Search in sources :

Example 1 with SystemEntityNotFoundException

use of eu.bcvsolutions.idm.acc.exception.SystemEntityNotFoundException in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method changePassword.

@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
    Assert.notNull(dto, "DTO is required.");
    Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
    Assert.notNull(passwordChange, "Password change dto is required.");
    List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
    // 
    EntityAccountFilter filter = this.createEntityAccountFilter();
    filter.setEntityId(dto.getId());
    List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
    if (entityAccountList == null) {
        return Collections.<OperationResult>emptyList();
    }
    // Distinct by accounts
    List<UUID> accountIds = new ArrayList<>();
    entityAccountList.stream().filter(entityAccount -> {
        if (!entityAccount.isOwnership()) {
            return false;
        }
        if (passwordChange.isAll()) {
            // Add all account supports change password
            if (entityAccount.getAccount() == null) {
                return false;
            }
            // Check if system for this account support change password
            AccAccountFilter accountFilter = new AccAccountFilter();
            accountFilter.setSupportChangePassword(Boolean.TRUE);
            accountFilter.setId(entityAccount.getAccount());
            List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
            if (accountsChecked.size() == 1) {
                return true;
            }
            return false;
        } else {
            return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
        }
    }).forEach(entityAccount -> {
        if (!accountIds.contains(entityAccount.getAccount())) {
            accountIds.add(entityAccount.getAccount());
        }
    });
    // 
    // Is possible that some account has disabled password attributes
    List<OperationResult> notExecutedPasswordChanged = new ArrayList<>();
    // 
    List<AccAccountDto> accounts = new ArrayList<>();
    accountIds.forEach(accountId -> {
        AccAccountDto account = accountService.get(accountId);
        // Skip account in protection
        if (account.isInProtection()) {
            // Skip this iteration
            return;
        }
        // 
        accounts.add(account);
        // find UID from system entity or from account
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system);
        if (account.getSystemEntity() == null) {
            throw new SystemEntityNotFoundException(AccResultCode.PROVISIONING_PASSWORD_SYSTEM_ENTITY_NOT_FOUND, String.valueOf(account.getUid()), system.getCode());
        }
        SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
        // 
        // Find mapped attributes (include overloaded attributes)
        List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
        if (CollectionUtils.isEmpty(finalAttributes)) {
            return;
        }
        // We try find __PASSWORD__ attribute in mapped attributes
        AttributeMapping mappedAttribute = finalAttributes.stream().filter((attribute) -> {
            SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
            return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
        }).findFirst().orElse(null);
        // 
        // get all another passwords, list with all passwords (included primary password marked as __PASSWORD__)
        SysSystemMappingDto systemMappingDto = getMapping(system, systemEntity.getEntityType());
        List<SysSystemAttributeMappingDto> passwordAttributes = attributeMappingService.getAllPasswordAttributes(system.getId(), systemMappingDto.getId());
        // 
        // create account object with all another password
        Map<ProvisioningAttributeDto, Object> accountObjectWithAnotherPassword = new HashMap<>(passwordAttributes.size());
        for (AttributeMapping passwordAttribute : passwordAttributes) {
            // all password attributes contains also main __PASSWORD__ the attribute must be skipped
            if (mappedAttribute != null && mappedAttribute.equals(passwordAttribute)) {
                continue;
            }
            GuardedString transformPassword = transformPassword(passwordChange.getNewPassword(), passwordAttribute, systemEntity.getUid(), dto);
            SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(passwordAttribute.getSchemaAttribute());
            ProvisioningAttributeDto passwordProvisiongAttributeDto = ProvisioningAttributeDto.createProvisioningAttributeKey(passwordAttribute, schemaAttribute.getName(), schemaAttribute.getClassType());
            accountObjectWithAnotherPassword.put(passwordProvisiongAttributeDto, transformPassword);
        }
        // for this account doesn't exist mapped attribute as password
        if (accountObjectWithAnotherPassword.isEmpty() && mappedAttribute == null) {
            // Beware we cant use AccAccountDto from acc module, in core is checked by this
            notExecutedPasswordChanged.add(new OperationResult.Builder(OperationState.NOT_EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, ImmutableMap.of(IdmAccountDto.PARAMETER_NAME, createResultAccount(account, system)))).build());
            // for this account is this failed password change
            return;
        }
        // 
        // add all account attributes => standard provisioning
        SysProvisioningOperationDto additionalProvisioningOperation = null;
        // resolve another attributes that must be sent together with password
        List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
        if (!additionalPasswordChangeAttributes.isEmpty()) {
            additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
        }
        // add another password
        if (!accountObjectWithAnotherPassword.isEmpty()) {
            if (additionalProvisioningOperation == null) {
                // if additional operation is null create one
                additionalProvisioningOperation = prepareProvisioningOperationForAdditionalPassword(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, systemMappingDto, accountObjectWithAnotherPassword);
            } else {
                // if additional operation exists just add all account object with additional passwords
                additionalProvisioningOperation.getProvisioningContext().getAccountObject().putAll(accountObjectWithAnotherPassword);
            }
        }
        // 
        // password change operation
        SysProvisioningOperationDto operation;
        if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
            // all attributes including another password attributes will be sent with password one provisioning operation
            operation = additionalProvisioningOperation;
            // 
            if (mappedAttribute != null) {
                // Main password attribute isn't mapped
                // transform password value trough transformation
                GuardedString transformPassword = transformPassword(passwordChange.getNewPassword(), mappedAttribute, systemEntity.getUid(), dto);
                // 
                // add wish for password
                SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.get(mappedAttribute.getSchemaAttribute());
                ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeDto.getName(), schemaAttributeDto.getClassType());
                // 
                // newly isn't needed check if password is constant or etc.
                // 
                operation.getProvisioningContext().getAccountObject().put(passwordAttribute, transformPassword);
            }
            // 
            // do provisioning for additional attributes and password
            // together
            preparedOperations.add(operation);
        } else {
            // 
            if (mappedAttribute != null) {
                // Main password attribute isn't mapped
                // transform password value trough transformation
                GuardedString transformPassword = transformPassword(passwordChange.getNewPassword(), mappedAttribute, systemEntity.getUid(), dto);
                // 
                operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, transformPassword, ProvisioningOperationType.UPDATE, dto);
                preparedOperations.add(operation);
            }
            // do provisioning for additional attributes and passwords in second
            if (additionalProvisioningOperation != null) {
                preparedOperations.add(additionalProvisioningOperation);
            }
        }
    });
    // 
    // execute prepared operations
    List<OperationResult> results = preparedOperations.stream().map(operation -> {
        SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
        Map<String, Object> parameters = new LinkedHashMap<String, Object>();
        AccAccountDto account = accounts.stream().filter(a -> {
            return a.getRealUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
        }).findFirst().get();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system);
        // 
        parameters.put(IdmAccountDto.PARAMETER_NAME, createResultAccount(account, system));
        // 
        if (result.getResult().getState() == OperationState.EXECUTED) {
            // Add success changed password account
            return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
        }
        OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
        changeResult.setCause(result.getResult().getCause());
        changeResult.setCode(result.getResult().getCode());
        return changeResult;
    }).collect(Collectors.toList());
    // 
    // add not executed changed from prepare stage
    results.addAll(notExecutedPasswordChanged);
    return results;
}
Also used : ProvisioningExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningExecutor) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) Autowired(org.springframework.beans.factory.annotation.Autowired) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) AccIdentityAccount_(eu.bcvsolutions.idm.acc.entity.AccIdentityAccount_) EntityAccountDto(eu.bcvsolutions.idm.acc.dto.EntityAccountDto) StringUtils(org.apache.commons.lang3.StringUtils) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSystemAttributeMapping_(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping_) IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemEntity_(eu.bcvsolutions.idm.acc.entity.SysSystemEntity_) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) ProvisioningEntityExecutor(eu.bcvsolutions.idm.acc.service.api.ProvisioningEntityExecutor) SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping) ImmutableMap(com.google.common.collect.ImmutableMap) Collection(java.util.Collection) SystemOperationType(eu.bcvsolutions.idm.acc.domain.SystemOperationType) ReadWriteDtoService(eu.bcvsolutions.idm.core.api.service.ReadWriteDtoService) Set(java.util.Set) PageRequest(org.springframework.data.domain.PageRequest) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Serializable(java.io.Serializable) AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping) List(java.util.List) EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) CollectionUtils(org.springframework.util.CollectionUtils) AccountType(eu.bcvsolutions.idm.acc.domain.AccountType) Optional(java.util.Optional) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) MappingContext(eu.bcvsolutions.idm.acc.domain.MappingContext) IcConnectorFacade(eu.bcvsolutions.idm.ic.service.api.IcConnectorFacade) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) AttributeMappingStrategyType(eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType) SysRoleSystem_(eu.bcvsolutions.idm.acc.entity.SysRoleSystem_) ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType) SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) IdmAccountDto(eu.bcvsolutions.idm.core.api.dto.IdmAccountDto) HashMap(java.util.HashMap) IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttribute_(eu.bcvsolutions.idm.acc.entity.SysRoleSystemAttribute_) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) SystemEntityNotFoundException(eu.bcvsolutions.idm.acc.exception.SystemEntityNotFoundException) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) ImmutableList(com.google.common.collect.ImmutableList) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) ProvisioningOperationType(eu.bcvsolutions.idm.acc.domain.ProvisioningOperationType) LinkedHashSet(java.util.LinkedHashSet) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) Codeable(eu.bcvsolutions.idm.core.api.domain.Codeable) SysSystemMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) SysSchemaObjectClass_(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass_) SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) EventContext(eu.bcvsolutions.idm.core.api.event.EventContext) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) Contextable(eu.bcvsolutions.idm.core.api.domain.Contextable) AccAccount_(eu.bcvsolutions.idm.acc.entity.AccAccount_) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) ProvisioningService(eu.bcvsolutions.idm.acc.service.api.ProvisioningService) Collections(java.util.Collections) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) EntityEventManager(eu.bcvsolutions.idm.core.api.service.EntityEventManager) Assert(org.springframework.util.Assert) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ArrayList(java.util.ArrayList) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) List(java.util.List) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) UUID(java.util.UUID) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SystemEntityNotFoundException(eu.bcvsolutions.idm.acc.exception.SystemEntityNotFoundException) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) EntityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.EntityAccountFilter) SysSystemAttributeMapping(eu.bcvsolutions.idm.acc.entity.SysSystemAttributeMapping) AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

ImmutableList (com.google.common.collect.ImmutableList)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)1 AccountType (eu.bcvsolutions.idm.acc.domain.AccountType)1 AttributeMapping (eu.bcvsolutions.idm.acc.domain.AttributeMapping)1 AttributeMappingStrategyType (eu.bcvsolutions.idm.acc.domain.AttributeMappingStrategyType)1 MappingContext (eu.bcvsolutions.idm.acc.domain.MappingContext)1 ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)1 ProvisioningEventType (eu.bcvsolutions.idm.acc.domain.ProvisioningEventType)1 ProvisioningOperationType (eu.bcvsolutions.idm.acc.domain.ProvisioningOperationType)1 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)1 SystemOperationType (eu.bcvsolutions.idm.acc.domain.SystemOperationType)1 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)1 EntityAccountDto (eu.bcvsolutions.idm.acc.dto.EntityAccountDto)1 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)1 SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)1 SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)1 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)1 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)1 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)1