use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountService method getAccount.
@Override
public AccAccountDto getAccount(String uid, UUID systemId) {
Assert.notNull(uid, "UID cannot be null!");
Assert.notNull(systemId, "System ID cannot be null!");
AccAccountFilter filter = new AccAccountFilter();
filter.setUid(uid);
filter.setSystemId(systemId);
List<AccAccountDto> accounts = this.find(filter, null).getContent();
if (accounts.isEmpty()) {
return null;
}
return accounts.get(0);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class AbstractProvisioningExecutor method changePassword.
@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
Assert.notNull(dto);
Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
Assert.notNull(passwordChange);
List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
//
EntityAccountFilter filter = this.createEntityAccountFilter();
filter.setEntityId(dto.getId());
List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
if (entityAccountList == null) {
return Collections.<OperationResult>emptyList();
}
// Distinct by accounts
List<UUID> accountIds = new ArrayList<>();
entityAccountList.stream().filter(entityAccount -> {
if (!entityAccount.isOwnership()) {
return false;
}
if (passwordChange.isAll()) {
// Add all account supports change password
if (entityAccount.getAccount() == null) {
return false;
}
// Check if system for this account support change password
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setSupportChangePassword(Boolean.TRUE);
accountFilter.setId(entityAccount.getAccount());
List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
if (accountsChecked.size() == 1) {
return true;
}
return false;
} else {
return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
}
}).forEach(entityAccount -> {
if (!accountIds.contains(entityAccount.getAccount())) {
accountIds.add(entityAccount.getAccount());
}
});
//
List<AccAccountDto> accounts = new ArrayList<>();
accountIds.forEach(accountId -> {
AccAccountDto account = accountService.get(accountId);
accounts.add(account);
// find uid from system entity or from account
String uid = account.getUid();
SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
//
// Find mapped attributes (include overloaded attributes)
List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
if (CollectionUtils.isEmpty(finalAttributes)) {
return;
}
// We try find __PASSWORD__ attribute in mapped attributes
Optional<? extends AttributeMapping> attriubuteHandlingOptional = finalAttributes.stream().filter((attribute) -> {
SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
}).findFirst();
if (!attriubuteHandlingOptional.isPresent()) {
throw new ProvisioningException(AccResultCode.PROVISIONING_PASSWORD_FIELD_NOT_FOUND, ImmutableMap.of("uid", uid, "system", system.getName()));
}
AttributeMapping mappedAttribute = attriubuteHandlingOptional.get();
//
// add all account attributes => standard provisioning
SysProvisioningOperationDto additionalProvisioningOperation = null;
List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
if (!additionalPasswordChangeAttributes.isEmpty()) {
additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
}
//
// password change operation
SysProvisioningOperationDto operation;
if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
// all attributes as start
operation = additionalProvisioningOperation;
//
// add wish for password
ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeService.get(mappedAttribute.getSchemaAttribute()).getName());
Object value = passwordChange.getNewPassword();
if (!mappedAttribute.isEntityAttribute() && !mappedAttribute.isExtendedAttribute()) {
// If is attribute handling resolve as constant, then we
// don't want
// do transformation again (was did in getAttributeValue)
} else {
value = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, mappedAttribute, dto);
}
operation.getProvisioningContext().getAccountObject().put(passwordAttribute, value);
//
// do provisioning for additional attributes and password
// together
preparedOperations.add(operation);
} else {
// Change password on target system - only
// TODO: refactor password change - use account wish instead
// filling connector object attributes directly
operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, passwordChange.getNewPassword(), ProvisioningOperationType.UPDATE, dto);
preparedOperations.add(operation);
// do provisioning for additional attributes in second
if (additionalProvisioningOperation != null) {
preparedOperations.add(additionalProvisioningOperation);
}
}
});
// execute prepared operations
return preparedOperations.stream().map(operation -> {
SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
Map<String, Object> parameters = new LinkedHashMap<String, Object>();
AccAccountDto account = accounts.stream().filter(a -> {
return a.getUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
}).findFirst().get();
SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
//
IdmAccountDto resultAccountDto = new IdmAccountDto();
resultAccountDto.setId(account.getId());
resultAccountDto.setUid(account.getUid());
resultAccountDto.setRealUid(account.getRealUid());
resultAccountDto.setSystemId(system.getId());
resultAccountDto.setSystemName(system.getName());
parameters.put(IdmAccountDto.PARAMETER_NAME, resultAccountDto);
//
if (result.getResult().getState() == OperationState.EXECUTED) {
// Add success changed password account
return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
}
OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
changeResult.setCause(result.getResult().getCause());
changeResult.setCode(result.getResult().getCode());
return changeResult;
}).collect(Collectors.toList());
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method findAccount.
private AccAccountDto findAccount(SynchronizationContext context) {
String uid = context.getUid();
SysSystemDto system = context.getSystem();
SysSyncItemLogDto logItem = context.getLogItem();
SysSystemEntityDto systemEntity = context.getSystemEntity();
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setSystemId(system.getId());
List<AccAccountDto> accounts = null;
if (systemEntity != null) {
// System entity for this uid was found. We will find account
// for this system entity.
addToItemLog(logItem, MessageFormat.format("System entity ({1}) for this UID ({0}) was found. We try to find account for this system entity", uid, systemEntity.getId()));
accountFilter.setSystemEntityId(systemEntity.getId());
accounts = accountService.find(accountFilter, null).getContent();
}
if (CollectionUtils.isEmpty(accounts)) {
// System entity was not found. We will find account by generated UID directly.
// Generate UID value from mapped attribute marked as UID (Unique ID).
// UID mapped attribute must exist and returned value must be not null
// and must be String
String attributeUid = this.generateUID(context);
addToItemLog(logItem, MessageFormat.format("Account was not found. We try to find account for UID (generated from the mapped attribute marks as 'Identifier')", attributeUid));
accountFilter.setUid(attributeUid);
accountFilter.setSystemEntityId(null);
accounts = accountService.find(accountFilter, null).getContent();
}
if (accounts.size() > 1) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TO_MANY_ACC_ACCOUNT, uid);
}
if (!accounts.isEmpty()) {
return accounts.get(0);
}
return null;
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method createAccountByRoleSystem.
/**
* Create Account by given roleSystem
*
* @param identity
* @param roleSystem
* @param identityAccountsToCreate
* @return
*/
private UUID createAccountByRoleSystem(IdmIdentityDto identity, SysRoleSystemDto roleSystem, List<AccIdentityAccountDto> identityAccountsToCreate) {
String uid = generateUID(identity, roleSystem);
// We try find account for same uid on same system
// First we try search same account in list for create new accounts
Optional<AccIdentityAccountDto> sameAccountOptional = identityAccountsToCreate.stream().filter(ia -> {
AccAccountDto account = accountService.get(ia.getAccount());
return account.getUid().equals(uid) && roleSystem.getId().equals(ia.getRoleSystem());
}).findFirst();
if (sameAccountOptional.isPresent()) {
return sameAccountOptional.get().getAccount();
}
UUID accountId = null;
// If account is not in the list accounts to create, then we will search in
// database
// Account management - can be the account created? - execute the script on the
// system mapping
SysSystemDto system = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
if (mapping == null) {
return null;
}
if (!this.canBeAccountCreated(uid, identity, mapping, system)) {
LOG.info(MessageFormat.format("For entity [{0}] and entity type [{1}] cannot be created the account (on system [{2}])," + " because script \"Can be account created\" on the mapping returned \"false\"!", identity.getCode(), SystemEntityType.IDENTITY, system.getName()));
return null;
}
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setUid(uid);
accountFilter.setSystemId(roleSystem.getSystem());
List<AccAccountDto> sameAccounts = accountService.find(accountFilter, null).getContent();
if (CollectionUtils.isEmpty(sameAccounts)) {
// Create and persist new account
accountId = createAccount(uid, roleSystem);
} else {
// We use existed account
accountId = sameAccounts.get(0).getId();
}
return accountId;
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountServiceFilterTest method testUid.
@Test
public void testUid() {
IdmIdentityDto identity = helper.createIdentity("test-" + System.currentTimeMillis());
SysSystemDto system = helper.createTestResourceSystem(true);
AccAccountDto account = createAccount(system.getId(), identity.getId(), identity.getUsername(), AccountType.PERSONAL, false);
IdmIdentityDto identity2 = helper.createIdentity("test-" + System.currentTimeMillis());
SysSystemDto system2 = helper.createTestResourceSystem(true);
createAccount(system2.getId(), identity2.getId(), identity2.getUsername(), AccountType.PERSONAL, false);
AccAccountFilter testFilter = new AccAccountFilter();
testFilter.setUid(account.getUid());
Page<AccAccountDto> pages = accAccountService.find(testFilter, null);
assertEquals(1, pages.getTotalElements());
assertEquals(account.getId(), pages.getContent().get(0).getId());
}
Aggregations