymisiong user {} (identity {})", user.getId(), user.getIdentity().getId());
user.setEppn(null);
user.setEmail(null);
user.getEmailAddresses().clear();
user.setGivenName(null);
user.setSurName(null);
user.getAssertions().clear();
user.getGenericStore().put("pseudoed_since", new Date().toString());
return user;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment