use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.
the class DefaultSysRoleSystemService method toDto.
@Override
protected SysRoleSystemDto toDto(SysRoleSystem entity, SysRoleSystemDto dto, SysRoleSystemFilter context) {
SysRoleSystemDto roleSystemDto = super.toDto(entity, dto, context);
if (context != null && Boolean.TRUE.equals(context.getCheckIfIsInCrossDomainGroup()) && roleSystemDto != null && roleSystemDto.getId() != null) {
SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystemDto.getId());
if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1) {
// This role-system overriding a merge attribute which is using in
// active cross-domain group. -> We will set this information to the DTO.
roleSystemDto.setInCrossDomainGroup(true);
}
}
return roleSystemDto;
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method resolveIdentityAccountForDelete.
/**
* Resolve identity account to delete
*
* @param identityAccountList
* @param identityRoles
* @param identityAccountsToDelete
*/
private void resolveIdentityAccountForDelete(List<AccIdentityAccountDto> identityAccountList, List<IdmIdentityRoleDto> identityRoles, List<AccIdentityAccountDto> identityAccountsToDelete) {
// Search IdentityAccounts to delete
identityRoles.stream().filter(identityRole -> {
return !identityRole.isValid();
}).forEach(identityRole -> {
//
identityAccountList.stream().filter(//
identityAccount -> identityRole.getId().equals(identityAccount.getIdentityRole())).filter(identityAccount -> identityAccount.getRoleSystem() == null || !(((SysRoleSystemDto) DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.roleSystem)).isForwardAccountManagemen() && //
identityRole.isValidNowOrInFuture())).forEach(identityAccountsToDelete::add);
});
// Search IdentityAccounts to delete - we want to delete identity-account if
// identity-role is valid, but mapped system on the role does not longer exist.
identityRoles.stream().filter(identityRole -> {
return identityRole.isValid();
}).forEach(identityRole -> {
//
identityAccountList.stream().filter(identityAccount -> identityRole.getId().equals(identityAccount.getIdentityRole())).filter(identityAccount -> {
// Remove account if role-system is null.
if (identityAccount.getRoleSystem() == null) {
return true;
}
// Remove an account if role-system does not supports creation by default or if is in cross-domain group.
SysRoleSystemDto roleSystem = lookupService.lookupEmbeddedDto(identityAccount, AccIdentityAccount_.roleSystem);
if (roleSystem != null && !roleSystem.isCreateAccountByDefault()) {
return true;
} else if (roleSystem != null) {
SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1) {
// active cross-domain group. -> Identity account should be deleted.
return true;
}
}
return false;
}).forEach(identityAccountsToDelete::add);
});
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method resolveIdentityAccountForCreate.
/**
* Resolve Identity account - to create.
*/
private void resolveIdentityAccountForCreate(IdmIdentityDto identity, List<AccIdentityAccountDto> identityAccountList, List<IdmIdentityRoleDto> identityRoles, List<AccIdentityAccountDto> identityAccountsToCreate, List<AccIdentityAccountDto> identityAccountsToDelete, boolean onlyCreateNew, List<UUID> additionalAccountsForProvisioning) {
identityRoles.forEach(identityRole -> {
UUID role = identityRole.getRole();
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(role);
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
// Is role valid in this moment or
// role-system has enabled forward account management (identity-role have to be
// valid in the future)
roleSystems.stream().filter(roleSystem -> (identityRole.isValid() || (roleSystem.isForwardAccountManagemen() && identityRole.isValidNowOrInFuture()))).filter(roleSystem -> {
boolean canBeCreated = roleSystem.isCreateAccountByDefault();
if (canBeCreated) {
SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1) {
// This role-system overriding a merge attribute which is using in
// active cross-domain group. -> Account will be not created.
canBeCreated = false;
}
}
if (!canBeCreated) {
// We need to made provisioning for skipped identity-role/accounts (because Cross-domains).
// We have to find all identity-accounts for identity and system.
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setSystemId(roleSystem.getSystem());
identityAccountFilter.setIdentityId(identity.getId());
AccIdentityAccountDto identityAccountDto = identityAccountService.find(identityAccountFilter, null).getContent().stream().filter(identityAccount -> {
SysRoleSystemDto roleSystemFromIdentityAccount = lookupService.lookupEmbeddedDto(identityAccount, AccIdentityAccount_.roleSystem);
return roleSystemFromIdentityAccount != null && roleSystem.getSystemMapping().equals(roleSystemFromIdentityAccount.getSystemMapping());
}).findFirst().orElse(null);
if (identityAccountDto != null && additionalAccountsForProvisioning != null) {
additionalAccountsForProvisioning.add(identityAccountDto.getAccount());
}
}
return canBeCreated;
}).forEach(roleSystem -> {
String uid = generateUID(identity, roleSystem);
// Check on change of UID is not executed if all given identity-roles are new
if (!onlyCreateNew) {
// Check identity-account for that role-system on change the definition of UID
checkOnChangeUID(uid, roleSystem, identityAccountList, identityAccountsToDelete);
}
// Try to find identity-account for this identity-role. If exists and doesn't in
// list of identity-account to delete, then we are done.
AccIdentityAccountDto existsIdentityAccount = findAlreadyExistsIdentityAccount(identityAccountList, identityAccountsToDelete, identityRole, roleSystem);
if (existsIdentityAccount != null) {
if (existsIdentityAccount.getRoleSystem() == null) {
// IdentityAccount already exist, but doesn't have relation on RoleSystem. This
// could happen if system mapping was deleted and recreated or if was role use
// as sync default role, but without mapping on this system.
// We have to create missing relation, so we will set and save RoleSystem.
existsIdentityAccount.setRoleSystem(roleSystem.getId());
identityAccountService.save(existsIdentityAccount);
}
return;
}
// For this system we need to create new (or found exists) account
AccAccountDto account = createAccountByRoleSystem(uid, identity, roleSystem, identityAccountsToCreate);
if (account == null) {
return;
}
// Prevent to create the same identity account
if (identityAccountList.stream().filter(identityAccount -> {
return identityAccount.getAccount().equals(account.getId()) && identityRole.getId().equals(identityAccount.getIdentityRole()) && roleSystem.getId().equals(identityAccount.getRoleSystem());
}).count() == 0) {
AccIdentityAccountDto identityAccount = new AccIdentityAccountDto();
identityAccount.setAccount(account.getId());
identityAccount.setIdentity(identity.getId());
identityAccount.setIdentityRole(identityRole.getId());
identityAccount.setRoleSystem(roleSystem.getId());
identityAccount.setOwnership(true);
identityAccount.getEmbedded().put(AccIdentityAccount_.account.getName(), account);
identityAccountsToCreate.add(identityAccount);
}
});
});
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.
the class AdUserConnectorType method getConnectorValuesByAttribute.
/**
* Search connector values for given attribute.
* If is system in cross-domain system group, then is will be call this method for all systems in a group.
* For searching in other systems will be used SID, GROUPS and 'foreignSecurityPrincipals' container.
*/
@Override
public List<Object> getConnectorValuesByAttribute(String uid, IcObjectClass objectClass, String schemaAttributeName, SysSystemDto system, IcConnectorObject connectorObject, SysSystemGroupSystemDto systemGroupSystem) {
List<Object> connectorValues = super.getConnectorValuesByAttribute(uid, objectClass, schemaAttributeName, system, connectorObject, systemGroupSystem);
if (systemGroupSystem == null) {
// Find if the system is in a group with cross-domain type and for given schema attribute.
SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
systemGroupSystemFilter.setGroupType(SystemGroupType.CROSS_DOMAIN);
systemGroupSystemFilter.setDisabled(Boolean.FALSE);
systemGroupSystemFilter.setSystemId(system.getId());
systemGroupSystemFilter.setMergeAttributeCode(schemaAttributeName);
UUID systemGroupId = systemGroupSystemService.find(systemGroupSystemFilter, null).getContent().stream().findFirst().map(SysSystemGroupSystemDto::getSystemGroup).orElse(null);
if (systemGroupId == null) {
// System is not in a cross-domain group -> we have all connector values.
return connectorValues;
}
// Found all group-systems for this group (without given system).
systemGroupSystemFilter.setSystemGroupId(systemGroupId);
systemGroupSystemFilter.setSystemId(null);
List<SysSystemGroupSystemDto> groupSystems = systemGroupSystemService.find(systemGroupSystemFilter, null).getContent().stream().filter(groupSystem -> !system.getId().equals(groupSystem.getSystem())).collect(Collectors.toList());
// Call connector type for every system and load values for given attribute.
groupSystems.forEach(groupSystem -> {
SysSystemDto systemInGroup = DtoUtils.getEmbedded(groupSystem, SysSystemGroupSystem_.system, SysSystemDto.class);
ConnectorType connectorType = getConnectorManager().findConnectorTypeBySystem(systemInGroup);
if (connectorType != null) {
List<Object> connectorValuesForSystemInGroup = connectorType.getConnectorValuesByAttribute(uid, objectClass, schemaAttributeName, systemInGroup, connectorObject, groupSystem);
if (connectorValuesForSystemInGroup != null) {
connectorValuesForSystemInGroup.forEach(value -> {
if (!connectorValues.contains(value)) {
connectorValues.add(value);
}
});
}
}
});
} else {
// System group is not null, so this is sub system in group. We need to get groups by SID.
Assert.notNull(connectorObject, "The parent connector object cannot be null!");
IcAttribute sid = connectorObject.getAttributeByName(SID_ATTRIBUTE_KEY);
Assert.notNull(sid, "SID attribute cannot be null!");
Object sidValue = sid.getValue();
Assert.notNull(sidValue, "SID value cannot be null!");
IdmFormDefinitionDto operationOptionsFormDefinition = this.getSystemService().getOperationOptionsConnectorFormDefinition(system);
Assert.notNull(operationOptionsFormDefinition, "Operation options form-definition cannot be null!");
// Find attribute with container with existed users.
String userContainer = getValueFromConnectorInstance(USER_SEARCH_CONTAINER_KEY, system, operationOptionsFormDefinition);
Assert.notNull(userContainer, "User container cannot be null!");
// First we have to find root DN (only DCs).
String dcs = getRoot(userContainer);
String foreignSecurityPrincipalsDN = MessageFormat.format("CN={0},CN={1},{2}", convertSidToStr((byte[]) sidValue), FOREIGN_SECURITY_PRINCIPALS_CN, dcs);
IcConnectorConfiguration connectorConfiguration = getSystemService().getConnectorConfiguration(system);
IcConnectorInstance connectorInstance = getSystemService().getConnectorInstance(system);
Set<String> groups = searchGroups("member", connectorConfiguration, connectorInstance, foreignSecurityPrincipalsDN);
connectorValues.addAll(groups);
}
return connectorValues;
}
use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.
the class SystemGroupDeleteProcessor method process.
@Override
public EventResult<SysSystemGroupDto> process(EntityEvent<SysSystemGroupDto> event) {
SysSystemGroupDto dto = event.getContent();
Assert.assertNotNull(dto.getId(), "Id cannot be null for delete!");
// Delete all connections with systems
SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
systemGroupSystemFilter.setSystemGroupId(dto.getId());
systemGroupSystemService.find(systemGroupSystemFilter, null).forEach(systemGroupSystem -> {
systemGroupSystemService.delete(systemGroupSystem);
});
systemGroupService.deleteInternal(dto);
return new DefaultEventResult<>(event, this);
}
Aggregations