Search in sources :

Example 36 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method findDuplicate.

/**
 * Search duplicate for given identity-account relation.
 * If some duplicate is found, then is returned first.
 * @param identityAccount
 * @return
 */
private AccIdentityAccountDto findDuplicate(AccIdentityAccountDto identityAccount) {
    Assert.notNull(identityAccount);
    Assert.notNull(identityAccount.getAccount());
    Assert.notNull(identityAccount.getIdentity());
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setAccountId(identityAccount.getAccount());
    filter.setOwnership(identityAccount.isOwnership());
    filter.setIdentityId(identityAccount.getIdentity());
    filter.setIdentityRoleId(identityAccount.getIdentityRole());
    filter.setRoleSystemId(identityAccount.getRoleSystem());
    List<AccIdentityAccountDto> entityAccounts = identityAccoutnService.find(filter, null).getContent();
    if (entityAccounts.isEmpty()) {
        return null;
    }
    return entityAccounts.get(0);
}
Also used : AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 37 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySynchronizationExecutor method createEntityAccount.

@Override
protected EntityAccountDto createEntityAccount(AccAccountDto account, IdmIdentityDto entity, SynchronizationContext context) {
    Assert.notNull(account);
    Assert.notNull(entity);
    EntityAccountDto entityAccount = super.createEntityAccount(account, entity, context);
    Assert.isInstanceOf(AccIdentityAccountDto.class, entityAccount, "For identity sync must be entity-account relation instance of AccIdentityAccountDto!");
    AccIdentityAccountDto identityAccount = (AccIdentityAccountDto) entityAccount;
    SysSyncIdentityConfigDto config = this.getConfig(context);
    UUID defaultRoleId = config.getDefaultRole();
    if (defaultRoleId == null) {
        return identityAccount;
    }
    // Default role is defines
    IdmRoleDto defaultRole = DtoUtils.getEmbedded(config, SysSyncIdentityConfig_.defaultRole, IdmRoleDto.class);
    context.getLogItem().addToLog(MessageFormat.format("Default role [{1}] is defines and will be assigned to the identity [{0}].", entity.getCode(), defaultRole.getCode()));
    Assert.notNull(defaultRole, "Default role must be found for this sync configuration!");
    IdmIdentityContractDto primeContract = identityContractService.getPrimeValidContract(entity.getId());
    if (primeContract == null) {
        context.getLogItem().addToLog("Warning! - Default role is set, but could not be assigned to identity, because was not found any valid identity contract!");
        this.initSyncActionLog(context.getActionType(), OperationResultType.WARNING, context.getLogItem(), context.getLog(), context.getActionLogs());
        return identityAccount;
    }
    // Create role request for default role and primary contract
    IdmRoleRequestDto roleRequest = roleRequestService.createRequest(primeContract, defaultRole);
    roleRequest = roleRequestService.startRequestInternal(roleRequest.getId(), false);
    // Load concept (can be only one)
    IdmConceptRoleRequestFilter conceptFilter = new IdmConceptRoleRequestFilter();
    conceptFilter.setRoleRequestId(roleRequest.getId());
    UUID identityRoleId = conceptRoleRequestService.find(conceptFilter, null).getContent().get(0).getIdentityRole();
    Assert.notNull(identityRoleId, "Identity role relation had to been created!");
    identityAccount.setIdentityRole(identityRoleId);
    AccIdentityAccountDto duplicate = this.findDuplicate(identityAccount);
    if (duplicate != null) {
        // This IdentityAccount is new and duplicated, we do not want create duplicated
        // relation.
        // Same IdentityAccount had to be created by assigned default role!
        context.getLogItem().addToLog(MessageFormat.format("This identity-account (identity-role id: {2}) is new and duplicated, " + "we do not want create duplicated relation! " + "We will reusing already persisted identity-account [{3}]. " + "Probable reason: Same  identity-account had to be created by assigned default role!", identityAccount.getAccount(), identityAccount.getIdentity(), identityAccount.getIdentityRole(), duplicate.getId()));
        // Reusing duplicate
        return duplicate;
    }
    return identityAccount;
}
Also used : IdmConceptRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmConceptRoleRequestFilter) SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) UUID(java.util.UUID) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)

Example 38 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class AccountDeleteProcessor method process.

@Override
public EventResult<AccAccountDto> process(EntityEvent<AccAccountDto> event) {
    AccAccountDto account = event.getContent();
    UUID entityId = null;
    Object entityIdObj = event.getProperties().get(AccAccountService.ENTITY_ID_PROPERTY);
    if (entityIdObj instanceof UUID) {
        entityId = (UUID) entityIdObj;
    }
    boolean deleteTargetAccount = false;
    Object deleteTargetAccountObj = event.getProperties().get(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY);
    if (deleteTargetAccountObj instanceof Boolean) {
        deleteTargetAccount = (boolean) deleteTargetAccountObj;
    }
    Assert.notNull(account, "Account cannot be null!");
    // We do not allow delete account in protection
    if (account.isAccountProtectedAndValid()) {
        throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", account.getUid()));
    }
    // delete all identity accounts
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setAccountId(account.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
    identityAccounts.forEach(identityAccount -> {
        identityAccountService.delete(identityAccount);
    });
    // delete all role accounts
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setAccountId(account.getId());
    List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
    roleAccounts.forEach(roleAccount -> {
        roleAccountService.delete(roleAccount);
    });
    // delete all roleCatalogue accounts
    AccRoleCatalogueAccountFilter roleCatalogueAccountFilter = new AccRoleCatalogueAccountFilter();
    roleCatalogueAccountFilter.setAccountId(account.getId());
    List<AccRoleCatalogueAccountDto> roleCatalogueAccounts = roleCatalogueAccountService.find(roleCatalogueAccountFilter, null).getContent();
    roleCatalogueAccounts.forEach(roleCatalogueAccount -> {
        roleCatalogueAccountService.delete(roleCatalogueAccount);
    });
    // delete all tree accounts
    AccTreeAccountFilter treeAccountFilter = new AccTreeAccountFilter();
    treeAccountFilter.setAccountId(account.getId());
    List<AccTreeAccountDto> treeAccounts = treeAccountService.find(treeAccountFilter, null).getContent();
    treeAccounts.forEach(treeAccount -> {
        treeAccountService.delete(treeAccount);
    });
    // delete all contract accounts
    AccContractAccountFilter contractAccountFilter = new AccContractAccountFilter();
    contractAccountFilter.setAccountId(account.getId());
    List<AccContractAccountDto> contractAccounts = contractAccountService.find(contractAccountFilter, null).getContent();
    contractAccounts.forEach(contractAccount -> {
        contractAccountService.delete(contractAccount);
    });
    // 
    AccAccountDto refreshAccount = accountService.get(account.getId());
    // If account still exists (was not deleted by entity-account), we delete him directly now
    if (refreshAccount != null) {
        accountService.deleteInternal(refreshAccount);
    }
    if (deleteTargetAccount) {
        if (SystemEntityType.CONTRACT == account.getEntityType()) {
            LOG.warn(MessageFormat.format("Provisioning is not supported for contract now [{0}]!", account.getUid()));
            return new DefaultEventResult<>(event, this);
        }
        this.provisioningService.doDeleteProvisioning(account, account.getEntityType(), entityId);
    }
    return new DefaultEventResult<>(event, this);
}
Also used : AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AccContractAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccContractAccountFilter) AccContractAccountDto(eu.bcvsolutions.idm.acc.dto.AccContractAccountDto) AccTreeAccountDto(eu.bcvsolutions.idm.acc.dto.AccTreeAccountDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) AccTreeAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccTreeAccountFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) AccRoleCatalogueAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleCatalogueAccountDto) UUID(java.util.UUID) AccRoleCatalogueAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleCatalogueAccountFilter)

Example 39 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class PasswordPreValidationIntegrationTest method testAdvancedEnabledSimilarAttributes.

@Test
public void testAdvancedEnabledSimilarAttributes() {
    IdmIdentityDto identity = new IdmIdentityDto();
    identity.setUsername("test" + System.currentTimeMillis());
    identity.setFirstName("testFirst");
    identity.setLastName("testSecond");
    identity = idmIdentityService.save(identity);
    // 
    SysSystemDto system = testHelper.createTestResourceSystem(true);
    // 
    AccAccountDto acc = new AccAccountDto();
    acc.setId(UUID.randomUUID());
    acc.setUid(System.currentTimeMillis() + "");
    acc.setAccountType(AccountType.PERSONAL);
    acc.setSystem(system.getId());
    // 
    acc = accountService.save(acc);
    // 
    AccIdentityAccountDto account = testHelper.createIdentityAccount(system, identity);
    account.setAccount(acc.getId());
    account = accountIdentityService.save(account);
    account.setOwnership(true);
    List<String> accounts = new ArrayList<String>();
    accounts.add(acc.getId() + "");
    // password policy default
    IdmPasswordPolicyDto policyDefault = new IdmPasswordPolicyDto();
    policyDefault.setName(System.currentTimeMillis() + "test1");
    policyDefault.setDefaultPolicy(true);
    policyDefault.setMinPasswordLength(10);
    policyDefault.setMaxPasswordLength(20);
    policyDefault.setPasswordLengthRequired(true);
    policyDefault.setMinUpperChar(5);
    policyDefault.setUpperCharRequired(true);
    policyDefault.setMinLowerChar(4);
    policyDefault.setLowerCharRequired(true);
    policyDefault.setEnchancedControl(true);
    policyDefault.setMinRulesToFulfill(1);
    policyDefault.setMinNumber(3);
    policyDefault.setNumberRequired(false);
    policyDefault.setMinSpecialChar(4);
    policyDefault.setSpecialCharRequired(false);
    policyDefault.setIdentityAttributeCheck("EMAIL, FIRSTNAME");
    // password policy
    IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
    policy.setName(System.currentTimeMillis() + "test2");
    policy.setDefaultPolicy(false);
    policy.setMinPasswordLength(9);
    policy.setMaxPasswordLength(21);
    policy.setPasswordLengthRequired(true);
    policy.setMinUpperChar(4);
    policy.setUpperCharRequired(true);
    policy.setMinLowerChar(3);
    policy.setLowerCharRequired(true);
    policy.setEnchancedControl(true);
    policy.setMinRulesToFulfill(1);
    policy.setMinNumber(5);
    policy.setNumberRequired(false);
    policy.setMinSpecialChar(2);
    policy.setSpecialCharRequired(false);
    policy.setIdentityAttributeCheck("USERNAME");
    policyDefault = passwordPolicyService.save(policyDefault);
    policy = passwordPolicyService.save(policy);
    system.setPasswordPolicyValidate(policy.getId());
    systemService.save(system);
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setIdm(true);
    passwordChange.setAccounts(accounts);
    passwordChange.setAll(true);
    try {
        idmIdentityService.validatePassword(passwordChange);
    } catch (ResultCodeException ex) {
        Map<String, Object> parametrs = new HashMap<String, Object>();
        parametrs.put("minNumber", 3);
        parametrs.put("minSpecialChar", 4);
        assertEquals(10, ex.getError().getError().getParameters().get("minLength"));
        assertEquals(20, ex.getError().getError().getParameters().get("maxLength"));
        assertEquals(5, ex.getError().getError().getParameters().get("minUpperChar"));
        assertEquals(4, ex.getError().getError().getParameters().get("minLowerChar"));
        assertEquals(parametrs.toString(), ex.getError().getError().getParameters().get("minRulesToFulfill").toString());
        assertEquals(policy.getName() + ", " + policyDefault.getName(), ex.getError().getError().getParameters().get("policiesNamesPreValidation"));
        // special char base, passwordSimilarUsername, passwordSimilarLastName,
        // passwordSimilarEmail -> 11
        assertEquals(11, ex.getError().getError().getParameters().size());
        policyDefault.setDefaultPolicy(false);
        passwordPolicyService.save(policyDefault);
    }
}
Also used : PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) ArrayList(java.util.ArrayList) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) HashMap(java.util.HashMap) Map(java.util.Map) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 40 with AccIdentityAccountDto

use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.

the class PasswordPreValidationIntegrationTest method testNumberSpecialChar.

@Test
public void testNumberSpecialChar() {
    IdmIdentityDto identity = new IdmIdentityDto();
    identity.setUsername("test" + System.currentTimeMillis());
    identity.setFirstName("testFirst");
    identity.setLastName("testSecond");
    identity = idmIdentityService.save(identity);
    // 
    SysSystemDto system = testHelper.createTestResourceSystem(true);
    // 
    AccAccountDto acc = new AccAccountDto();
    acc.setId(UUID.randomUUID());
    acc.setUid(System.currentTimeMillis() + "");
    acc.setAccountType(AccountType.PERSONAL);
    acc.setSystem(system.getId());
    // 
    acc = accountService.save(acc);
    // 
    AccIdentityAccountDto account = testHelper.createIdentityAccount(system, identity);
    account.setAccount(acc.getId());
    account = accountIdentityService.save(account);
    account.setOwnership(true);
    List<String> accounts = new ArrayList<String>();
    accounts.add(acc.getId() + "");
    // password policy default
    IdmPasswordPolicyDto policyDefault = new IdmPasswordPolicyDto();
    policyDefault.setName(System.currentTimeMillis() + "test1");
    policyDefault.setDefaultPolicy(true);
    policyDefault.setMinNumber(6);
    policyDefault.setMinSpecialChar(10);
    // password policy
    IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
    policy.setName(System.currentTimeMillis() + "test2");
    policy.setDefaultPolicy(false);
    policy.setMinNumber(5);
    policy.setMinSpecialChar(11);
    policyDefault = passwordPolicyService.save(policyDefault);
    policy = passwordPolicyService.save(policy);
    system.setPasswordPolicyValidate(policy.getId());
    systemService.save(system);
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setIdm(true);
    passwordChange.setAccounts(accounts);
    passwordChange.setAll(true);
    try {
        idmIdentityService.validatePassword(passwordChange);
    } catch (ResultCodeException ex) {
        assertEquals(6, ex.getError().getError().getParameters().get("minNumber"));
        assertEquals(11, ex.getError().getError().getParameters().get("minSpecialChar"));
        assertEquals(policy.getName() + ", " + policyDefault.getName(), ex.getError().getError().getParameters().get("policiesNamesPreValidation"));
        assertFalse(ex.getError().getError().getParameters().get("specialCharacterBase") == null);
        assertEquals(4, ex.getError().getError().getParameters().size());
        policyDefault.setDefaultPolicy(false);
        passwordPolicyService.save(policyDefault);
    }
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) ArrayList(java.util.ArrayList) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)69 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)54 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)50 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)46 Test (org.junit.Test)46 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)32 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)25 TestResource (eu.bcvsolutions.idm.acc.entity.TestResource)24 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)16 ArrayList (java.util.ArrayList)16 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)13 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)11 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)10 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)10 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)10 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)10 UUID (java.util.UUID)9 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)8 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)8