Search in sources :

Example 6 with SysSystemGroupDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupCannotCreateAccount.

@Test
public void testRoleInCrossDomainGroupCannotCreateAccount() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    // Creates the login role.
    IdmRoleDto loginRole = helper.createRole();
    helper.createRoleSystem(loginRole, systemDto);
    // Creates cross-domain no-login role.
    IdmRoleDto roleInCrossDomainGroup = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    // Creates overridden ldapGroup merge attribute.
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityContractDto contract = getHelper().createContract(identity);
    IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, roleInCrossDomainGroup);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNull(roleRequestDto.getSystemState());
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityId(identity.getId());
    identityAccountFilter.setSystemId(systemDto.getId());
    assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
    roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
    // Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
    SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
    // Clean
    provisioningOperationService.deleteOperations(systemDto.getId());
    systemGroupService.delete(groupSystemDto);
    getHelper().deleteIdentity(identity.getId());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 7 with SysSystemGroupDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupProvisioningForBusinessRole.

@Test
public void testRoleInCrossDomainGroupProvisioningForBusinessRole() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    // Creates the login role.
    IdmRoleDto loginRole = helper.createRole();
    helper.createRoleSystem(loginRole, systemDto);
    IdmRoleDto parentNoLoginRole = helper.createRole();
    // Creates no-login role.
    IdmRoleDto noLoginRole = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
    roleSystem.setCreateAccountByDefault(true);
    roleSystemService.save(roleSystem);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    // Creates overridden ldapGroup merge attribute.
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(parentNoLoginRole, noLoginRole);
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
    IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
    identityRoleFilter.setIdentityId(identity.getId());
    identityRoleFilter.setRoleId(noLoginRole.getId());
    assertEquals(0, identityRoleService.count(identityRoleFilter));
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityId(identity.getId());
    identityAccountFilter.setSystemId(systemDto.getId());
    assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
    IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
    // Check if provisioning NOT contains ldapGroups attribute with value ('ONE') from the role.
    SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals(0, ((List<?>) ldapGroupsValue).size());
    // Delete old provisioning.
    provisioningOperationService.delete(provisioningOperationDto);
    // Assign parent role.
    roleRequestDto = getHelper().assignRoles(contract, false, parentNoLoginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    // Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
    provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
    assertEquals(1, identityRoleService.count(identityRoleFilter));
    // Clean
    provisioningOperationService.deleteOperations(systemDto.getId());
    getHelper().deleteIdentity(identity.getId());
    roleCompositionService.delete(roleComposition);
    getHelper().deleteRole(noLoginRole.getId());
    getHelper().deleteRole(parentNoLoginRole.getId());
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) GuardedString(org.identityconnectors.common.security.GuardedString) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) After(org.junit.After) SecurityUtil(org.identityconnectors.common.security.SecurityUtil) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) UUID(java.util.UUID) StandardCharsets(java.nio.charset.StandardCharsets) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) ConnectorManager(eu.bcvsolutions.idm.acc.service.api.ConnectorManager) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Assert.assertFalse(org.junit.Assert.assertFalse) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) MessageFormat(java.text.MessageFormat) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Qualifier(org.springframework.beans.factory.annotation.Qualifier) ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo) Before(org.junit.Before) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Assert.assertNotNull(org.junit.Assert.assertNotNull) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Assert.assertTrue(org.junit.Assert.assertTrue) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Test(org.junit.Test) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSystemGroupService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupService) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Assert.assertNull(org.junit.Assert.assertNull) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) TestHelper(eu.bcvsolutions.idm.acc.TestHelper) Comparator(java.util.Comparator) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) Assert.assertEquals(org.junit.Assert.assertEquals) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 8 with SysSystemGroupDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testRoleSystemInCrossDomainGroup.

@Test
public void testRoleSystemInCrossDomainGroup() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemOne = systemGroupSystemService.save(systemGroupSystemOne);
    // Creates cross-domain no-login role.
    IdmRoleDto roleInCrossDomainGroup = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    // Creates overridden ldapGroup merge attribute.
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    // Clean
    systemGroupService.delete(groupSystemDto);
    assertNull(systemGroupSystemService.get(systemGroupSystemOne));
    systemService.delete(systemDto);
    roleService.delete(roleInCrossDomainGroup);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 9 with SysSystemGroupDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testGetConnectorObjectWithCrossDomainValues.

@Test
public void testGetConnectorObjectWithCrossDomainValues() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    // Creates the login role.
    IdmRoleDto loginRole = helper.createRole();
    helper.createRoleSystem(loginRole, systemDto);
    // Creates cross-domain no-login role.
    IdmRoleDto roleInCrossDomainGroup = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    // Creates overridden ldapGroup merge attribute.
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityContractDto contract = getHelper().createContract(identity);
    mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack((system, uid, objectClass) -> {
        IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl(identity.getUsername(), null, null);
        connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE, "TWO"));
        return mockCrossDomainAdUserConnectorType.getCrossDomainConnectorObject(system, uid, objectClass, connectorObject);
    });
    IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, roleInCrossDomainGroup, loginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityId(identity.getId());
    identityAccountFilter.setSystemId(systemDto.getId());
    List<AccIdentityAccountDto> identityAccountDtos = identityAccountService.find(identityAccountFilter, null).getContent();
    assertEquals(1, identityAccountDtos.size());
    UUID accountId = identityAccountDtos.get(0).getAccount();
    IcConnectorObject connectorObject = accountService.getConnectorObject(accountService.get(accountId));
    assertNotNull(connectorObject);
    IcAttribute ldapGroupsAtt = connectorObject.getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    assertEquals(1, ldapGroupsAtt.getValues().size());
    assertTrue(ldapGroupsAtt.getValues().stream().anyMatch(value -> value.equals("TWO")));
    // Clean
    provisioningOperationService.deleteOperations(systemDto.getId());
    systemGroupService.delete(groupSystemDto);
    getHelper().deleteIdentity(identity.getId());
    mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack(null);
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) GuardedString(org.identityconnectors.common.security.GuardedString) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) After(org.junit.After) SecurityUtil(org.identityconnectors.common.security.SecurityUtil) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) UUID(java.util.UUID) StandardCharsets(java.nio.charset.StandardCharsets) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) ConnectorManager(eu.bcvsolutions.idm.acc.service.api.ConnectorManager) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Assert.assertFalse(org.junit.Assert.assertFalse) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) MessageFormat(java.text.MessageFormat) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Qualifier(org.springframework.beans.factory.annotation.Qualifier) ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo) Before(org.junit.Before) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Assert.assertNotNull(org.junit.Assert.assertNotNull) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Assert.assertTrue(org.junit.Assert.assertTrue) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Test(org.junit.Test) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSystemGroupService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupService) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Assert.assertNull(org.junit.Assert.assertNull) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) TestHelper(eu.bcvsolutions.idm.acc.TestHelper) Comparator(java.util.Comparator) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) Assert.assertEquals(org.junit.Assert.assertEquals) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) UUID(java.util.UUID) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 10 with SysSystemGroupDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupProvisioningForAutomaticRole.

@Test
public void testRoleInCrossDomainGroupProvisioningForAutomaticRole() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    // Creates the login role.
    IdmRoleDto loginRole = helper.createRole();
    helper.createRoleSystem(loginRole, systemDto);
    // Creates no-login role.
    IdmRoleDto noLoginRole = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
    roleSystem.setCreateAccountByDefault(true);
    roleSystemService.save(roleSystem);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    // Creates overridden ldapGroup merge attribute.
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    String automaticRoleValue = getHelper().createName();
    IdmAutomaticRoleAttributeDto automaticRole = getHelper().createAutomaticRole(noLoginRole.getId());
    getHelper().createAutomaticRoleRule(automaticRole.getId(), AutomaticRoleAttributeRuleComparison.EQUALS, AutomaticRoleAttributeRuleType.IDENTITY, IdmIdentity_.description.getName(), null, automaticRoleValue);
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
    IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
    identityRoleFilter.setIdentityId(identity.getId());
    identityRoleFilter.setRoleId(noLoginRole.getId());
    assertEquals(0, identityRoleService.count(identityRoleFilter));
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityId(identity.getId());
    identityAccountFilter.setSystemId(systemDto.getId());
    assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
    IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
    // Check if provisioning NOT contains ldapGroups attribute with value ('ONE') from the role.
    SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals(0, ((List<?>) ldapGroupsValue).size());
    // Delete old provisioning.
    provisioningOperationService.delete(provisioningOperationDto);
    // Assign automatic role.
    identity.setDescription(automaticRoleValue);
    identityService.save(identity);
    // Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
    provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    // Two provisioning were made. First for save identity, second for assign automatic role.
    assertEquals(2, provisioningOperationDtos.size());
    provisioningOperationDto = provisioningOperationDtos.stream().max(Comparator.comparing(SysProvisioningOperationDto::getCreated)).get();
    provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
    assertEquals(1, identityRoleService.count(identityRoleFilter));
    // Clean
    provisioningOperationService.deleteOperations(systemDto.getId());
    getHelper().deleteIdentity(identity.getId());
    automaticRoleAttributeService.delete(automaticRole);
    getHelper().deleteRole(noLoginRole.getId());
}
Also used : IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) GuardedString(org.identityconnectors.common.security.GuardedString) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) After(org.junit.After) SecurityUtil(org.identityconnectors.common.security.SecurityUtil) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService) UUID(java.util.UUID) StandardCharsets(java.nio.charset.StandardCharsets) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) ConnectorManager(eu.bcvsolutions.idm.acc.service.api.ConnectorManager) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Assert.assertFalse(org.junit.Assert.assertFalse) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) MessageFormat(java.text.MessageFormat) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Qualifier(org.springframework.beans.factory.annotation.Qualifier) ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo) Before(org.junit.Before) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Assert.assertNotNull(org.junit.Assert.assertNotNull) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Assert.assertTrue(org.junit.Assert.assertTrue) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Test(org.junit.Test) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) SysSystemGroupService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupService) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Assert.assertNull(org.junit.Assert.assertNull) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto) TestHelper(eu.bcvsolutions.idm.acc.TestHelper) Comparator(java.util.Comparator) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) Assert.assertEquals(org.junit.Assert.assertEquals) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) GuardedString(org.identityconnectors.common.security.GuardedString) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

SysSystemGroupDto (eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)15 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)13 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)13 SysSystemGroupSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)13 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)13 ConnectorType (eu.bcvsolutions.idm.acc.service.api.ConnectorType)13 MockCrossDomainAdUserConnectorType (eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)13 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)13 Test (org.junit.Test)13 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)12 SysRoleSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)12 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)12 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)11 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)10 SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)10 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)10 SysProvisioningOperationFilter (eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)10 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)10 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)10 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)10