Examples with ProvisioningAttributeDto eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto used on opensource projects

Example 11 with ProvisioningAttributeDto

use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method changePassword.

@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
    Assert.notNull(dto);
    Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
    Assert.notNull(passwordChange);
    List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
    // 
    EntityAccountFilter filter = this.createEntityAccountFilter();
    filter.setEntityId(dto.getId());
    List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
    if (entityAccountList == null) {
        return Collections.<OperationResult>emptyList();
    }
    // Distinct by accounts
    List<UUID> accountIds = new ArrayList<>();
    entityAccountList.stream().filter(entityAccount -> {
        if (!entityAccount.isOwnership()) {
            return false;
        }
        if (passwordChange.isAll()) {
            // Add all account supports change password
            if (entityAccount.getAccount() == null) {
                return false;
            }
            // Check if system for this account support change password
            AccAccountFilter accountFilter = new AccAccountFilter();
            accountFilter.setSupportChangePassword(Boolean.TRUE);
            accountFilter.setId(entityAccount.getAccount());
            List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
            if (accountsChecked.size() == 1) {
                return true;
            }
            return false;
        } else {
            return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
        }
    }).forEach(entityAccount -> {
        if (!accountIds.contains(entityAccount.getAccount())) {
            accountIds.add(entityAccount.getAccount());
        }
    });
    // 
    List<AccAccountDto> accounts = new ArrayList<>();
    accountIds.forEach(accountId -> {
        AccAccountDto account = accountService.get(accountId);
        accounts.add(account);
        // find uid from system entity or from account
        String uid = account.getUid();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
        SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
        // 
        // Find mapped attributes (include overloaded attributes)
        List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
        if (CollectionUtils.isEmpty(finalAttributes)) {
            return;
        }
        // We try find __PASSWORD__ attribute in mapped attributes
        Optional<? extends AttributeMapping> attriubuteHandlingOptional = finalAttributes.stream().filter((attribute) -> {
            SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
            return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
        }).findFirst();
        if (!attriubuteHandlingOptional.isPresent()) {
            throw new ProvisioningException(AccResultCode.PROVISIONING_PASSWORD_FIELD_NOT_FOUND, ImmutableMap.of("uid", uid, "system", system.getName()));
        }
        AttributeMapping mappedAttribute = attriubuteHandlingOptional.get();
        // 
        // add all account attributes => standard provisioning
        SysProvisioningOperationDto additionalProvisioningOperation = null;
        List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
        if (!additionalPasswordChangeAttributes.isEmpty()) {
            additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
        }
        // 
        // password change operation
        SysProvisioningOperationDto operation;
        if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
            // all attributes as start
            operation = additionalProvisioningOperation;
            // 
            // add wish for password
            ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeService.get(mappedAttribute.getSchemaAttribute()).getName());
            Object value = passwordChange.getNewPassword();
            if (!mappedAttribute.isEntityAttribute() && !mappedAttribute.isExtendedAttribute()) {
            // If is attribute handling resolve as constant, then we
            // don't want
            // do transformation again (was did in getAttributeValue)
            } else {
                value = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, mappedAttribute, dto);
            }
            operation.getProvisioningContext().getAccountObject().put(passwordAttribute, value);
            // 
            // do provisioning for additional attributes and password
            // together
            preparedOperations.add(operation);
        } else {
            // Change password on target system - only
            // TODO: refactor password change - use account wish instead
            // filling connector object attributes directly
            operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, passwordChange.getNewPassword(), ProvisioningOperationType.UPDATE, dto);
            preparedOperations.add(operation);
            // do provisioning for additional attributes in second
            if (additionalProvisioningOperation != null) {
                preparedOperations.add(additionalProvisioningOperation);
            }
        }
    });
    // execute prepared operations
    return preparedOperations.stream().map(operation -> {
        SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
        Map<String, Object> parameters = new LinkedHashMap<String, Object>();
        AccAccountDto account = accounts.stream().filter(a -> {
            return a.getUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
        }).findFirst().get();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
        // 
        IdmAccountDto resultAccountDto = new IdmAccountDto();
        resultAccountDto.setId(account.getId());
        resultAccountDto.setUid(account.getUid());
        resultAccountDto.setRealUid(account.getRealUid());
        resultAccountDto.setSystemId(system.getId());
        resultAccountDto.setSystemName(system.getName());
        parameters.put(IdmAccountDto.PARAMETER_NAME, resultAccountDto);
        // 
        if (result.getResult().getState() == OperationState.EXECUTED) {
            // Add success changed password account
            return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
        }
        OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
        changeResult.setCause(result.getResult().getCause());
        changeResult.setCode(result.getResult().getCode());
        return changeResult;
    }).collect(Collectors.toList());
}

Example 12 with ProvisioningAttributeDto

use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method createProvisioningOperation.

/**
 * Prepare provisioning context and operation
 *
 * @param system
 * @return
 */
private SysProvisioningOperationDto createProvisioningOperation(SysSystemDto system, String firstname) {
    ProvisioningContext context = new ProvisioningContext();
    SysSystemEntityDto systemEntity = helper.createSystemEntity(system);
    Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
    context.setAccountObject(accoutObject);
    // 
    // prepare provisioning operation
    SysSystemMappingDto systemMapping = helper.getDefaultMapping(system);
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.CREATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
    return operationBuilder.build();
}

Example 13 with ProvisioningAttributeDto

use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testRetryProvisioning.

@Test
public void testRetryProvisioning() {
    testProvisioningExceptionProcessor.setDisabled(false);
    try {
        SysSystemDto system = helper.createTestResourceSystem(true);
        SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
        Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
        String uid = (String) accoutObject.get(getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME));
        DateTime now = new DateTime();
        // 
        // publish event
        // publish event
        // 1 - create
        provisioningExecutor.execute(provisioningOperation);
        // is necessary to get again operation from service
        SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
        filter.setSystemEntity(provisioningOperation.getSystemEntity());
        filter.setSystemId(system.getId());
        SysProvisioningOperationDto operation = provisioningOperationService.find(filter, null).getContent().get(0);
        SysProvisioningBatchDto batch = provisioningBatchService.findBatch(system.getId(), operation.getEntityIdentifier(), operation.getSystemEntity());
        Assert.assertEquals(OperationState.EXCEPTION, operation.getResultState());
        Assert.assertEquals(AccResultCode.PROVISIONING_FAILED.name(), operation.getResult().getModel().getStatusEnum());
        Assert.assertEquals(1, operation.getCurrentAttempt());
        Assert.assertTrue(operation.getMaxAttempts() > 1);
        Assert.assertTrue(batch.getNextAttempt().isAfter(now));
        SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, uid);
        Assert.assertTrue(systemEntity.isWish());
        Assert.assertNull(helper.findResource(uid));
        // 
        batch.setNextAttempt(new DateTime());
        provisioningBatchService.save(batch);
        // 
        // retry - the same exception expected
        RetryProvisioningTaskExecutor retryProvisioningTaskExecutor = new RetryProvisioningTaskExecutor();
        Boolean result = longRunningTaskManager.executeSync(retryProvisioningTaskExecutor);
        Assert.assertTrue(result);
        operation = provisioningOperationService.get(operation.getId());
        batch = provisioningBatchService.findBatch(system.getId(), operation.getEntityIdentifier(), systemEntity.getId());
        Assert.assertEquals(2, operation.getCurrentAttempt());
        Assert.assertTrue(batch.getNextAttempt().isAfter(now));
        // 
        batch.setNextAttempt(new DateTime());
        provisioningBatchService.save(batch);
        // 
        // retry - expected success now
        testProvisioningExceptionProcessor.setDisabled(true);
        retryProvisioningTaskExecutor = new RetryProvisioningTaskExecutor();
        result = longRunningTaskManager.executeSync(retryProvisioningTaskExecutor);
        Assert.assertTrue(result);
        // 
        systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, uid);
        Assert.assertFalse(systemEntity.isWish());
        Assert.assertNotNull(helper.findResource(uid));
        Assert.assertNull(provisioningBatchService.get(batch.getId()));
    } finally {
        testProvisioningExceptionProcessor.setDisabled(true);
    }
}

Example 14 with ProvisioningAttributeDto

use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method updateProvisioningOperation.

private SysProvisioningOperationDto updateProvisioningOperation(SysSystemEntityDto systemEntity, String firstname) {
    ProvisioningContext context = new ProvisioningContext();
    Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
    context.setAccountObject(accoutObject);
    // 
    // prepare provisioning operation
    SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemEntity.getSystem());
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.UPDATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
    return operationBuilder.build();
}

Example 15 with ProvisioningAttributeDto

use of eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testDisabledSystem.

@Test
public void testDisabledSystem() {
    SysSystemDto system = helper.createTestResourceSystem(true);
    system.setDisabled(true);
    system = systemService.save(system);
    // 
    ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
    ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // 
    // create test provisioning context
    SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
    String uid = (String) accoutObject.get(usernameAttribute);
    GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // is necessary to get again operation from service
    SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
    filter.setSystemEntity(provisioningOperation.getSystemEntity());
    filter.setSystemId(system.getId());
    SysProvisioningOperationDto operation = provisioningOperationService.find(filter, null).getContent().get(0);
    // 
    assertEquals(OperationState.NOT_EXECUTED, operation.getResultState());
    assertEquals(AccResultCode.PROVISIONING_SYSTEM_DISABLED.name(), operation.getResult().getModel().getStatusEnum());
    // 
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNull(existsConnectorObject);
    // password is stored in confidential storage
    assertNotNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
    // 
    system.setDisabled(false);
    system = systemService.save(system);
    // 
    provisioningExecutor.execute(operation);
    // 
    // check target account
    existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNotNull(existsConnectorObject);
    assertEquals(uid, existsConnectorObject.getUidValue());
    assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME).getValue());
    assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME).getValue());
    // authenticate for password check
    IcUidAttribute attribute = connectorFacade.authenticateObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uid, password);
    assertNotNull(attribute);
    assertEquals(uid, attribute.getUidValue());
    // password is removed in confidential storage
    assertNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
}