use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountServiceFilterTest method testSupportChangePassword.
@Test
public void testSupportChangePassword() {
IdmIdentityDto identity = helper.createIdentity("test-" + System.currentTimeMillis());
SysSystemDto system = helper.createTestResourceSystem(true);
AccAccountDto account = createAccount(system.getId(), identity.getId(), identity.getUsername(), AccountType.PERSONAL, false);
IdmIdentityDto identity2 = helper.createIdentity("test-" + System.currentTimeMillis());
SysSystemDto system2 = helper.createTestResourceSystem(true);
createAccount(system2.getId(), identity2.getId(), identity2.getUsername(), AccountType.PERSONAL, false);
AccAccountFilter testFilter = new AccAccountFilter();
testFilter.setUid(identity.getUsername());
testFilter.setSupportChangePassword(true);
Page<AccAccountDto> pages = accAccountService.find(testFilter, null);
assertEquals(1, pages.getTotalElements());
assertEquals(account.getId(), pages.getContent().get(0).getId());
//
SysSystemMappingDto defaultMapping = helper.getDefaultMapping(system);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.findBySystemMapping(defaultMapping);
//
for (SysSystemAttributeMappingDto attr : attributes) {
if (attr.getName().equals(IcConnectorFacade.PASSWORD_ATTRIBUTE_NAME)) {
attributeMappingService.delete(attr);
}
}
//
testFilter = new AccAccountFilter();
testFilter.setUid(identity.getUsername());
testFilter.setSupportChangePassword(true);
pages = accAccountService.find(testFilter, null);
assertEquals(0, pages.getTotalElements());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class AbstractProvisioningExecutor method createAccountsForAllSystems.
@Override
public void createAccountsForAllSystems(DTO dto) {
SystemEntityType entityType = SystemEntityType.getByClass(dto.getClass());
List<SysSystemMappingDto> systemMappings = findSystemMappingsForEntityType(dto, entityType);
systemMappings.forEach(mapping -> {
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(mapping.getObjectClass());
UUID systemId = schemaObjectClassDto.getSystem();
UUID accountId = this.getAccountByEntity(dto.getId(), systemId);
if (accountId != null) {
// We already have account for this system -> next
return;
}
SysSystemDto system = DtoUtils.getEmbedded(schemaObjectClassDto, SysSchemaObjectClass_.system, SysSystemDto.class);
List<SysSystemAttributeMappingDto> mappedAttributes = attributeMappingService.findBySystemMapping(mapping);
SysSystemAttributeMappingDto uidAttribute = attributeMappingService.getUidAttribute(mappedAttributes, system);
String uid = attributeMappingService.generateUid(dto, uidAttribute);
// Account management - can be the account created? - execute the script on the system mapping
if (!this.canBeAccountCreated(uid, dto, mapping, system)) {
String entityStr = dto.toString();
if (dto instanceof Codeable) {
entityStr = ((Codeable) dto).getCode();
}
LOG.info(MessageFormat.format("For entity [{0}] and entity type [{1}] cannot be created the account (on system [{2}])," + " because script \"Can be account created\" on the mapping returned \"false\"!", entityStr, entityType, system.getName()));
return;
}
// Create AccAccount and relation between account and entity
createEntityAccount(uid, dto.getId(), systemId);
});
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method updateConfidentialAttributes.
/**
* Update confidential attribute for given entity. Entity must be persisted
* first.
*
* @param mappedAttributes
* @param uid
* @param icAttributes
* @param entity
* @param create
* (is create or update entity situation)
* @param context
* @return
*/
protected DTO updateConfidentialAttributes(List<SysSystemAttributeMappingDto> mappedAttributes, String uid, List<IcAttribute> icAttributes, DTO dto, boolean create, SynchronizationContext context) {
mappedAttributes.stream().filter(attribute -> {
// Skip disabled attributes
// Only for confidential attribute
boolean fastResult = !attribute.isDisabledAttribute() && attribute.isConfidentialAttribute();
if (!fastResult) {
return false;
}
// Can be value set by attribute strategy?
return this.canSetValue(uid, attribute, dto, create);
}).forEach(attribute -> {
String attributeProperty = attribute.getIdmPropertyName();
Object transformedValue = getValueByMappedAttribute(attribute, icAttributes, context);
// secured storage
if (!(transformedValue == null || transformedValue instanceof GuardedString)) {
throw new ProvisioningException(AccResultCode.CONFIDENTIAL_VALUE_IS_NOT_GUARDED_STRING, ImmutableMap.of("property", attributeProperty, "class", transformedValue.getClass().getName()));
}
confidentialStorage.saveGuardedString(dto.getId(), dto.getClass(), attribute.getIdmPropertyName(), (GuardedString) transformedValue);
});
return dto;
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method fillEntity.
/**
* Fill entity with attributes from IC module (by mapped attributes).
*
* @param mappedAttributes
* @param uid
* @param icAttributes
* @param entity
* @param create
* (is create or update entity situation)
* @param context
* @return
*/
protected DTO fillEntity(List<SysSystemAttributeMappingDto> mappedAttributes, String uid, List<IcAttribute> icAttributes, DTO dto, boolean create, SynchronizationContext context) {
mappedAttributes.stream().filter(attribute -> {
// Skip disabled attributes
// Skip extended attributes (we need update/ create entity first)
// Skip confidential attributes (we need update/ create entity
// first)
boolean fastResult = !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && !attribute.isConfidentialAttribute();
if (!fastResult) {
return false;
}
// Can be value set by attribute strategy?
return this.canSetValue(uid, attribute, dto, create);
}).forEach(attribute -> {
String attributeProperty = attribute.getIdmPropertyName();
Object transformedValue = getValueByMappedAttribute(attribute, icAttributes, context);
// Set transformed value from target system to entity
try {
EntityUtils.setEntityValue(dto, attributeProperty, transformedValue);
} catch (IntrospectionException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | ProvisioningException e) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IDM_FIELD_NOT_SET, ImmutableMap.of("property", attributeProperty, "uid", uid), e);
}
});
return dto;
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method doUpdateEntity.
/**
* Fill data from IC attributes to entity (EAV and confidential storage too)
*
* @param account
* @param entityType
* @param uid
* @param icAttributes
* @param mappedAttributes
* @param log
* @param logItem
* @param actionLogs
*/
protected void doUpdateEntity(SynchronizationContext context) {
String uid = context.getUid();
SysSyncLogDto log = context.getLog();
SysSyncItemLogDto logItem = context.getLogItem();
List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
AccAccountDto account = context.getAccount();
List<IcAttribute> icAttributes = context.getIcObject().getAttributes();
UUID entityId = getEntityByAccount(account.getId());
DTO entity = null;
if (entityId != null) {
entity = this.getService().get(entityId);
}
if (entity != null) {
// Update entity
entity = fillEntity(mappedAttributes, uid, icAttributes, entity, false, context);
this.save(entity, true);
// Update extended attribute (entity must be persisted first)
updateExtendedAttributes(mappedAttributes, uid, icAttributes, entity, false, context);
// Update confidential attribute (entity must be persisted
// first)
updateConfidentialAttributes(mappedAttributes, uid, icAttributes, entity, false, context);
// Entity updated
addToItemLog(logItem, MessageFormat.format("Entity with id {0} was updated", entity.getId()));
if (logItem != null) {
logItem.setDisplayName(this.getDisplayNameForEntity(entity));
}
// Call provisioning for entity
this.callProvisioningForEntity(entity, context.getEntityType(), logItem);
return;
} else {
addToItemLog(logItem, "Entity-account relation (with ownership = true) was not found!");
initSyncActionLog(SynchronizationActionType.UPDATE_ENTITY, OperationResultType.WARNING, logItem, log, actionLogs);
return;
}
}
Aggregations