Search in sources :

Example 6 with SysSystemEntityDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method doItemSynchronization.

@Override
public boolean doItemSynchronization(SynchronizationContext context) {
    Assert.notNull(context, "Context is required.");
    String uid = context.getUid();
    IcConnectorObject icObject = context.getIcObject();
    IcSyncDeltaTypeEnum type = context.getType();
    AbstractSysSyncConfigDto config = context.getConfig();
    SysSystemDto system = context.getSystem();
    SystemEntityType entityType = context.getEntityType();
    AccAccountDto account = context.getAccount();
    SysSyncLogDto log = context.getLog();
    SysSyncItemLogDto logItem = context.getLogItem();
    List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
    // Set default unknown action type
    context.addActionType(SynchronizationActionType.UNKNOWN);
    // If differential sync is disabled, then is every entity marks as different.
    context.setIsEntityDifferent(!config.isDifferentialSync());
    try {
        // Find system entity for uid
        SysSystemEntityDto systemEntity = findSystemEntity(uid, system, entityType);
        context.addSystemEntity(systemEntity);
        // Find acc account for uid or system entity
        if (account == null) {
            account = findAccount(context);
            if (systemEntity == null) {
                addToItemLog(logItem, "SystemEntity for this uid doesn't exist. We will create it.");
                systemEntity = createSystemEntity(uid, entityType, system);
            }
        }
        context.addSystemEntity(systemEntity).addAccount(account);
        if (IcSyncDeltaTypeEnum.CREATE == type || IcSyncDeltaTypeEnum.UPDATE == type || IcSyncDeltaTypeEnum.CREATE_OR_UPDATE == type) {
            // Update or create
            Assert.notNull(icObject, "Connector object is required.");
            List<IcAttribute> icAttributes = icObject.getAttributes();
            if (account == null) {
                // Account doesn't exist in IDM
                systemEntity = removeSystemEntityWishIfPossible(systemEntity, false, context);
                context.addSystemEntity(systemEntity);
                resolveAccountNotExistSituation(context, systemEntity, icAttributes);
            } else {
                // Account exist in IdM (LINKED)
                SynchronizationLinkedActionType linkedAction = config.getLinkedAction();
                SynchronizationActionType action = linkedAction.getAction();
                context.addActionType(action);
                SynchronizationSituationType situation = SynchronizationSituationType.LINKED;
                // configured
                if (linkedAction == SynchronizationLinkedActionType.UPDATE_ENTITY || linkedAction == SynchronizationLinkedActionType.UPDATE_ACCOUNT) {
                    systemEntity = removeSystemEntityWishIfPossible(systemEntity, true, context);
                    context.addSystemEntity(systemEntity);
                }
                if (StringUtils.hasLength(config.getLinkedActionWfKey())) {
                    // We will start specific workflow
                    startWorkflow(config.getLinkedActionWfKey(), situation, action, null, context);
                } else {
                    resolveLinkedSituation(config.getLinkedAction(), context);
                }
                addToItemLog(logItem, "Account exist in IdM (LINKED) - ended");
            }
        } else if (IcSyncDeltaTypeEnum.DELETE == type) {
            // Missing account situation, can be call from connector
            // (support delete account event) and from reconciliation
            context.addActionType(config.getMissingAccountAction().getAction());
            SynchronizationSituationType situation = SynchronizationSituationType.MISSING_ACCOUNT;
            if (StringUtils.hasLength(config.getMissingAccountActionWfKey())) {
                ReconciliationMissingAccountActionType missingAccountActionType = config.getMissingAccountAction();
                SynchronizationActionType action = missingAccountActionType.getAction();
                // We will start specific workflow
                startWorkflow(config.getMissingAccountActionWfKey(), situation, action, null, context);
            } else {
                // Resolve missing account situation for one item
                this.resolveMissingAccountSituation(config.getMissingAccountAction(), context);
            }
        } else if (context.isExportAction()) {
            // Export situation - create account to system
            this.resolveUnlinkedSituation(SynchronizationUnlinkedActionType.LINK_AND_UPDATE_ACCOUNT, context);
        }
        // Call hard hibernate session flush and clear
        if (getHibernateSession().isOpen()) {
            getHibernateSession().flush();
            getHibernateSession().clear();
        }
        return true;
    } catch (Exception e) {
        loggingException(context.getActionType(), log, logItem, actionLogs, uid, e);
        throw e;
    }
}
Also used : SynchronizationSituationType(eu.bcvsolutions.idm.acc.domain.SynchronizationSituationType) SynchronizationLinkedActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationLinkedActionType) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ReconciliationMissingAccountActionType(eu.bcvsolutions.idm.acc.domain.ReconciliationMissingAccountActionType) IntrospectionException(java.beans.IntrospectionException) InvocationTargetException(java.lang.reflect.InvocationTargetException) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto) SynchronizationActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationActionType) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) IcSyncDeltaTypeEnum(eu.bcvsolutions.idm.ic.impl.IcSyncDeltaTypeEnum) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSyncItemLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncItemLogDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)

Example 7 with SysSystemEntityDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.

the class ProvisioningBreakProcessorTest method testBlockSystemCreate.

@Test
public void testBlockSystemCreate() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    SysBlockedOperationDto blockedOperationDto = new SysBlockedOperationDto();
    blockedOperationDto.blockCreate();
    system.setBlockedOperation(blockedOperationDto);
    system = systemService.save(system);
    // 
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    createProvisioningBreak(20l, 3, 2, ProvisioningEventType.CREATE, system.getId());
    // 
    this.createAccount(system, identity);
    // 
    // create block
    provisioningService.doProvisioning(identity);
    SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
    // 
    SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
    // 
    List<SysProvisioningOperationDto> content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
    assertEquals(1, content.size());
    SysProvisioningOperationDto sysProvisioningOperationDto = content.get(0);
    // 
    assertEquals(ProvisioningEventType.CREATE, sysProvisioningOperationDto.getOperationType());
    assertEquals(OperationState.BLOCKED, sysProvisioningOperationDto.getResult().getState());
}
Also used : SysProvisioningBatchDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningBatchDto) SysBlockedOperationDto(eu.bcvsolutions.idm.acc.dto.SysBlockedOperationDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 8 with SysSystemEntityDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.

the class ProvisioningBreakProcessorTest method testPeriod.

@Test
public void testPeriod() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    SysProvisioningBreakConfigDto breakConfig = createProvisioningBreak(20l, 2, null, ProvisioningEventType.UPDATE, system.getId());
    IdmIdentityDto recipient = getHelper().createIdentity((GuardedString) null);
    createRecipient(breakConfig.getId(), recipient.getId(), null);
    // 
    this.createAccount(system, identity);
    // 
    // 
    // create
    provisioningService.doProvisioning(identity);
    provisioningService.doProvisioning(identity);
    provisioningService.doProvisioning(identity);
    // 
    SysProvisioningBreakItems cacheProcessedItems = provisioningBreakConfig.getCacheProcessedItems(system.getId());
    // 
    // subtrack only 19 minutes from all items
    long subtrackMinutes = 1140000;
    List<Long> execudedItems = cacheProcessedItems.getExecutedItems(ProvisioningEventType.UPDATE);
    // it isn't possible use foreEach or another stream function (reference)
    for (Long item : execudedItems) {
        execudedItems.set(execudedItems.indexOf(item), item - subtrackMinutes);
    }
    // 
    // block
    provisioningService.doProvisioning(identity);
    // 
    SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
    SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
    // 
    assertNotNull(batch);
    // 
    List<SysProvisioningOperationDto> content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
    assertEquals(1, content.size());
    // 
    SysProvisioningOperationDto sysProvisioningOperationDto = content.get(0);
    // 
    assertEquals(ProvisioningEventType.UPDATE, sysProvisioningOperationDto.getOperationType());
    assertEquals(OperationState.BLOCKED, sysProvisioningOperationDto.getResult().getState());
}
Also used : SysProvisioningBreakConfigDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningBreakConfigDto) SysProvisioningBatchDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningBatchDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningBreakItems(eu.bcvsolutions.idm.acc.dto.SysProvisioningBreakItems) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 9 with SysSystemEntityDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.

the class ProvisioningBreakProcessorTest method testPeriodOld.

@Test
public void testPeriodOld() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
    SysProvisioningBreakConfigDto breakConfig = createProvisioningBreak(20l, 3, null, ProvisioningEventType.UPDATE, system.getId());
    IdmIdentityDto recipient = getHelper().createIdentity((GuardedString) null);
    createRecipient(breakConfig.getId(), recipient.getId(), null);
    // 
    this.createAccount(system, identity);
    // 
    // 
    // create
    provisioningService.doProvisioning(identity);
    provisioningService.doProvisioning(identity);
    provisioningService.doProvisioning(identity);
    // 
    SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
    SysProvisioningBatchDto batch = batchService.findBatch(systemEntity.getId());
    List<SysProvisioningOperationDto> content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
    // 
    assertTrue(content.isEmpty());
    // 
    SysProvisioningBreakItems cacheProcessedItems = provisioningBreakConfig.getCacheProcessedItems(system.getId());
    // 
    // subtrack 25 minutes from all items
    long subtrackMinutes = 1500000;
    List<Long> execudedItems = cacheProcessedItems.getExecutedItems(ProvisioningEventType.UPDATE);
    // it isn't possible use foreEach or another stream function (reference)
    for (Long item : execudedItems) {
        execudedItems.set(execudedItems.indexOf(item), item - subtrackMinutes);
    }
    // 
    provisioningService.doProvisioning(identity);
    provisioningService.doProvisioning(identity);
    // 
    systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, identity.getUsername());
    batch = batchService.findBatch(systemEntity.getId());
    content = provisioningOperationService.findByBatchId(batch.getId(), null).getContent();
    // 
    assertTrue(content.isEmpty());
}
Also used : SysProvisioningBreakConfigDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningBreakConfigDto) SysProvisioningBatchDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningBatchDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) SysProvisioningBreakItems(eu.bcvsolutions.idm.acc.dto.SysProvisioningBreakItems) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 10 with SysSystemEntityDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto in project CzechIdMng by bcvsolutions.

the class AbstractAccAuthenticator method authenticateOverSystem.

/**
 * Process authentication against given system with login and password.
 *
 * @param systemCodeable
 * @param loginDto
 * @param identity
 * @return
 */
protected IcUidAttribute authenticateOverSystem(SysSystemDto system, LoginDto loginDto, IdmIdentityDto identity) {
    // search authentication attribute for system with provisioning mapping, only for identity
    SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
    // 
    if (attribute == null) {
        // attribute doesn't exists
        LOG.error("System id [{}] is configured for authenticate, but for the system doesn't exist authentication attribute.", system.getId());
        return null;
    }
    // 
    // find if identity has account on system
    List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
    if (accounts.isEmpty()) {
        LOG.debug("Identity id [{}] hasn't account for system id [{}].", identity.getId(), system.getId());
        // user hasn't account on system, continue
        return null;
    }
    // 
    IcUidAttribute auth = null;
    // authenticate over all accounts find first, or throw error
    for (AccAccountDto account : accounts) {
        SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
        SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass);
        SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
        IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
        String transformUsername = null;
        if (!attribute.isUid()) {
            IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
            // 
            if (connectorObject == null) {
                continue;
            }
            // iterate over all attributes to find authentication attribute
            for (IcAttribute icAttribute : connectorObject.getAttributes()) {
                if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
                    transformUsername = String.valueOf(icAttribute.getValue());
                    break;
                }
            }
            if (transformUsername == null) {
                LOG.error("For system id [{}] cant be transformed username for identity id [{}]. The system will be skipped for autentication.", system.getId(), identity.getId());
                return null;
            }
        } else {
            transformUsername = systemEntityDto.getUid();
        }
        // authentication over system, when password or username not exist or bad credentials - throw error
        try {
            // authentication against system
            auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
            // check auth
            if (auth == null || auth.getValue() == null) {
                // failed, continue to another account
                continue;
            }
            // everything success break and the authentication will be returned
            break;
        } catch (ResultCodeException e) {
            String message = StringUtils.trimToEmpty(e.getMessage());
            LOG.error("Authentication trought system name [{}] for identity username [{}] failed! Error message: [{}]", system.getCode(), identity.getUsername(), message);
        }
    }
    return auth;
}
Also used : IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)

Aggregations

SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)69 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)49 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)36 Test (org.junit.Test)36 SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)25 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)22 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)19 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)15 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)14 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)14 ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)13 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)12 OperationResult (eu.bcvsolutions.idm.core.api.entity.OperationResult)12 SysProvisioningBatchDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningBatchDto)11 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)10 ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)10 IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)10 IcObjectClassImpl (eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)10 SysProvisioningOperationFilter (eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)8 SysSystemEntityFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemEntityFilter)8