Search in sources :

Example 26 with SysSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemDto in project CzechIdMng by bcvsolutions.

the class IdentityPasswordPreValidateDefinitionProcessor method validateDefinition.

public List<IdmPasswordPolicyDto> validateDefinition(PasswordChangeDto passwordChangeDto) {
    List<IdmPasswordPolicyDto> passwordPolicyList = new ArrayList<>();
    IdmPasswordPolicyDto defaultPasswordPolicy = this.passwordPolicyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
    if (defaultPasswordPolicy == null) {
        defaultPasswordPolicy = new IdmPasswordPolicyDto();
    }
    for (String account : passwordChangeDto.getAccounts()) {
        SysSystemDto system = DtoUtils.getEmbedded(accountService.get(UUID.fromString(account)), AccAccount_.system, SysSystemDto.class);
        IdmPasswordPolicyDto passwordPolicy;
        // 
        if (system.getPasswordPolicyValidate() == null) {
            passwordPolicy = defaultPasswordPolicy;
        } else {
            passwordPolicy = passwordPolicyService.get(system.getPasswordPolicyValidate());
        }
        if (!passwordPolicyList.contains(passwordPolicy) && passwordPolicy != null) {
            passwordPolicyList.add(passwordPolicy);
        }
    }
    if (passwordChangeDto.isIdm() && !passwordPolicyList.contains(defaultPasswordPolicy)) {
        passwordPolicyList.add(defaultPasswordPolicy);
    }
    return passwordPolicyList;
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) ArrayList(java.util.ArrayList) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)

Example 27 with SysSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemDto in project CzechIdMng by bcvsolutions.

the class SystemSaveProcessor method process.

@Override
public EventResult<SysSystemDto> process(EntityEvent<SysSystemDto> event) {
    SysSystemDto dto = event.getContent();
    // create default connector server
    if (dto.getConnectorServer() == null) {
        dto.setConnectorServer(new SysConnectorServerDto());
    }
    // create default connector key
    if (dto.getConnectorKey() == null) {
        dto.setConnectorKey(new SysConnectorKeyDto());
    }
    // create default blocked operations
    if (dto.getBlockedOperation() == null) {
        dto.setBlockedOperation(new SysBlockedOperationDto());
    }
    if (!service.isNew(dto)) {
        // Check if is connector changed
        SysSystemDto oldSystem = service.get(dto.getId());
        if (!dto.getConnectorKey().equals(oldSystem.getConnectorKey())) {
            // If is connector changed, we set virtual to false. (Virtual
            // connectors set this attribute on true by themselves)
            dto.setVirtual(false);
        }
        // check blocked provisioning operation and clear provisioning break cache
        clearProvisionignBreakCache(dto, oldSystem);
    }
    SysSystemDto newSystem = service.saveInternal(dto);
    event.setContent(newSystem);
    // save password from remote connector server to confidential storage
    if (dto.getConnectorServer().getPassword() != null) {
        // save for newSystem
        confidentialStorage.save(newSystem.getId(), SysSystem.class, SysSystemService.REMOTE_SERVER_PASSWORD, dto.getConnectorServer().getPassword().asString());
        // 
        // set asterix
        newSystem.getConnectorServer().setPassword(new GuardedString(GuardedString.SECRED_PROXY_STRING));
    }
    // TODO: clone content - mutable previous event content :/
    return new DefaultEventResult<>(event, this);
}
Also used : SysConnectorKeyDto(eu.bcvsolutions.idm.acc.dto.SysConnectorKeyDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) SysBlockedOperationDto(eu.bcvsolutions.idm.acc.dto.SysBlockedOperationDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) SysConnectorServerDto(eu.bcvsolutions.idm.acc.dto.SysConnectorServerDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)

Example 28 with SysSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemDto in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningProcessor method process.

/**
 * Prepare provisioning operation execution
 */
@Override
public EventResult<SysProvisioningOperationDto> process(EntityEvent<SysProvisioningOperationDto> event) {
    SysProvisioningOperationDto provisioningOperation = event.getContent();
    SysSystemDto system = systemService.get(provisioningOperation.getSystem());
    IcConnectorObject connectorObject = provisioningOperation.getProvisioningContext().getConnectorObject();
    IcObjectClass objectClass = connectorObject.getObjectClass();
    String uid = systemEntityService.getByProvisioningOperation(provisioningOperation).getUid();
    LOG.debug("Start provisioning operation [{}] for object with uid [{}] and connector object [{}]", provisioningOperation.getOperationType(), uid, objectClass.getType());
    // Find connector identification persisted in system
    if (system.getConnectorKey() == null) {
        throw new ProvisioningException(AccResultCode.CONNECTOR_KEY_FOR_SYSTEM_NOT_FOUND, ImmutableMap.of("system", system.getName()));
    }
    // load connector configuration
    IcConnectorConfiguration connectorConfig = systemService.getConnectorConfiguration(systemService.get(provisioningOperation.getSystem()));
    if (connectorConfig == null) {
        throw new ProvisioningException(AccResultCode.CONNECTOR_CONFIGURATION_FOR_SYSTEM_NOT_FOUND, ImmutableMap.of("system", system.getName()));
    }
    // 
    try {
        provisioningOperation = provisioningOperationService.save(provisioningOperation);
        // convert confidential string to guarded strings before provisioning realization
        connectorObject = provisioningOperationService.getFullConnectorObject(provisioningOperation);
        provisioningOperation.getProvisioningContext().setConnectorObject(connectorObject);
        // 
        IcUidAttribute resultUid = processInternal(provisioningOperation, connectorConfig);
        // update system entity, when identifier on target system differs
        if (resultUid != null && resultUid.getUidValue() != null) {
            SysSystemEntityDto systemEntity = systemEntityService.getByProvisioningOperation(provisioningOperation);
            // If system entity was not found, we try found system entity by returned UID
            if (systemEntity == null) {
                systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, provisioningOperation.getEntityType(), resultUid.getUidValue());
            }
            Asserts.notNull(systemEntity, "Systeme entity cannot be null!");
            if (!systemEntity.getUid().equals(resultUid.getUidValue()) || systemEntity.isWish()) {
                systemEntity.setUid(resultUid.getUidValue());
                systemEntity.setWish(false);
                systemEntity = systemEntityService.save(systemEntity);
                LOG.info("UID was changed. System entity with uid [{}] was updated", systemEntity.getUid());
            }
        }
        provisioningOperationService.handleSuccessful(provisioningOperation);
    } catch (Exception ex) {
        provisioningOperationService.handleFailed(provisioningOperation, ex);
    }
    // set operation back to content
    event.setContent(provisioningOperation);
    return new DefaultEventResult<>(event, this);
}
Also used : IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)

Example 29 with SysSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemDto in project CzechIdMng by bcvsolutions.

the class DisabledSystemProcessor method process.

@Override
public EventResult<SysProvisioningOperationDto> process(EntityEvent<SysProvisioningOperationDto> event) {
    SysProvisioningOperationDto provisioningOperation = event.getContent();
    SysSystemDto system = systemService.get(provisioningOperation.getSystem());
    String uid = provisioningOperationService.getByProvisioningOperation(provisioningOperation).getUid();
    boolean closed = false;
    if (system.isDisabled()) {
        ResultModel resultModel = new DefaultResultModel(AccResultCode.PROVISIONING_SYSTEM_DISABLED, ImmutableMap.of("name", uid, "system", system.getName()));
        provisioningOperation.setResult(new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(resultModel).build());
        // 
        provisioningOperation = provisioningOperationService.save(provisioningOperation);
        // 
        LOG.info(resultModel.toString());
        notificationManager.send(AccModuleDescriptor.TOPIC_PROVISIONING, new IdmMessageDto.Builder().setModel(resultModel).build());
        // 
        closed = true;
    }
    // set back to event content
    event.setContent(provisioningOperation);
    return new DefaultEventResult<>(event, this, closed);
}
Also used : DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) IdmMessageDto(eu.bcvsolutions.idm.core.notification.api.dto.IdmMessageDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)

Example 30 with SysSystemDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemDto in project CzechIdMng by bcvsolutions.

the class PrepareConnectorObjectProcessor method processCreate.

/**
 * Create object on target system
 *
 * @param provisioningOperation
 * @param connectorConfig
 */
private void processCreate(SysProvisioningOperationDto provisioningOperation) {
    SysSystemDto system = systemService.get(provisioningOperation.getSystem());
    ProvisioningContext provisioningContext = provisioningOperation.getProvisioningContext();
    IcConnectorObject connectorObject = provisioningContext.getConnectorObject();
    // 
    // prepare provisioning attributes from account attributes
    Map<ProvisioningAttributeDto, Object> fullAccountObject = provisioningOperationService.getFullAccountObject(provisioningOperation);
    if (fullAccountObject != null) {
        connectorObject.getAttributes().clear();
        SysSystemMappingDto mapping = getMapping(system, provisioningOperation.getEntityType());
        SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(mapping.getObjectClass());
        List<SysSchemaAttributeDto> schemaAttributes = findSchemaAttributes(system, schemaObjectClassDto);
        for (Entry<ProvisioningAttributeDto, Object> entry : fullAccountObject.entrySet()) {
            ProvisioningAttributeDto provisioningAttribute = entry.getKey();
            Optional<SysSchemaAttributeDto> schemaAttributeOptional = schemaAttributes.stream().filter(schemaAttribute -> {
                return provisioningAttribute.getSchemaAttributeName().equals(schemaAttribute.getName());
            }).findFirst();
            if (!schemaAttributeOptional.isPresent()) {
                throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_FOUND, ImmutableMap.of("attribute", provisioningAttribute.getSchemaAttributeName()));
            }
            Object idmValue = fullAccountObject.get(provisioningAttribute);
            SysSchemaAttributeDto schemaAttribute = schemaAttributeOptional.get();
            if (provisioningAttribute.isSendOnlyIfNotNull()) {
                if (this.isValueEmpty(idmValue)) {
                    // Skip this attribute (marked with flag sendOnlyIfNotNull), because IdM value is null
                    continue;
                }
            }
            if (AttributeMappingStrategyType.CREATE == provisioningAttribute.getStrategyType() || AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttribute.getStrategyType()) {
                boolean existSetAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
                    return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.SET == provisioningAttributeKey.getStrategyType();
                }).findFirst().isPresent();
                boolean existIfResourceNulltAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
                    return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttributeKey.getStrategyType();
                }).findFirst().isPresent();
                boolean existMergeAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
                    return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.MERGE == provisioningAttributeKey.getStrategyType();
                }).findFirst().isPresent();
                boolean existAuthMergeAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
                    return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.AUTHORITATIVE_MERGE == provisioningAttributeKey.getStrategyType();
                }).findFirst().isPresent();
                if (AttributeMappingStrategyType.CREATE == provisioningAttribute.getStrategyType()) {
                    if (existIfResourceNulltAttribute || existSetAttribute || existAuthMergeAttribute || existMergeAttribute) {
                        // (this strategies has higher priority)
                        continue;
                    }
                }
                if (AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttribute.getStrategyType()) {
                    if (existSetAttribute || existAuthMergeAttribute || existMergeAttribute) {
                        // (this strategies has higher priority)
                        continue;
                    }
                }
            }
            IcAttribute createdAttribute = createAttribute(schemaAttribute, fullAccountObject.get(provisioningAttribute));
            if (createdAttribute != null) {
                connectorObject.getAttributes().add(createdAttribute);
            }
        }
        provisioningContext.setConnectorObject(connectorObject);
    }
    provisioningOperation.setOperationType(ProvisioningEventType.CREATE);
}
Also used : SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) NotificationManager(eu.bcvsolutions.idm.core.notification.api.service.NotificationManager) Autowired(org.springframework.beans.factory.annotation.Autowired) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSchemaAttribute(eu.bcvsolutions.idm.acc.entity.SysSchemaAttribute) SysProvisioningArchiveDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningArchiveDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) ProvisioningConfiguration(eu.bcvsolutions.idm.acc.config.domain.ProvisioningConfiguration) Sort(org.springframework.data.domain.Sort) AbstractEntityEventProcessor(eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor) ImmutableMap(com.google.common.collect.ImmutableMap) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) Collection(java.util.Collection) SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService) SystemOperationType(eu.bcvsolutions.idm.acc.domain.SystemOperationType) PageRequest(org.springframework.data.domain.PageRequest) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) List(java.util.List) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) CollectionUtils(org.springframework.util.CollectionUtils) Entry(java.util.Map.Entry) Optional(java.util.Optional) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) Strings(com.google.common.base.Strings) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) IcUidAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcUidAttributeImpl) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) Direction(org.springframework.data.domain.Sort.Direction) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) Description(org.springframework.context.annotation.Description) AccModuleDescriptor(eu.bcvsolutions.idm.acc.AccModuleDescriptor) SysProvisioningArchiveService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningArchiveService) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) Component(org.springframework.stereotype.Component) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) IdmMessageDto(eu.bcvsolutions.idm.core.notification.api.dto.IdmMessageDto) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) Assert(org.springframework.util.Assert) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)

Aggregations

SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)256 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)167 Test (org.junit.Test)167 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)98 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)82 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)56 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)52 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)50 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)45 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)42 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)42 SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)32 SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)32 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)30 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)29 SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)29 SysProvisioningOperationFilter (eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)29 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)28 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)27 IdmBasePermission (eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)27