use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method doItemSynchronization.
@Override
public boolean doItemSynchronization(SynchronizationContext context) {
Assert.notNull(context, "Context is required.");
String uid = context.getUid();
IcConnectorObject icObject = context.getIcObject();
IcSyncDeltaTypeEnum type = context.getType();
AbstractSysSyncConfigDto config = context.getConfig();
SysSystemDto system = context.getSystem();
SystemEntityType entityType = context.getEntityType();
AccAccountDto account = context.getAccount();
SysSyncLogDto log = context.getLog();
SysSyncItemLogDto logItem = context.getLogItem();
List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
// Set default unknown action type
context.addActionType(SynchronizationActionType.UNKNOWN);
// If differential sync is disabled, then is every entity marks as different.
context.setIsEntityDifferent(!config.isDifferentialSync());
try {
// Find system entity for uid
SysSystemEntityDto systemEntity = findSystemEntity(uid, system, entityType);
context.addSystemEntity(systemEntity);
// Find acc account for uid or system entity
if (account == null) {
account = findAccount(context);
if (systemEntity == null) {
addToItemLog(logItem, "SystemEntity for this uid doesn't exist. We will create it.");
systemEntity = createSystemEntity(uid, entityType, system);
}
}
context.addSystemEntity(systemEntity).addAccount(account);
if (IcSyncDeltaTypeEnum.CREATE == type || IcSyncDeltaTypeEnum.UPDATE == type || IcSyncDeltaTypeEnum.CREATE_OR_UPDATE == type) {
// Update or create
Assert.notNull(icObject, "Connector object is required.");
List<IcAttribute> icAttributes = icObject.getAttributes();
if (account == null) {
// Account doesn't exist in IDM
systemEntity = removeSystemEntityWishIfPossible(systemEntity, false, context);
context.addSystemEntity(systemEntity);
resolveAccountNotExistSituation(context, systemEntity, icAttributes);
} else {
// Account exist in IdM (LINKED)
SynchronizationLinkedActionType linkedAction = config.getLinkedAction();
SynchronizationActionType action = linkedAction.getAction();
context.addActionType(action);
SynchronizationSituationType situation = SynchronizationSituationType.LINKED;
// configured
if (linkedAction == SynchronizationLinkedActionType.UPDATE_ENTITY || linkedAction == SynchronizationLinkedActionType.UPDATE_ACCOUNT) {
systemEntity = removeSystemEntityWishIfPossible(systemEntity, true, context);
context.addSystemEntity(systemEntity);
}
if (StringUtils.hasLength(config.getLinkedActionWfKey())) {
// We will start specific workflow
startWorkflow(config.getLinkedActionWfKey(), situation, action, null, context);
} else {
resolveLinkedSituation(config.getLinkedAction(), context);
}
addToItemLog(logItem, "Account exist in IdM (LINKED) - ended");
}
} else if (IcSyncDeltaTypeEnum.DELETE == type) {
// Missing account situation, can be call from connector
// (support delete account event) and from reconciliation
context.addActionType(config.getMissingAccountAction().getAction());
SynchronizationSituationType situation = SynchronizationSituationType.MISSING_ACCOUNT;
if (StringUtils.hasLength(config.getMissingAccountActionWfKey())) {
ReconciliationMissingAccountActionType missingAccountActionType = config.getMissingAccountAction();
SynchronizationActionType action = missingAccountActionType.getAction();
// We will start specific workflow
startWorkflow(config.getMissingAccountActionWfKey(), situation, action, null, context);
} else {
// Resolve missing account situation for one item
this.resolveMissingAccountSituation(config.getMissingAccountAction(), context);
}
} else if (context.isExportAction()) {
// Export situation - create account to system
this.resolveUnlinkedSituation(SynchronizationUnlinkedActionType.LINK_AND_UPDATE_ACCOUNT, context);
}
// Call hard hibernate session flush and clear
if (getHibernateSession().isOpen()) {
getHibernateSession().flush();
getHibernateSession().clear();
}
return true;
} catch (Exception e) {
loggingException(context.getActionType(), log, logItem, actionLogs, uid, e);
throw e;
}
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.
the class ProvisioningBreakProcessorTest method testBlockSystemCreate.
@Test
public void testBlockSystemCreate() {
SysSystemDto system = getHelper().createTestResourceSystem(true);
SysBlockedOperationDto blockedOperationDto = new SysBlockedOperationDto();
blockedOperationDto.blockCreate();
system.setBlockedOperation(blockedOperationDto);
system = systemService.save(system);
//
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
createProvisioningBreak(20l, 3, 2, ProvisioningEventType.CREATE, system.getId());
//
this.createAccount(system, identity);
//
// create block
provisioningService.doProvisioning(identity);
SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
//
SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
//
List<SysProvisioningOperationDto> content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
assertEquals(1, content.size());
SysProvisioningOperationDto sysProvisioningOperationDto = content.get(0);
//
assertEquals(ProvisioningEventType.CREATE, sysProvisioningOperationDto.getOperationType());
assertEquals(OperationState.BLOCKED, sysProvisioningOperationDto.getResult().getState());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.
the class ProvisioningBreakProcessorTest method testPeriod.
@Test
public void testPeriod() {
SysSystemDto system = getHelper().createTestResourceSystem(true);
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
SysProvisioningBreakConfigDto breakConfig = createProvisioningBreak(20l, 2, null, ProvisioningEventType.UPDATE, system.getId());
IdmIdentityDto recipient = getHelper().createIdentity((GuardedString) null);
createRecipient(breakConfig.getId(), recipient.getId(), null);
//
this.createAccount(system, identity);
//
//
// create
provisioningService.doProvisioning(identity);
provisioningService.doProvisioning(identity);
provisioningService.doProvisioning(identity);
//
SysProvisioningBreakItems cacheProcessedItems = provisioningBreakConfig.getCacheProcessedItems(system.getId());
//
// subtrack only 19 minutes from all items
long subtrackMinutes = 1140000;
List<Long> execudedItems = cacheProcessedItems.getExecutedItems(ProvisioningEventType.UPDATE);
// it isn't possible use foreEach or another stream function (reference)
for (Long item : execudedItems) {
execudedItems.set(execudedItems.indexOf(item), item - subtrackMinutes);
}
//
// block
provisioningService.doProvisioning(identity);
//
SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
//
assertNotNull(batch);
//
List<SysProvisioningOperationDto> content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
assertEquals(1, content.size());
//
SysProvisioningOperationDto sysProvisioningOperationDto = content.get(0);
//
assertEquals(ProvisioningEventType.UPDATE, sysProvisioningOperationDto.getOperationType());
assertEquals(OperationState.BLOCKED, sysProvisioningOperationDto.getResult().getState());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.
the class ProvisioningBreakProcessorTest method testPeriodOld.
@Test
public void testPeriodOld() {
SysSystemDto system = getHelper().createTestResourceSystem(true);
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
SysProvisioningBreakConfigDto breakConfig = createProvisioningBreak(20l, 3, null, ProvisioningEventType.UPDATE, system.getId());
IdmIdentityDto recipient = getHelper().createIdentity((GuardedString) null);
createRecipient(breakConfig.getId(), recipient.getId(), null);
//
this.createAccount(system, identity);
//
//
// create
provisioningService.doProvisioning(identity);
provisioningService.doProvisioning(identity);
provisioningService.doProvisioning(identity);
//
SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
List<SysProvisioningOperationDto> content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
//
assertTrue(content.isEmpty());
//
SysProvisioningBreakItems cacheProcessedItems = provisioningBreakConfig.getCacheProcessedItems(system.getId());
//
// subtrack 25 minutes from all items
long subtrackMinutes = 1500000;
List<Long> execudedItems = cacheProcessedItems.getExecutedItems(ProvisioningEventType.UPDATE);
// it isn't possible use foreEach or another stream function (reference)
for (Long item : execudedItems) {
execudedItems.set(execudedItems.indexOf(item), item - subtrackMinutes);
}
//
provisioningService.doProvisioning(identity);
provisioningService.doProvisioning(identity);
//
systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
batch = batchService.findBatch(systemEntity.getId());
content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
//
assertTrue(content.isEmpty());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.
the class AbstractAccAuthenticator method authenticateOverSystem.
/**
* Process authentication against given system with login and password.
*
* @param systemCodeable
* @param loginDto
* @param identity
* @return
*/
protected IcUidAttribute authenticateOverSystem(SysSystemDto system, LoginDto loginDto, IdmIdentityDto identity) {
// search authentication attribute for system with provisioning mapping, only for identity
SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
//
if (attribute == null) {
// attribute doesn't exists
LOG.error("System id [{}] is configured for authenticate, but for the system doesn't exist authentication attribute.", system.getId());
return null;
}
//
// find if identity has account on system
List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
if (accounts.isEmpty()) {
LOG.debug("Identity id [{}] hasn't account for system id [{}].", identity.getId(), system.getId());
// user hasn't account on system, continue
return null;
}
//
IcUidAttribute auth = null;
// authenticate over all accounts find first, or throw error
for (AccAccountDto account : accounts) {
SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass);
SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
String transformUsername = null;
if (!attribute.isUid()) {
IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
//
if (connectorObject == null) {
continue;
}
// iterate over all attributes to find authentication attribute
for (IcAttribute icAttribute : connectorObject.getAttributes()) {
if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
transformUsername = String.valueOf(icAttribute.getValue());
break;
}
}
if (transformUsername == null) {
LOG.error("For system id [{}] cant be transformed username for identity id [{}]. The system will be skipped for autentication.", system.getId(), identity.getId());
return null;
}
} else {
transformUsername = systemEntityDto.getUid();
}
// authentication over system, when password or username not exist or bad credentials - throw error
try {
// authentication against system
auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
// check auth
if (auth == null || auth.getValue() == null) {
// failed, continue to another account
continue;
}
// everything success break and the authentication will be returned
break;
} catch (ResultCodeException e) {
String message = StringUtils.trimToEmpty(e.getMessage());
LOG.error("Authentication trought system name [{}] for identity username [{}] failed! Error message: [{}]", system.getCode(), identity.getUsername(), message);
}
}
return auth;
}
Aggregations