Search in sources :

Example 46 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method findDuplicate.

/**
 * Search duplicate for given identity-account relation. If some duplicate is
 * found, then is returned first.
 *
 * @param identityAccount
 * @return
 */
private AccIdentityAccountDto findDuplicate(AccIdentityAccountDto identityAccount) {
    Assert.notNull(identityAccount, "Identity account is required.");
    Assert.notNull(identityAccount.getAccount(), "Account is required.");
    Assert.notNull(identityAccount.getIdentity(), "Identity is required.");
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setAccountId(identityAccount.getAccount());
    filter.setOwnership(identityAccount.isOwnership());
    filter.setIdentityId(identityAccount.getIdentity());
    filter.setIdentityRoleId(identityAccount.getIdentityRole());
    filter.setRoleSystemId(identityAccount.getRoleSystem());
    List<AccIdentityAccountDto> entityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1)).getContent();
    if (entityAccounts.isEmpty()) {
        return null;
    }
    return entityAccounts.get(0);
}
Also used : AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 47 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySyncTest method testCreateIdentityWithDefaultContractAndRoleAsync.

@Test
public void testCreateIdentityWithDefaultContractAndRoleAsync() {
    try {
        getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, true);
        SysSystemDto system = initData();
        Assert.assertNotNull(system);
        IdmRoleDto defaultRole = helper.createRole();
        SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
        // Set default role to sync configuration
        config.setDefaultRole(defaultRole.getId());
        config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
        config.setCreateDefaultContract(true);
        config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
        // create default mapping for provisioning
        helper.createMapping(system);
        helper.createRoleSystem(defaultRole, system);
        IdmIdentityFilter identityFilter = new IdmIdentityFilter();
        identityFilter.setUsername(IDENTITY_ONE);
        List<IdmIdentityDto> identities = identityService.find(identityFilter, null).getContent();
        Assert.assertEquals(0, identities.size());
        helper.startSynchronization(config);
        // Have to be in the success state, because default role will be assigned to the default contract.
        SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 1, OperationResultType.SUCCESS);
        Assert.assertFalse(log.isRunning());
        Assert.assertFalse(log.isContainsError());
        identities = identityService.find(identityFilter, null).getContent();
        Assert.assertEquals(1, identities.size());
        IdmIdentityDto identity = identities.get(0);
        List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identities.get(0).getId());
        Assert.assertEquals(1, roles.size());
        IdmIdentityRoleDto assignedRole = roles.get(0);
        Assert.assertEquals(defaultRole.getId(), assignedRole.getRole());
        // Check only one identity account is created.
        // Only one identity-account relation can exists, because only one
        // current valid identity-role exists now (the second is future valid).
        AccIdentityAccountFilter accountFilter = new AccIdentityAccountFilter();
        accountFilter.setIdentityId(identity.getId());
        List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(accountFilter, null).getContent();
        // !!!!To delete - Test doesn't pass on the Jenkins, we need to more information
        if (identityAccounts.size() > 1) {
            identityAccounts.forEach(identityAccountDtoOne -> {
                System.out.println("Account: " + identityAccountDtoOne.getAccount());
                System.out.println("RoleSystem: " + identityAccountDtoOne.getRoleSystem());
                System.out.println("Identity: " + identityAccountDtoOne.getIdentity());
                System.out.println("IdentityRole: " + identityAccountDtoOne.getIdentityRole());
            });
        }
        // !!!
        Assert.assertEquals(1, identityAccounts.size());
        Assert.assertEquals(assignedRole.getId(), identityAccounts.get(0).getIdentityRole());
        // Delete log
        syncLogService.delete(log);
        syncConfigService.delete(config);
    } finally {
        getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, false);
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto) IdmIdentityFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test) DefaultSynchronizationServiceTest(eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationServiceTest)

Example 48 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class RoleRequestRealizationProcessor method process.

@Override
public EventResult<IdmRoleRequestDto> process(EntityEvent<IdmRoleRequestDto> event) {
    IdmRoleRequestDto request = event.getContent();
    IdmIdentityDto identity = identityService.get(request.getApplicant());
    Set<IdmIdentityRoleDto> addedIdentityRoles = this.getSetProperty(IdentityRoleEvent.PROPERTY_ASSIGNED_NEW_ROLES, event, IdmIdentityRoleDto.class);
    Set<IdmIdentityRoleDto> updatedIdentityRoles = this.getSetProperty(IdentityRoleEvent.PROPERTY_ASSIGNED_UPDATED_ROLES, event, IdmIdentityRoleDto.class);
    Set<UUID> removedIdentityAccounts = this.getSetProperty(IdmAccountDto.IDENTITY_ACCOUNT_FOR_DELAYED_ACM, event, UUID.class);
    Set<UUID> accountsForAdditionalProvisioning = this.getSetProperty(IdmAccountDto.ACCOUNT_FOR_ADDITIONAL_PROVISIONING, event, UUID.class);
    boolean skipProvisioning = this.getBooleanProperty(ProvisioningService.SKIP_PROVISIONING, event.getProperties());
    Set<UUID> accountsForProvisioning = new HashSet<>(accountsForAdditionalProvisioning);
    if (addedIdentityRoles.size() > 0) {
        LOG.debug("Call account management for identity [{}] and new identity-roles [{}]", identity.getUsername(), addedIdentityRoles);
        List<UUID> accounts = accountManagementService.resolveNewIdentityRoles(identity, addedIdentityRoles.toArray(new IdmIdentityRoleDto[0]));
        addAccounts(accountsForProvisioning, accounts);
    }
    if (updatedIdentityRoles.size() > 0) {
        LOG.debug("Call account management for identity [{}] and updated identity-roles [{}]", identity.getUsername(), updatedIdentityRoles);
        List<UUID> accounts = accountManagementService.resolveUpdatedIdentityRoles(identity, updatedIdentityRoles.toArray(new IdmIdentityRoleDto[0]));
        addAccounts(accountsForProvisioning, accounts);
    }
    // Remove delayed identity-accounts (includes provisioning)
    if (removedIdentityAccounts.size() > 0) {
        LOG.debug("Call account management for identity [{}] - remove identity-accounts [{}]", identity.getUsername(), removedIdentityAccounts);
        removedIdentityAccounts.stream().distinct().forEach(identityAccountId -> {
            AccIdentityAccountDto identityAccountDto = identityAccountService.get(identityAccountId);
            if (identityAccountDto != null) {
                IdentityAccountEvent eventIdentityAccount = new IdentityAccountEvent(IdentityAccountEventType.DELETE, identityAccountDto, ImmutableMap.of(AccIdentityAccountService.DELETE_TARGET_ACCOUNT_KEY, Boolean.TRUE, AccIdentityAccountService.FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY, Boolean.FALSE, IdmRoleRequestService.ROLE_REQUEST_ID_KEY, request.getId()));
                identityAccountService.publish(eventIdentityAccount);
                accountsForProvisioning.add(identityAccountDto.getAccount());
            }
        });
    }
    // Init context in identity DTO and set ID of role-request to it.
    initContext(identity, request);
    // Skip provisionig
    if (skipProvisioning) {
        return new DefaultEventResult<>(event, this);
    }
    // Provisioning for modified account
    accountsForProvisioning.forEach(accountId -> {
        AccAccountDto account = accountService.get(accountId);
        if (account != null) {
            // Account could be null (was deleted).
            LOG.debug("Call provisioning for identity [{}] and account [{}]", identity.getUsername(), account.getUid());
            provisioningService.doProvisioning(account, identity);
        }
    });
    return new DefaultEventResult<>(event, this);
}
Also used : AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdentityAccountEvent(eu.bcvsolutions.idm.acc.event.IdentityAccountEvent) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) UUID(java.util.UUID) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) HashSet(java.util.HashSet)

Example 49 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentityAccountSaveProcessor method findIdentityAccounts.

private List<AccIdentityAccountDto> findIdentityAccounts(UUID account) {
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setAccountId(account);
    filter.setOwnership(Boolean.TRUE);
    List<AccIdentityAccountDto> identityAccounts = service.find(filter, null).getContent();
    return identityAccounts;
}
Also used : AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 50 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    IdmIdentityDto identity = event.getContent();
    // 
    Assert.notNull(passwordChangeDto, "Password change dto is required.");
    Assert.notNull(identity, "Identity is required.");
    // 
    LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
    // 
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
    // 
    // Find user accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // 
    if (!securityService.isAdmin()) {
        // check accounts and property all_only
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
            // get distinct account ids from identity accounts
            List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
                // filter by ownership
                return (identityAccount.isOwnership());
            }).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
            // 
            if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
                // size of the found accounts must match the account size in the password change - ALL_ONLY
                boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
                if (!containsAll) {
                    throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
                }
            }
        }
    }
    // 
    // validate
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    // get old password for validation - till, from and password history
    IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
    passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
    passwordValidationDto.setIdentity(identity);
    passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
    this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) Autowired(org.springframework.beans.factory.annotation.Autowired) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmPasswordService(eu.bcvsolutions.idm.core.api.service.IdmPasswordService) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) ArrayList(java.util.ArrayList) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdentityEventType(eu.bcvsolutions.idm.core.model.event.IdentityEvent.IdentityEventType) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) IdentityProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) Description(org.springframework.context.annotation.Description) AccModuleDescriptor(eu.bcvsolutions.idm.acc.AccModuleDescriptor) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) AccIdentityAccountRepository(eu.bcvsolutions.idm.acc.repository.AccIdentityAccountRepository) IdmPasswordPolicyType(eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType) IdentityPasswordProcessor(eu.bcvsolutions.idm.core.model.event.processor.identity.IdentityPasswordProcessor) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) List(java.util.List) Component(org.springframework.stereotype.Component) IdmPasswordPolicy(eu.bcvsolutions.idm.core.model.entity.IdmPasswordPolicy) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) IdentityConfiguration(eu.bcvsolutions.idm.core.api.config.domain.IdentityConfiguration) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) Assert(org.springframework.util.Assert) IdmPasswordPolicyService(eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Aggregations

AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)115 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)92 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)90 Test (org.junit.Test)79 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)76 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)59 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)59 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)48 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)38 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)34 TestResource (eu.bcvsolutions.idm.acc.entity.TestResource)31 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)29 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)22 ArrayList (java.util.ArrayList)22 UUID (java.util.UUID)21 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)19 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)17 Transactional (org.springframework.transaction.annotation.Transactional)17 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)16 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)16