use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.
the class DefaultSysRoleSystemService method save.
@Override
public SysRoleSystemDto save(SysRoleSystemDto dto, BasePermission... permission) {
Assert.notNull(dto, "RoleSystem cannot be null!");
Assert.notNull(dto.getRole(), "Role cannot be null!");
Assert.notNull(dto.getSystem(), "System cannot be null!");
Assert.notNull(dto.getSystemMapping(), "System mapping cannot be null!");
// Only Identity supports ACM by role
SysSystemMappingDto systemMappingDto = systemMappingService.get(dto.getSystemMapping());
if (systemMappingDto != null && SystemEntityType.IDENTITY != systemMappingDto.getEntityType()) {
throw new ResultCodeException(AccResultCode.ROLE_SYSTEM_SUPPORTS_ONLY_IDENTITY, ImmutableMap.of("entityType", systemMappingDto.getEntityType().name()));
}
// Used System mapping has to belong to the System the role is assigned to
UUID systemUUID = dto.getSystem();
UUID systemMappingSystemUUID = ((SysSchemaObjectClassDto) lookupService.lookupEmbeddedDto(systemMappingDto, SysSystemMapping_.objectClass)).getSystem();
if (!systemUUID.equals(systemMappingSystemUUID)) {
throw new ResultCodeException(AccResultCode.FOREIGN_SYSTEM_MAPPING_ASSIGNED, ImmutableMap.of("systemUUID", systemUUID, "systemMappingSystemUUID", systemMappingSystemUUID));
}
SysRoleSystemFilter filter = new SysRoleSystemFilter();
filter.setRoleId(dto.getRole());
filter.setSystemId(dto.getSystem());
List<SysRoleSystemDto> roleSystems = this.find(filter, null).getContent();
boolean isDuplicated = roleSystems.stream().anyMatch(roleSystem -> {
return !roleSystem.getId().equals(dto.getId());
});
if (isDuplicated) {
IdmRoleDto roleDto = roleService.get(dto.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystems.get(0), SysRoleSystem_.system);
throw new ResultCodeException(AccResultCode.ROLE_SYSTEM_ALREADY_EXISTS, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
}
SysRoleSystemDto roleSystemDto = super.save(dto, permission);
// Cross-domain or no-login role, cannot override an UID attribute!
SysRoleSystemAttributeFilter systemAttributeFilter = new SysRoleSystemAttributeFilter();
systemAttributeFilter.setRoleSystemId(roleSystemDto.getId());
systemAttributeFilter.setInCrossDomainGroupOrIsNoLogin(Boolean.TRUE);
if (roleSystemAttributeService.count(systemAttributeFilter) > 0) {
systemAttributeFilter = new SysRoleSystemAttributeFilter();
systemAttributeFilter.setRoleSystemId(roleSystemDto.getId());
systemAttributeFilter.setIsUid(Boolean.TRUE);
if (roleSystemAttributeService.count(systemAttributeFilter) > 0) {
IdmRoleDto roleDto = roleService.get(roleSystemDto.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystemDto, SysRoleSystem_.system);
throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_NO_LOGIN_CANNOT_OVERRIDE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
}
}
return roleSystemDto;
}
use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.
the class DefaultSynchronizationService method stopSynchronization.
@Override
public AbstractSysSyncConfigDto stopSynchronization(AbstractSysSyncConfigDto config) {
Assert.notNull(config, "Configuration is required.");
// Synchronization must be running
SysSyncLogFilter logFilter = new SysSyncLogFilter();
logFilter.setSynchronizationConfigId(config.getId());
logFilter.setRunning(Boolean.TRUE);
List<SysSyncLogDto> logs = synchronizationLogService.find(logFilter, null).getContent();
if (logs.isEmpty()) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IS_NOT_RUNNING, ImmutableMap.of("name", config.getName()));
}
logs.forEach(log -> {
log.setRunning(false);
log.setEnded(ZonedDateTime.now());
});
synchronizationLogService.saveAll(logs);
return config;
}
use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.
the class DefaultSysRoleSystemAttributeService method saveInternal.
@Override
public SysRoleSystemAttributeDto saveInternal(SysRoleSystemAttributeDto dto) {
// identifier
if (dto.isUid()) {
SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
filter.setIsUid(Boolean.TRUE);
filter.setRoleSystemId(dto.getRoleSystem());
List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
}
filter = new SysRoleSystemAttributeFilter();
filter.setRoleSystemId(dto.getRoleSystem());
filter.setInCrossDomainGroupOrIsNoLogin(Boolean.TRUE);
if (this.count(filter) > 0) {
SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_NO_LOGIN_CANNOT_OVERRIDE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
}
}
// We will check exists definition for extended attribute
SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
// Password can't be overridden
SysSchemaAttributeDto schemaAttributeDto = DtoUtils.getEmbedded(systemAttributeMapping, SysSystemAttributeMapping_.schemaAttribute, SysSchemaAttributeDto.class);
if (systemAttributeMapping.isPasswordAttribute() || schemaAttributeDto.getName().equals(ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME)) {
throw new ResultCodeException(AccResultCode.SYSTEM_MAPPING_PASSWORD_OVERRIDE);
}
SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
systemAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
}
Object newControlledValue = null;
// We will do script validation (on compilation errors), before save
if (dto.getTransformScript() != null) {
groovyScriptService.validateScript(dto.getTransformScript());
// We have to evaluated script value, because validate of script is not sufficient
newControlledValue = systemAttributeMappingService.transformValueToResource(null, null, dto, null);
}
// Save history of controlled value (if definition changed)
if (!this.isNew(dto)) {
SysRoleSystemAttributeDto oldRoleAttribute = this.get(dto.getId());
Object oldControlledValue = null;
try {
// We predicate only static script (none input variables, only system)!
oldControlledValue = systemAttributeMappingService.transformValueToResource(null, null, oldRoleAttribute, null);
} catch (ResultCodeException ex) {
// If Groovy script exception occurred (for old value), then we need to continue
// with save the attribute.
ResultModels resultModels = ex.getError();
if (resultModels != null && resultModels.getError() != null && CoreResultCode.GROOVY_SCRIPT_EXCEPTION.name().equals(resultModels.getError().getStatusEnum())) {
LOG.warn(MessageFormat.format("Old value for role-system-attribute {0} cannot be evalued. Historic value will be not persist!", oldRoleAttribute.getId()), ex);
oldControlledValue = null;
} else {
throw ex;
}
}
newControlledValue = systemAttributeMappingService.transformValueToResource(null, null, dto, null);
// and new parent attribute is evicted
if (!oldRoleAttribute.getSystemAttributeMapping().equals(dto.getSystemAttributeMapping())) {
SysSystemAttributeMappingDto oldSystemAttributeMapping = systemAttributeMappingService.get(oldRoleAttribute.getSystemAttributeMapping());
if (AttributeMappingStrategyType.MERGE == oldSystemAttributeMapping.getStrategyType()) {
// Old attribute changed, so we need evict the cache
oldSystemAttributeMapping.setEvictControlledValuesCache(true);
systemAttributeMappingService.save(oldSystemAttributeMapping);
// Set old value as historic
attributeControlledValueService.addHistoricValue(oldSystemAttributeMapping, (Serializable) oldControlledValue);
}
} else // value to the history on parent attribute
if (!Objects.equals(oldControlledValue, newControlledValue) && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
// Set old value as historic
attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
} else // we need add old value to history
if (oldRoleAttribute.isDisabledAttribute() != dto.isDisabledAttribute() && dto.isDisabledAttribute() && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
// Set old value as historic
attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
} else // old value will be added to history
if (oldRoleAttribute.getStrategyType() != dto.getStrategyType() && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
// Set old value as historic
attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
}
}
// Attribute created/updated, so we need evict the cache
systemAttributeMapping.setEvictControlledValuesCache(true);
systemAttributeMappingService.save(systemAttributeMapping);
return super.saveInternal(dto);
}
use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method setEntityValue.
/**
* Set attribute's value to the entity with check difference between old and new
* value.
*
* @param uid
* @param dto
* @param context
* @param attribute
* @param attributeProperty
* @param transformedValue
*/
protected void setEntityValue(String uid, DTO dto, SynchronizationContext context, SysSystemAttributeMappingDto attribute, String attributeProperty, Object transformedValue) {
try {
if (context.isEntityDifferent()) {
EntityUtils.setEntityValue(dto, attributeProperty, transformedValue);
} else {
Object entityValue = EntityUtils.getEntityValue(dto, attributeProperty);
SysSchemaAttributeDto schemaAttributeDto = DtoUtils.getEmbedded(attribute, SysSystemAttributeMapping_.schemaAttribute.getName(), SysSchemaAttributeDto.class);
Assert.notNull(schemaAttributeDto, "Schema attribute cannot be null!");
if (!provisioningService.isAttributeValueEquals(entityValue, transformedValue, schemaAttributeDto)) {
context.setIsEntityDifferent(true);
addToItemLog(context.getLogItem(), MessageFormat.format("Value of entity attribute [{0}] was changed. First change was detected -> entity in IdM will be updated.", attributeProperty));
EntityUtils.setEntityValue(dto, attributeProperty, transformedValue);
}
}
} catch (IntrospectionException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | ProvisioningException e) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IDM_FIELD_NOT_SET, ImmutableMap.of("property", attributeProperty, "uid", uid), e);
}
}
use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method findByCorrelationAttribute.
/**
* Find entity by correlation attribute
*
* @param attribute
* @param icAttributes
* @param context
* @return
*/
@SuppressWarnings("unchecked")
protected DTO findByCorrelationAttribute(AttributeMapping attribute, List<IcAttribute> icAttributes, SynchronizationContext context) {
Assert.notNull(attribute, "Attribute is required.");
Assert.notNull(icAttributes, "Connector attribues are required.");
Object value = getValueByMappedAttribute(attribute, icAttributes, context);
if (value == null) {
return null;
}
if (attribute.isEntityAttribute()) {
return findByAttribute(attribute.getIdmPropertyName(), value.toString(), context);
} else if (attribute.isExtendedAttribute()) {
try {
Serializable serializableValue = Serializable.class.cast(value);
SystemEntityType entityType = context.getEntityType();
Assert.notNull(entityType, "Entity type is required!");
List<? extends BaseDto> entities = formService.findOwners(entityType.getExtendedAttributeOwnerType(), attribute.getIdmPropertyName(), serializableValue, null).getContent();
if (CollectionUtils.isEmpty(entities)) {
return null;
}
if (entities.size() > 1) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_CORRELATION_TO_MANY_RESULTS, ImmutableMap.of("correlationAttribute", attribute.getName(), "value", value));
}
if (entities.size() == 1) {
return (DTO) entities.get(0);
}
} catch (ClassCastException e) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_CORRELATION_BAD_VALUE, ImmutableMap.of("value", value), e);
}
}
return null;
}
Aggregations