Examples with AccIdentityAccount eu.bcvsolutions.idm.acc.entity.AccIdentityAccount used on opensource projects

Search in sources :

Example 1 with AccIdentityAccount

use of eu.bcvsolutions.idm.acc.entity.AccIdentityAccount in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method toPredicates.

@Override
protected List<Predicate> toPredicates(Root<SysRoleSystemAttribute> root, CriteriaQuery<?> query, CriteriaBuilder builder, SysRoleSystemAttributeFilter filter) {
    List<Predicate> predicates = super.toPredicates(root, query, builder, filter);
    if (filter.getRoleSystemId() != null) {
        predicates.add(builder.equal(root.get(SysRoleSystemAttribute_.roleSystem).get(AbstractEntity_.id), filter.getRoleSystemId()));
    }
    if (filter.getSystemId() != null) {
        predicates.add(builder.equal(root.get(SysRoleSystemAttribute_.roleSystem).get(SysRoleSystem_.system).get(AbstractEntity_.id), filter.getSystemId()));
    }
    if (filter.getSystemMappingId() != null) {
        predicates.add(builder.equal(root.get(SysRoleSystemAttribute_.roleSystem).get(SysRoleSystem_.systemMapping).get(AbstractEntity_.id), filter.getSystemMappingId()));
    }
    if (filter.getSchemaAttributeName() != null) {
        predicates.add(builder.equal(root.get(SysRoleSystemAttribute_.systemAttributeMapping).get(SysSystemAttributeMapping_.schemaAttribute).get(SysSchemaAttribute_.name), filter.getSchemaAttributeName()));
    }
    if (filter.getIsUid() != null) {
        predicates.add(builder.equal(root.get(SysRoleSystemAttribute_.uid), filter.getIsUid()));
    }
    if (filter.getSystemAttributeMappingId() != null) {
        predicates.add(builder.equal(root.get(SysRoleSystemAttribute_.systemAttributeMapping).get(AbstractEntity_.id), filter.getSystemAttributeMappingId()));
    }
    // role-system-attributes)
    if (filter.getIdentityId() != null && filter.getAccountId() != null) {
        Subquery<AccIdentityAccount> subquery = query.subquery(AccIdentityAccount.class);
        Root<AccIdentityAccount> subRoot = subquery.from(AccIdentityAccount.class);
        subquery.select(subRoot);
        // Correlation attribute predicate
        Predicate correlationPredicate = builder.equal(subRoot.get(AccIdentityAccount_.identityRole).get(IdmIdentityRole_.role), // Correlation attribute
        root.get(SysRoleSystemAttribute_.roleSystem).get(SysRoleSystem_.role));
        // Identity predicate
        Predicate identityPredicate = builder.equal(subRoot.get(AccIdentityAccount_.identityRole).get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(AbstractEntity_.id), filter.getIdentityId());
        // Account predicate
        Predicate accountPredicate = builder.equal(subRoot.get(AccIdentityAccount_.account).get(AbstractEntity_.id), filter.getAccountId());
        subquery.where(builder.and(correlationPredicate, identityPredicate, accountPredicate));
        predicates.add(builder.exists(subquery));
    }
    // Find override for identity (via identity-role)
    if (filter.getIdentityId() != null && filter.getAccountId() == null) {
        Subquery<IdmIdentityRole> subquery = query.subquery(IdmIdentityRole.class);
        Root<IdmIdentityRole> subRoot = subquery.from(IdmIdentityRole.class);
        subquery.select(subRoot);
        // Correlation attribute predicate
        Predicate correlationPredicate = builder.equal(subRoot.get(IdmIdentityRole_.role), // Correlation attribute
        root.get(SysRoleSystemAttribute_.roleSystem).get(SysRoleSystem_.role));
        // Identity predicate
        Predicate identityPredicate = builder.equal(subRoot.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(AbstractEntity_.id), filter.getIdentityId());
        subquery.where(builder.and(correlationPredicate, identityPredicate));
        predicates.add(builder.exists(subquery));
    }
    // and role-system is null or if relation is not null, then return override attributes where same role-systems are used.
    if (filter.getRoleSystemRelationForIdentityId() != null) {
        // Query via role:
        Subquery<IdmIdentityRole> subquery = query.subquery(IdmIdentityRole.class);
        Root<IdmIdentityRole> subRoot = subquery.from(IdmIdentityRole.class);
        subquery.select(subRoot);
        // Correlation attribute predicate
        Predicate correlationPredicate = builder.equal(subRoot.get(IdmIdentityRole_.role), // Correlation attribute
        root.get(SysRoleSystemAttribute_.roleSystem).get(SysRoleSystem_.role));
        // Identity predicate
        Predicate identityPredicate = builder.equal(subRoot.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(AbstractEntity_.id), filter.getRoleSystemRelationForIdentityId());
        // Identity-role predicate
        Predicate identityRolePredicate = builder.isNull(subRoot.get(IdmIdentityRole_.roleSystem));
        subquery.where(builder.and(correlationPredicate, identityPredicate, identityRolePredicate));
        // Query via role-system:
        Subquery<IdmIdentityRole> subqueryViaRoleSystem = query.subquery(IdmIdentityRole.class);
        Root<IdmIdentityRole> subRootViaRoleSystem = subqueryViaRoleSystem.from(IdmIdentityRole.class);
        subqueryViaRoleSystem.select(subRootViaRoleSystem);
        // Correlation attribute predicate
        Predicate correlationPredicateViaRoleSystem = builder.equal(subRootViaRoleSystem.get(IdmIdentityRole_.roleSystem), // Correlation attribute
        root.get(SysRoleSystemAttribute_.roleSystem));
        // Identity predicate
        Predicate identityPredicateViaRoleSystem = builder.equal(subRootViaRoleSystem.get(IdmIdentityRole_.identityContract).get(IdmIdentityContract_.identity).get(AbstractEntity_.id), filter.getRoleSystemRelationForIdentityId());
        subqueryViaRoleSystem.where(builder.and(correlationPredicateViaRoleSystem, identityPredicateViaRoleSystem));
        // Query by role or by role-system
        predicates.add(builder.or(builder.exists(subquery), builder.exists(subqueryViaRoleSystem)));
    }
    // Get role-system-attributes with cross domains groups (using same merge attribute) or attributes where default account creation is disabled.
    if (Boolean.TRUE.equals(filter.getInCrossDomainGroupOrIsNoLogin())) {
        Subquery<SysSystemGroupSystem> subquerySystemGroup = query.subquery(SysSystemGroupSystem.class);
        Root<SysSystemGroupSystem> subRootSystemGroup = subquerySystemGroup.from(SysSystemGroupSystem.class);
        subquerySystemGroup.select(subRootSystemGroup);
        subquerySystemGroup.where(builder.and(builder.equal(subRootSystemGroup.get(SysSystemGroupSystem_.mergeAttribute), // Correlation attribute
        root.get(SysRoleSystemAttribute_.systemAttributeMapping))), builder.equal(subRootSystemGroup.get(SysSystemGroupSystem_.systemGroup).get(SysSystemGroup_.disabled), Boolean.FALSE), builder.equal(subRootSystemGroup.get(SysSystemGroupSystem_.systemGroup).get(SysSystemGroup_.type), SystemGroupType.CROSS_DOMAIN));
        predicates.add(builder.or(builder.equal(root.get(SysRoleSystemAttribute_.roleSystem).get(SysRoleSystem_.createAccountByDefault), Boolean.FALSE), builder.exists(subquerySystemGroup)));
    }
    return predicates;
}
Also used : IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) SysSystemGroupSystem(eu.bcvsolutions.idm.acc.entity.SysSystemGroupSystem) AccIdentityAccount(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount) Predicate(javax.persistence.criteria.Predicate)

Example 2 with AccIdentityAccount

use of eu.bcvsolutions.idm.acc.entity.AccIdentityAccount in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountService method toPredicates.

@Override
protected List<Predicate> toPredicates(Root<AccAccount> root, CriteriaQuery<?> query, CriteriaBuilder builder, AccAccountFilter filter) {
    List<Predicate> predicates = super.toPredicates(root, query, builder, filter);
    // full search
    if (StringUtils.isNotEmpty(filter.getText())) {
        predicates.add(// 
        builder.or(builder.like(builder.lower(root.get(AccAccount_.uid)), "%" + filter.getText().toLowerCase() + "%"), builder.like(builder.lower(root.get(AccAccount_.systemEntity).get(SysSystemEntity_.uid)), "%" + filter.getText().toLowerCase() + "%")));
    }
    if (filter.getSystemId() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.system).get(SysSystem_.id), filter.getSystemId()));
    }
    if (filter.getSystemEntityId() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.systemEntity).get(SysSystemEntity_.id), filter.getSystemEntityId()));
    }
    if (filter.getUid() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.uid), filter.getUid()));
    }
    if (filter.getIdentityId() != null || filter.getOwnership() != null) {
        Subquery<AccIdentityAccount> identityAccountSubquery = query.subquery(AccIdentityAccount.class);
        Root<AccIdentityAccount> subRootIdentityAccount = identityAccountSubquery.from(AccIdentityAccount.class);
        identityAccountSubquery.select(subRootIdentityAccount);
        Predicate predicate = builder.and(builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.account), root));
        Predicate identityPredicate = builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.identity).get(IdmIdentity_.id), filter.getIdentityId());
        Predicate ownerPredicate = builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.ownership), filter.getOwnership());
        if (filter.getIdentityId() != null && filter.getOwnership() == null) {
            predicate = builder.and(predicate, identityPredicate);
        } else if (filter.getOwnership() != null && filter.getIdentityId() == null) {
            predicate = builder.and(predicate, ownerPredicate);
        } else {
            predicate = builder.and(predicate, identityPredicate, ownerPredicate);
        }
        identityAccountSubquery.where(predicate);
        predicates.add(builder.exists(identityAccountSubquery));
    }
    if (filter.getAccountType() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.accountType), filter.getAccountType()));
    }
    if (filter.getSupportChangePassword() != null && filter.getSupportChangePassword()) {
        Subquery<SysSystemAttributeMapping> systemAttributeMappingSubquery = query.subquery(SysSystemAttributeMapping.class);
        Root<SysSystemAttributeMapping> subRootSystemAttributeMapping = systemAttributeMappingSubquery.from(SysSystemAttributeMapping.class);
        systemAttributeMappingSubquery.select(subRootSystemAttributeMapping);
        Path<SysSystem> systemPath = root.get(AccAccount_.system);
        Predicate predicate = builder.and(builder.isFalse(systemPath.get(SysSystem_.disabledProvisioning)), builder.equal(// 
        subRootSystemAttributeMapping.get(// 
        SysSystemAttributeMapping_.schemaAttribute).get(// 
        SysSchemaAttribute_.objectClass).get(// 
        SysSchemaObjectClass_.system), systemPath), builder.equal(// 
        subRootSystemAttributeMapping.get(// 
        SysSystemAttributeMapping_.systemMapping).get(SysSystemMapping_.operationType), SystemOperationType.PROVISIONING), builder.equal(// 
        subRootSystemAttributeMapping.get(// 
        SysSystemAttributeMapping_.schemaAttribute).get(SysSchemaAttribute_.name), ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME));
        systemAttributeMappingSubquery.where(predicate);
        predicates.add(builder.exists(systemAttributeMappingSubquery));
    }
    if (filter.getEntityType() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.entityType), filter.getEntityType()));
    }
    if (filter.getInProtection() != null) {
        predicates.add(builder.equal(root.get(AccAccount_.inProtection), filter.getInProtection()));
    }
    if (filter.getUniformPasswordId() != null) {
        Subquery<SysSystem> subquerySystem = query.subquery(SysSystem.class);
        Root<SysSystem> subRootSystem = subquerySystem.from(SysSystem.class);
        subquerySystem.select(subRootSystem);
        Subquery<AccUniformPasswordSystem> subqueryUniformSystem = query.subquery(AccUniformPasswordSystem.class);
        Root<AccUniformPasswordSystem> subRootUniformSystem = subqueryUniformSystem.from(AccUniformPasswordSystem.class);
        subqueryUniformSystem.select(subRootUniformSystem);
        predicates.add(builder.exists(subquerySystem.where(builder.and(// Correlation attribute - connection to system
        builder.equal(root.get(AccAccount_.system), subRootSystem), // Exclude in protection accounts
        builder.isFalse(root.get(AccAccount_.inProtection)), // builder.isFalse(subRootSystem.get(SysSystem_.disabledProvisioning)), // Exclude system with disabled provisioning
        builder.exists(subqueryUniformSystem.where(builder.and(builder.equal(subRootUniformSystem.get(AccUniformPasswordSystem_.system), subRootSystem), builder.equal(subRootUniformSystem.get(AccUniformPasswordSystem_.uniformPassword).get(AbstractEntity_.id), filter.getUniformPasswordId()))))))));
    }
    if (filter.getSupportPasswordFilter() != null) {
        Subquery<SysSystem> subquerySystem = query.subquery(SysSystem.class);
        Root<SysSystem> subRootSystem = subquerySystem.from(SysSystem.class);
        subquerySystem.select(subRootSystem);
        Subquery<SysSchemaObjectClass> subquerySchema = query.subquery(SysSchemaObjectClass.class);
        Root<SysSchemaObjectClass> subRootSchema = subquerySchema.from(SysSchemaObjectClass.class);
        subquerySchema.select(subRootSchema);
        Subquery<SysSystemMapping> subqueryMapping = query.subquery(SysSystemMapping.class);
        Root<SysSystemMapping> subRootMapping = subqueryMapping.from(SysSystemMapping.class);
        subqueryMapping.select(subRootMapping);
        Subquery<SysSystemAttributeMapping> subqueryAttributeMapping = query.subquery(SysSystemAttributeMapping.class);
        Root<SysSystemAttributeMapping> subRootAttributeMapping = subqueryAttributeMapping.from(SysSystemAttributeMapping.class);
        subqueryAttributeMapping.select(subRootAttributeMapping);
        Subquery<SysSystemMapping> subquery = query.subquery(SysSystemMapping.class);
        Root<SysSystemMapping> subRoot = subquery.from(SysSystemMapping.class);
        subquery.select(subRoot);
        predicates.add(builder.exists(subquerySystem.where(builder.and(// Correlation attribute - connection to system
        builder.equal(root.get(AccAccount_.system), subRootSystem), // Exclude in protection accounts
        builder.isFalse(root.get(AccAccount_.inProtection)), // Disabled, readonly or without provisioning system are NOT excluded, because from these systems may be still receive password change requests
        builder.exists(subquerySchema.where(builder.and(// Correlation attribute - connection to schem object class
        builder.equal(subRootSchema.get(SysSchemaObjectClass_.system), subRootSystem), builder.exists(subqueryMapping.where(builder.and(// Correlation attribute - connection to mapping
        builder.equal(subRootMapping.get(SysSystemMapping_.objectClass), subRootSchema), // System mapping must be provisioning
        builder.equal(subRootMapping.get(SysSystemMapping_.operationType), SystemOperationType.PROVISIONING), // Password change is now allowed only for identities
        builder.equal(subRootMapping.get(SysSystemMapping_.entityType), SystemEntityType.IDENTITY), builder.exists(subqueryAttributeMapping.where(builder.and(// Correlation attribute - connection to attribute mapping
        builder.equal(subRootAttributeMapping.get(SysSystemAttributeMapping_.systemMapping), subRootMapping), // Only password attribute
        builder.isTrue(subRootAttributeMapping.get(SysSystemAttributeMapping_.passwordAttribute)), // Exclude disabled attribute
        builder.isFalse(subRootAttributeMapping.get(SysSystemAttributeMapping_.disabledAttribute)), BooleanUtils.isTrue(filter.getSupportPasswordFilter()) ? builder.isTrue(subRootAttributeMapping.get(SysSystemAttributeMapping_.passwordFilter)) : builder.isFalse(subRootAttributeMapping.get(SysSystemAttributeMapping_.passwordFilter)))))))))))))));
    }
    // 
    return predicates;
}
Also used : SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping) SysSystemMapping(eu.bcvsolutions.idm.acc.entity.SysSystemMapping) Predicate(javax.persistence.criteria.Predicate) SysSystem(eu.bcvsolutions.idm.acc.entity.SysSystem) AccUniformPasswordSystem(eu.bcvsolutions.idm.acc.entity.AccUniformPasswordSystem) AccIdentityAccount(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount) SysSchemaObjectClass(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass)

Example 3 with AccIdentityAccount

use of eu.bcvsolutions.idm.acc.entity.AccIdentityAccount in project CzechIdMng by bcvsolutions.

the class AccUniformPasswordSystemIdentityIdFilter method getPredicate.

@Override
public Predicate getPredicate(Root<AccUniformPasswordSystem> root, AbstractQuery<?> query, CriteriaBuilder builder, AccUniformPasswordSystemFilter filter) {
    if (filter.getIdentityId() == null) {
        return null;
    }
    Subquery<AccIdentityAccount> subqueryIdentityAccount = query.subquery(AccIdentityAccount.class);
    Root<AccIdentityAccount> subRootIdentityAccount = subqueryIdentityAccount.from(AccIdentityAccount.class);
    subqueryIdentityAccount.select(subRootIdentityAccount);
    Subquery<AccAccount> subqueryAccount = query.subquery(AccAccount.class);
    Root<AccAccount> subRootAccount = subqueryAccount.from(AccAccount.class);
    subqueryAccount.select(subRootAccount);
    Predicate exists = builder.exists(subqueryAccount.where(builder.and(// corelation
    builder.equal(subRootAccount.get(AccAccount_.system), root.get(AccUniformPasswordSystem_.system)), builder.exists(subqueryIdentityAccount.where(builder.and(// corelation
    builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.account), subRootAccount), builder.equal(subRootIdentityAccount.get(AccIdentityAccount_.identity).get(AbstractEntity_.id), filter.getIdentityId())))))));
    return exists;
}
Also used : AccAccount(eu.bcvsolutions.idm.acc.entity.AccAccount) AccIdentityAccount(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount) Predicate(javax.persistence.criteria.Predicate)

Example 4 with AccIdentityAccount

use of eu.bcvsolutions.idm.acc.entity.AccIdentityAccount in project CzechIdMng by bcvsolutions.

the class ReadAccountByIdentityEvaluator method getPredicate.

@Override
public Predicate getPredicate(Root<AccAccount> root, CriteriaQuery<?> query, CriteriaBuilder builder, AuthorizationPolicy policy, BasePermission... permission) {
    UUID currentId = securityService.getCurrentId();
    if (!hasAuthority(currentId, policy, permission) || !securityService.isAuthenticated()) {
        return null;
    }
    // System identity account subquery
    Subquery<AccIdentityAccount> subquery = query.subquery(AccIdentityAccount.class);
    Root<AccIdentityAccount> subRoot = subquery.from(AccIdentityAccount.class);
    subquery.select(subRoot);
    // Identity subquery
    Subquery<IdmIdentity> subqueryIdentity = query.subquery(IdmIdentity.class);
    Root<IdmIdentity> subRootIdentity = subqueryIdentity.from(IdmIdentity.class);
    subqueryIdentity.select(subRootIdentity);
    // Subselect for identity
    subqueryIdentity.where(builder.and(authorizationManager.getPredicate(subRootIdentity, query, builder, permission), builder.equal(subRootIdentity, subRoot.get(AccIdentityAccount_.identity))));
    // Subselect for identity account
    subquery.where(// 
    builder.and(builder.equal(root, subRoot.get(AccIdentityAccount_.account)), builder.exists(subqueryIdentity)));
    // 
    return builder.exists(subquery);
}
Also used : AccIdentityAccount(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount) UUID(java.util.UUID) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity)

Aggregations

AccIdentityAccount (eu.bcvsolutions.idm.acc.entity.AccIdentityAccount)4 Predicate (javax.persistence.criteria.Predicate)3 AccAccount (eu.bcvsolutions.idm.acc.entity.AccAccount)1 AccUniformPasswordSystem (eu.bcvsolutions.idm.acc.entity.AccUniformPasswordSystem)1 SysSchemaObjectClass (eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass)1 SysSystem (eu.bcvsolutions.idm.acc.entity.SysSystem)1 SysSystemAttributeMapping (eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping)1 SysSystemGroupSystem (eu.bcvsolutions.idm.acc.entity.SysSystemGroupSystem)1 SysSystemMapping (eu.bcvsolutions.idm.acc.entity.SysSystemMapping)1 IdmIdentity (eu.bcvsolutions.idm.core.model.entity.IdmIdentity)1 IdmIdentityRole (eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)1 UUID (java.util.UUID)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial