Example 21 with ConnectorType
use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.
the class MsAdMappingIdentityAutoAttributesProcessor method conditional.
@Override
public boolean conditional(EntityEvent<SysSystemMappingDto> event) {
boolean conditional = super.conditional(event);
if (!conditional) {
return false;
}
SysSystemMappingDto systemMappingDto = event.getContent();
// Attributes will be generated only for __ACCOUNT__ schema.
SysSchemaObjectClassDto objectClassDto = lookupService.lookupEmbeddedDto(systemMappingDto, SysSystemMapping_.objectClass);
if (objectClassDto != null && objectClassDto.getSystem() != null) {
SysSystemDto systemDto = lookupService.lookupEmbeddedDto(objectClassDto, SysSchemaObjectClass_.system);
ConnectorType connectorType = connectorManager.findConnectorTypeBySystem(systemDto);
if (connectorType != null) {
// Only for AD user and AD+WinRM user wizards.
return connectorType instanceof AdUserConnectorType;
}
}
return false;
}
Also used :
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
AdUserConnectorType(eu.bcvsolutions.idm.acc.connector.AdUserConnectorType)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
AdUserConnectorType(eu.bcvsolutions.idm.acc.connector.AdUserConnectorType)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
Example 22 with ConnectorType
use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.
the class DefaultConnectorManager method execute.
@Override
@Transactional
public ConnectorTypeDto execute(ConnectorTypeDto connectorType) {
Assert.notNull(connectorType, "Connector type cannot be null!");
Assert.notNull(connectorType.getId(), "Connector type ID cannot be null!");
ConnectorType connectorTypeDef = this.getConnectorType(connectorType.getId());
Assert.notNull(connectorTypeDef, "Connector type definition was not found!");
if (!connectorType.isReopened()) {
cacheManager.evictCache(FormService.FORM_DEFINITION_CACHE_NAME);
}
return connectorTypeDef.execute(connectorType);
}
Also used :
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 23 with ConnectorType
use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testUpdateAccountInCrossDomain.
@Test
public void testUpdateAccountInCrossDomain() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates cross-domain no-login role.
IdmRoleDto roleInCrossDomainGroup = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().createContract(identity);
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack((system, uid, objectClass) -> {
IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl(identity.getUsername(), null, null);
connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE, "TWO"));
return mockCrossDomainAdUserConnectorType.getCrossDomainConnectorObject(system, uid, objectClass, connectorObject);
});
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, roleInCrossDomainGroup, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(1, ((List<?>) ldapGroupsValue).size());
assertTrue(((List<?>) ldapGroupsValue).stream().anyMatch(value -> value.equals("ONE")));
IcAttribute ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
IcAttribute ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
assertNotNull(ldapGroups);
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("ONE")));
assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("TWO")));
assertNotNull(ldapGroupsOld);
assertEquals(1, ldapGroupsOld.getValues().size());
assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("TWO")));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
systemGroupService.delete(groupSystemDto);
getHelper().deleteIdentity(identity.getId());
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack(null);
}
Also used :
IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
GuardedString(org.identityconnectors.common.security.GuardedString)
IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
After(org.junit.After)
SecurityUtil(org.identityconnectors.common.security.SecurityUtil)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType)
SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
UUID(java.util.UUID)
StandardCharsets(java.nio.charset.StandardCharsets)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
List(java.util.List)
AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService)
ConnectorManager(eu.bcvsolutions.idm.acc.service.api.ConnectorManager)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
Assert.assertFalse(org.junit.Assert.assertFalse)
AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService)
IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService)
IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService)
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
MessageFormat(java.text.MessageFormat)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)
IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo)
Before(org.junit.Before)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
Assert.assertTrue(org.junit.Assert.assertTrue)
RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState)
Test(org.junit.Test)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
SysSystemGroupService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupService)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
Assert.assertNull(org.junit.Assert.assertNull)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison)
IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_)
BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto)
TestHelper(eu.bcvsolutions.idm.acc.TestHelper)
Comparator(java.util.Comparator)
SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService)
Assert.assertEquals(org.junit.Assert.assertEquals)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
List(java.util.List)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 24 with ConnectorType
use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleSystemInDisabledCrossDomainGroup.
@Test
public void testRoleSystemInDisabledCrossDomainGroup() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto.setDisabled(true);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemOne = systemGroupSystemService.save(systemGroupSystemOne);
// Creates cross-domain no-login role.
IdmRoleDto roleInCrossDomainGroup = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be not in a cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Flag 'isInCrossDomainGroup' in role-system should be false now.
roleSystemFilter.setIsInCrossDomainGroupRoleId(null);
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertFalse(roleSystemDto.isInCrossDomainGroup());
// Clean
systemGroupService.delete(groupSystemDto);
assertNull(systemGroupSystemService.get(systemGroupSystemOne));
systemService.delete(systemDto);
roleService.delete(roleInCrossDomainGroup);
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 25 with ConnectorType
use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupCannotCreateAccount.
@Test
public void testRoleInCrossDomainGroupCannotCreateAccount() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates cross-domain no-login role.
IdmRoleDto roleInCrossDomainGroup = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().createContract(identity);
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, roleInCrossDomainGroup);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNull(roleRequestDto.getSystemState());
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
systemGroupService.delete(groupSystemDto);
getHelper().deleteIdentity(identity.getId());
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Aggregations
ConnectorType (eu.bcvsolutions.idm.acc.service.api.ConnectorType)58
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)56
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)45
Test (org.junit.Test)45
ConnectorTypeDto (eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto)41
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)25
SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)24
MockAdUserConnectorType (eu.bcvsolutions.idm.acc.service.impl.mock.MockAdUserConnectorType)22
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)19
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)19
BaseDto (eu.bcvsolutions.idm.core.api.dto.BaseDto)18
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)17
SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)16
SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)16
SysRoleSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)16
MockCrossDomainAdUserConnectorType (eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)16
UUID (java.util.UUID)16
ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)15
AdGroupConnectorType (eu.bcvsolutions.idm.acc.connector.AdGroupConnectorType)14
SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)14
