Search in sources :

Example 1 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemService method toDto.

@Override
protected SysRoleSystemDto toDto(SysRoleSystem entity, SysRoleSystemDto dto, SysRoleSystemFilter context) {
    SysRoleSystemDto roleSystemDto = super.toDto(entity, dto, context);
    if (context != null && Boolean.TRUE.equals(context.getCheckIfIsInCrossDomainGroup()) && roleSystemDto != null && roleSystemDto.getId() != null) {
        SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
        systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystemDto.getId());
        if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1) {
            // This role-system overriding a merge attribute which is using in
            // active cross-domain group. -> We will set this information to the DTO.
            roleSystemDto.setInCrossDomainGroup(true);
        }
    }
    return roleSystemDto;
}
Also used : SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)

Example 2 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method resolveIdentityAccountForDelete.

/**
 * Resolve identity account to delete
 *
 * @param identityAccountList
 * @param identityRoles
 * @param identityAccountsToDelete
 */
private void resolveIdentityAccountForDelete(List<AccIdentityAccountDto> identityAccountList, List<IdmIdentityRoleDto> identityRoles, List<AccIdentityAccountDto> identityAccountsToDelete) {
    // Search IdentityAccounts to delete
    identityRoles.stream().filter(identityRole -> {
        return !identityRole.isValid();
    }).forEach(identityRole -> {
        // 
        identityAccountList.stream().filter(// 
        identityAccount -> identityRole.getId().equals(identityAccount.getIdentityRole())).filter(identityAccount -> identityAccount.getRoleSystem() == null || !(((SysRoleSystemDto) DtoUtils.getEmbedded(identityAccount, AccIdentityAccount_.roleSystem)).isForwardAccountManagemen() && // 
        identityRole.isValidNowOrInFuture())).forEach(identityAccountsToDelete::add);
    });
    // Search IdentityAccounts to delete - we want to delete identity-account if
    // identity-role is valid, but mapped system on the role does not longer exist.
    identityRoles.stream().filter(identityRole -> {
        return identityRole.isValid();
    }).forEach(identityRole -> {
        // 
        identityAccountList.stream().filter(identityAccount -> identityRole.getId().equals(identityAccount.getIdentityRole())).filter(identityAccount -> {
            // Remove account if role-system is null.
            if (identityAccount.getRoleSystem() == null) {
                return true;
            }
            // Remove an account if role-system does not supports creation by default or if is in cross-domain group.
            SysRoleSystemDto roleSystem = lookupService.lookupEmbeddedDto(identityAccount, AccIdentityAccount_.roleSystem);
            if (roleSystem != null && !roleSystem.isCreateAccountByDefault()) {
                return true;
            } else if (roleSystem != null) {
                SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
                systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
                if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1) {
                    // active cross-domain group. -> Identity account should be deleted.
                    return true;
                }
            }
            return false;
        }).forEach(identityAccountsToDelete::add);
    });
}
Also used : DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) AccIdentityAccount_(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount_) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) ImmutableMap(com.google.common.collect.ImmutableMap) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) Set(java.util.Set) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmEntityStateFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmEntityStateFilter) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Serializable(java.io.Serializable) IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) CollectionUtils(org.springframework.util.CollectionUtils) AccountType(eu.bcvsolutions.idm.acc.domain.AccountType) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) SysRoleSystem_(eu.bcvsolutions.idm.acc.entity.SysRoleSystem_) IdmAccountDto(eu.bcvsolutions.idm.core.api.dto.IdmAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttribute_(eu.bcvsolutions.idm.acc.entity.SysRoleSystemAttribute_) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) AccAccountManagementService(eu.bcvsolutions.idm.acc.service.api.AccAccountManagementService) HashSet(java.util.HashSet) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) EntityStateManager(eu.bcvsolutions.idm.core.api.service.EntityStateManager) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) Lists(com.google.common.collect.Lists) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) Service(org.springframework.stereotype.Service) OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) SysSchemaObjectClass_(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass_) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Transactional(org.springframework.transaction.annotation.Transactional) Assert(org.springframework.util.Assert) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)

Example 3 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method resolveIdentityAccountForCreate.

/**
 * Resolve Identity account - to create.
 */
private void resolveIdentityAccountForCreate(IdmIdentityDto identity, List<AccIdentityAccountDto> identityAccountList, List<IdmIdentityRoleDto> identityRoles, List<AccIdentityAccountDto> identityAccountsToCreate, List<AccIdentityAccountDto> identityAccountsToDelete, boolean onlyCreateNew, List<UUID> additionalAccountsForProvisioning) {
    identityRoles.forEach(identityRole -> {
        UUID role = identityRole.getRole();
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(role);
        List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
        // Is role valid in this moment or
        // role-system has enabled forward account management (identity-role have to be
        // valid in the future)
        roleSystems.stream().filter(roleSystem -> (identityRole.isValid() || (roleSystem.isForwardAccountManagemen() && identityRole.isValidNowOrInFuture()))).filter(roleSystem -> {
            boolean canBeCreated = roleSystem.isCreateAccountByDefault();
            if (canBeCreated) {
                SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
                systemGroupSystemFilter.setCrossDomainsGroupsForRoleSystemId(roleSystem.getId());
                if (systemGroupSystemService.count(systemGroupSystemFilter) >= 1) {
                    // This role-system overriding a merge attribute which is using in
                    // active cross-domain group. -> Account will be not created.
                    canBeCreated = false;
                }
            }
            if (!canBeCreated) {
                // We need to made provisioning for skipped identity-role/accounts (because Cross-domains).
                // We have to find all identity-accounts for identity and system.
                AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
                identityAccountFilter.setSystemId(roleSystem.getSystem());
                identityAccountFilter.setIdentityId(identity.getId());
                AccIdentityAccountDto identityAccountDto = identityAccountService.find(identityAccountFilter, null).getContent().stream().filter(identityAccount -> {
                    SysRoleSystemDto roleSystemFromIdentityAccount = lookupService.lookupEmbeddedDto(identityAccount, AccIdentityAccount_.roleSystem);
                    return roleSystemFromIdentityAccount != null && roleSystem.getSystemMapping().equals(roleSystemFromIdentityAccount.getSystemMapping());
                }).findFirst().orElse(null);
                if (identityAccountDto != null && additionalAccountsForProvisioning != null) {
                    additionalAccountsForProvisioning.add(identityAccountDto.getAccount());
                }
            }
            return canBeCreated;
        }).forEach(roleSystem -> {
            String uid = generateUID(identity, roleSystem);
            // Check on change of UID is not executed if all given identity-roles are new
            if (!onlyCreateNew) {
                // Check identity-account for that role-system on change the definition of UID
                checkOnChangeUID(uid, roleSystem, identityAccountList, identityAccountsToDelete);
            }
            // Try to find identity-account for this identity-role. If exists and doesn't in
            // list of identity-account to delete, then we are done.
            AccIdentityAccountDto existsIdentityAccount = findAlreadyExistsIdentityAccount(identityAccountList, identityAccountsToDelete, identityRole, roleSystem);
            if (existsIdentityAccount != null) {
                if (existsIdentityAccount.getRoleSystem() == null) {
                    // IdentityAccount already exist, but doesn't have relation on RoleSystem. This
                    // could happen if system mapping was deleted and recreated or if was role use
                    // as sync default role, but without mapping on this system.
                    // We have to create missing relation, so we will set and save RoleSystem.
                    existsIdentityAccount.setRoleSystem(roleSystem.getId());
                    identityAccountService.save(existsIdentityAccount);
                }
                return;
            }
            // For this system we need to create new (or found exists) account
            AccAccountDto account = createAccountByRoleSystem(uid, identity, roleSystem, identityAccountsToCreate);
            if (account == null) {
                return;
            }
            // Prevent to create the same identity account
            if (identityAccountList.stream().filter(identityAccount -> {
                return identityAccount.getAccount().equals(account.getId()) && identityRole.getId().equals(identityAccount.getIdentityRole()) && roleSystem.getId().equals(identityAccount.getRoleSystem());
            }).count() == 0) {
                AccIdentityAccountDto identityAccount = new AccIdentityAccountDto();
                identityAccount.setAccount(account.getId());
                identityAccount.setIdentity(identity.getId());
                identityAccount.setIdentityRole(identityRole.getId());
                identityAccount.setRoleSystem(roleSystem.getId());
                identityAccount.setOwnership(true);
                identityAccount.getEmbedded().put(AccIdentityAccount_.account.getName(), account);
                identityAccountsToCreate.add(identityAccount);
            }
        });
    });
}
Also used : DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) AccIdentityAccount_(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount_) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) ImmutableMap(com.google.common.collect.ImmutableMap) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) Set(java.util.Set) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmEntityStateFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmEntityStateFilter) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Serializable(java.io.Serializable) IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) CollectionUtils(org.springframework.util.CollectionUtils) AccountType(eu.bcvsolutions.idm.acc.domain.AccountType) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) IdmIdentityRole_(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole_) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) SysRoleSystem_(eu.bcvsolutions.idm.acc.entity.SysRoleSystem_) IdmAccountDto(eu.bcvsolutions.idm.core.api.dto.IdmAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttribute_(eu.bcvsolutions.idm.acc.entity.SysRoleSystemAttribute_) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) AccAccountManagementService(eu.bcvsolutions.idm.acc.service.api.AccAccountManagementService) HashSet(java.util.HashSet) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) EntityStateManager(eu.bcvsolutions.idm.core.api.service.EntityStateManager) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) Lists(com.google.common.collect.Lists) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) Service(org.springframework.stereotype.Service) OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) SysSchemaObjectClass_(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass_) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Transactional(org.springframework.transaction.annotation.Transactional) Assert(org.springframework.util.Assert) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) UUID(java.util.UUID) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)

Example 4 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class AdUserConnectorType method getConnectorValuesByAttribute.

/**
 * Search connector values for given attribute.
 * If is system in cross-domain system group, then is will be call this method for all systems in a group.
 * For searching in other systems will be used SID, GROUPS and 'foreignSecurityPrincipals' container.
 */
@Override
public List<Object> getConnectorValuesByAttribute(String uid, IcObjectClass objectClass, String schemaAttributeName, SysSystemDto system, IcConnectorObject connectorObject, SysSystemGroupSystemDto systemGroupSystem) {
    List<Object> connectorValues = super.getConnectorValuesByAttribute(uid, objectClass, schemaAttributeName, system, connectorObject, systemGroupSystem);
    if (systemGroupSystem == null) {
        // Find if the system is in a group with cross-domain type and for given schema attribute.
        SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
        systemGroupSystemFilter.setGroupType(SystemGroupType.CROSS_DOMAIN);
        systemGroupSystemFilter.setDisabled(Boolean.FALSE);
        systemGroupSystemFilter.setSystemId(system.getId());
        systemGroupSystemFilter.setMergeAttributeCode(schemaAttributeName);
        UUID systemGroupId = systemGroupSystemService.find(systemGroupSystemFilter, null).getContent().stream().findFirst().map(SysSystemGroupSystemDto::getSystemGroup).orElse(null);
        if (systemGroupId == null) {
            // System is not in a cross-domain group -> we have all connector values.
            return connectorValues;
        }
        // Found all group-systems for this group (without given system).
        systemGroupSystemFilter.setSystemGroupId(systemGroupId);
        systemGroupSystemFilter.setSystemId(null);
        List<SysSystemGroupSystemDto> groupSystems = systemGroupSystemService.find(systemGroupSystemFilter, null).getContent().stream().filter(groupSystem -> !system.getId().equals(groupSystem.getSystem())).collect(Collectors.toList());
        // Call connector type for every system and load values for given attribute.
        groupSystems.forEach(groupSystem -> {
            SysSystemDto systemInGroup = DtoUtils.getEmbedded(groupSystem, SysSystemGroupSystem_.system, SysSystemDto.class);
            ConnectorType connectorType = getConnectorManager().findConnectorTypeBySystem(systemInGroup);
            if (connectorType != null) {
                List<Object> connectorValuesForSystemInGroup = connectorType.getConnectorValuesByAttribute(uid, objectClass, schemaAttributeName, systemInGroup, connectorObject, groupSystem);
                if (connectorValuesForSystemInGroup != null) {
                    connectorValuesForSystemInGroup.forEach(value -> {
                        if (!connectorValues.contains(value)) {
                            connectorValues.add(value);
                        }
                    });
                }
            }
        });
    } else {
        // System group is not null, so this is sub system in group. We need to get groups by SID.
        Assert.notNull(connectorObject, "The parent connector object cannot be null!");
        IcAttribute sid = connectorObject.getAttributeByName(SID_ATTRIBUTE_KEY);
        Assert.notNull(sid, "SID attribute cannot be null!");
        Object sidValue = sid.getValue();
        Assert.notNull(sidValue, "SID value cannot be null!");
        IdmFormDefinitionDto operationOptionsFormDefinition = this.getSystemService().getOperationOptionsConnectorFormDefinition(system);
        Assert.notNull(operationOptionsFormDefinition, "Operation options form-definition cannot be null!");
        // Find attribute with container with existed users.
        String userContainer = getValueFromConnectorInstance(USER_SEARCH_CONTAINER_KEY, system, operationOptionsFormDefinition);
        Assert.notNull(userContainer, "User container cannot be null!");
        // First we have to find root DN (only DCs).
        String dcs = getRoot(userContainer);
        String foreignSecurityPrincipalsDN = MessageFormat.format("CN={0},CN={1},{2}", convertSidToStr((byte[]) sidValue), FOREIGN_SECURITY_PRINCIPALS_CN, dcs);
        IcConnectorConfiguration connectorConfiguration = getSystemService().getConnectorConfiguration(system);
        IcConnectorInstance connectorInstance = getSystemService().getConnectorInstance(system);
        Set<String> groups = searchGroups("member", connectorConfiguration, connectorInstance, foreignSecurityPrincipalsDN);
        connectorValues.addAll(groups);
    }
    return connectorValues;
}
Also used : ModificationItem(javax.naming.directory.ModificationItem) SSLContext(javax.net.ssl.SSLContext) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto) Autowired(org.springframework.beans.factory.annotation.Autowired) SysSystemAttributeMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping_) IcConnectorInstance(eu.bcvsolutions.idm.ic.api.IcConnectorInstance) Map(java.util.Map) SynchronizationUnlinkedActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationUnlinkedActionType) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) IdmEntityStateService(eu.bcvsolutions.idm.core.api.service.IdmEntityStateService) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) SystemOperationType(eu.bcvsolutions.idm.acc.domain.SystemOperationType) Set(java.util.Set) KeyManagementException(java.security.KeyManagementException) ReconciliationMissingAccountActionType(eu.bcvsolutions.idm.acc.domain.ReconciliationMissingAccountActionType) SysSchemaObjectClassFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaObjectClassFilter) ZoneId(java.time.ZoneId) Serializable(java.io.Serializable) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) ByteOrder(java.nio.ByteOrder) SSLException(javax.net.ssl.SSLException) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Attributes(javax.naming.directory.Attributes) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Strings(org.apache.logging.log4j.util.Strings) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) SearchResult(javax.naming.directory.SearchResult) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) SysSystemGroupSystem_(eu.bcvsolutions.idm.acc.entity.SysSystemGroupSystem_) Pair(eu.bcvsolutions.idm.core.api.domain.Pair) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) IdmAttachmentDto(eu.bcvsolutions.idm.core.ecm.api.dto.IdmAttachmentDto) SynchronizationInactiveOwnerBehaviorType(eu.bcvsolutions.idm.acc.domain.SynchronizationInactiveOwnerBehaviorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) InitialDirContext(javax.naming.directory.InitialDirContext) BasicAttribute(javax.naming.directory.BasicAttribute) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) Lists(com.google.common.collect.Lists) SSLSession(javax.net.ssl.SSLSession) SynchronizationLinkedActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationLinkedActionType) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto) Context(javax.naming.Context) IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo) IcFilterBuilder(eu.bcvsolutions.idm.ic.filter.impl.IcFilterBuilder) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) IcConnectorKey(eu.bcvsolutions.idm.ic.api.IcConnectorKey) DirContext(javax.naming.directory.DirContext) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) NameAlreadyBoundException(javax.naming.NameAlreadyBoundException) SystemMappingEvent(eu.bcvsolutions.idm.acc.event.SystemMappingEvent) IOException(java.io.IOException) FileUtils(org.apache.commons.io.FileUtils) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) UnknownHostException(java.net.UnknownHostException) File(java.io.File) IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto) IcConnectorConfigurationImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorConfigurationImpl) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Paths(java.nio.file.Paths) X509TrustManager(javax.net.ssl.X509TrustManager) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) X509Certificate(java.security.cert.X509Certificate) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) Date(java.util.Date) SysSyncConfigFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncConfigFilter) SSLSocket(javax.net.ssl.SSLSocket) TrustManager(javax.net.ssl.TrustManager) NamingException(javax.naming.NamingException) AuthenticationException(javax.naming.AuthenticationException) ByteBuffer(java.nio.ByteBuffer) SysConnectorKeyDto(eu.bcvsolutions.idm.acc.dto.SysConnectorKeyDto) Attribute(javax.naming.directory.Attribute) ByteArrayInputStream(java.io.ByteArrayInputStream) SysSchemaAttribute_(eu.bcvsolutions.idm.acc.entity.SysSchemaAttribute_) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) SynchronizationMissingEntityActionType(eu.bcvsolutions.idm.acc.domain.SynchronizationMissingEntityActionType) IdmFormAttributeService(eu.bcvsolutions.idm.core.eav.api.service.IdmFormAttributeService) SysSyncConfigService(eu.bcvsolutions.idm.acc.service.api.SysSyncConfigService) ImmutableMap(com.google.common.collect.ImmutableMap) BasicAttributes(javax.naming.directory.BasicAttributes) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmEntityStateFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmEntityStateFilter) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto) IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto) List(java.util.List) Certificate(java.security.cert.Certificate) NamingEnumeration(javax.naming.NamingEnumeration) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) CertificateUtils(eu.bcvsolutions.idm.core.api.utils.CertificateUtils) HashMap(java.util.HashMap) IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ConnectorException(org.identityconnectors.framework.common.exceptions.ConnectorException) SearchControls(javax.naming.directory.SearchControls) PersistentType(eu.bcvsolutions.idm.core.eav.api.domain.PersistentType) MessageFormat(java.text.MessageFormat) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) EntityStateManager(eu.bcvsolutions.idm.core.api.service.EntityStateManager) IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto) IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl) SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService) Hashtable(java.util.Hashtable) SysSystemMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter) AttachmentManager(eu.bcvsolutions.idm.core.ecm.api.service.AttachmentManager) CertificateException(java.security.cert.CertificateException) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SpinalCase(eu.bcvsolutions.idm.core.api.utils.SpinalCase) SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType) Component(org.springframework.stereotype.Component) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) CommunicationException(javax.naming.CommunicationException) Comparator(java.util.Comparator) DigestUtils(org.apache.commons.codec.digest.DigestUtils) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) ResultModel(eu.bcvsolutions.idm.core.api.dto.ResultModel) Transactional(org.springframework.transaction.annotation.Transactional) Assert(org.springframework.util.Assert) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorInstance(eu.bcvsolutions.idm.ic.api.IcConnectorInstance) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) UUID(java.util.UUID)

Example 5 with SysSystemGroupSystemFilter

use of eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter in project CzechIdMng by bcvsolutions.

the class SystemGroupDeleteProcessor method process.

@Override
public EventResult<SysSystemGroupDto> process(EntityEvent<SysSystemGroupDto> event) {
    SysSystemGroupDto dto = event.getContent();
    Assert.assertNotNull(dto.getId(), "Id cannot be null for delete!");
    // Delete all connections with systems
    SysSystemGroupSystemFilter systemGroupSystemFilter = new SysSystemGroupSystemFilter();
    systemGroupSystemFilter.setSystemGroupId(dto.getId());
    systemGroupSystemService.find(systemGroupSystemFilter, null).forEach(systemGroupSystem -> {
        systemGroupSystemService.delete(systemGroupSystem);
    });
    systemGroupService.deleteInternal(dto);
    return new DefaultEventResult<>(event, this);
}
Also used : SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysSystemGroupSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)

Aggregations

SysSystemGroupSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemGroupSystemFilter)12 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)6 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)6 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)5 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)5 SysSystemGroupSystemService (eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService)5 DtoUtils (eu.bcvsolutions.idm.core.api.utils.DtoUtils)5 Serializable (java.io.Serializable)5 List (java.util.List)5 UUID (java.util.UUID)5 Autowired (org.springframework.beans.factory.annotation.Autowired)5 Transactional (org.springframework.transaction.annotation.Transactional)5 ImmutableMap (com.google.common.collect.ImmutableMap)4 Lists (com.google.common.collect.Lists)4 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)4 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)4 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)4 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)4 AccAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)4 AccountType (eu.bcvsolutions.idm.acc.domain.AccountType)3