Examples with SysSchemaAttributeDto eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto used on opensource projects

Example 66 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class AdGroupConnectorType method createSync.

/**
 * Creates role sync.
 */
private void createSync(ConnectorTypeDto connectorType) {
    boolean membershipSwitch = Boolean.parseBoolean(connectorType.getMetadata().get(SysSyncRoleConfig_.membershipSwitch.getName()));
    boolean assignCatalogueSwitch = Boolean.parseBoolean(connectorType.getMetadata().get(SysSyncRoleConfig_.assignCatalogueSwitch.getName()));
    boolean assignRoleSwitch = Boolean.parseBoolean(connectorType.getMetadata().get(SysSyncRoleConfig_.assignRoleSwitch.getName()));
    boolean assignRoleRemoveSwitch = Boolean.parseBoolean(connectorType.getMetadata().get(SysSyncRoleConfig_.assignRoleRemoveSwitch.getName()));
    boolean removeCatalogueRoleSwitch = Boolean.parseBoolean(connectorType.getMetadata().get(SysSyncRoleConfig_.removeCatalogueRoleSwitch.getName()));
    UUID mainRoleCatalogId = connectorType.getMetadata().get(MAIN_ROLE_CATALOG) != null ? UUID.fromString(connectorType.getMetadata().get(MAIN_ROLE_CATALOG)) : null;
    String newRoleCatalogCode = connectorType.getMetadata().get(NEW_ROLE_CATALOG);
    // Get mapping ID.
    String mappingSyncId = connectorType.getMetadata().get(MAPPING_SYNC_ID);
    Assert.notNull(mappingSyncId, "ID of mapping cannot be null!");
    // Get sync ID.
    String roleSyncId = connectorType.getMetadata().get(GROUP_SYNC_ID);
    SysSyncRoleConfigDto syncRoleConfigDto = null;
    if (roleSyncId == null) {
        SysSystemAttributeMappingFilter codeFilter = new SysSystemAttributeMappingFilter();
        codeFilter.setSystemMappingId(UUID.fromString(mappingSyncId));
        codeFilter.setIdmPropertyName(IdmRole_.baseCode.getName());
        SysSystemAttributeMappingDto codeAttribute = getSystemAttributeMappingService().find(codeFilter, null).getContent().stream().filter(SysSystemAttributeMappingDto::isEntityAttribute).findFirst().orElse(null);
        Assert.notNull(codeAttribute, "Code attribute cannot be null!");
        syncRoleConfigDto = new SysSyncRoleConfigDto();
        syncRoleConfigDto.setName(GROUP_SYNC_NAME);
        syncRoleConfigDto.setReconciliation(true);
        syncRoleConfigDto.setDifferentialSync(false);
        syncRoleConfigDto.setSystemMapping(UUID.fromString(mappingSyncId));
        syncRoleConfigDto.setUnlinkedAction(SynchronizationUnlinkedActionType.LINK_AND_UPDATE_ENTITY);
        syncRoleConfigDto.setMissingEntityAction(SynchronizationMissingEntityActionType.IGNORE);
        syncRoleConfigDto.setMissingAccountAction(ReconciliationMissingAccountActionType.IGNORE);
        syncRoleConfigDto.setLinkedAction(SynchronizationLinkedActionType.UPDATE_ENTITY);
        syncRoleConfigDto.setCorrelationAttribute(codeAttribute.getId());
    } else {
        syncRoleConfigDto = (SysSyncRoleConfigDto) getSyncConfigService().get(UUID.fromString(roleSyncId));
    }
    String memberSystemMappingId = connectorType.getMetadata().get(MEMBER_SYSTEM_MAPPING);
    SysSystemMappingDto systemMappingDto = null;
    if (memberSystemMappingId != null) {
        systemMappingDto = getSystemMappingService().get(UUID.fromString(memberSystemMappingId), IdmBasePermission.READ);
    }
    if (systemMappingDto != null) {
        // LDAP groups attribute.
        SysSystemAttributeMappingFilter attributeFilter = new SysSystemAttributeMappingFilter();
        attributeFilter.setSystemMappingId(systemMappingDto.getId());
        attributeFilter.setSchemaAttributeName(LDAP_GROUPS_ATTRIBUTE);
        SysSystemAttributeMappingDto ldapGroupsAttribute = getSystemAttributeMappingService().find(attributeFilter, null).getContent().stream().findFirst().orElse(null);
        syncRoleConfigDto.setMembershipSwitch(true);
        syncRoleConfigDto.setMemberSystemMapping(systemMappingDto.getId());
        if (ldapGroupsAttribute != null) {
            syncRoleConfigDto.setMemberOfAttribute(ldapGroupsAttribute.getId());
        }
        // Member DN schema attribute.
        SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
        schemaAttributeFilter.setObjectClassId(systemMappingDto.getObjectClass());
        schemaAttributeFilter.setName(DN_ATTR_CODE);
        SysSchemaAttributeDto dnAttribute = getSchemaAttributeService().find(schemaAttributeFilter, null).getContent().stream().findFirst().orElse(null);
        if (dnAttribute != null) {
            syncRoleConfigDto.setMemberIdentifierAttribute(dnAttribute.getId());
        }
    }
    syncRoleConfigDto.setAssignRoleSwitch(assignRoleSwitch);
    syncRoleConfigDto.setAssignCatalogueSwitch(assignCatalogueSwitch);
    syncRoleConfigDto.setAssignRoleRemoveSwitch(assignRoleRemoveSwitch);
    syncRoleConfigDto.setMembershipSwitch(membershipSwitch);
    syncRoleConfigDto.setRemoveCatalogueRoleSwitch(removeCatalogueRoleSwitch);
    if (mainRoleCatalogId != null) {
        syncRoleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogId);
    } else if (Strings.isNotBlank(newRoleCatalogCode)) {
        // Check if new catalog is unique.
        IdmRoleCatalogueDto newRoleCatalog = roleCatalogueService.getByCode(newRoleCatalogCode);
        if (newRoleCatalog == null) {
            // Create new catalog.
            newRoleCatalog = new IdmRoleCatalogueDto();
            newRoleCatalog.setCode(newRoleCatalogCode);
            newRoleCatalog.setName(newRoleCatalogCode);
            newRoleCatalog = roleCatalogueService.save(newRoleCatalog, IdmBasePermission.CREATE);
        }
        syncRoleConfigDto.setMainCatalogueRoleNode(newRoleCatalog.getId());
    }
    if (syncRoleConfigDto.isRemoveCatalogueRoleSwitch()) {
        // If removing of a catalog is enabled, then main catalog will be use as parent.
        syncRoleConfigDto.setRemoveCatalogueRoleParentNode(syncRoleConfigDto.getMainCatalogueRoleNode());
    }
    syncRoleConfigDto = (SysSyncRoleConfigDto) getSyncConfigService().save(syncRoleConfigDto);
    connectorType.getMetadata().put(GROUP_SYNC_ID, syncRoleConfigDto.getId().toString());
}

Example 67 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class AdGroupConnectorType method executeStepFour.

/**
 * Step for filling additional information as connector (OU) DNs. Add pairing sync.
 */
private void executeStepFour(ConnectorTypeDto connectorType) {
    String systemId = connectorType.getMetadata().get(SYSTEM_DTO_KEY);
    // connectorType.getMetadata().get(GROUP_SYNC_ID);
    Assert.notNull(systemId, "System ID cannot be null!");
    SysSystemDto systemDto = this.getSystemService().get(systemId);
    connectorType.getEmbedded().put(SYSTEM_DTO_KEY, systemDto);
    IdmFormDefinitionDto connectorFormDef = this.getSystemService().getConnectorFormDefinition(systemDto);
    String port = getValueFromConnectorInstance(PORT, systemDto, connectorFormDef);
    String host = getValueFromConnectorInstance(HOST, systemDto, connectorFormDef);
    String user = getValueFromConnectorInstance(PRINCIPAL, systemDto, connectorFormDef);
    boolean ssl = Boolean.parseBoolean(getValueFromConnectorInstance(SSL, systemDto, connectorFormDef));
    String password = getConfidentialValueFromConnectorInstance(CREDENTIALS, systemDto, connectorFormDef);
    String groupContainersStr = connectorType.getMetadata().get(GROUP_CONTAINER_KEY);
    Assert.notNull(groupContainersStr, "Container with groups cannot be null!");
    List<String> groupContainers = stringToContainers(groupContainersStr);
    Assert.notEmpty(groupContainers, "Container with groups cannot be empty!");
    groupContainers.forEach(groupContainer -> {
        String groupContainerAD = this.findDn(MessageFormat.format("(&(distinguishedName={0})(|(objectClass=container)(objectClass=organizationalUnit)))", groupContainer), port, host, user, password, ssl);
        if (Strings.isBlank(groupContainerAD)) {
            throw new ResultCodeException(AccResultCode.WIZARD_AD_CONTAINER_NOT_FOUND, ImmutableMap.of("dn", groupContainer));
        }
    });
    // Base context for search groups.
    // We need to searching in all containers. So group container will be use in the base context.
    List<Serializable> values = Lists.newArrayList(groupContainers);
    this.setValueToConnectorInstance(BASE_CONTEXT_GROUP_KEY, values, systemDto, connectorFormDef);
    // Set root suffixes and generate a schema.
    SysSchemaObjectClassDto schemaDto = generateSchema(connectorType, systemDto, connectorFormDef, groupContainers.get(0), values);
    // Find 'Member' schema attribute.
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setObjectClassId(schemaDto.getId());
    schemaAttributeFilter.setSystemId(systemDto.getId());
    schemaAttributeFilter.setName(MsAdSyncMappingRoleAutoAttributesProcessor.MEMBER_ATTR_CODE);
    SysSchemaAttributeDto memberAttribute = getSchemaAttributeService().find(schemaAttributeFilter, null).stream().findFirst().orElse(null);
    if (memberAttribute == null) {
        // Attribute missing -> create it now.
        createSchemaAttribute(schemaDto, MsAdSyncMappingRoleAutoAttributesProcessor.MEMBER_ATTR_CODE, String.class.getName(), true, false, true);
    }
    String mappingSyncId = connectorType.getMetadata().get(MAPPING_SYNC_ID);
    if (mappingSyncId == null) {
        // Create role mapping for sync.
        SysSystemMappingDto mappingDto = new SysSystemMappingDto();
        mappingDto.setObjectClass(schemaDto.getId());
        mappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
        mappingDto.setEntityType(SystemEntityType.ROLE);
        mappingDto.setName("AD role sync mapping.");
        mappingDto = getSystemMappingService().publish(new SystemMappingEvent(SystemMappingEvent.SystemMappingEventType.CREATE, mappingDto, ImmutableMap.of(SysSystemMappingService.ENABLE_AUTOMATIC_CREATION_OF_MAPPING, Boolean.TRUE))).getContent();
        mappingDto = getSystemMappingService().save(mappingDto);
        connectorType.getEmbedded().put(DefaultConnectorType.MAPPING_DTO_KEY, mappingDto);
        connectorType.getMetadata().put(MAPPING_SYNC_ID, mappingDto.getId().toString());
    } else {
        SysSystemMappingDto mappingDto = getSystemMappingService().get(UUID.fromString(mappingSyncId));
        connectorType.getEmbedded().put(DefaultConnectorType.MAPPING_DTO_KEY, mappingDto);
    }
    // Create/update role sync.
    createSync(connectorType);
    // Update group base contexts on the system with members.
    // Will add group container to the system with members. Without that system with member will not see groups.
    String memberSystemMappingId = connectorType.getMetadata().get(MEMBER_SYSTEM_MAPPING);
    SysSystemMappingDto systemMappingDto = null;
    if (memberSystemMappingId != null) {
        systemMappingDto = getSystemMappingService().get(UUID.fromString(memberSystemMappingId), IdmBasePermission.READ);
        if (systemMappingDto != null) {
            SysSchemaObjectClassDto objectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
            Assert.notNull(objectClassDto, "Schema DTO cannot be null!");
            SysSystemDto memberSystemDto = DtoUtils.getEmbedded(objectClassDto, SysSchemaObjectClass_.system, SysSystemDto.class);
            Assert.notNull(memberSystemDto, "Member system DTO cannot be null!");
            // Find attribute with group base contexts.
            IdmFormDefinitionDto memberConnectorFormDef = this.getSystemService().getConnectorFormDefinition(memberSystemDto);
            IdmFormAttributeDto groupContextBaseAttribute = memberConnectorFormDef.getMappedAttributeByCode(BASE_CONTEXT_GROUP_KEY);
            if (groupContextBaseAttribute != null) {
                groupContainers.forEach(groupContainer -> {
                    List<IdmFormValueDto> groupContextBaseValues = getFormService().getValues(memberSystemDto, groupContextBaseAttribute, IdmBasePermission.READ);
                    if (groupContextBaseValues != null) {
                        boolean groupContainerSet = groupContextBaseValues.stream().anyMatch(value -> groupContainer.equals(value.getValue()));
                        if (!groupContainerSet) {
                            List<String> currentRootSuffixes = groupContextBaseValues.stream().map(IdmFormValueDto::getStringValue).collect(Collectors.toList());
                            List<Serializable> newRootSuffixes = Lists.newArrayList(currentRootSuffixes);
                            newRootSuffixes.add(groupContainer);
                            // Save new root suffixes to the system with members.
                            getFormService().saveValues(memberSystemDto, groupContextBaseAttribute, newRootSuffixes, IdmBasePermission.UPDATE);
                        }
                    }
                });
            }
        }
    }
}

Example 68 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class MsAdSyncMappingRoleAutoAttributesProcessor method process.

@Override
public EventResult<SysSystemMappingDto> process(EntityEvent<SysSystemMappingDto> event) {
    SysSystemMappingDto dto = event.getContent();
    UUID schemaId = dto.getObjectClass();
    if (schemaId == null) {
        return new DefaultEventResult<>(event, this);
    }
    List<SysSchemaAttributeDto> schemaAttributes = getSchemaAttributes(schemaId);
    // UID attribute.
    SysSchemaAttributeDto primarySchemaAttribute = getSchemaAttributeByCatalogue(schemaAttributes, this.getPrimaryKeyCatalogue());
    if (primarySchemaAttribute != null) {
        createAttributeMappingBySchemaAttribute(dto, primarySchemaAttribute, null, true);
    }
    // Code and name attribute.
    SysSchemaAttributeDto codeSchemaAttribute = getSchemaAttributeByCatalogue(schemaAttributes, this.getCodeCatalogue());
    if (codeSchemaAttribute != null) {
        codeSchemaAttribute.setName("Role name");
        createAttributeMappingBySchemaAttribute(dto, codeSchemaAttribute, IdmRole_.name.getName(), false);
        codeSchemaAttribute.setName("Role code");
        createAttributeMappingBySchemaAttribute(dto, codeSchemaAttribute, IdmRole_.baseCode.getName(), false);
    }
    // Attribute for resolve role catalogue.
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setObjectClassId(schemaId);
    schemaAttributeFilter.setName(AdUserConnectorType.DN_ATTR_CODE);
    SysSchemaAttributeDto dnAttribute = schemaAttributeService.find(schemaAttributeFilter, null).stream().findFirst().orElse(null);
    if (dnAttribute != null) {
        dnAttribute.setName("Role catalog");
        SysSystemAttributeMappingDto attributeCatalogWithScript = createAttributeWithScript(dto, dnAttribute, RESOLVE_ROLE_CATALOG_UNDER_MAIN_SCRIPT, IdmScriptCategory.TRANSFORM_FROM, false);
        if (attributeCatalogWithScript != null) {
            attributeCatalogWithScript.setEntityAttribute(true);
            attributeCatalogWithScript.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
            systemAttributeMappingService.save(attributeCatalogWithScript);
        }
    }
    // Attribute for resolve membership. Returns DN of role by default.
    if (dnAttribute != null) {
        dnAttribute.setName("Membership (DN)");
        createAttributeMappingBySchemaAttribute(dto, dnAttribute, RoleSynchronizationExecutor.ROLE_MEMBERSHIP_ID_FIELD, false);
    }
    // Attribute for resolve forwardAcm. Returns true by default.
    if (dnAttribute != null) {
        dnAttribute.setName("Forward ACM");
        SysSystemAttributeMappingDto forwardAcmAttribute = createAttributeMappingBySchemaAttribute(dto, dnAttribute, RoleSynchronizationExecutor.ROLE_FORWARD_ACM_FIELD, false);
        forwardAcmAttribute.setTransformFromResourceScript("return true;");
        systemAttributeMappingService.save(forwardAcmAttribute);
    }
    // Attribute for resolve "Skip value if contract excluded". Returns true by default.
    if (dnAttribute != null) {
        dnAttribute.setName("Skip value if contract excluded");
        SysSystemAttributeMappingDto skipValueIfExcludedAttribute = createAttributeMappingBySchemaAttribute(dto, dnAttribute, RoleSynchronizationExecutor.ROLE_SKIP_VALUE_IF_EXCLUDED_FIELD, false);
        skipValueIfExcludedAttribute.setTransformFromResourceScript("return true;");
        systemAttributeMappingService.save(skipValueIfExcludedAttribute);
    }
    // Attribute returns List of members (user's DNs).
    schemaAttributeFilter.setName(MEMBER_ATTR_CODE);
    SysSchemaAttributeDto memberAttribute = schemaAttributeService.find(schemaAttributeFilter, null).stream().findFirst().orElse(null);
    if (memberAttribute != null) {
        createAttributeMappingBySchemaAttribute(dto, memberAttribute, RoleSynchronizationExecutor.ROLE_MEMBERS_FIELD, false);
    }
    DefaultEventResult<SysSystemMappingDto> resultEvent = new DefaultEventResult<>(event, this);
    // Event will be end now. To prevent start default auto mapping processor.
    resultEvent.setSuspended(true);
    return resultEvent;
}

Example 69 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class AdUserConnectorType method getCrossDomainConnectorObject.

public IcConnectorObject getCrossDomainConnectorObject(SysSystemDto system, String uid, IcObjectClass objectClass, IcConnectorObject icConnectorObject) {
    // Find merge attributes in cross-domains.
    SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
    systemGroupSystemFilter.setGroupType(SystemGroupType.CROSS_DOMAIN);
    systemGroupSystemFilter.setDisabled(Boolean.FALSE);
    systemGroupSystemFilter.setSystemId(system.getId());
    List<SysSystemGroupSystemDto> systemGroupSystemDtos = systemGroupSystemService.find(systemGroupSystemFilter, null).getContent();
    systemGroupSystemDtos.forEach(systemGroupSystemDto -> {
        SysSystemAttributeMappingDto mergeAttribute = DtoUtils.getEmbedded(systemGroupSystemDto, SysSystemGroupSystem_.mergeAttribute, SysSystemAttributeMappingDto.class);
        SysSchemaAttributeDto schemaMergeAttribute = DtoUtils.getEmbedded(mergeAttribute, SysSystemAttributeMapping_.schemaAttribute, SysSchemaAttributeDto.class);
        // Load values for this attribute from others systems in group.
        List<Object> connectorValuesByAttribute = this.getConnectorValuesByAttribute(uid, objectClass, schemaMergeAttribute.getName(), system, icConnectorObject, null);
        IcAttribute icAttribute = icConnectorObject.getAttributes().stream().filter(attribute -> schemaMergeAttribute.getName().equals(attribute.getName())).findFirst().orElse(null);
        if (icAttribute instanceof IcAttributeImpl) {
            // Add results to original connector-object.
            IcAttributeImpl icAttributeImpl = (IcAttributeImpl) icAttribute;
            icAttributeImpl.setMultiValue(true);
            icAttributeImpl.setValues(connectorValuesByAttribute);
        } else {
            // Attribute missing in connector-object -> create new one.
            icConnectorObject.getAttributes().add(new IcAttributeImpl(schemaMergeAttribute.getName(), connectorValuesByAttribute));
        }
    });
    return icConnectorObject;
}

Example 70 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class AbstractSystemMappingAutoAttributesProcessor method createAttributeMappingForPassword.

/**
 * Specific method for password attribute mapping
 */
protected SysSystemAttributeMappingDto createAttributeMappingForPassword(SysSystemMappingDto dto, List<SysSchemaAttributeDto> schemaAttributes) {
    SysSchemaAttributeDto passwordSchemaAttr = schemaAttributes.stream().filter(attr -> {
        return IcAttributeInfo.PASSWORD.equals(attr.getName()) && GuardedString.class.getCanonicalName().equals(attr.getClassType());
    }).findFirst().orElse(null);
    SysSystemAttributeMappingDto mappingAttribute = null;
    if (passwordSchemaAttr != null) {
        mappingAttribute = createAttributeMappingBySchemaAttribute(dto, passwordSchemaAttr, null, false);
        mappingAttribute.setPasswordAttribute(true);
        return systemAttributeMappingService.save(mappingAttribute);
    }
    return mappingAttribute;
}