in service/src/main/java/org/apache/fineract/cn/identity/internal/command/handler/Provisioner.java [120:198]
public synchronized ApplicationSignatureSet provisionTenant(final String initialPasswordHash) {
{
final Optional<ApplicationSignatureSet> latestSignature = signature.getAllKeyTimestamps().stream()
.max(String::compareTo)
.flatMap(signature::getSignature)
.map(SignatureMapper::mapToApplicationSignatureSet);
if (latestSignature.isPresent()) {
final Optional<ByteBuffer> fixedSalt = tenant.getPrivateTenantInfo().map(PrivateTenantInfoEntity::getFixedSalt);
if (fixedSalt.isPresent()) {
logger.info("Changing password for tenant '{}' instead of provisioning...", TenantContextHolder
.checkedGetIdentifier());
final UserEntity suUser = userEntityCreator
.build(IdentityConstants.SU_NAME, IdentityConstants.SU_ROLE, initialPasswordHash, true,
fixedSalt.get().array(), timeToChangePasswordAfterExpirationInDays);
users.add(suUser);
logger.info("Successfully changed admin password '{}'...", TenantContextHolder.checkedGetIdentifier());
return latestSignature.get();
}
}
}
logger.info("Provisioning cassandra tables for tenant '{}'...", TenantContextHolder.checkedGetIdentifier());
final RsaKeyPairFactory.KeyPairHolder keys = RsaKeyPairFactory.createKeyPair();
byte[] fixedSalt = this.saltGenerator.createRandomSalt();
try {
signature.buildTable();
final SignatureEntity signatureEntity = signature.add(keys);
tenant.buildTable();
tenant.add(fixedSalt, passwordExpiresInDays, timeToChangePasswordAfterExpirationInDays);
users.buildTable();
permittableGroups.buildTable();
permissions.buildType();
roles.buildTable();
applicationSignatures.buildTable();
applicationPermissions.buildTable();
applicationPermissionUsers.buildTable();
applicationCallEndpointSets.buildTable();
createPermittablesGroup(PermittableGroupIds.ROLE_MANAGEMENT, "/roles/*", "/permittablegroups/*");
createPermittablesGroup(PermittableGroupIds.IDENTITY_MANAGEMENT, "/users/*");
createPermittablesGroup(PermittableGroupIds.SELF_MANAGEMENT, "/users/{useridentifier}/password", "/applications/*/permissions/*/users/{useridentifier}/enabled");
createPermittablesGroup(PermittableGroupIds.APPLICATION_SELF_MANAGEMENT, "/applications/{applicationidentifier}/permissions");
final List<PermissionType> permissions = new ArrayList<>();
permissions.add(fullAccess(PermittableGroupIds.ROLE_MANAGEMENT));
permissions.add(fullAccess(PermittableGroupIds.IDENTITY_MANAGEMENT));
permissions.add(fullAccess(PermittableGroupIds.SELF_MANAGEMENT));
permissions.add(fullAccess(PermittableGroupIds.APPLICATION_SELF_MANAGEMENT));
final RoleEntity suRole = new RoleEntity();
suRole.setIdentifier(IdentityConstants.SU_ROLE);
suRole.setPermissions(permissions);
roles.add(suRole);
final UserEntity suUser = userEntityCreator
.build(IdentityConstants.SU_NAME, IdentityConstants.SU_ROLE, initialPasswordHash, true,
fixedSalt, timeToChangePasswordAfterExpirationInDays);
users.add(suUser);
final ApplicationSignatureSet ret = SignatureMapper.mapToApplicationSignatureSet(signatureEntity);
logger.info("Successfully provisioned cassandra tables for tenant '{}'...", TenantContextHolder.checkedGetIdentifier());
return ret;
}
catch (final InvalidQueryException e)
{
logger.error("Failed to provision cassandra tables for tenant.", e);
throw ServiceException.internalError("Failed to provision tenant.");
}
}