MidPoint 3.9 and later
Parts of this sample (namely event.focusPassword call) are available only in midPoint 3.9 and later.
Imagine that you want to append all user password values (as soon as they are changed) as individual records to a CSV file.
It is possible to configure a notification to do so:
<notificationConfiguration>
<handler>
<customNotifier>
<category>modelEvent</category>
<focusType>UserType</focusType>
<status>alsoSuccess</status> <!-- avoid processing if there's an overall failure (e.g. password does not meet policy constraints) -->
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
user = event.requestee?.resolveObjectType()
pwd = event.focusPassword
if (user != null && pwd != null) {
m = new NotificationMessageType()
m.setBody(user.name.orig + ";" + pwd) // record to be written to the file
m
} else {
null
}
</code>
</script>
</expression>
<transport>custom:csv</transport>
</customNotifier>
</handler>
<customTransport name="csv">
<expression>
<script>
<code>
new File('data.csv').append(message.body+'\n')
</code>
</script>
</expression>
</customTransport>
</notificationConfiguration>
The first part i.e. <customNotifier> translates a modelEvent (after filtering out non-user related events and events that ended in a failure) into a notification message containing username;password value pair. This is the line that should be written to CSV file.
The second part i.e. <customTransport> writes the line into data.csv file.
Notes:
- The
event.focusPasswordmethod is present only in midPoint 3.9 and later. But other parts of this mechanism are present in midPoint 3.6.1 already. - There's a slight limitation of
event.getFocusPassword()method: it cannot distinguish between "no change of password" and "password set to null value". A more elaborate analysis of model context would be needed if such a distinction was required.