Search in sources :

Example 6 with EntityAccountDto

use of eu.bcvsolutions.idm.acc.dto.EntityAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method changePassword.

@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
    Assert.notNull(dto);
    Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
    Assert.notNull(passwordChange);
    List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
    // 
    EntityAccountFilter filter = this.createEntityAccountFilter();
    filter.setEntityId(dto.getId());
    List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
    if (entityAccountList == null) {
        return Collections.<OperationResult>emptyList();
    }
    // Distinct by accounts
    List<UUID> accountIds = new ArrayList<>();
    entityAccountList.stream().filter(entityAccount -> {
        if (!entityAccount.isOwnership()) {
            return false;
        }
        if (passwordChange.isAll()) {
            // Add all account supports change password
            if (entityAccount.getAccount() == null) {
                return false;
            }
            // Check if system for this account support change password
            AccAccountFilter accountFilter = new AccAccountFilter();
            accountFilter.setSupportChangePassword(Boolean.TRUE);
            accountFilter.setId(entityAccount.getAccount());
            List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
            if (accountsChecked.size() == 1) {
                return true;
            }
            return false;
        } else {
            return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
        }
    }).forEach(entityAccount -> {
        if (!accountIds.contains(entityAccount.getAccount())) {
            accountIds.add(entityAccount.getAccount());
        }
    });
    // 
    List<AccAccountDto> accounts = new ArrayList<>();
    accountIds.forEach(accountId -> {
        AccAccountDto account = accountService.get(accountId);
        accounts.add(account);
        // find uid from system entity or from account
        String uid = account.getUid();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
        SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
        // 
        // Find mapped attributes (include overloaded attributes)
        List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
        if (CollectionUtils.isEmpty(finalAttributes)) {
            return;
        }
        // We try find __PASSWORD__ attribute in mapped attributes
        Optional<? extends AttributeMapping> attriubuteHandlingOptional = finalAttributes.stream().filter((attribute) -> {
            SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
            return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
        }).findFirst();
        if (!attriubuteHandlingOptional.isPresent()) {
            throw new ProvisioningException(AccResultCode.PROVISIONING_PASSWORD_FIELD_NOT_FOUND, ImmutableMap.of("uid", uid, "system", system.getName()));
        }
        AttributeMapping mappedAttribute = attriubuteHandlingOptional.get();
        // 
        // add all account attributes => standard provisioning
        SysProvisioningOperationDto additionalProvisioningOperation = null;
        List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
        if (!additionalPasswordChangeAttributes.isEmpty()) {
            additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
        }
        // 
        // password change operation
        SysProvisioningOperationDto operation;
        if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
            // all attributes as start
            operation = additionalProvisioningOperation;
            // 
            // add wish for password
            ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeService.get(mappedAttribute.getSchemaAttribute()).getName());
            Object value = passwordChange.getNewPassword();
            if (!mappedAttribute.isEntityAttribute() && !mappedAttribute.isExtendedAttribute()) {
            // If is attribute handling resolve as constant, then we
            // don't want
            // do transformation again (was did in getAttributeValue)
            } else {
                value = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, mappedAttribute, dto);
            }
            operation.getProvisioningContext().getAccountObject().put(passwordAttribute, value);
            // 
            // do provisioning for additional attributes and password
            // together
            preparedOperations.add(operation);
        } else {
            // Change password on target system - only
            // TODO: refactor password change - use account wish instead
            // filling connector object attributes directly
            operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, passwordChange.getNewPassword(), ProvisioningOperationType.UPDATE, dto);
            preparedOperations.add(operation);
            // do provisioning for additional attributes in second
            if (additionalProvisioningOperation != null) {
                preparedOperations.add(additionalProvisioningOperation);
            }
        }
    });
    // execute prepared operations
    return preparedOperations.stream().map(operation -> {
        SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
        Map<String, Object> parameters = new LinkedHashMap<String, Object>();
        AccAccountDto account = accounts.stream().filter(a -> {
            return a.getUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
        }).findFirst().get();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
        // 
        IdmAccountDto resultAccountDto = new IdmAccountDto();
        resultAccountDto.setId(account.getId());
        resultAccountDto.setUid(account.getUid());
        resultAccountDto.setRealUid(account.getRealUid());
        resultAccountDto.setSystemId(system.getId());
        resultAccountDto.setSystemName(system.getName());
        parameters.put(IdmAccountDto.PARAMETER_NAME, resultAccountDto);
        // 
        if (result.getResult().getState() == OperationState.EXECUTED) {
            // Add success changed password account
            return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
        }
        OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
        changeResult.setCause(result.getResult().getCause());
        changeResult.setCode(result.getResult().getCode());
        return changeResult;
    }).collect(Collectors.toList());
}
Also used : ProvisioningExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningExecutor) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) Autowired(org.springframework.beans.factory.annotation.Autowired) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemEntity_(eu.bcvsolutions.idm.acc.entity.SysSystemEntity_) Map(java.util.Map) ProvisioningEntityExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningEntityExecutor) SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping) ImmutableMap(com.google.common.collect.ImmutableMap) Collection(java.util.Collection) SystemOperationType(eu.bcvsolutions.idm.acc.domain.SystemOperationType) ReadWriteDtoService(eu.bcvsolutions.idm.core.api.service.ReadWriteDtoService) Set(java.util.Set) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping) List(java.util.List) EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) CollectionUtils(org.springframework.util.CollectionUtils) AccountType(eu.bcvsolutions.idm.acc.domain.AccountType) Optional(java.util.Optional) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) IdmAccountDto(eu.bcvsolutions.idm.core.api.dto.IdmAccountDto) HashMap(java.util.HashMap) IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) ImmutableList(com.google.common.collect.ImmutableList) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) ProvisioningOperationType(eu.bcvsolutions.idm.acc.domain.ProvisioningOperationType) LinkedHashSet(java.util.LinkedHashSet) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) Codeable(eu.bcvsolutions.idm.core.api.domain.Codeable) SysSystemMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) SysSchemaObjectClass_(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass_) IcConnectorKey(eu.bcvsolutions.idm.ic.api.IcConnectorKey) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) AccAccount_(eu.bcvsolutions.idm.acc.entity.AccAccount_) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService) Collections(java.util.Collections) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Assert(org.springframework.util.Assert) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ArrayList(java.util.ArrayList) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) List(java.util.List) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) UUID(java.util.UUID) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) IdmAccountDto(eu.bcvsolutions.idm.core.api.dto.IdmAccountDto) SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping) AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 7 with EntityAccountDto

use of eu.bcvsolutions.idm.acc.dto.EntityAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method createEntityAccount.

/**
 * Create instance of relation between account and sync entity. Create and fill
 * relation instance. Do not persist she.
 *
 * @param account
 * @param entity
 * @param context
 * @return
 */
protected EntityAccountDto createEntityAccount(AccAccountDto account, DTO entity, SynchronizationContext context) {
    // Create new entity account relation
    EntityAccountDto entityAccount = this.createEntityAccountDto();
    entityAccount.setAccount(account.getId());
    entityAccount.setEntity(entity.getId());
    entityAccount.setOwnership(true);
    return entityAccount;
}
Also used : EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto)

Example 8 with EntityAccountDto

use of eu.bcvsolutions.idm.acc.dto.EntityAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method getAccountByEntity.

/**
 * Find account ID by entity ID
 *
 * @param entityId
 * @param systemId
 * @return
 */
protected UUID getAccountByEntity(UUID entityId, UUID systemId) {
    EntityAccountFilter entityAccountFilter = createEntityAccountFilter();
    entityAccountFilter.setEntityId(entityId);
    entityAccountFilter.setSystemId(systemId);
    entityAccountFilter.setOwnership(Boolean.TRUE);
    @SuppressWarnings("unchecked") List<EntityAccountDto> entityAccounts = this.getEntityAccountService().find((BaseFilter) entityAccountFilter, null).getContent();
    if (entityAccounts.isEmpty()) {
        return null;
    } else {
        // ownership) have same account!
        return entityAccounts.get(0).getEntity();
    }
}
Also used : EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) BaseFilter(eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter)

Example 9 with EntityAccountDto

use of eu.bcvsolutions.idm.acc.dto.EntityAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method getEntityByAccount.

/**
 * Find entity by account
 *
 * @param account
 * @param log
 * @param logItem
 * @param actionLogs
 * @return
 */
protected UUID getEntityByAccount(UUID accountId) {
    EntityAccountFilter entityAccountFilter = createEntityAccountFilter();
    entityAccountFilter.setAccountId(accountId);
    entityAccountFilter.setOwnership(Boolean.TRUE);
    @SuppressWarnings("unchecked") List<EntityAccountDto> entityAccounts = this.getEntityAccountService().find((BaseFilter) entityAccountFilter, null).getContent();
    if (entityAccounts.isEmpty()) {
        return null;
    } else {
        // ownership) have same identity!
        return entityAccounts.get(0).getEntity();
    }
}
Also used : EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) BaseFilter(eu.bcvsolutions.idm.core.api.dto.filter.BaseFilter)

Example 10 with EntityAccountDto

use of eu.bcvsolutions.idm.acc.dto.EntityAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method doCreateEntity.

/**
 * Create and persist new entity by data from IC attributes
 *
 * @param entityType
 * @param mappedAttributes
 * @param logItem
 * @param uid
 * @param icAttributes
 * @param account
 * @param context
 */
@SuppressWarnings("unchecked")
protected void doCreateEntity(SystemEntityType entityType, List<SysSystemAttributeMappingDto> mappedAttributes, SysSyncItemLogDto logItem, String uid, List<IcAttribute> icAttributes, AccAccountDto account, SynchronizationContext context) {
    // We will create new entity
    addToItemLog(logItem, "Missing entity action is CREATE_ENTITY, we will do create new entity.");
    DTO entity = this.createEntityDto();
    // Fill entity by mapped attribute
    entity = fillEntity(mappedAttributes, uid, icAttributes, entity, true, context);
    // Create new entity
    entity = this.save(entity, true);
    // Update extended attribute (entity must be persisted first)
    updateExtendedAttributes(mappedAttributes, uid, icAttributes, entity, true, context);
    // Update confidential attribute (entity must be persisted first)
    updateConfidentialAttributes(mappedAttributes, uid, icAttributes, entity, true, context);
    EntityAccountDto roleAccount = createEntityAccount(account, entity, context);
    this.getEntityAccountService().save(roleAccount);
    // Entity created
    addToItemLog(logItem, MessageFormat.format("Entity with id {0} was created", entity.getId()));
    if (logItem != null) {
        logItem.setDisplayName(this.getDisplayNameForEntity(entity));
    }
    // Call provisioning for entity
    this.callProvisioningForEntity(entity, entityType, logItem);
}
Also used : EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto)

Aggregations

EntityAccountDto (eu.bcvsolutions.idm.acc.dto.EntityAccountDto)11 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)5 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)4 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)4 UUID (java.util.UUID)4 ImmutableMap (com.google.common.collect.ImmutableMap)3 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)3 SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)3 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)3 SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)3 EntityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter)3 ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)3 AccAccountService (eu.bcvsolutions.idm.acc.service.api.AccAccountService)3 ProvisioningExecutor (eu.bcvsolutions.idm.acc.service.api.ProvisioningExecutor)3 SysRoleSystemAttributeService (eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)3 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)3 ImmutableList (com.google.common.collect.ImmutableList)2 AccountType (eu.bcvsolutions.idm.acc.domain.AccountType)2 AttributeMapping (eu.bcvsolutions.idm.acc.domain.AttributeMapping)2 AttributeMappingStrategyType (eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)2