Examples with SynchronizationInactiveOwnerBehaviorType eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType used on opensource projects

Example 1 with SynchronizationInactiveOwnerBehaviorType

use of eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method createEntityAccount.

@Override
protected EntityAccountDto createEntityAccount(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
    Assert.notNull(account, "Account is required.");
    Assert.notNull(entity, "Entity is required.");
    EntityAccountDto entityAccount = super.createEntityAccount(account, entity, context);
    Assert.isInstanceOf(AccIdentityAccountDto.class, entityAccount, "For identity sync must be entity-account relation instance of AccIdentityAccountDto!");
    AccIdentityAccountDto identityAccount = (AccIdentityAccountDto) entityAccount;
    SysSyncIdentityConfigDto config = this.getConfig(context);
    SysSyncItemLogDto itemLog = context.getLogItem();
    UUID defaultRoleId = config.getDefaultRole();
    if (defaultRoleId == null) {
        return identityAccount;
    }
    // Default role is defined
    IdmRoleDto defaultRole = DtoUtils.getEmbedded(config, SysSyncIdentityConfig_.defaultRole);
    Assert.notNull(defaultRole, "Default role must be found for this sync configuration!");
    this.addToItemLog(itemLog, (MessageFormat.format("Default role [{1}] is defined and will be assigned to the identity [{0}].", entity.getCode(), defaultRole.getCode())));
    List<IdmIdentityContractDto> contracts = Lists.newArrayList();
    // Could be default role assigned to all valid or future valid contracts?
    if (config.isAssignDefaultRoleToAll()) {
        IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
        contractFilter.setValidNowOrInFuture(Boolean.TRUE);
        contractFilter.setIdentity(entity.getId());
        contracts = identityContractService.find(contractFilter, null).getContent();
        this.addToItemLog(itemLog, (MessageFormat.format("Default role will be assigned to all valid or future valid contracts, number of found contracts [{0}].", contracts.size())));
    } else {
        // Default role will be assigned only to prime contract
        IdmIdentityContractDto primeContract = identityContractService.getPrimeValidContract(entity.getId());
        if (primeContract != null) {
            contracts.add(primeContract);
        }
    }
    if (contracts.isEmpty()) {
        SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
        if (SynchronizationInactiveOwnerBehaviorType.LINK_PROTECTED == inactiveOwnerBehavior) {
            this.addToItemLog(itemLog, (MessageFormat.format("Default role is set, but it will not be assigned - no contract was found for identity [{0}]," + " so the account will be in protection.", entity.getCode())));
        } else {
            this.addToItemLog(itemLog, ("Warning! - Default role is set, but could not be assigned to identity, because the identity has not any suitable contract!"));
            this.initSyncActionLog(context.getActionType(), OperationResultType.WARNING, context.getLogItem(), context.getLog(), context.getActionLogs());
        }
        return identityAccount;
    }
    List<IdmConceptRoleRequestDto> concepts = new ArrayList<>(contracts.size());
    for (IdmIdentityContractDto contract : contracts) {
        IdmConceptRoleRequestDto concept = new IdmConceptRoleRequestDto();
        concept.setIdentityContract(contract.getId());
        // filled automatically - prevent to provision future valid roles by default
        concept.setValidFrom(contract.getValidFrom());
        // #1887: its not filled automatically form contract (validity will be controlled by contract validity dynamically)
        concept.setValidTill(null);
        concept.setRole(defaultRole.getId());
        concept.setOperation(ConceptRoleRequestOperation.ADD);
        concepts.add(concept);
    }
    // Create role request for default role and primary contract
    // Add skip of provisioning property. We don't want execute provisioning now, but after update of entity (only once).
    Map<String, Serializable> properties = new LinkedHashMap<>();
    properties.put(ProvisioningService.SKIP_PROVISIONING, Boolean.TRUE);
    IdmRoleRequestDto roleRequest = roleRequestService.executeConceptsImmediate(entity.getId(), concepts, properties);
    // Load concepts  and try to find duplicate identity account
    AccIdentityAccountDto duplicate = null;
    IdmConceptRoleRequestFilter conceptFilter = new IdmConceptRoleRequestFilter();
    conceptFilter.setRoleRequestId(roleRequest.getId());
    for (IdmConceptRoleRequestDto concept : conceptRoleRequestService.find(conceptFilter, null)) {
        UUID identityRoleId = concept.getIdentityRole();
        Assert.notNull(identityRoleId, "Identity role relation had to been created!");
        identityAccount.setIdentityRole(identityRoleId);
        duplicate = this.findDuplicate(identityAccount);
        if (duplicate != null) {
            break;
        }
    }
    if (duplicate != null) {
        // This IdentityAccount is new and duplicated, we do not want create duplicated
        // relation.
        // Same IdentityAccount had to be created by assigned default role!
        this.addToItemLog(itemLog, (MessageFormat.format("This identity-account (identity-role id: [{2}]) is new and duplicated, " + "we do not want create duplicated relation! " + "We will reuse already persisted identity-account [{3}]. " + "Probable reason: Same identity-account had to be created by assigned default role!", identityAccount.getAccount(), identityAccount.getIdentity(), identityAccount.getIdentityRole(), duplicate.getId())));
        // Reusing duplicate
        return duplicate;
    }
    return identityAccount;
}

Example 2 with SynchronizationInactiveOwnerBehaviorType

use of eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method skipEntityUpdate.

@Override
protected boolean skipEntityUpdate(IdmIdentityDto entity, SynchronizationContext context) {
    IdmIdentityContractDto primeContract = this.getPrimeValidContract(entity, context);
    if (primeContract != null) {
        // Default role can be assigned
        return false;
    }
    SysSyncIdentityConfigDto config = this.getConfig(context);
    UUID defaultRoleId = config.getDefaultRole();
    if (defaultRoleId == null) {
        // Default role is not specified
        return false;
    }
    SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
    return SynchronizationInactiveOwnerBehaviorType.DO_NOT_LINK == inactiveOwnerBehavior && entity != null;
}

Example 3 with SynchronizationInactiveOwnerBehaviorType

use of eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method applySpecificSettingsBeforeLink.

/**
 * Apply settings that are specific to this type of entity.Default
 * implementation is empty.
 *
 * @param account
 * @param entity - can be null in the case of Missing entity situation
 * @param context
 *
 * @return
 */
@Override
protected AccAccountDto applySpecificSettingsBeforeLink(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
    SysSyncIdentityConfigDto config = this.getConfig(context);
    SysSyncItemLogDto logItem = context.getLogItem();
    SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
    UUID defaultRoleId = config.getDefaultRole();
    if (defaultRoleId == null) {
        // Default role is not specified - no problem
        return account;
    }
    if (SynchronizationInactiveOwnerBehaviorType.LINK == inactiveOwnerBehavior) {
        return account;
    }
    IdmIdentityContractDto primeContract = this.getPrimeValidContract(entity, context);
    if (primeContract != null) {
        // Default role can be assigned
        return account;
    }
    boolean contractCanBeCreated = config.isCreateDefaultContract() && identityConfiguration.isCreateDefaultContractEnabled();
    switch(inactiveOwnerBehavior) {
        case LINK_PROTECTED:
            if (entity != null || !contractCanBeCreated) {
                activateProtection(account, entity, context);
            }
            return account;
        case DO_NOT_LINK:
            if (entity == null) {
                if (contractCanBeCreated) {
                    // so the link can be created here
                    return account;
                } else {
                    // there will be no contract to assign the default role -> no link
                    addToItemLog(logItem, MessageFormat.format("New identity for account with uid [{0}] would not have any default contract, so the account could not be linked. So the identity will not be created.", account.getUid()));
                    initSyncActionLog(SynchronizationActionType.MISSING_ENTITY, OperationResultType.IGNORE, logItem, context.getLog(), context.getActionLogs());
                    return null;
                }
            }
            // We don't want to create account at all and also we don't want to continue updating entity if it was configured
            context.addSkipEntityUpdate(true);
            addToItemLog(logItem, MessageFormat.format("Identity [{0}] does not have any valid contract, account with uid [{1}] will not be linked.", entity.getCode(), account.getUid()));
            initSyncActionLog(SynchronizationActionType.UNLINKED, OperationResultType.IGNORE, logItem, context.getLog(), context.getActionLogs());
            return null;
        default:
            return account;
    }
}

Example 4 with SynchronizationInactiveOwnerBehaviorType

use of eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method validate.

@Override
protected SynchronizationContext validate(UUID synchronizationConfigId) {
    SynchronizationContext context = super.validate(synchronizationConfigId);
    SysSyncIdentityConfigDto config = this.getConfig(context);
    SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
    UUID defaultRole = config.getDefaultRole();
    if (defaultRole != null && inactiveOwnerBehavior == null) {
        throw new ResultCodeException(AccResultCode.SYNCHRONIZATION_INACTIVE_OWNER_BEHAVIOR_MUST_BE_SET);
    }
    if (SynchronizationInactiveOwnerBehaviorType.LINK_PROTECTED == inactiveOwnerBehavior) {
        SysSystemMappingDto provisioningMapping = systemMappingService.findProvisioningMapping(context.getSystem().getId(), context.getEntityType());
        if (provisioningMapping == null) {
            throw new ResultCodeException(AccResultCode.SYNCHRONIZATION_PROVISIONING_MUST_EXIST, ImmutableMap.of("property", SynchronizationInactiveOwnerBehaviorType.LINK_PROTECTED));
        }
        if (!provisioningMapping.isProtectionEnabled()) {
            throw new ResultCodeException(AccResultCode.SYNCHRONIZATION_PROTECTION_MUST_BE_ENABLED, // 
            ImmutableMap.of(// 
            "property", // 
            SynchronizationInactiveOwnerBehaviorType.LINK_PROTECTED, "mapping", provisioningMapping.getName()));
        }
        context.addProtectionInterval(provisioningMapping.getProtectionInterval());
    }
    return context;
}

Example 5 with SynchronizationInactiveOwnerBehaviorType

use of eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method syncStarted.

@Override
protected SysSyncLogDto syncStarted(SysSyncLogDto log, SynchronizationContext context) {
    log = super.syncStarted(log, context);
    SysSyncIdentityConfigDto config = this.getConfig(context);
    UUID defaultRoleId = config.getDefaultRole();
    SynchronizationInactiveOwnerBehaviorType inactiveOwnerBehavior = config.getInactiveOwnerBehavior();
    boolean startAutoRoleRec = config.isStartAutoRoleRec();
    boolean createDefaultContract = config.isCreateDefaultContract();
    boolean createDefaultContractSystem = identityConfiguration.isCreateDefaultContractEnabled();
    String defaultRoleCode = "";
    if (defaultRoleId != null) {
        IdmRoleDto defaultRole = DtoUtils.getEmbedded(config, SysSyncIdentityConfig_.defaultRole);
        Assert.notNull(defaultRole, "Default role must be found for this sync configuration!");
        defaultRoleCode = defaultRole.getCode();
    }
    StringBuilder builder = new StringBuilder();
    builder.append("Specific settings:");
    builder.append(MessageFormat.format("\nDefault role: {0}", defaultRoleCode));
    builder.append(MessageFormat.format("\nAssign default role to all valid or future contracts: {0}", config.isAssignDefaultRoleToAll()));
    builder.append(MessageFormat.format("\nBehavior of the default role for inactive identities: {0}", defaultRoleId == null ? "---" : inactiveOwnerBehavior));
    if (createDefaultContract && !createDefaultContractSystem) {
        builder.append("\nCreate default contract: WARNING! Creating default contract is enabled, but it's disabled on the system level. Contracts will not be created!");
    } else {
        builder.append(MessageFormat.format("\nCreate default contract: {0}", createDefaultContract));
    }
    builder.append(MessageFormat.format("\nAfter end, start the automatic role recalculation: {0}", startAutoRoleRec));
    log.addToLog(builder.toString());
    return log;
}