MidPoint 3.9 and later
Parts of this sample (namely event.focusPassword
call) are available only in midPoint 3.9 and later.
Imagine that you want to append all user password values (as soon as they are changed) as individual records to a CSV file.
It is possible to configure a notification to do so:
<notificationConfiguration> <handler> <customNotifier> <category>modelEvent</category> <focusType>UserType</focusType> <status>alsoSuccess</status> <!-- avoid processing if there's an overall failure (e.g. password does not meet policy constraints) --> <expression> <script> <code> import com.evolveum.midpoint.xml.ns._public.common.common_3.* user = event.requestee?.resolveObjectType() pwd = event.focusPassword if (user != null && pwd != null) { m = new NotificationMessageType() m.setBody(user.name.orig + ";" + pwd) // record to be written to the file m } else { null } </code> </script> </expression> <transport>custom:csv</transport> </customNotifier> </handler> <customTransport name="csv"> <expression> <script> <code> new File('data.csv').append(message.body+'\n') </code> </script> </expression> </customTransport> </notificationConfiguration>
The first part i.e. <customNotifier
> translates a modelEvent (after filtering out non-user related events and events that ended in a failure) into a notification message containing username;password value pair. This is the line that should be written to CSV file.
The second part i.e. <customTransport>
writes the line into data.csv
file.
Notes:
- The
event.focusPassword
method is present only in midPoint 3.9 and later. But other parts of this mechanism are present in midPoint 3.6.1 already. - There's a slight limitation of
event.getFocusPassword()
method: it cannot distinguish between "no change of password" and "password set to null value". A more elaborate analysis of model context would be needed if such a distinction was required.