use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentitySynchronizationExecutor method findDuplicate.
/**
* Search duplicate for given identity-account relation. If some duplicate is
* found, then is returned first.
*
* @param identityAccount
* @return
*/
private AccIdentityAccountDto findDuplicate(AccIdentityAccountDto identityAccount) {
Assert.notNull(identityAccount, "Identity account is required.");
Assert.notNull(identityAccount.getAccount(), "Account is required.");
Assert.notNull(identityAccount.getIdentity(), "Identity is required.");
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setAccountId(identityAccount.getAccount());
filter.setOwnership(identityAccount.isOwnership());
filter.setIdentityId(identityAccount.getIdentity());
filter.setIdentityRoleId(identityAccount.getIdentityRole());
filter.setRoleSystemId(identityAccount.getRoleSystem());
List<AccIdentityAccountDto> entityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1)).getContent();
if (entityAccounts.isEmpty()) {
return null;
}
return entityAccounts.get(0);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentitySyncTest method testCreateIdentityWithDefaultContractAndRoleAsync.
@Test
public void testCreateIdentityWithDefaultContractAndRoleAsync() {
try {
getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, true);
SysSystemDto system = initData();
Assert.assertNotNull(system);
IdmRoleDto defaultRole = helper.createRole();
SysSyncIdentityConfigDto config = doCreateSyncConfig(system);
// Set default role to sync configuration
config.setDefaultRole(defaultRole.getId());
config.setInactiveOwnerBehavior(SynchronizationInactiveOwnerBehaviorType.LINK);
config.setCreateDefaultContract(true);
config = (SysSyncIdentityConfigDto) syncConfigService.save(config);
// create default mapping for provisioning
helper.createMapping(system);
helper.createRoleSystem(defaultRole, system);
IdmIdentityFilter identityFilter = new IdmIdentityFilter();
identityFilter.setUsername(IDENTITY_ONE);
List<IdmIdentityDto> identities = identityService.find(identityFilter, null).getContent();
Assert.assertEquals(0, identities.size());
helper.startSynchronization(config);
// Have to be in the success state, because default role will be assigned to the default contract.
SysSyncLogDto log = checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 1, OperationResultType.SUCCESS);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
identities = identityService.find(identityFilter, null).getContent();
Assert.assertEquals(1, identities.size());
IdmIdentityDto identity = identities.get(0);
List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identities.get(0).getId());
Assert.assertEquals(1, roles.size());
IdmIdentityRoleDto assignedRole = roles.get(0);
Assert.assertEquals(defaultRole.getId(), assignedRole.getRole());
// Check only one identity account is created.
// Only one identity-account relation can exists, because only one
// current valid identity-role exists now (the second is future valid).
AccIdentityAccountFilter accountFilter = new AccIdentityAccountFilter();
accountFilter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(accountFilter, null).getContent();
// !!!!To delete - Test doesn't pass on the Jenkins, we need to more information
if (identityAccounts.size() > 1) {
identityAccounts.forEach(identityAccountDtoOne -> {
System.out.println("Account: " + identityAccountDtoOne.getAccount());
System.out.println("RoleSystem: " + identityAccountDtoOne.getRoleSystem());
System.out.println("Identity: " + identityAccountDtoOne.getIdentity());
System.out.println("IdentityRole: " + identityAccountDtoOne.getIdentityRole());
});
}
// !!!
Assert.assertEquals(1, identityAccounts.size());
Assert.assertEquals(assignedRole.getId(), identityAccounts.get(0).getIdentityRole());
// Delete log
syncLogService.delete(log);
syncConfigService.delete(config);
} finally {
getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, false);
}
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class RoleRequestRealizationProcessor method process.
@Override
public EventResult<IdmRoleRequestDto> process(EntityEvent<IdmRoleRequestDto> event) {
IdmRoleRequestDto request = event.getContent();
IdmIdentityDto identity = identityService.get(request.getApplicant());
Set<IdmIdentityRoleDto> addedIdentityRoles = this.getSetProperty(IdentityRoleEvent.PROPERTY_ASSIGNED_NEW_ROLES, event, IdmIdentityRoleDto.class);
Set<IdmIdentityRoleDto> updatedIdentityRoles = this.getSetProperty(IdentityRoleEvent.PROPERTY_ASSIGNED_UPDATED_ROLES, event, IdmIdentityRoleDto.class);
Set<UUID> removedIdentityAccounts = this.getSetProperty(IdmAccountDto.IDENTITY_ACCOUNT_FOR_DELAYED_ACM, event, UUID.class);
Set<UUID> accountsForAdditionalProvisioning = this.getSetProperty(IdmAccountDto.ACCOUNT_FOR_ADDITIONAL_PROVISIONING, event, UUID.class);
boolean skipProvisioning = this.getBooleanProperty(ProvisioningService.SKIP_PROVISIONING, event.getProperties());
Set<UUID> accountsForProvisioning = new HashSet<>(accountsForAdditionalProvisioning);
if (addedIdentityRoles.size() > 0) {
LOG.debug("Call account management for identity [{}] and new identity-roles [{}]", identity.getUsername(), addedIdentityRoles);
List<UUID> accounts = accountManagementService.resolveNewIdentityRoles(identity, addedIdentityRoles.toArray(new IdmIdentityRoleDto[0]));
addAccounts(accountsForProvisioning, accounts);
}
if (updatedIdentityRoles.size() > 0) {
LOG.debug("Call account management for identity [{}] and updated identity-roles [{}]", identity.getUsername(), updatedIdentityRoles);
List<UUID> accounts = accountManagementService.resolveUpdatedIdentityRoles(identity, updatedIdentityRoles.toArray(new IdmIdentityRoleDto[0]));
addAccounts(accountsForProvisioning, accounts);
}
// Remove delayed identity-accounts (includes provisioning)
if (removedIdentityAccounts.size() > 0) {
LOG.debug("Call account management for identity [{}] - remove identity-accounts [{}]", identity.getUsername(), removedIdentityAccounts);
removedIdentityAccounts.stream().distinct().forEach(identityAccountId -> {
AccIdentityAccountDto identityAccountDto = identityAccountService.get(identityAccountId);
if (identityAccountDto != null) {
IdentityAccountEvent eventIdentityAccount = new IdentityAccountEvent(IdentityAccountEventType.DELETE, identityAccountDto, ImmutableMap.of(AccIdentityAccountService.DELETE_TARGET_ACCOUNT_KEY, Boolean.TRUE, AccIdentityAccountService.FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY, Boolean.FALSE, IdmRoleRequestService.ROLE_REQUEST_ID_KEY, request.getId()));
identityAccountService.publish(eventIdentityAccount);
accountsForProvisioning.add(identityAccountDto.getAccount());
}
});
}
// Init context in identity DTO and set ID of role-request to it.
initContext(identity, request);
// Skip provisionig
if (skipProvisioning) {
return new DefaultEventResult<>(event, this);
}
// Provisioning for modified account
accountsForProvisioning.forEach(accountId -> {
AccAccountDto account = accountService.get(accountId);
if (account != null) {
// Account could be null (was deleted).
LOG.debug("Call provisioning for identity [{}] and account [{}]", identity.getUsername(), account.getUid());
provisioningService.doProvisioning(account, identity);
}
});
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityAccountSaveProcessor method findIdentityAccounts.
private List<AccIdentityAccountDto> findIdentityAccounts(UUID account) {
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setAccountId(account);
filter.setOwnership(Boolean.TRUE);
List<AccIdentityAccountDto> identityAccounts = service.find(filter, null).getContent();
return identityAccounts;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityPasswordValidateProcessor method process.
@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
IdmIdentityDto identity = event.getContent();
//
Assert.notNull(passwordChangeDto, "Password change dto is required.");
Assert.notNull(identity, "Identity is required.");
//
LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
//
List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
//
// Find user accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
//
if (!securityService.isAdmin()) {
// check accounts and property all_only
PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
// get distinct account ids from identity accounts
List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
// filter by ownership
return (identityAccount.isOwnership());
}).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
//
if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
// size of the found accounts must match the account size in the password change - ALL_ONLY
boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
if (!containsAll) {
throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
}
}
}
}
//
// validate
IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
// get old password for validation - till, from and password history
IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
passwordValidationDto.setIdentity(identity);
passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
//
return new DefaultEventResult<>(event, this);
}
Aggregations