Example 31 with SysSystemAttributeMappingDto
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class DefaultSysRoleSystemAttributeService method save.
@Override
public SysRoleSystemAttributeDto save(SysRoleSystemAttributeDto dto, BasePermission... permission) {
// identifier
if (dto.isUid()) {
SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
filter.setIsUid(Boolean.TRUE);
filter.setRoleSystemId(dto.getRoleSystem());
List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(dto, SysRoleSystem_.system, SysSystemDto.class);
throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
}
}
// We will check exists definition for extended attribute
SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
systeAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
}
// We will do script validation (on compilation errors), before save
if (dto.getTransformScript() != null) {
groovyScriptService.validateScript(dto.getTransformScript());
}
SysRoleSystemAttributeDto roleSystemAttribute = super.save(dto, permission);
// RoleSystemAttribute was changed. We need do ACC management for all
// connected identities
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setRoleSystemId(dto.getRoleSystem());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
// TODO: move to filter and use distinct
List<IdmIdentityDto> identities = new ArrayList<>();
identityAccounts.stream().forEach(identityAccount -> {
if (!identities.contains(identityAccount.getIdentity())) {
// TODO: embedded
identities.add(identityService.get(identityAccount.getIdentity()));
}
});
identities.stream().forEach(identity -> {
LOG.debug("Call account management for identity [{}]", identity.getUsername());
boolean provisioningRequired = getAccountManagementService().resolveIdentityAccounts(identity);
if (provisioningRequired) {
LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
getProvisioningService().doProvisioning(identity);
}
});
return roleSystemAttribute;
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ArrayList(java.util.ArrayList)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Example 32 with SysSystemAttributeMappingDto
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemAttributeMappingService method getAuthenticationAttribute.
@Override
public SysSystemAttributeMappingDto getAuthenticationAttribute(UUID systemId, SystemEntityType entityType) {
Assert.notNull(systemId);
Assert.notNull(entityType);
// authentication attribute is only from provisioning operation type
SysSystemAttributeMappingDto attr = toDto(this.repository.findAuthenticationAttribute(systemId, SystemOperationType.PROVISIONING, entityType));
// defensive, if authentication attribute don't exists find attribute flagged as UID
if (attr == null) {
return toDto(this.repository.findUidAttribute(systemId, SystemOperationType.PROVISIONING, entityType));
}
return attr;
}
Also used :
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
Example 33 with SysSystemAttributeMappingDto
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemMappingService method validate.
/**
* Validate system mapping
*
* @param id(UUID
* system mapping)
*/
@Override
public void validate(UUID id) {
Assert.notNull(id);
//
Map<String, Object> errors = new HashMap<>();
SysSystemMappingDto systemMapping = this.get(id);
List<SysSystemAttributeMappingDto> attributesList = getAttributeMappingService().findBySystemMapping(systemMapping);
//
errors = validateIdentifier(errors, systemMapping, attributesList);
errors = validateSynchronizationContracts(errors, systemMapping, attributesList);
if (!errors.isEmpty()) {
throw new ResultCodeException(AccResultCode.SYSTEM_MAPPING_VALIDATION, errors);
}
}
Also used :
HashMap(java.util.HashMap)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
Example 34 with SysSystemAttributeMappingDto
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemMappingService method validateSynchronizationContracts.
/**
* Validation: synchronization - entityAttribute=true and
* idmPropertyName=identity
*
* @param errors
* @param systemMapping
* @param attributesList
* @return
*/
private Map<String, Object> validateSynchronizationContracts(Map<String, Object> errors, SysSystemMappingDto systemMapping, List<SysSystemAttributeMappingDto> attributesList) {
final String idmProperty = "identity";
boolean isError = true;
if (systemMapping.getOperationType() == SystemOperationType.SYNCHRONIZATION && systemMapping.getEntityType() == SystemEntityType.CONTRACT) {
for (SysSystemAttributeMappingDto attribute : attributesList) {
if (attribute.isEntityAttribute() && attribute.getIdmPropertyName().equals(idmProperty)) {
isError = false;
break;
}
}
if (isError) {
errors.put(SYSTEM_MISSING_OWNER, "Synchronization does not have Idm Key: identity");
}
}
return errors;
}
Also used :
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
Example 35 with SysSystemAttributeMappingDto
use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.
the class DefaultVsSystemService method createDefaultMapping.
/**
* Create default mapping for virtual system by given default attributes
*
* @param system
* @param schema
* @param vsSystem
*/
private void createDefaultMapping(SysSystemDto system, SysSchemaObjectClassDto schema, VsSystemDto vsSystem) {
SysSystemMappingDto systemMapping = new SysSystemMappingDto();
systemMapping.setName("Default provisioning");
systemMapping.setEntityType(SystemEntityType.IDENTITY);
systemMapping.setOperationType(SystemOperationType.PROVISIONING);
systemMapping.setObjectClass(schema.getId());
systemMapping = systemMappingService.save(systemMapping);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(system.getId());
List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
ArrayList<String> defaultAttributes = Lists.newArrayList(BasicVirtualConfiguration.DEFAULT_ATTRIBUTES);
List<String> attributes = vsSystem.getAttributes().isEmpty() ? defaultAttributes : vsSystem.getAttributes();
for (SysSchemaAttributeDto schemaAttr : schemaAttributes) {
if (IcAttributeInfo.NAME.equals(schemaAttr.getName())) {
SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
attributeMapping.setUid(true);
attributeMapping.setEntityAttribute(true);
attributeMapping.setIdmPropertyName(IdmIdentity_.username.getName());
attributeMapping.setName(schemaAttr.getName());
attributeMapping.setSchemaAttribute(schemaAttr.getId());
attributeMapping.setSystemMapping(systemMapping.getId());
systemAttributeMappingService.save(attributeMapping);
} else if (IcAttributeInfo.ENABLE.equals(schemaAttr.getName())) {
SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
attributeMapping.setUid(false);
attributeMapping.setEntityAttribute(true);
attributeMapping.setIdmPropertyName(IdmIdentity_.disabled.getName());
attributeMapping.setTransformToResourceScript("return !attributeValue;");
attributeMapping.setName(schemaAttr.getName());
attributeMapping.setSchemaAttribute(schemaAttr.getId());
attributeMapping.setSystemMapping(systemMapping.getId());
systemAttributeMappingService.save(attributeMapping);
} else if (RIGHTS_ATTRIBUTE.equals(schemaAttr.getName())) {
SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
attributeMapping.setUid(false);
attributeMapping.setEntityAttribute(false);
attributeMapping.setStrategyType(AttributeMappingStrategyType.MERGE);
attributeMapping.setExtendedAttribute(false);
attributeMapping.setName("'Rights' - multivalued merge attribute. ");
attributeMapping.setSchemaAttribute(schemaAttr.getId());
attributeMapping.setSystemMapping(systemMapping.getId());
systemAttributeMappingService.save(attributeMapping);
} else if (attributes.contains(schemaAttr.getName()) && defaultAttributes.contains(schemaAttr.getName())) {
SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
attributeMapping.setUid(false);
attributeMapping.setEntityAttribute(true);
attributeMapping.setIdmPropertyName(schemaAttr.getName());
attributeMapping.setSchemaAttribute(schemaAttr.getId());
attributeMapping.setName(schemaAttr.getName());
attributeMapping.setSystemMapping(systemMapping.getId());
systemAttributeMappingService.save(attributeMapping);
}
}
}
Also used :
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
Aggregations
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)78
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)48
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)42
SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)37
SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)34
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)29
Test (org.junit.Test)29
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)26
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)26
AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)21
SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)20
SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)20
AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)19
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)18
AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)14
SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)14
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)14
SysSyncActionLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)13
SysSyncItemLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)13
AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)13
