Search in sources :

Example 56 with ProvisioningException

use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemService method save.

@Override
public SysRoleSystemDto save(SysRoleSystemDto dto, BasePermission... permission) {
    Assert.notNull(dto, "RoleSystem cannot be null!");
    Assert.notNull(dto.getRole(), "Role cannot be null!");
    Assert.notNull(dto.getSystem(), "System cannot be null!");
    Assert.notNull(dto.getSystemMapping(), "System mapping cannot be null!");
    // Only Identity supports ACM by role
    SysSystemMappingDto systemMappingDto = systemMappingService.get(dto.getSystemMapping());
    if (systemMappingDto != null && SystemEntityType.IDENTITY != systemMappingDto.getEntityType()) {
        throw new ResultCodeException(AccResultCode.ROLE_SYSTEM_SUPPORTS_ONLY_IDENTITY, ImmutableMap.of("entityType", systemMappingDto.getEntityType().name()));
    }
    // Used System mapping has to belong to the System the role is assigned to
    UUID systemUUID = dto.getSystem();
    UUID systemMappingSystemUUID = ((SysSchemaObjectClassDto) lookupService.lookupEmbeddedDto(systemMappingDto, SysSystemMapping_.objectClass)).getSystem();
    if (!systemUUID.equals(systemMappingSystemUUID)) {
        throw new ResultCodeException(AccResultCode.FOREIGN_SYSTEM_MAPPING_ASSIGNED, ImmutableMap.of("systemUUID", systemUUID, "systemMappingSystemUUID", systemMappingSystemUUID));
    }
    SysRoleSystemFilter filter = new SysRoleSystemFilter();
    filter.setRoleId(dto.getRole());
    filter.setSystemId(dto.getSystem());
    List<SysRoleSystemDto> roleSystems = this.find(filter, null).getContent();
    boolean isDuplicated = roleSystems.stream().anyMatch(roleSystem -> {
        return !roleSystem.getId().equals(dto.getId());
    });
    if (isDuplicated) {
        IdmRoleDto roleDto = roleService.get(dto.getRole());
        SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystems.get(0), SysRoleSystem_.system);
        throw new ResultCodeException(AccResultCode.ROLE_SYSTEM_ALREADY_EXISTS, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
    }
    SysRoleSystemDto roleSystemDto = super.save(dto, permission);
    // Cross-domain or no-login role, cannot override an UID attribute!
    SysRoleSystemAttributeFilter systemAttributeFilter = new SysRoleSystemAttributeFilter();
    systemAttributeFilter.setRoleSystemId(roleSystemDto.getId());
    systemAttributeFilter.setInCrossDomainGroupOrIsNoLogin(Boolean.TRUE);
    if (roleSystemAttributeService.count(systemAttributeFilter) > 0) {
        systemAttributeFilter = new SysRoleSystemAttributeFilter();
        systemAttributeFilter.setRoleSystemId(roleSystemDto.getId());
        systemAttributeFilter.setIsUid(Boolean.TRUE);
        if (roleSystemAttributeService.count(systemAttributeFilter) > 0) {
            IdmRoleDto roleDto = roleService.get(roleSystemDto.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystemDto, SysRoleSystem_.system);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_NO_LOGIN_CANNOT_OVERRIDE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
        }
    }
    return roleSystemDto;
}
Also used : SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)

Example 57 with ProvisioningException

use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.

the class DefaultSynchronizationService method stopSynchronization.

@Override
public AbstractSysSyncConfigDto stopSynchronization(AbstractSysSyncConfigDto config) {
    Assert.notNull(config, "Configuration is required.");
    // Synchronization must be running
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(config.getId());
    logFilter.setRunning(Boolean.TRUE);
    List<SysSyncLogDto> logs = synchronizationLogService.find(logFilter, null).getContent();
    if (logs.isEmpty()) {
        throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IS_NOT_RUNNING, ImmutableMap.of("name", config.getName()));
    }
    logs.forEach(log -> {
        log.setRunning(false);
        log.setEnded(ZonedDateTime.now());
    });
    synchronizationLogService.saveAll(logs);
    return config;
}
Also used : SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)

Example 58 with ProvisioningException

use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.

the class DefaultSysRoleSystemAttributeService method saveInternal.

@Override
public SysRoleSystemAttributeDto saveInternal(SysRoleSystemAttributeDto dto) {
    // identifier
    if (dto.isUid()) {
        SysRoleSystemAttributeFilter filter = new SysRoleSystemAttributeFilter();
        filter.setIsUid(Boolean.TRUE);
        filter.setRoleSystemId(dto.getRoleSystem());
        List<SysRoleSystemAttributeDto> list = this.find(filter, null).getContent();
        if (list.size() > 0 && !list.get(0).getId().equals(dto.getId())) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
        }
        filter = new SysRoleSystemAttributeFilter();
        filter.setRoleSystemId(dto.getRoleSystem());
        filter.setInCrossDomainGroupOrIsNoLogin(Boolean.TRUE);
        if (this.count(filter) > 0) {
            SysRoleSystemDto roleSystem = roleSystemService.get(dto.getRoleSystem());
            IdmRoleDto roleDto = roleService.get(roleSystem.getRole());
            SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
            throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_NO_LOGIN_CANNOT_OVERRIDE_UID, ImmutableMap.of("role", roleDto.getCode(), "system", systemDto.getName()));
        }
    }
    // We will check exists definition for extended attribute
    SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(dto.getSystemAttributeMapping());
    // Password can't be overridden
    SysSchemaAttributeDto schemaAttributeDto = DtoUtils.getEmbedded(systemAttributeMapping, SysSystemAttributeMapping_.schemaAttribute, SysSchemaAttributeDto.class);
    if (systemAttributeMapping.isPasswordAttribute() || schemaAttributeDto.getName().equals(ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME)) {
        throw new ResultCodeException(AccResultCode.SYSTEM_MAPPING_PASSWORD_OVERRIDE);
    }
    SysSystemMappingDto systemMapping = systemMappingService.get(systemAttributeMapping.getSystemMapping());
    Class<? extends Identifiable> entityType = systemMapping.getEntityType().getEntityType();
    if (dto.isExtendedAttribute() && formService.isFormable(entityType)) {
        systemAttributeMappingService.createExtendedAttributeDefinition(dto, entityType);
    }
    Object newControlledValue = null;
    // We will do script validation (on compilation errors), before save
    if (dto.getTransformScript() != null) {
        groovyScriptService.validateScript(dto.getTransformScript());
        // We have to evaluated script value, because validate of script is not sufficient
        newControlledValue = systemAttributeMappingService.transformValueToResource(null, null, dto, null);
    }
    // Save history of controlled value (if definition changed)
    if (!this.isNew(dto)) {
        SysRoleSystemAttributeDto oldRoleAttribute = this.get(dto.getId());
        Object oldControlledValue = null;
        try {
            // We predicate only static script (none input variables, only system)!
            oldControlledValue = systemAttributeMappingService.transformValueToResource(null, null, oldRoleAttribute, null);
        } catch (ResultCodeException ex) {
            // If Groovy script exception occurred (for old value), then we need to continue
            // with save the attribute.
            ResultModels resultModels = ex.getError();
            if (resultModels != null && resultModels.getError() != null && CoreResultCode.GROOVY_SCRIPT_EXCEPTION.name().equals(resultModels.getError().getStatusEnum())) {
                LOG.warn(MessageFormat.format("Old value for role-system-attribute {0} cannot be evalued. Historic value will be not persist!", oldRoleAttribute.getId()), ex);
                oldControlledValue = null;
            } else {
                throw ex;
            }
        }
        newControlledValue = systemAttributeMappingService.transformValueToResource(null, null, dto, null);
        // and new parent attribute is evicted
        if (!oldRoleAttribute.getSystemAttributeMapping().equals(dto.getSystemAttributeMapping())) {
            SysSystemAttributeMappingDto oldSystemAttributeMapping = systemAttributeMappingService.get(oldRoleAttribute.getSystemAttributeMapping());
            if (AttributeMappingStrategyType.MERGE == oldSystemAttributeMapping.getStrategyType()) {
                // Old attribute changed, so we need evict the cache
                oldSystemAttributeMapping.setEvictControlledValuesCache(true);
                systemAttributeMappingService.save(oldSystemAttributeMapping);
                // Set old value as historic
                attributeControlledValueService.addHistoricValue(oldSystemAttributeMapping, (Serializable) oldControlledValue);
            }
        } else // value to the history on parent attribute
        if (!Objects.equals(oldControlledValue, newControlledValue) && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
            // Set old value as historic
            attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
        } else // we need add old value to history
        if (oldRoleAttribute.isDisabledAttribute() != dto.isDisabledAttribute() && dto.isDisabledAttribute() && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
            // Set old value as historic
            attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
        } else // old value will be added to history
        if (oldRoleAttribute.getStrategyType() != dto.getStrategyType() && AttributeMappingStrategyType.MERGE == oldRoleAttribute.getStrategyType()) {
            // Set old value as historic
            attributeControlledValueService.addHistoricValue(systemAttributeMapping, (Serializable) oldControlledValue);
        }
    }
    // Attribute created/updated, so we need evict the cache
    systemAttributeMapping.setEvictControlledValuesCache(true);
    systemAttributeMappingService.save(systemAttributeMapping);
    return super.saveInternal(dto);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) Serializable(java.io.Serializable) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ResultModels(eu.bcvsolutions.idm.core.api.dto.ResultModels) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)

Example 59 with ProvisioningException

use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method setEntityValue.

/**
 * Set attribute's value to the entity with check difference between old and new
 * value.
 *
 * @param uid
 * @param dto
 * @param context
 * @param attribute
 * @param attributeProperty
 * @param transformedValue
 */
protected void setEntityValue(String uid, DTO dto, SynchronizationContext context, SysSystemAttributeMappingDto attribute, String attributeProperty, Object transformedValue) {
    try {
        if (context.isEntityDifferent()) {
            EntityUtils.setEntityValue(dto, attributeProperty, transformedValue);
        } else {
            Object entityValue = EntityUtils.getEntityValue(dto, attributeProperty);
            SysSchemaAttributeDto schemaAttributeDto = DtoUtils.getEmbedded(attribute, SysSystemAttributeMapping_.schemaAttribute.getName(), SysSchemaAttributeDto.class);
            Assert.notNull(schemaAttributeDto, "Schema attribute cannot be null!");
            if (!provisioningService.isAttributeValueEquals(entityValue, transformedValue, schemaAttributeDto)) {
                context.setIsEntityDifferent(true);
                addToItemLog(context.getLogItem(), MessageFormat.format("Value of entity attribute [{0}] was changed. First change was detected -> entity in IdM will be updated.", attributeProperty));
                EntityUtils.setEntityValue(dto, attributeProperty, transformedValue);
            }
        }
    } catch (IntrospectionException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | ProvisioningException e) {
        throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_IDM_FIELD_NOT_SET, ImmutableMap.of("property", attributeProperty, "uid", uid), e);
    }
}
Also used : SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) IntrospectionException(java.beans.IntrospectionException) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 60 with ProvisioningException

use of eu.bcvsolutions.idm.acc.exception.ProvisioningException in project CzechIdMng by bcvsolutions.

the class AbstractSynchronizationExecutor method findByCorrelationAttribute.

/**
 * Find entity by correlation attribute
 *
 * @param attribute
 * @param icAttributes
 * @param context
 * @return
 */
@SuppressWarnings("unchecked")
protected DTO findByCorrelationAttribute(AttributeMapping attribute, List<IcAttribute> icAttributes, SynchronizationContext context) {
    Assert.notNull(attribute, "Attribute is required.");
    Assert.notNull(icAttributes, "Connector attribues are required.");
    Object value = getValueByMappedAttribute(attribute, icAttributes, context);
    if (value == null) {
        return null;
    }
    if (attribute.isEntityAttribute()) {
        return findByAttribute(attribute.getIdmPropertyName(), value.toString(), context);
    } else if (attribute.isExtendedAttribute()) {
        try {
            Serializable serializableValue = Serializable.class.cast(value);
            SystemEntityType entityType = context.getEntityType();
            Assert.notNull(entityType, "Entity type is required!");
            List<? extends BaseDto> entities = formService.findOwners(entityType.getExtendedAttributeOwnerType(), attribute.getIdmPropertyName(), serializableValue, null).getContent();
            if (CollectionUtils.isEmpty(entities)) {
                return null;
            }
            if (entities.size() > 1) {
                throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_CORRELATION_TO_MANY_RESULTS, ImmutableMap.of("correlationAttribute", attribute.getName(), "value", value));
            }
            if (entities.size() == 1) {
                return (DTO) entities.get(0);
            }
        } catch (ClassCastException e) {
            throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_CORRELATION_BAD_VALUE, ImmutableMap.of("value", value), e);
        }
    }
    return null;
}
Also used : Serializable(java.io.Serializable) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ArrayList(java.util.ArrayList) List(java.util.List) BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto)

Aggregations

ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)60 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)27 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)24 UUID (java.util.UUID)24 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)23 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)21 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)20 ArrayList (java.util.ArrayList)20 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)19 IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)18 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)17 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)17 List (java.util.List)17 ImmutableMap (com.google.common.collect.ImmutableMap)16 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)16 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)16 HashMap (java.util.HashMap)16 Autowired (org.springframework.beans.factory.annotation.Autowired)16 Assert (org.springframework.util.Assert)16 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)15