use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.
the class AbstractProvisioningExecutor method changePassword.
@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
Assert.notNull(dto);
Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
Assert.notNull(passwordChange);
List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
//
EntityAccountFilter filter = this.createEntityAccountFilter();
filter.setEntityId(dto.getId());
List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
if (entityAccountList == null) {
return Collections.<OperationResult>emptyList();
}
// Distinct by accounts
List<UUID> accountIds = new ArrayList<>();
entityAccountList.stream().filter(entityAccount -> {
if (!entityAccount.isOwnership()) {
return false;
}
if (passwordChange.isAll()) {
// Add all account supports change password
if (entityAccount.getAccount() == null) {
return false;
}
// Check if system for this account support change password
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setSupportChangePassword(Boolean.TRUE);
accountFilter.setId(entityAccount.getAccount());
List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
if (accountsChecked.size() == 1) {
return true;
}
return false;
} else {
return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
}
}).forEach(entityAccount -> {
if (!accountIds.contains(entityAccount.getAccount())) {
accountIds.add(entityAccount.getAccount());
}
});
//
List<AccAccountDto> accounts = new ArrayList<>();
accountIds.forEach(accountId -> {
AccAccountDto account = accountService.get(accountId);
accounts.add(account);
// find uid from system entity or from account
String uid = account.getUid();
SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
//
// Find mapped attributes (include overloaded attributes)
List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
if (CollectionUtils.isEmpty(finalAttributes)) {
return;
}
// We try find __PASSWORD__ attribute in mapped attributes
Optional<? extends AttributeMapping> attriubuteHandlingOptional = finalAttributes.stream().filter((attribute) -> {
SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
}).findFirst();
if (!attriubuteHandlingOptional.isPresent()) {
throw new ProvisioningException(AccResultCode.PROVISIONING_PASSWORD_FIELD_NOT_FOUND, ImmutableMap.of("uid", uid, "system", system.getName()));
}
AttributeMapping mappedAttribute = attriubuteHandlingOptional.get();
//
// add all account attributes => standard provisioning
SysProvisioningOperationDto additionalProvisioningOperation = null;
List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
if (!additionalPasswordChangeAttributes.isEmpty()) {
additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
}
//
// password change operation
SysProvisioningOperationDto operation;
if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
// all attributes as start
operation = additionalProvisioningOperation;
//
// add wish for password
ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeService.get(mappedAttribute.getSchemaAttribute()).getName());
Object value = passwordChange.getNewPassword();
if (!mappedAttribute.isEntityAttribute() && !mappedAttribute.isExtendedAttribute()) {
// If is attribute handling resolve as constant, then we
// don't want
// do transformation again (was did in getAttributeValue)
} else {
value = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, mappedAttribute, dto);
}
operation.getProvisioningContext().getAccountObject().put(passwordAttribute, value);
//
// do provisioning for additional attributes and password
// together
preparedOperations.add(operation);
} else {
// Change password on target system - only
// TODO: refactor password change - use account wish instead
// filling connector object attributes directly
operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, passwordChange.getNewPassword(), ProvisioningOperationType.UPDATE, dto);
preparedOperations.add(operation);
// do provisioning for additional attributes in second
if (additionalProvisioningOperation != null) {
preparedOperations.add(additionalProvisioningOperation);
}
}
});
// execute prepared operations
return preparedOperations.stream().map(operation -> {
SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
Map<String, Object> parameters = new LinkedHashMap<String, Object>();
AccAccountDto account = accounts.stream().filter(a -> {
return a.getUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
}).findFirst().get();
SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
//
IdmAccountDto resultAccountDto = new IdmAccountDto();
resultAccountDto.setId(account.getId());
resultAccountDto.setUid(account.getUid());
resultAccountDto.setRealUid(account.getRealUid());
resultAccountDto.setSystemId(system.getId());
resultAccountDto.setSystemName(system.getName());
parameters.put(IdmAccountDto.PARAMETER_NAME, resultAccountDto);
//
if (result.getResult().getState() == OperationState.EXECUTED) {
// Add success changed password account
return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
}
OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
changeResult.setCause(result.getResult().getCause());
changeResult.setCode(result.getResult().getCode());
return changeResult;
}).collect(Collectors.toList());
}
use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultProvisioningExecutorIntegrationTest method createProvisioningOperation.
/**
* Prepare provisioning context and operation
*
* @param system
* @return
*/
private SysProvisioningOperationDto createProvisioningOperation(SysSystemDto system, String firstname) {
ProvisioningContext context = new ProvisioningContext();
SysSystemEntityDto systemEntity = helper.createSystemEntity(system);
Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
context.setAccountObject(accoutObject);
//
// prepare provisioning operation
SysSystemMappingDto systemMapping = helper.getDefaultMapping(system);
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.CREATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
return operationBuilder.build();
}
use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultProvisioningExecutorIntegrationTest method testRetryProvisioning.
@Test
public void testRetryProvisioning() {
testProvisioningExceptionProcessor.setDisabled(false);
try {
SysSystemDto system = helper.createTestResourceSystem(true);
SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
String uid = (String) accoutObject.get(getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME));
DateTime now = new DateTime();
//
// publish event
// publish event
// 1 - create
provisioningExecutor.execute(provisioningOperation);
// is necessary to get again operation from service
SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
filter.setSystemEntity(provisioningOperation.getSystemEntity());
filter.setSystemId(system.getId());
SysProvisioningOperationDto operation = provisioningOperationService.find(filter, null).getContent().get(0);
SysProvisioningBatchDto batch = provisioningBatchService.findBatch(system.getId(), operation.getEntityIdentifier(), operation.getSystemEntity());
Assert.assertEquals(OperationState.EXCEPTION, operation.getResultState());
Assert.assertEquals(AccResultCode.PROVISIONING_FAILED.name(), operation.getResult().getModel().getStatusEnum());
Assert.assertEquals(1, operation.getCurrentAttempt());
Assert.assertTrue(operation.getMaxAttempts() > 1);
Assert.assertTrue(batch.getNextAttempt().isAfter(now));
SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, uid);
Assert.assertTrue(systemEntity.isWish());
Assert.assertNull(helper.findResource(uid));
//
batch.setNextAttempt(new DateTime());
provisioningBatchService.save(batch);
//
// retry - the same exception expected
RetryProvisioningTaskExecutor retryProvisioningTaskExecutor = new RetryProvisioningTaskExecutor();
Boolean result = longRunningTaskManager.executeSync(retryProvisioningTaskExecutor);
Assert.assertTrue(result);
operation = provisioningOperationService.get(operation.getId());
batch = provisioningBatchService.findBatch(system.getId(), operation.getEntityIdentifier(), systemEntity.getId());
Assert.assertEquals(2, operation.getCurrentAttempt());
Assert.assertTrue(batch.getNextAttempt().isAfter(now));
//
batch.setNextAttempt(new DateTime());
provisioningBatchService.save(batch);
//
// retry - expected success now
testProvisioningExceptionProcessor.setDisabled(true);
retryProvisioningTaskExecutor = new RetryProvisioningTaskExecutor();
result = longRunningTaskManager.executeSync(retryProvisioningTaskExecutor);
Assert.assertTrue(result);
//
systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, uid);
Assert.assertFalse(systemEntity.isWish());
Assert.assertNotNull(helper.findResource(uid));
Assert.assertNull(provisioningBatchService.get(batch.getId()));
} finally {
testProvisioningExceptionProcessor.setDisabled(true);
}
}
use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultProvisioningExecutorIntegrationTest method updateProvisioningOperation.
private SysProvisioningOperationDto updateProvisioningOperation(SysSystemEntityDto systemEntity, String firstname) {
ProvisioningContext context = new ProvisioningContext();
Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
context.setAccountObject(accoutObject);
//
// prepare provisioning operation
SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemEntity.getSystem());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.UPDATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
return operationBuilder.build();
}
use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.
the class DefaultProvisioningExecutorIntegrationTest method testDisabledSystem.
@Test
public void testDisabledSystem() {
SysSystemDto system = helper.createTestResourceSystem(true);
system.setDisabled(true);
system = systemService.save(system);
//
ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
//
// create test provisioning context
SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
String uid = (String) accoutObject.get(usernameAttribute);
GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
//
// publish event
provisioningExecutor.execute(provisioningOperation);
// is necessary to get again operation from service
SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
filter.setSystemEntity(provisioningOperation.getSystemEntity());
filter.setSystemId(system.getId());
SysProvisioningOperationDto operation = provisioningOperationService.find(filter, null).getContent().get(0);
//
assertEquals(OperationState.NOT_EXECUTED, operation.getResultState());
assertEquals(AccResultCode.PROVISIONING_SYSTEM_DISABLED.name(), operation.getResult().getModel().getStatusEnum());
//
IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
IcConnectorObject existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
//
assertNull(existsConnectorObject);
// password is stored in confidential storage
assertNotNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
//
system.setDisabled(false);
system = systemService.save(system);
//
provisioningExecutor.execute(operation);
//
// check target account
existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
//
assertNotNull(existsConnectorObject);
assertEquals(uid, existsConnectorObject.getUidValue());
assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME).getValue());
assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME).getValue());
// authenticate for password check
IcUidAttribute attribute = connectorFacade.authenticateObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uid, password);
assertNotNull(attribute);
assertEquals(uid, attribute.getUidValue());
// password is removed in confidential storage
assertNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
}
Aggregations