use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testUpdateAccountInCrossDomainOnTwoSystems.
@Test
public void testUpdateAccountInCrossDomainOnTwoSystems() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
// System one
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// System two
SysSystemDto systemTwoDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filterTwo = new SysSystemAttributeMappingFilter();
filterTwo.setSystemId(systemTwoDto.getId());
filterTwo.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributesTwo = attributeMappingService.find(filterTwo, null).getContent();
assertEquals(1, attributesTwo.size());
SysSystemAttributeMappingDto ldapGroupsAttributeTwo = attributesTwo.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
SysSystemGroupSystemDto systemGroupSystemTwo = new SysSystemGroupSystemDto();
systemGroupSystemTwo.setSystemGroup(groupSystemDto.getId());
systemGroupSystemTwo.setMergeAttribute(ldapGroupsAttributeTwo.getId());
systemGroupSystemTwo.setSystem(systemTwoDto.getId());
systemGroupSystemService.save(systemGroupSystemTwo);
// Creates the login role ONE.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates the login role TWO.
IdmRoleDto loginRoleTwo = helper.createRole();
helper.createRoleSystem(loginRoleTwo, systemTwoDto);
// Creates cross-domain no-login role ONE.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Creates cross-domain no-login role TWO.
SysRoleSystemDto roleSystemTwo = helper.createRoleSystem(noLoginRole, systemTwoDto);
SysRoleSystemFilter roleSystemFilterTwo = new SysRoleSystemFilter();
roleSystemFilterTwo.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilterTwo.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilterTwo.setId(roleSystemTwo.getId());
List<SysRoleSystemDto> roleSystemDtosTwo = roleSystemService.find(roleSystemFilterTwo, null).getContent();
assertEquals(0, roleSystemDtosTwo.size());
createOverriddenLdapGroupAttribute(ldapGroupsAttributeTwo, roleSystemTwo, "return 'TWO';");
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilterTwo, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().createContract(identity);
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack((system, uid, objectClass) -> {
IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl(identity.getUsername(), null, null);
connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE, "THREE"));
connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.SID_ATTRIBUTE_KEY, "SID".getBytes(StandardCharsets.UTF_8)));
return mockCrossDomainAdUserConnectorType.getCrossDomainConnectorObject(system, uid, objectClass, connectorObject);
});
// Assign login (ONE and TWO) and no-login roles.
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, noLoginRole, loginRole, loginRoleTwo);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
assertEquals(2, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(1, ((List<?>) ldapGroupsValue).size());
assertTrue(((List<?>) ldapGroupsValue).stream().anyMatch(value -> value.equals("ONE")));
IcAttribute ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
IcAttribute ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
assertNotNull(ldapGroups);
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("ONE")));
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("THREE")));
assertNotNull(ldapGroupsOld);
assertEquals(2, ldapGroupsOld.getValues().size());
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("THREE")));
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("EXTERNAL_ONE")));
// Check if provisioning contains ldapGroups attribute with value ('TWO') from the role.
provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemTwoDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(1, ((List<?>) ldapGroupsValue).size());
assertTrue(((List<?>) ldapGroupsValue).stream().anyMatch(value -> value.equals("TWO")));
ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
assertNotNull(ldapGroups);
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("TWO")));
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("THREE")));
assertNotNull(ldapGroupsOld);
assertEquals(2, ldapGroupsOld.getValues().size());
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("THREE")));
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("EXTERNAL_ONE")));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
provisioningOperationService.deleteOperations(systemTwoDto.getId());
systemGroupService.delete(groupSystemDto);
getHelper().deleteIdentity(identity.getId());
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack(null);
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupProvisioning.
@Test
public void testRoleInCrossDomainGroupProvisioning() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(true);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning NOT contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(0, ((List<?>) ldapGroupsValue).size());
// Delete old provisioning.
provisioningOperationService.delete(provisioningOperationDto);
// Assign no-login role.
roleRequestDto = getHelper().assignRoles(contract, false, noLoginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
provisioningOperationDto = provisioningOperationDtos.stream().max(Comparator.comparing(SysProvisioningOperationDto::getCreated)).get();
provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
assertEquals(1, identityRoleService.count(identityRoleFilter));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
getHelper().deleteRole(noLoginRole.getId());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testUpdateAccountInCrossDomainOnOneSystem.
@Test
public void testUpdateAccountInCrossDomainOnOneSystem() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
// System one
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// System two
SysSystemDto systemTwoDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filterTwo = new SysSystemAttributeMappingFilter();
filterTwo.setSystemId(systemTwoDto.getId());
filterTwo.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributesTwo = attributeMappingService.find(filterTwo, null).getContent();
assertEquals(1, attributesTwo.size());
SysSystemAttributeMappingDto ldapGroupsAttributeTwo = attributesTwo.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
SysSystemGroupSystemDto systemGroupSystemTwo = new SysSystemGroupSystemDto();
systemGroupSystemTwo.setSystemGroup(groupSystemDto.getId());
systemGroupSystemTwo.setMergeAttribute(ldapGroupsAttributeTwo.getId());
systemGroupSystemTwo.setSystem(systemTwoDto.getId());
systemGroupSystemService.save(systemGroupSystemTwo);
// Creates the login role ONE.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates the login role TWO.
IdmRoleDto loginRoleTwo = helper.createRole();
helper.createRoleSystem(loginRoleTwo, systemTwoDto);
// Creates cross-domain no-login role ONE.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Creates cross-domain no-login role TWO.
SysRoleSystemDto roleSystemTwo = helper.createRoleSystem(noLoginRole, systemTwoDto);
SysRoleSystemFilter roleSystemFilterTwo = new SysRoleSystemFilter();
roleSystemFilterTwo.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilterTwo.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilterTwo.setId(roleSystemTwo.getId());
List<SysRoleSystemDto> roleSystemDtosTwo = roleSystemService.find(roleSystemFilterTwo, null).getContent();
assertEquals(0, roleSystemDtosTwo.size());
createOverriddenLdapGroupAttribute(ldapGroupsAttributeTwo, roleSystemTwo, "return 'TWO';");
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilterTwo, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().createContract(identity);
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack((system, uid, objectClass) -> {
IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl(identity.getUsername(), null, null);
connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE, "THREE"));
connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.SID_ATTRIBUTE_KEY, "SID".getBytes(StandardCharsets.UTF_8)));
return mockCrossDomainAdUserConnectorType.getCrossDomainConnectorObject(system, uid, objectClass, connectorObject);
});
// Assign login (ONE and TWO) and no-login roles.
// But no-login role will be set only on system two!
IdmRoleRequestDto roleRequestDto = getHelper().createRoleRequest(contract, noLoginRole, loginRole, loginRoleTwo);
List<IdmConceptRoleRequestDto> concepts = conceptRoleRequestService.findAllByRoleRequest(roleRequestDto.getId());
IdmConceptRoleRequestDto noLoginConcept = concepts.stream().filter(concept -> noLoginRole.getId().equals(concept.getRole())).findFirst().get();
assertNotNull(noLoginConcept);
noLoginConcept.setRoleSystem(roleSystemTwo.getId());
conceptRoleRequestService.save(noLoginConcept);
roleRequestDto = getHelper().executeRequest(roleRequestDto, true);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
IdmIdentityRoleDto identityRoleWithRoleSystemDto = identityRoleService.findAllByIdentity(identity.getId()).stream().filter(identityRole -> roleSystemTwo.getId().equals(identityRole.getRoleSystem())).findFirst().get();
assertNotNull(identityRoleWithRoleSystemDto);
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
assertEquals(2, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(0, ((List<?>) ldapGroupsValue).size());
IcAttribute ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
IcAttribute ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
assertNull(ldapGroups);
assertNull(ldapGroupsOld);
// Check if provisioning contains ldapGroups attribute with value ('TWO') from the role.
provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemTwoDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(1, ((List<?>) ldapGroupsValue).size());
assertTrue(((List<?>) ldapGroupsValue).stream().anyMatch(value -> value.equals("TWO")));
ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
assertNotNull(ldapGroups);
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("TWO")));
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("THREE")));
assertNotNull(ldapGroupsOld);
assertEquals(2, ldapGroupsOld.getValues().size());
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("THREE")));
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("EXTERNAL_ONE")));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
provisioningOperationService.deleteOperations(systemTwoDto.getId());
systemGroupService.delete(groupSystemDto);
getHelper().deleteIdentity(identity.getId());
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack(null);
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupCannotCreateAccountForAutomaticRole.
@Test
public void testRoleInCrossDomainGroupCannotCreateAccountForAutomaticRole() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(true);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
String automaticRoleValue = getHelper().createName();
IdmAutomaticRoleAttributeDto automaticRole = getHelper().createAutomaticRole(noLoginRole.getId());
getHelper().createAutomaticRoleRule(automaticRole.getId(), AutomaticRoleAttributeRuleComparison.EQUALS, AutomaticRoleAttributeRuleType.IDENTITY, IdmIdentity_.description.getName(), null, automaticRoleValue);
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
// Assign automatic role.
identity.setDescription(automaticRoleValue);
identityService.save(identity);
assertEquals(1, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
automaticRoleAttributeService.delete(automaticRole);
getHelper().deleteRole(noLoginRole.getId());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testConnectorConfigurationLoginInformations.
@Test
public void testConnectorConfigurationLoginInformations() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
IcConnectorConfiguration connectorConfiguration = connectorType.getConnectorConfiguration(systemDto);
Object otherSystemInGroupsObj = connectorConfiguration.getSystemOperationOptions().get(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_SYSTEM_IDS);
// No others systems are in cross-domain groups.
assertNotNull(otherSystemInGroupsObj);
assertTrue(((String) otherSystemInGroupsObj).isEmpty());
SysSystemDto otherSystemDto = initSystem(connectorType);
filter.setSystemId(otherSystemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
ldapGroupsAttribute = attributes.stream().findFirst().get();
SysSystemGroupSystemDto systemGroupSystemTwo = new SysSystemGroupSystemDto();
systemGroupSystemTwo.setSystemGroup(groupSystemDto.getId());
systemGroupSystemTwo.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemTwo.setSystem(otherSystemDto.getId());
systemGroupSystemTwo = systemGroupSystemService.save(systemGroupSystemTwo);
connectorConfiguration = connectorType.getConnectorConfiguration(systemDto);
otherSystemInGroupsObj = connectorConfiguration.getSystemOperationOptions().get(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_SYSTEM_IDS);
// One other system is in cross-domain groups.
assertNotNull(otherSystemInGroupsObj);
String[] otherSystemInGroupsSplited = ((String) otherSystemInGroupsObj).split(",");
assertEquals(1, otherSystemInGroupsSplited.length);
assertEquals(otherSystemDto.getId().toString(), otherSystemInGroupsSplited[0]);
IcConnectorConfiguration connectorConfigurationOtherSystem = systemService.getConnectorConfiguration(otherSystemDto);
// Check host property.
IcConfigurationProperty hostProperty = connectorConfigurationOtherSystem.getConfigurationProperties().getProperties().stream().filter(property -> MockCrossDomainAdUserConnectorType.HOST.equals(property.getName())).findFirst().get();
String host = (String) connectorConfiguration.getSystemOperationOptions().get(MessageFormat.format(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_HOST_PATTERN, otherSystemDto.getId().toString()));
assertEquals(hostProperty.getValue(), host);
// Check user property.
IcConfigurationProperty userProperty = connectorConfigurationOtherSystem.getConfigurationProperties().getProperties().stream().filter(property -> MockCrossDomainAdUserConnectorType.PRINCIPAL.equals(property.getName())).findFirst().get();
String user = (String) connectorConfiguration.getSystemOperationOptions().get(MessageFormat.format(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_USER_PATTERN, otherSystemDto.getId().toString()));
assertEquals(userProperty.getValue(), user);
// Check password property.
IcConfigurationProperty passwordProperty = connectorConfigurationOtherSystem.getConfigurationProperties().getProperties().stream().filter(property -> MockCrossDomainAdUserConnectorType.CREDENTIALS.equals(property.getName())).findFirst().get();
GuardedString password = (GuardedString) connectorConfiguration.getSystemOperationOptions().get(MessageFormat.format(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_PASSWORD_PATTERN, otherSystemDto.getId().toString()));
assertEquals((SecurityUtil.decrypt((GuardedString) passwordProperty.getValue())), SecurityUtil.decrypt(password));
// Clean
systemGroupService.delete(groupSystemDto);
assertNull(systemGroupSystemService.get(systemGroupSystemTwo));
systemService.delete(systemDto);
}
Aggregations