Example 16 with SysSyncRoleConfigDto
use of eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method resolveAssignRole.
private boolean resolveAssignRole(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncRoleConfigDto config, SysSyncItemLogDto logItem, IcConnectorObject connectorObject, SysSystemAttributeMappingDto memberOfAttributeDto, SysSchemaObjectClassDto schemaObjectClassDto) {
// Find attribute for get members (DNs)
SysSystemAttributeMappingDto roleMembersAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_MEMBERS_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
Assert.notNull(roleMembersAttributeDto, "Mapped attribute with role's members was not found. Please create it!");
if (!isNew && AttributeMappingStrategyType.CREATE == roleMembersAttributeDto.getStrategyType()) {
addToItemLog(logItem, "The attribute with role's members has strategy set to 'Set only for new entity'. Role isn't new, so resolving controlling an assignment of roles to users by the external system will be skipped for this role.");
} else {
addToItemLog(logItem, "Controlling an assignment of roles to users by the external system is activated.");
Object membersObj = this.getValueByMappedAttribute(roleMembersAttributeDto, connectorObject.getAttributes(), context);
if (membersObj == null) {
membersObj = Lists.newArrayList();
}
if (membersObj instanceof String) {
membersObj = Lists.newArrayList(membersObj);
}
Assert.isInstanceOf(List.class, membersObj, "The value from attribute with role's members must be List of Strings!");
@SuppressWarnings("unchecked") List<String> members = (List<String>) membersObj;
SysRoleSystemDto roleSystemDto = findRoleSystemDto(roleDto, memberOfAttributeDto, schemaObjectClassDto);
if (roleSystemDto == null) {
addToItemLog(logItem, "Relation between this role and system was not found. Assigning of role to users will be skip for this role.");
return false;
}
SysRoleSystemAttributeDto memberAttribute = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
if (memberAttribute == null) {
addToItemLog(logItem, "The member attribute between this role and system was not found. Assigning of role to users will be skip for this role.");
return false;
}
// Find identities with this role.
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setRoleId(roleDto.getId());
List<IdmIdentityRoleDto> existsIdentityRoleDtos = identityRoleService.find(identityRoleFilter, null).getContent();
// Get cache with users (DN vs UID).
Map<String, String> usersUidCache = getUserUidCache();
SysSchemaAttributeDto memberIdentifierAttribute = lookupService.lookupEmbeddedDto(config, SysSyncRoleConfig_.memberIdentifierAttribute);
Assert.notNull(memberIdentifierAttribute, "User identifier attribute cannot be null!");
Set<String> membersUid = Sets.newHashSet();
Set<UUID> membersContractIds = Sets.newHashSet();
// Call user system for every member (if isn't already in the cache).
SysSystemDto userSystemDto = systemService.get(roleSystemDto.getSystem());
IcConnectorConfiguration icConfig = systemService.getConnectorConfiguration(userSystemDto);
IcConnectorInstance connectorInstance = systemService.getConnectorInstance(userSystemDto);
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
if (icConfig instanceof IcConnectorConfigurationImpl) {
// Enable pooling - a performance reason.
IcConnectorConfigurationImpl icConfigImpl = (IcConnectorConfigurationImpl) icConfig;
icConfigImpl.setConnectorPoolingSupported(true);
}
final int[] count = { 0 };
for (String member : members) {
if (!transformDnToUid(config, usersUidCache, memberIdentifierAttribute, membersUid, icConfig, connectorInstance, objectClass, count, member)) {
return false;
}
}
count[0] = 0;
membersUid.forEach(uid -> assignMissingIdentityRoles(roleDto, config, logItem, existsIdentityRoleDtos, membersContractIds, userSystemDto, count, uid, context));
if (!checkForCancelAndFlush(config)) {
return false;
}
// Remove redundant identity roles.
List<IdmIdentityRoleDto> redundantIdentityRoles = existsIdentityRoleDtos.stream().filter(existsIdentityRole -> !membersContractIds.contains(existsIdentityRole.getIdentityContract())).collect(Collectors.toList());
count[0] = 0;
redundantIdentityRoles.forEach(redundantIdentityRole -> removeRedundantIdentityRoles(roleDto, config, logItem, count, redundantIdentityRole));
}
return true;
}
Also used :
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto)
SysSystemAttributeMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping_)
IcConnectorInstance(eu.bcvsolutions.idm.ic.api.IcConnectorInstance)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
EntityAccountService(eu.bcvsolutions.idm.acc.service.api.EntityAccountService)
Map(java.util.Map)
IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)
IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Set(java.util.Set)
Serializable(java.io.Serializable)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
IdmRoleCatalogueService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueService)
SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode)
IdmRoleRequest_(eu.bcvsolutions.idm.core.model.entity.IdmRoleRequest_)
IdmRoleCatalogueRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogueRole_)
RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
Lists(com.google.common.collect.Lists)
LookupService(eu.bcvsolutions.idm.core.api.service.LookupService)
SysSystemEntityFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemEntityFilter)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
RoleEventType(eu.bcvsolutions.idm.core.model.event.RoleEvent.RoleEventType)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)
IcFilterBuilder(eu.bcvsolutions.idm.ic.filter.impl.IcFilterBuilder)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
AccRoleAccountService(eu.bcvsolutions.idm.acc.service.api.AccRoleAccountService)
IdmIdentityContract_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
IcConnectorConfigurationImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorConfigurationImpl)
SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SynchronizationEntityExecutor(eu.bcvsolutions.idm.acc.service.api.SynchronizationEntityExecutor)
ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)
OperationResultType(eu.bcvsolutions.idm.acc.domain.OperationResultType)
RoleType(eu.bcvsolutions.idm.core.api.domain.RoleType)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)
IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
SysSchemaAttribute_(eu.bcvsolutions.idm.acc.entity.SysSchemaAttribute_)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
ImmutableMap(com.google.common.collect.ImmutableMap)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
IdmRoleCatalogue_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogue_)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
List(java.util.List)
EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
RoleRequestApprovalProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.RoleRequestApprovalProcessor)
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)
AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)
HashMap(java.util.HashMap)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
MessageFormat(java.text.MessageFormat)
SynchronizationActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationActionType)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto)
CorrelationFilter(eu.bcvsolutions.idm.core.api.dto.filter.CorrelationFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
SysSyncRoleConfig_(eu.bcvsolutions.idm.acc.entity.SysSyncRoleConfig_)
IdmRoleCatalogueRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueRoleService)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
Component(org.springframework.stereotype.Component)
RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)
ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService)
SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)
Assert(org.springframework.util.Assert)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
IcConnectorConfigurationImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorConfigurationImpl)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcConnectorInstance(eu.bcvsolutions.idm.ic.api.IcConnectorInstance)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
List(java.util.List)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
UUID(java.util.UUID)
Example 17 with SysSyncRoleConfigDto
use of eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method findRedundantRoleCatalogs.
private List<IdmRoleCatalogueRoleDto> findRedundantRoleCatalogs(IdmRoleDto roleDto, List<UUID> currentRoleCatalogueRoles, SysSyncRoleConfigDto config) {
UUID removeCatalogueRoleParentNode = config.getRemoveCatalogueRoleParentNode();
Assert.notNull(removeCatalogueRoleParentNode, "A parent catalogue for remove redundant roles cannot be null!");
IdmRoleCatalogueDto removeCatalogueRoleParentNodeDto = roleCatalogueService.get(removeCatalogueRoleParentNode);
Assert.notNull(removeCatalogueRoleParentNodeDto, "A parent catalogue for remove redundant roles cannot be null!");
IdmRoleCatalogueRoleFilter catalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
catalogueRoleFilter.setRoleId(roleDto.getId());
List<IdmRoleCatalogueRoleDto> cataloguesWithRole = roleCatalogueRoleService.find(catalogueRoleFilter, null).getContent().stream().filter(catalogueRole -> {
// Check if catalog is under main remove catalog.
if (catalogueRole.getRoleCatalogue().equals(removeCatalogueRoleParentNodeDto.getId())) {
// If is role connected directly to parent remove catalog, then should checked too.
return true;
}
IdmRoleCatalogueFilter catalogueFilter = new IdmRoleCatalogueFilter();
catalogueFilter.setParent(removeCatalogueRoleParentNodeDto.getId());
catalogueFilter.setId(catalogueRole.getRoleCatalogue());
catalogueFilter.setRecursively(true);
return roleCatalogueService.count(catalogueFilter) > 0;
}).collect(Collectors.toList());
return cataloguesWithRole.stream().filter(catalogueWithRole -> !currentRoleCatalogueRoles.contains(catalogueWithRole.getId())).collect(Collectors.toList());
}
Also used :
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto)
SysSystemAttributeMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping_)
IcConnectorInstance(eu.bcvsolutions.idm.ic.api.IcConnectorInstance)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
EntityAccountService(eu.bcvsolutions.idm.acc.service.api.EntityAccountService)
Map(java.util.Map)
IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)
IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Set(java.util.Set)
Serializable(java.io.Serializable)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
IdmRoleCatalogueService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueService)
SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode)
IdmRoleRequest_(eu.bcvsolutions.idm.core.model.entity.IdmRoleRequest_)
IdmRoleCatalogueRole_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogueRole_)
RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
Lists(com.google.common.collect.Lists)
LookupService(eu.bcvsolutions.idm.core.api.service.LookupService)
SysSystemEntityFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemEntityFilter)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
RoleEventType(eu.bcvsolutions.idm.core.model.event.RoleEvent.RoleEventType)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)
IcFilterBuilder(eu.bcvsolutions.idm.ic.filter.impl.IcFilterBuilder)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
AccRoleAccountService(eu.bcvsolutions.idm.acc.service.api.AccRoleAccountService)
IdmIdentityContract_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityContract_)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
IcConnectorConfigurationImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorConfigurationImpl)
SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SynchronizationEntityExecutor(eu.bcvsolutions.idm.acc.service.api.SynchronizationEntityExecutor)
ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)
OperationResultType(eu.bcvsolutions.idm.acc.domain.OperationResultType)
RoleType(eu.bcvsolutions.idm.core.api.domain.RoleType)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)
IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
SysSchemaAttribute_(eu.bcvsolutions.idm.acc.entity.SysSchemaAttribute_)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
ImmutableMap(com.google.common.collect.ImmutableMap)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
IdmRoleCatalogue_(eu.bcvsolutions.idm.core.model.entity.IdmRoleCatalogue_)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
List(java.util.List)
EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
RoleRequestApprovalProcessor(eu.bcvsolutions.idm.core.model.event.processor.role.RoleRequestApprovalProcessor)
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_)
AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)
HashMap(java.util.HashMap)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
MessageFormat(java.text.MessageFormat)
SynchronizationActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationActionType)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto)
CorrelationFilter(eu.bcvsolutions.idm.core.api.dto.filter.CorrelationFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
SysSyncRoleConfig_(eu.bcvsolutions.idm.acc.entity.SysSyncRoleConfig_)
IdmRoleCatalogueRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleCatalogueRoleService)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
Component(org.springframework.stereotype.Component)
RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent)
ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService)
SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)
Assert(org.springframework.util.Assert)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
UUID(java.util.UUID)
Example 18 with SysSyncRoleConfigDto
use of eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method resolveRoleCatalogue.
/**
* Resolve 'Role catalogues'.
*/
private void resolveRoleCatalogue(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncItemLogDto logItem, IcConnectorObject connectorObject) {
SysSystemAttributeMappingDto roleCatalogueAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_CATALOGUE_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
Assert.notNull(roleCatalogueAttributeDto, "Attribute for resolve role catalogues cannot be null!");
if (isNew && AttributeMappingStrategyType.CREATE == roleCatalogueAttributeDto.getStrategyType()) {
addToItemLog(logItem, "The attribute for 'role catalogues' has strategy set to 'Set only for new entity'. Role isn't new, so resolving will be skipped for this role.");
return;
}
addToItemLog(logItem, MessageFormat.format("Resolving of 'role catalogues' is activated for this role [{0}].", roleDto.getCode()));
// Get role-catalogue values from attribute transformation.
Object roleCataloguesObj = this.getValueByMappedAttribute(roleCatalogueAttributeDto, connectorObject.getAttributes(), context);
List<IdmRoleCatalogueDto> roleCatalogueRoleDtos = getRoleCatalogueFromValue(roleCataloguesObj);
List<UUID> currentRoleCatalogueRoles = Lists.newArrayList();
roleCatalogueRoleDtos.forEach(roleCatalogueDto -> {
List<IdmRoleCatalogueDto> parents = extractCatalogStructure(roleCatalogueDto);
AtomicReference<IdmRoleCatalogueDto> parent = new AtomicReference<>();
Lists.reverse(parents).forEach(catalogueDto -> {
if (roleCatalogueService.isNew(catalogueDto)) {
IdmRoleCatalogueDto newCatalogDto = new IdmRoleCatalogueDto();
newCatalogDto.setCode(catalogueDto.getCode());
newCatalogDto.setName(catalogueDto.getName());
newCatalogDto.setExternalId(catalogueDto.getExternalId());
newCatalogDto.setParent(catalogueDto.getParent());
if (newCatalogDto.getParent() == null && parent.get() != null) {
newCatalogDto.setParent(parent.get().getId());
}
if (newCatalogDto.getName() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_CATALOGUE_NAME_IS_NULL);
}
// Make sure that the catalog with the same code and parent does not really exist.
IdmRoleCatalogueFilter catalogueFilter = new IdmRoleCatalogueFilter();
catalogueFilter.setCode(newCatalogDto.getCode());
catalogueFilter.setParent(newCatalogDto.getParent());
IdmRoleCatalogueDto byCode = roleCatalogueService.find(catalogueFilter, null).getContent().stream().findFirst().orElse(null);
if (byCode != null) {
parent.set(roleCatalogueService.save(byCode));
addToItemLog(logItem, MessageFormat.format("Role catalog item with code [{0}] was reused (catalog with same code and parent already exist).", parent.get().getCode()));
} else {
parent.set(roleCatalogueService.save(newCatalogDto));
addToItemLog(logItem, MessageFormat.format("Role catalog item with code [{0}] was created.", parent.get().getCode()));
}
} else {
parent.set(catalogueDto);
}
});
// Last parent should be leaf catalog.
IdmRoleCatalogueDto leafCatalogueDto = parent.get();
IdmRoleCatalogueRoleDto roleCatalogueRoleDto = null;
if (leafCatalogueDto.getId() != null) {
IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
roleCatalogueRoleFilter.setRoleCatalogueId(leafCatalogueDto.getId());
roleCatalogueRoleFilter.setRoleId(roleDto.getId());
roleCatalogueRoleDto = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent().stream().findFirst().orElse(null);
}
if (roleCatalogueRoleDto == null) {
// Create new role-catalogue-role.
roleCatalogueRoleDto = new IdmRoleCatalogueRoleDto();
roleCatalogueRoleDto.setRole(roleDto.getId());
roleCatalogueRoleDto.setRoleCatalogue(leafCatalogueDto.getId());
roleCatalogueRoleDto = roleCatalogueRoleService.save(roleCatalogueRoleDto);
addToItemLog(logItem, MessageFormat.format("This role was included to the catalog with code [{0}].", leafCatalogueDto.getCode()));
}
currentRoleCatalogueRoles.add(roleCatalogueRoleDto.getId());
});
SysSyncRoleConfigDto config = getConfig(context);
if (config.isRemoveCatalogueRoleSwitch()) {
resolveRedundantCatalogueRole(roleDto, logItem, currentRoleCatalogueRoles, config);
}
}
Also used :
IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter)
IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmRoleCatalogueFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueFilter)
UUID(java.util.UUID)
Example 19 with SysSyncRoleConfigDto
use of eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method validate.
@Override
protected SynchronizationContext validate(UUID synchronizationConfigId) {
syncContext = super.validate(synchronizationConfigId);
SysSyncRoleConfigDto config = getConfig(syncContext);
SysSystemAttributeMappingFilter attributeMappingFilter = new SysSystemAttributeMappingFilter();
attributeMappingFilter.setSystemMappingId(config.getSystemMapping());
attributeMappingFilter.setDisabledAttribute(Boolean.FALSE);
// Check if exist mapping attribute for 'UID attribute'.
attributeMappingFilter.setIsUid(Boolean.TRUE);
SysSystemAttributeMappingDto attributeMappingDto = systemAttributeMappingService.find(attributeMappingFilter, null).getContent().stream().findFirst().orElse(null);
if (attributeMappingDto == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", "UID"));
}
if (config.isForwardAcmSwitch() && config.getForwardAcmMappingAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", ROLE_FORWARD_ACM_FIELD));
}
if (config.isSkipValueIfExcludedSwitch() && config.getSkipValueIfExcludedMappingAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", ROLE_SKIP_VALUE_IF_EXCLUDED_FIELD));
}
if (config.isMembershipSwitch()) {
if (config.getRoleIdentifiersMappingAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", ROLE_MEMBERSHIP_ID_FIELD));
}
if (config.getMemberSystemMapping() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", "System mapping from an identity system"));
}
if (config.getMemberOfAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", "Member of from an identity system"));
}
}
if (config.isAssignRoleSwitch()) {
if (config.getRoleMembersMappingAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", ROLE_MEMBERS_FIELD));
}
if (config.getMemberIdentifierAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", "Identity identifier from an identity system"));
}
}
if (config.isAssignCatalogueSwitch() && config.getAssignCatalogueMappingAttribute() == null) {
throw new ResultCodeException(AccResultCode.SYNC_OF_ROLES_MAPPING_ATTRIBUTE_MISSING, ImmutableMap.of("attribute", ROLE_CATALOGUE_FIELD));
}
return syncContext;
}
Also used :
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
Example 20 with SysSyncRoleConfigDto
use of eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method save.
/**
* Save entity
* @param entity
* @param skipProvisioning
* @return
*/
@Override
protected IdmRoleDto save(IdmRoleDto entity, boolean skipProvisioning, SynchronizationContext context) {
boolean isNew = roleService.isNew(entity);
EntityEvent<IdmRoleDto> event = new RoleEvent(isNew ? RoleEventType.CREATE : RoleEventType.UPDATE, entity, ImmutableMap.of(ProvisioningService.SKIP_PROVISIONING, skipProvisioning));
IdmRoleDto roleDto = roleService.publish(event).getContent();
SysSyncRoleConfigDto config = this.getConfig(context);
SysSyncItemLogDto logItem = context.getLogItem();
IcConnectorObject connectorObject = context.getIcObject();
// Resolve 'Role catalogue'.
if (roleDto != null && config.isAssignCatalogueSwitch()) {
resolveRoleCatalogue(isNew, context, roleDto, logItem, connectorObject);
}
if (roleDto != null && (config.isMembershipSwitch() || config.isForwardAcmSwitch() || config.isSkipValueIfExcludedSwitch() || config.isAssignRoleSwitch())) {
Assert.notNull(connectorObject, "Connector object cannot be null!");
SysSystemAttributeMappingDto memberOfAttributeDto = lookupService.lookupEmbeddedDto(config, SysSyncRoleConfig_.memberOfAttribute);
Assert.notNull(memberOfAttributeDto, "Member attribute cannot be null!");
SysSchemaAttributeDto schemaAttributeDto = lookupService.lookupEmbeddedDto(memberOfAttributeDto, SysSystemAttributeMapping_.schemaAttribute);
SysSchemaObjectClassDto schemaObjectClassDto = lookupService.lookupEmbeddedDto(schemaAttributeDto, SysSchemaAttribute_.objectClass);
Assert.notNull(schemaObjectClassDto, "Schema cannot be null!");
// Resolve role membership.
if (config.isMembershipSwitch()) {
boolean couldContinue = resolveMembership(isNew, context, roleDto, config, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
if (!couldContinue) {
return roleDto;
}
}
// Resolve 'Forward ACM'.
if (config.isForwardAcmSwitch()) {
resolveForwardAcm(isNew, context, roleDto, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
}
// Resolve 'Skip value if is contract excluded'.
if (config.isSkipValueIfExcludedSwitch()) {
resolveSkipValueIfExcluded(isNew, context, roleDto, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
}
// Resolve 'Assign the role to members'.
if (config.isAssignRoleSwitch()) {
boolean canContinue = resolveAssignRole(isNew, context, roleDto, config, logItem, connectorObject, memberOfAttributeDto, schemaObjectClassDto);
if (!canContinue) {
return roleDto;
}
}
}
return roleDto;
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)
SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)
Aggregations
SysSyncRoleConfigDto (eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)34
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26
Test (org.junit.Test)23
SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)22
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)21
AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)20
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)20
UUID (java.util.UUID)18
SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)15
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)15
IdmRoleCatalogueDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto)15
AccRoleAccountDto (eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)14
AccRoleAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)14
SysSyncLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)13
SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)12
AbstractBulkActionTest (eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)12
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)11
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)11
SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)10
SysRoleSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)10
