Search in sources :

Example 31 with SysSystemAttributeMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method save.

@Override
public SysRoleSystemAttributeDto save(SysRoleSystemAttributeDto dto, BasePermission... permission) {
    // identifier
    if (dto.isUid()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setIsUid(Boolean.TRUE);
        filter.setRoleSystemId(dto.getRoleSystem());
        List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
        if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(dto, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
        }
    }
    // We will check exists definition for extended attribute
    SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
    SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
    Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
    if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
        systeAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
    }
    // We will do script validation (on compilation errors), before save
    if (dto.getTransformScript() != null) {
        groovyScriptService.validateScript(dto.getTransformScript());
    }
    SysRoleSystemAttributeDto roleSystemAttribute = super.save(dto, permission);
    // RoleSystemAttribute was changed. We need do ACC management for all
    // connected identities
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setRoleSystemId(dto.getRoleSystem());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // TODO: move to filter and use distinct
    List<IdmIdentityDto> identities = new ArrayList<>();
    identityAccounts.stream().forEach(identityAccount -> {
        if (!identities.contains(identityAccount.getIdentity())) {
            // TODO: embedded
            identities.add(identityService.get(identityAccount.getIdentity()));
        }
    });
    identities.stream().forEach(identity -> {
        LOG.debug("Call account management for identity [{}]", identity.getUsername());
        boolean provisioningRequired = getAccountManagementService().resolveIdentityAccounts(identity);
        if (provisioningRequired) {
            LOG.debug("Call provisioning for identity [{}]", identity.getUsername());
            getProvisioningService().doProvisioning(identity);
        }
    });
    return roleSystemAttribute;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) ArrayList(java.util.ArrayList) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 32 with SysSystemAttributeMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSystemAttributeMappingService method getAuthenticationAttribute.

@Override
public SysSystemAttributeMappingDto getAuthenticationAttribute(UUID systemId, SystemEntityType entityType) {
    Assert.notNull(systemId);
    Assert.notNull(entityType);
    // authentication attribute is only from provisioning operation type
    SysSystemAttributeMappingDto attr = toDto(this.repository.findAuthenticationAttribute(systemId, SystemOperationType.PROVISIONING, entityType));
    // defensive, if authentication attribute don't exists find attribute flagged as UID
    if (attr == null) {
        return toDto(this.repository.findUidAttribute(systemId, SystemOperationType.PROVISIONING, entityType));
    }
    return attr;
}
Also used : SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)

Example 33 with SysSystemAttributeMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSystemMappingService method validate.

/**
 * Validate system mapping
 *
 * @param id(UUID
 *            system mapping)
 */
@Override
public void validate(UUID id) {
    Assert.notNull(id);
    // 
    Map<String, Object> errors = new HashMap<>();
    SysSystemMappingDto systemMapping = this.get(id);
    List<SysSystemAttributeMappingDto> attributesList = getAttributeMappingService().findBySystemMapping(systemMapping);
    // 
    errors = validateIdentifier(errors, systemMapping, attributesList);
    errors = validateSynchronizationContracts(errors, systemMapping, attributesList);
    if (!errors.isEmpty()) {
        throw new ResultCodeException(AccResultCode.SYSTEM_MAPPING_VALIDATION, errors);
    }
}
Also used : HashMap(java.util.HashMap) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)

Example 34 with SysSystemAttributeMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.

the class DefaultSysSystemMappingService method validateSynchronizationContracts.

/**
 * Validation: synchronization - entityAttribute=true and
 * idmPropertyName=identity
 *
 * @param errors
 * @param systemMapping
 * @param attributesList
 * @return
 */
private Map<String, Object> validateSynchronizationContracts(Map<String, Object> errors, SysSystemMappingDto systemMapping, List<SysSystemAttributeMappingDto> attributesList) {
    final String idmProperty = "identity";
    boolean isError = true;
    if (systemMapping.getOperationType() == SystemOperationType.SYNCHRONIZATION && systemMapping.getEntityType() == SystemEntityType.CONTRACT) {
        for (SysSystemAttributeMappingDto attribute : attributesList) {
            if (attribute.isEntityAttribute() && attribute.getIdmPropertyName().equals(idmProperty)) {
                isError = false;
                break;
            }
        }
        if (isError) {
            errors.put(SYSTEM_MISSING_OWNER, "Synchronization does not have Idm Key: identity");
        }
    }
    return errors;
}
Also used : SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)

Example 35 with SysSystemAttributeMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto in project CzechIdMng by bcvsolutions.

the class DefaultVsSystemService method createDefaultMapping.

/**
 * Create default mapping for virtual system by given default attributes
 *
 * @param system
 * @param schema
 * @param vsSystem
 */
private void createDefaultMapping(SysSystemDto system, SysSchemaObjectClassDto schema, VsSystemDto vsSystem) {
    SysSystemMappingDto systemMapping = new SysSystemMappingDto();
    systemMapping.setName("Default provisioning");
    systemMapping.setEntityType(SystemEntityType.IDENTITY);
    systemMapping.setOperationType(SystemOperationType.PROVISIONING);
    systemMapping.setObjectClass(schema.getId());
    systemMapping = systemMappingService.save(systemMapping);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(system.getId());
    List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
    ArrayList<String> defaultAttributes = Lists.newArrayList(BasicVirtualConfiguration.DEFAULT_ATTRIBUTES);
    List<String> attributes = vsSystem.getAttributes().isEmpty() ? defaultAttributes : vsSystem.getAttributes();
    for (SysSchemaAttributeDto schemaAttr : schemaAttributes) {
        if (IcAttributeInfo.NAME.equals(schemaAttr.getName())) {
            SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
            attributeMapping.setUid(true);
            attributeMapping.setEntityAttribute(true);
            attributeMapping.setIdmPropertyName(IdmIdentity_.username.getName());
            attributeMapping.setName(schemaAttr.getName());
            attributeMapping.setSchemaAttribute(schemaAttr.getId());
            attributeMapping.setSystemMapping(systemMapping.getId());
            systemAttributeMappingService.save(attributeMapping);
        } else if (IcAttributeInfo.ENABLE.equals(schemaAttr.getName())) {
            SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
            attributeMapping.setUid(false);
            attributeMapping.setEntityAttribute(true);
            attributeMapping.setIdmPropertyName(IdmIdentity_.disabled.getName());
            attributeMapping.setTransformToResourceScript("return !attributeValue;");
            attributeMapping.setName(schemaAttr.getName());
            attributeMapping.setSchemaAttribute(schemaAttr.getId());
            attributeMapping.setSystemMapping(systemMapping.getId());
            systemAttributeMappingService.save(attributeMapping);
        } else if (RIGHTS_ATTRIBUTE.equals(schemaAttr.getName())) {
            SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
            attributeMapping.setUid(false);
            attributeMapping.setEntityAttribute(false);
            attributeMapping.setStrategyType(AttributeMappingStrategyType.MERGE);
            attributeMapping.setExtendedAttribute(false);
            attributeMapping.setName("'Rights' - multivalued merge attribute. ");
            attributeMapping.setSchemaAttribute(schemaAttr.getId());
            attributeMapping.setSystemMapping(systemMapping.getId());
            systemAttributeMappingService.save(attributeMapping);
        } else if (attributes.contains(schemaAttr.getName()) && defaultAttributes.contains(schemaAttr.getName())) {
            SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
            attributeMapping.setUid(false);
            attributeMapping.setEntityAttribute(true);
            attributeMapping.setIdmPropertyName(schemaAttr.getName());
            attributeMapping.setSchemaAttribute(schemaAttr.getId());
            attributeMapping.setName(schemaAttr.getName());
            attributeMapping.setSystemMapping(systemMapping.getId());
            systemAttributeMappingService.save(attributeMapping);
        }
    }
}
Also used : SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)

Aggregations

SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)78 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)48 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)42 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)37 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)34 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)29 Test (org.junit.Test)29 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)26 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)26 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)21 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)20 SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)20 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)19 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)18 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)14 SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)14 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)14 SysSyncActionLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)13 SysSyncItemLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto)13 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)13