Examples with SysSchemaAttributeDto eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto used on opensource projects

Example 6 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method resolveSynchronizationFilter.

/**
 * Compile filter for search from filter attribute and filter script
 *
 * @param config
 * @return
 */
protected IcFilter resolveSynchronizationFilter(AbstractSysSyncConfigDto config) {
    // If is reconciliation, then is filter null
    if (config.isReconciliation()) {
        return null;
    }
    IcFilter filter = null;
    AttributeMapping filterAttributeMapping = null;
    if (config.getFilterAttribute() != null) {
        filterAttributeMapping = systemAttributeMappingService.get(config.getFilterAttribute());
    }
    String configToken = config.getToken();
    String filterScript = config.getCustomFilterScript();
    if (filterAttributeMapping == null && configToken == null && StringUtils.isEmpty(filterScript)) {
        return null;
    }
    if (filterAttributeMapping != null) {
        Object transformedValue = systemAttributeMappingService.transformValueToResource(null, configToken, filterAttributeMapping, config);
        if (transformedValue != null) {
            SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.get(filterAttributeMapping.getSchemaAttribute());
            IcAttributeImpl filterAttribute = new IcAttributeImpl(schemaAttributeDto.getName(), transformedValue);
            switch(config.getFilterOperation()) {
                case GREATER_THAN:
                    filter = IcFilterBuilder.greaterThan(filterAttribute);
                    break;
                case LESS_THAN:
                    filter = IcFilterBuilder.lessThan(filterAttribute);
                    break;
                case EQUAL_TO:
                    filter = IcFilterBuilder.equalTo(filterAttribute);
                    break;
                case CONTAINS:
                    filter = IcFilterBuilder.contains(filterAttribute);
                    break;
                case ENDS_WITH:
                    filter = IcFilterBuilder.endsWith(filterAttribute);
                    break;
                case STARTS_WITH:
                    filter = IcFilterBuilder.startsWith(filterAttribute);
                    break;
            }
        }
    }
    if (StringUtils.hasLength(filterScript)) {
        Map<String, Object> variables = new HashMap<>();
        variables.put("filter", filter);
        variables.put("token", configToken);
        IcFilterOperationType[] values = IcFilterOperationType.values();
        List<Class<?>> allowTypes = new ArrayList<>(values.length + 6);
        // Allow all IC filter operator
        for (IcFilterOperationType operation : values) {
            allowTypes.add(operation.getImplementation());
        }
        allowTypes.add(IcAndFilter.class);
        allowTypes.add(IcOrFilter.class);
        allowTypes.add(IcFilterBuilder.class);
        allowTypes.add(IcAttributeImpl.class);
        allowTypes.add(IcAttribute.class);
        allowTypes.add(IcNotFilter.class);
        Object filterObj = groovyScriptService.evaluate(filterScript, variables, allowTypes);
        if (filterObj != null && !(filterObj instanceof IcFilter)) {
            throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_FILTER_VALUE_WRONG_TYPE, ImmutableMap.of("type", filterObj.getClass().getName()));
        }
        filter = (IcFilter) filterObj;
    }
    return filter;
}

Example 7 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSchemaObjectClassService method export.

@Override
public void export(UUID id, IdmExportImportDto batch) {
    super.export(id, batch);
    // Export schema attributes
    SysSchemaAttributeFilter filter = new SysSchemaAttributeFilter();
    filter.setObjectClassId(id);
    List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(filter, null).getContent();
    if (schemaAttributes.isEmpty()) {
        schemaAttributeService.export(ExportManager.BLANK_UUID, batch);
    }
    schemaAttributes.forEach(schemaAttribute -> {
        schemaAttributeService.export(schemaAttribute.getId(), batch);
    });
    // Set parent field -> set authoritative mode.
    exportManager.setAuthoritativeMode(SysSchemaAttribute_.objectClass.getName(), "systemId", SysSchemaAttributeDto.class, batch);
}

Example 8 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class ComplexHrProcessIntegrationTest method createHrContractSystem.

private void createHrContractSystem() {
    getBean().deleteAllResourceData(TestContractResource.TABLE_NAME);
    // create new system
    SysSystemDto system = accTestHelper.createSystem(TestContractResource.TABLE_NAME, contractSysName, null, "ID");
    system.setReadonly(true);
    system.setDisabledProvisioning(true);
    system = systemService.save(system);
    List<IdmFormValueDto> values = new ArrayList<IdmFormValueDto>();
    IdmFormDefinitionDto savedFormDefinition = systemService.getConnectorFormDefinition(system);
    IdmFormValueDto changeLogColumnValue = new IdmFormValueDto(savedFormDefinition.getMappedAttributeByCode("changeLogColumn"));
    changeLogColumnValue.setValue("MODIFIED");
    values.add(changeLogColumnValue);
    formService.saveValues(system, savedFormDefinition, values);
    // generate schema for system
    List<SysSchemaObjectClassDto> objectClasses = systemService.generateSchema(system);
    // Create synchronization mapping
    SysSystemMappingDto syncSystemMapping = new SysSystemMappingDto();
    syncSystemMapping.setName(getHelper().createName());
    syncSystemMapping.setEntityType(SystemEntityType.CONTRACT);
    syncSystemMapping.setOperationType(SystemOperationType.SYNCHRONIZATION);
    syncSystemMapping.setObjectClass(objectClasses.get(0).getId());
    syncSystemMapping = systemMappingService.save(syncSystemMapping);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(system.getId());
    List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
    for (SysSchemaAttributeDto schemaAttr : schemaAttributes) {
        SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
        attributeMapping.setSchemaAttribute(schemaAttr.getId());
        attributeMapping.setSystemMapping(syncSystemMapping.getId());
        attributeMapping.setEntityAttribute(true);
        // just id, not mapped to attribute
        if (StringUtils.equalsIgnoreCase("ID", schemaAttr.getName())) {
            attributeMapping.setUid(true);
            attributeMapping.setEntityAttribute(true);
            // correlation attr
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            // used for storing contract id
            attributeMapping.setIdmPropertyName("position");
        } else if (StringUtils.equalsIgnoreCase("STATE", schemaAttr.getName())) {
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            attributeMapping.setIdmPropertyName("state");
        } else if (StringUtils.equalsIgnoreCase("VALIDFROM", schemaAttr.getName())) {
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            attributeMapping.setIdmPropertyName("validFrom");
            attributeMapping.setTransformFromResourceScript(getScriptCallExpression(stringToLocalDateScript));
            attributeMapping.setCached(true);
        } else if (StringUtils.equalsIgnoreCase("VALIDTILL", schemaAttr.getName())) {
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            attributeMapping.setIdmPropertyName("validTill");
            attributeMapping.setTransformFromResourceScript(getScriptCallExpression(stringToLocalDateScript));
            attributeMapping.setCached(true);
        // this maps personalNumber to identity to which contract belongs; transformation script is used
        } else if (StringUtils.equalsIgnoreCase("NAME", schemaAttr.getName())) {
            // NAME used for personalNumber aka externalCode
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            // represents IdmIentityDto
            attributeMapping.setIdmPropertyName("identity");
            attributeMapping.setTransformFromResourceScript(getScriptCallExpression(getIdentityUuidByPersonalNumScript));
            attributeMapping.setCached(true);
        } else if (StringUtils.equalsIgnoreCase("WORKPOSITION", schemaAttr.getName())) {
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            attributeMapping.setIdmPropertyName("workPosition");
        } else if (StringUtils.equalsIgnoreCase("POSITIONS", schemaAttr.getName())) {
            attributeMapping.setName(schemaAttr.getName().toLowerCase());
            attributeMapping.setIdmPropertyName(eavAutoRoleAttrName);
            attributeMapping.setEntityAttribute(false);
            attributeMapping.setExtendedAttribute(true);
        } else {
            // skip those undefined
            continue;
        }
        attributeMapping = systemAttributeMappingService.save(attributeMapping);
    }
    // Create default synchronization config
    SysSystemAttributeMappingFilter mapAttrFilt = new SysSystemAttributeMappingFilter();
    mapAttrFilt.setSystemId(system.getId());
    mapAttrFilt.setName("id");
    SysSystemAttributeMappingDto correlationAttr = systemAttributeMappingService.find(mapAttrFilt, null).getContent().get(0);
    IdmTreeTypeFilter typeFilt = new IdmTreeTypeFilter();
    typeFilt.setCode(orgTreeTypeName);
    IdmTreeTypeDto treeType = treeTypeService.find(typeFilt, null).getContent().get(0);
    SysSyncContractConfigDto syncConfigCustom = new SysSyncContractConfigDto();
    syncConfigCustom.setReconciliation(false);
    syncConfigCustom.setCustomFilter(false);
    syncConfigCustom.setSystemMapping(syncSystemMapping.getId());
    syncConfigCustom.setCorrelationAttribute(correlationAttr.getId());
    syncConfigCustom.setName(contractSysName + "-SYNC");
    syncConfigCustom.setLinkedAction(SynchronizationLinkedActionType.UPDATE_ENTITY);
    syncConfigCustom.setUnlinkedAction(SynchronizationUnlinkedActionType.LINK);
    syncConfigCustom.setMissingEntityAction(SynchronizationMissingEntityActionType.CREATE_ENTITY);
    syncConfigCustom.setMissingAccountAction(ReconciliationMissingAccountActionType.IGNORE);
    syncConfigCustom.setStartOfHrProcesses(true);
    syncConfigCustom.setStartAutoRoleRec(true);
    syncConfigCustom.setDefaultTreeType(treeType.getId());
    syncConfigCustom = (SysSyncContractConfigDto) sysSyncConfigService.save(syncConfigCustom);
}

Example 9 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class AbstractAccAuthenticator method authenticateOverSystem.

/**
 * Process authentication against given system with login and password.
 *
 * @param systemCodeable
 * @param loginDto
 * @param identity
 * @return
 */
protected IcUidAttribute authenticateOverSystem(SysSystemDto system, LoginDto loginDto, IdmIdentityDto identity) {
    // search authentication attribute for system with provisioning mapping, only for identity
    SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
    // 
    if (attribute == null) {
        // attribute doesn't exists
        LOG.error("System id [{}] is configured for authenticate, but for the system doesn't exist authentication attribute.", system.getId());
        return null;
    }
    // 
    // find if identity has account on system
    List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
    if (accounts.isEmpty()) {
        LOG.debug("Identity id [{}] hasn't account for system id [{}].", identity.getId(), system.getId());
        // user hasn't account on system, continue
        return null;
    }
    // 
    IcUidAttribute auth = null;
    // authenticate over all accounts find first, or throw error
    for (AccAccountDto account : accounts) {
        SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
        SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass);
        SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
        IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
        String transformUsername = null;
        if (!attribute.isUid()) {
            IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
            // 
            if (connectorObject == null) {
                continue;
            }
            // iterate over all attributes to find authentication attribute
            for (IcAttribute icAttribute : connectorObject.getAttributes()) {
                if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
                    transformUsername = String.valueOf(icAttribute.getValue());
                    break;
                }
            }
            if (transformUsername == null) {
                LOG.error("For system id [{}] cant be transformed username for identity id [{}]. The system will be skipped for autentication.", system.getId(), identity.getId());
                return null;
            }
        } else {
            transformUsername = systemEntityDto.getUid();
        }
        // authentication over system, when password or username not exist or bad credentials - throw error
        try {
            // authentication against system
            auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
            // check auth
            if (auth == null || auth.getValue() == null) {
                // failed, continue to another account
                continue;
            }
            // everything success break and the authentication will be returned
            break;
        } catch (ResultCodeException e) {
            String message = StringUtils.trimToEmpty(e.getMessage());
            LOG.error("Authentication trought system name [{}] for identity username [{}] failed! Error message: [{}]", system.getCode(), identity.getUsername(), message);
        }
    }
    return auth;
}

Example 10 with SysSchemaAttributeDto

use of eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto in project CzechIdMng by bcvsolutions.

the class ProvisioningMergeTest method testAttribteControlledValues.

@Test
public void testAttribteControlledValues() {
    SysSystemDto system = helper.createSystem("test_resource");
    SysSystemMappingDto mapping = helper.createMapping(system);
    IdmRoleDto roleOne = helper.createRole();
    IdmRoleDto roleTwo = helper.createRole();
    IdmRoleDto roleOneDuplicated = helper.createRole();
    SysRoleSystemDto roleSystemOne = helper.createRoleSystem(roleOne, system);
    SysRoleSystemDto roleSystemTwo = helper.createRoleSystem(roleTwo, system);
    SysRoleSystemDto roleSystemOneDuplicated = helper.createRoleSystem(roleOneDuplicated, system);
    SysSchemaAttributeDto rightsSchemaAttribute = new SysSchemaAttributeDto();
    rightsSchemaAttribute.setObjectClass(mapping.getObjectClass());
    rightsSchemaAttribute.setName(RIGHTS_ATTRIBUTE);
    rightsSchemaAttribute.setMultivalued(true);
    rightsSchemaAttribute.setClassType(String.class.getName());
    rightsSchemaAttribute.setReadable(true);
    rightsSchemaAttribute.setUpdateable(true);
    rightsSchemaAttribute = schemaAttributeService.save(rightsSchemaAttribute);
    SysSystemAttributeMappingDto rightsAttribute = new SysSystemAttributeMappingDto();
    rightsAttribute.setSchemaAttribute(rightsSchemaAttribute.getId());
    rightsAttribute.setSystemMapping(mapping.getId());
    rightsAttribute.setName(RIGHTS_ATTRIBUTE);
    rightsAttribute.setStrategyType(AttributeMappingStrategyType.MERGE);
    rightsAttribute = attributeMappingService.save(rightsAttribute);
    SysRoleSystemAttributeDto roleAttributeOne = new SysRoleSystemAttributeDto();
    roleAttributeOne.setName(RIGHTS_ATTRIBUTE);
    roleAttributeOne.setRoleSystem(roleSystemOne.getId());
    roleAttributeOne.setStrategyType(AttributeMappingStrategyType.MERGE);
    roleAttributeOne.setSystemAttributeMapping(rightsAttribute.getId());
    roleAttributeOne.setTransformToResourceScript("return '" + ONE_VALUE + "';");
    roleAttributeOne = roleSystemAttributeService.saveInternal(roleAttributeOne);
    List<Serializable> controlledAttributeValues = attributeMappingService.getControlledAttributeValues(system.getId(), mapping.getEntityType(), RIGHTS_ATTRIBUTE);
    assertNotNull(controlledAttributeValues);
    assertEquals(1, controlledAttributeValues.size());
    assertEquals(ONE_VALUE, controlledAttributeValues.get(0));
    SysRoleSystemAttributeDto roleAttributeOneDuplicated = new SysRoleSystemAttributeDto();
    roleAttributeOneDuplicated.setName(RIGHTS_ATTRIBUTE);
    roleAttributeOneDuplicated.setRoleSystem(roleSystemOneDuplicated.getId());
    roleAttributeOneDuplicated.setStrategyType(AttributeMappingStrategyType.MERGE);
    roleAttributeOneDuplicated.setSystemAttributeMapping(rightsAttribute.getId());
    roleAttributeOneDuplicated.setTransformToResourceScript("return '" + TWO_VALUE + "';");
    roleAttributeOneDuplicated = roleSystemAttributeService.saveInternal(roleAttributeOneDuplicated);
    SysRoleSystemAttributeDto roleAttributeTwo = new SysRoleSystemAttributeDto();
    roleAttributeTwo.setName(RIGHTS_ATTRIBUTE);
    roleAttributeTwo.setRoleSystem(roleSystemTwo.getId());
    roleAttributeTwo.setStrategyType(AttributeMappingStrategyType.MERGE);
    roleAttributeTwo.setSystemAttributeMapping(rightsAttribute.getId());
    roleAttributeTwo.setTransformToResourceScript("return '" + TWO_VALUE + "';");
    roleAttributeTwo = roleSystemAttributeService.saveInternal(roleAttributeTwo);
    controlledAttributeValues = attributeMappingService.getControlledAttributeValues(system.getId(), mapping.getEntityType(), RIGHTS_ATTRIBUTE);
    assertNotNull(controlledAttributeValues);
    assertEquals(2, controlledAttributeValues.size());
    assertTrue(controlledAttributeValues.contains(ONE_VALUE));
    assertTrue(controlledAttributeValues.contains(TWO_VALUE));
}