Examples with ConnectorType eu.bcvsolutions.idm.acc.service.api.ConnectorType used on opensource projects

Example 36 with ConnectorType

use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.

the class PrepareConnectorObjectProcessor method process.

/**
 * Prepare provisioning operation execution
 */
@Override
public EventResult<SysProvisioningOperationDto> process(EntityEvent<SysProvisioningOperationDto> event) {
    SysProvisioningOperationDto provisioningOperation = event.getContent();
    SysSystemDto system = systemService.get(provisioningOperation.getSystem());
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    SysSystemEntityDto systemEntity = provisioningOperationService.getByProvisioningOperation(provisioningOperation);
    String uid = systemEntity.getUid();
    boolean isWish = systemEntity.isWish();
    LOG.debug("Start preparing attribubes for provisioning operation [{}] for object with uid [{}] and connector object [{}]", provisioningOperation.getOperationType(), uid, objectClass.getType());
    // Find connector identification persisted in system
    if (system.getConnectorKey() == null) {
        throw new ProvisioningException(AccResultCode.CONNECTOR_KEY_FOR_SYSTEM_NOT_FOUND, ImmutableMap.of("system", system.getName()));
    }
    try {
        IcConnectorObject existsConnectorObject = null;
        // We do not want search account on the target system, when this is the first
        // call the connector and auto mapping is not allowed.
        ConnectorType connectorType = connectorManager.findConnectorTypeBySystem(system);
        if (!isWish || provisioningConfiguration.isAllowedAutoMappingOnExistingAccount()) {
            existsConnectorObject = connectorType.readConnectorObject(system, uid, objectClass);
        }
        if (existsConnectorObject == null) {
            processCreate(provisioningOperation);
        } else {
            processUpdate(provisioningOperation, existsConnectorObject, connectorType);
            // prepare attributes on target system for FE view
            ProvisioningContext context = provisioningOperation.getProvisioningContext();
            IcConnectorObject systemAttrs = intersectAccountAndSystemAttrs(context.getAccountObject(), existsConnectorObject);
            context.setSystemConnectorObject(systemAttrs);
            if (!provisioningOperation.isDryRun()) {
                provisioningOperation = provisioningOperationService.saveOperation(provisioningOperation);
            }
        }
        // 
        LOG.debug("Preparing attribubes for provisioning operation [{}] for object with uid [{}] and connector object [{}] is sucessfully completed", provisioningOperation.getOperationType(), uid, objectClass.getType());
        if (!provisioningOperation.isDryRun()) {
            // set back to event content
            provisioningOperation = provisioningOperationService.saveOperation(provisioningOperation);
            // log attributes used in provisioning context into provisioning attributes
            provisioningAttributeService.saveAttributes(provisioningOperation);
        }
        event.setContent(provisioningOperation);
        return new DefaultEventResult<>(event, this);
    } catch (Exception ex) {
        if (!provisioningOperation.isDryRun()) {
            provisioningOperation = provisioningOperationService.handleFailed(provisioningOperation, ex);
        }
        // TODO nastavit vyjimku stav do provisioning operation podobne jak se deje v handleFailed
        event.setContent(provisioningOperation);
        return new DefaultEventResult<>(event, this, true);
    }
}

Example 37 with ConnectorType

use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.

the class SysSystemController method getSupportedTypes.

/**
 * Returns all registered connector types.
 *
 * @return connector types
 */
@ResponseBody
@RequestMapping(method = RequestMethod.GET, value = "/search/supported")
@PreAuthorize("hasAuthority('" + AccGroupPermission.SYSTEM_READ + "')")
@ApiOperation(value = "Get all supported connector types", nickname = "getSupportedConnectorTypes", tags = { SysSystemController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = AccGroupPermission.SYSTEM_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = AccGroupPermission.SYSTEM_READ, description = "") }) })
public Resources<ConnectorTypeDto> getSupportedTypes() {
    Map<SysConnectorServerDto, List<IcConnectorInfo>> allConnectorInfos = new LinkedHashMap<>();
    // All remote connectors - optionally, but with higher priority.
    remoteServerService.find(null).forEach(connectorServer -> {
        for (IcConfigurationService config : icConfiguration.getIcConfigs().values()) {
            try {
                connectorServer.setPassword(remoteServerService.getPassword(connectorServer.getId()));
                Set<IcConnectorInfo> availableRemoteConnectors = config.getAvailableRemoteConnectors(connectorServer);
                if (CollectionUtils.isNotEmpty(availableRemoteConnectors)) {
                    allConnectorInfos.put(connectorServer, Lists.newArrayList(availableRemoteConnectors));
                }
            } catch (IcInvalidCredentialException e) {
                ExceptionUtils.log(LOG, new ResultCodeException(AccResultCode.REMOTE_SERVER_INVALID_CREDENTIAL, ImmutableMap.of("server", e.getHost() + ":" + e.getPort()), e));
            } catch (IcServerNotFoundException e) {
                ExceptionUtils.log(LOG, new ResultCodeException(AccResultCode.REMOTE_SERVER_NOT_FOUND, ImmutableMap.of("server", e.getHost() + ":" + e.getPort()), e));
            } catch (IcCantConnectException e) {
                ExceptionUtils.log(LOG, new ResultCodeException(AccResultCode.REMOTE_SERVER_CANT_CONNECT, ImmutableMap.of("server", e.getHost() + ":" + e.getPort()), e));
            } catch (IcRemoteServerException e) {
                ExceptionUtils.log(LOG, new ResultCodeException(AccResultCode.REMOTE_SERVER_UNEXPECTED_ERROR, ImmutableMap.of("server", e.getHost() + ":" + e.getPort()), e));
            }
        }
    });
    // Local connectors
    Map<String, Set<IcConnectorInfo>> availableLocalConnectors = icConfiguration.getAvailableLocalConnectors();
    if (availableLocalConnectors != null) {
        List<IcConnectorInfo> localConnectorInfos = Lists.newArrayList();
        availableLocalConnectors.values().forEach(infos -> {
            localConnectorInfos.addAll(infos);
        });
        SysConnectorServerDto localServer = new SysConnectorServerDto();
        localServer.setLocal(true);
        allConnectorInfos.put(localServer, localConnectorInfos);
    }
    // 
    List<ConnectorTypeDto> resolvedConnectorTypes = Lists.newArrayListWithExpectedSize(allConnectorInfos.values().stream().mapToInt(List::size).sum());
    for (ConnectorType supportedConnectorType : connectorManager.getSupportedTypes()) {
        // remote connector has higher priority => linked hash map => find first
        // Find connector info and set version to the connectorTypeDto.
        SysConnectorServerDto connectorServer = null;
        IcConnectorInfo info = null;
        for (Entry<SysConnectorServerDto, List<IcConnectorInfo>> entry : allConnectorInfos.entrySet()) {
            for (IcConnectorInfo connectorInfo : entry.getValue()) {
                if (supportedConnectorType.getConnectorName().equals(connectorInfo.getConnectorKey().getConnectorName())) {
                    connectorServer = entry.getKey();
                    info = connectorInfo;
                    break;
                }
            }
            if (info != null) {
                break;
            }
        }
        if (info == null) {
            // default connector types are resolved bellow
            continue;
        }
        ConnectorTypeDto connectorType = connectorManager.convertTypeToDto(supportedConnectorType);
        if (connectorServer != null) {
            connectorType.setRemoteServer(connectorServer.getId());
        }
        connectorType.setLocal(connectorType.getRemoteServer() == null);
        connectorType.setVersion(info.getConnectorKey().getBundleVersion());
        connectorType.setName(info.getConnectorDisplayName());
        resolvedConnectorTypes.add(connectorType);
    }
    // Find connectors without extension (specific connector type).
    List<ConnectorTypeDto> defaultConnectorTypes = Lists.newArrayList();
    for (Entry<SysConnectorServerDto, List<IcConnectorInfo>> entry : allConnectorInfos.entrySet()) {
        SysConnectorServerDto connectorServer = entry.getKey();
        for (IcConnectorInfo connectorInfo : entry.getValue()) {
            ConnectorTypeDto connectorType = connectorManager.convertIcConnectorInfoToDto(connectorInfo);
            if (!resolvedConnectorTypes.stream().anyMatch(supportedType -> supportedType.getConnectorName().equals(connectorType.getConnectorName()) && supportedType.isHideParentConnector())) {
                if (connectorServer != null) {
                    connectorType.setRemoteServer(connectorServer.getId());
                }
                connectorType.setLocal(connectorType.getRemoteServer() == null);
                defaultConnectorTypes.add(connectorType);
            }
        }
    }
    resolvedConnectorTypes.addAll(defaultConnectorTypes);
    return new Resources<>(resolvedConnectorTypes.stream().sorted(Comparator.comparing(ConnectorTypeDto::getOrder)).collect(Collectors.toList()));
}

Example 38 with ConnectorType

use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.

the class AdUserConnectorTypeTest method testStepFour.

@Test
public void testStepFour() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockAdUserConnectorType.NAME);
    ConnectorTypeDto connectorTypeDto = connectorManager.convertTypeToDto(connectorType);
    SysSystemDto systemDto = createSystem(this.getHelper().createName(), connectorTypeDto);
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.SYSTEM_DTO_KEY, systemDto.getId().toString());
    String newUserContainerMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.NEW_USER_CONTAINER_KEY, newUserContainerMock);
    String userContainerMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.USER_SEARCH_CONTAINER_KEY, userContainerMock);
    String deletedUserContainerMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.DELETE_USER_CONTAINER_KEY, deletedUserContainerMock);
    String domainMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.DOMAIN_KEY, domainMock);
    connectorTypeDto.setWizardStepName(MockAdUserConnectorType.STEP_FOUR);
    // Generate mock schema.
    generateMockSchema(systemDto);
    // Execute step four.
    connectorManager.execute(connectorTypeDto);
    // Check containers on the system's operationOptions.
    systemDto = systemService.get(systemDto.getId());
    IdmFormDefinitionDto operationOptionsFormDefinition = systemService.getOperationOptionsConnectorFormDefinition(systemDto);
    String newUserContainer = getValueFromConnectorInstance(MockAdUserConnectorType.NEW_USER_CONTAINER_KEY, systemDto, operationOptionsFormDefinition);
    assertEquals(newUserContainerMock, newUserContainer);
    String deletedUserContainer = getValueFromConnectorInstance(MockAdUserConnectorType.DELETE_USER_CONTAINER_KEY, systemDto, operationOptionsFormDefinition);
    // Protected mode is not active -> delete user container should be null.
    assertNull(deletedUserContainer);
    String searchUserContainer = getValueFromConnectorInstance(MockAdUserConnectorType.USER_SEARCH_CONTAINER_KEY, systemDto, operationOptionsFormDefinition);
    assertEquals(userContainerMock, searchUserContainer);
    String domain = getValueFromConnectorInstance(MockAdUserConnectorType.DOMAIN_KEY, systemDto, operationOptionsFormDefinition);
    assertEquals(domainMock, domain);
    // Check created schema attributes.
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(systemDto.getId());
    List<SysSchemaAttributeDto> attributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
    assertTrue(attributes.stream().anyMatch(attribute -> IcAttributeInfo.NAME.equals(attribute.getName())));
    assertTrue(attributes.stream().anyMatch(attribute -> IcAttributeInfo.PASSWORD.equals(attribute.getName())));
    assertTrue(attributes.stream().anyMatch(attribute -> IcAttributeInfo.ENABLE.equals(attribute.getName())));
    assertTrue(attributes.stream().anyMatch(attribute -> MockAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(attribute.getName())));
    assertTrue(attributes.stream().anyMatch(attribute -> MockAdUserConnectorType.SAM_ACCOUNT_NAME_ATTRIBUTE.equals(attribute.getName())));
    // Check created schema attributes.
    SysSystemAttributeMappingFilter attributeMappingFilter = new SysSystemAttributeMappingFilter();
    attributeMappingFilter.setSystemId(systemDto.getId());
    List<SysSystemAttributeMappingDto> attributeMappingDtos = attributeMappingService.find(attributeMappingFilter, null).getContent();
    assertTrue(attributeMappingDtos.stream().anyMatch(attribute -> IcAttributeInfo.NAME.equals(attribute.getName())));
    assertTrue(attributeMappingDtos.stream().anyMatch(attribute -> IcAttributeInfo.PASSWORD.equals(attribute.getName())));
    assertTrue(attributeMappingDtos.stream().anyMatch(attribute -> IcAttributeInfo.ENABLE.equals(attribute.getName())));
    assertTrue(attributeMappingDtos.stream().anyMatch(attribute -> MockAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(attribute.getName())));
    assertTrue(attributeMappingDtos.stream().anyMatch(attribute -> MockAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(attribute.getName()) && AttributeMappingStrategyType.MERGE == attribute.getStrategyType()));
    assertTrue(attributeMappingDtos.stream().anyMatch(attribute -> MockAdUserConnectorType.SAM_ACCOUNT_NAME_ATTRIBUTE.equals(attribute.getName())));
    // Pairing sync wasn't created.
    SysSyncConfigFilter syncConfigFilter = new SysSyncConfigFilter();
    syncConfigFilter.setSystemId(systemDto.getId());
    int syncCount = syncConfigService.find(syncConfigFilter, null).getContent().size();
    assertEquals(0, syncCount);
    // Clean
    systemService.delete(systemDto);
}

Example 39 with ConnectorType

use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.

the class AdUserConnectorTypeTest method testPairingSync.

@Test
public void testPairingSync() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockAdUserConnectorType.NAME);
    ConnectorTypeDto connectorTypeDto = connectorManager.convertTypeToDto(connectorType);
    SysSystemDto systemDto = createSystem(this.getHelper().createName(), connectorTypeDto);
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.SYSTEM_DTO_KEY, systemDto.getId().toString());
    String newUserContainerMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.NEW_USER_CONTAINER_KEY, newUserContainerMock);
    String userContainerMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.USER_SEARCH_CONTAINER_KEY, userContainerMock);
    String deletedUserContainerMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.DELETE_USER_CONTAINER_KEY, deletedUserContainerMock);
    String domainMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.DOMAIN_KEY, domainMock);
    String defaultRoleMock = this.getHelper().createName();
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.NEW_ROLE_WITH_SYSTEM_CODE, defaultRoleMock);
    connectorTypeDto.setWizardStepName(MockAdUserConnectorType.STEP_FOUR);
    // Activate pairing sync.
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.PAIRING_SYNC_SWITCH_KEY, "true");
    // Activate protected sync.
    connectorTypeDto.getMetadata().put(MockAdUserConnectorType.PROTECTED_MODE_SWITCH_KEY, "true");
    // Generate mock schema.
    generateMockSchema(systemDto);
    // Execute step four.
    connectorManager.execute(connectorTypeDto);
    SysSystemMappingFilter mappingFilter = new SysSystemMappingFilter();
    mappingFilter.setSystemId(systemDto.getId());
    mappingFilter.setOperationType(SystemOperationType.PROVISIONING);
    mappingFilter.setEntityType(SystemEntityType.IDENTITY);
    List<SysSystemMappingDto> mappingDtos = mappingService.find(mappingFilter, null).getContent();
    assertEquals(1, mappingDtos.size());
    // Protected mode is activated.
    assertTrue(mappingDtos.get(0).isProtectionEnabled());
    // Provisioning context is used.
    assertTrue(mappingDtos.get(0).isAddContextConnectorObject());
    mappingFilter.setOperationType(SystemOperationType.SYNCHRONIZATION);
    mappingFilter.setEntityType(SystemEntityType.IDENTITY);
    mappingDtos = mappingService.find(mappingFilter, null).getContent();
    // Sync mapping must exists.
    assertEquals(1, mappingDtos.size());
    // Pairing sync should be created.
    SysSyncConfigFilter syncConfigFilter = new SysSyncConfigFilter();
    syncConfigFilter.setSystemId(systemDto.getId());
    List<AbstractSysSyncConfigDto> configDtos = syncConfigService.find(syncConfigFilter, null).getContent();
    assertEquals(1, configDtos.size());
    SysSyncIdentityConfigDto sync = (SysSyncIdentityConfigDto) configDtos.get(0);
    // Protected mode is activated.
    assertEquals(SynchronizationInactiveOwnerBehaviorType.LINK_PROTECTED, sync.getInactiveOwnerBehavior());
    assertNotNull(sync.getDefaultRole());
    // Clean
    systemService.delete(systemDto);
}

Example 40 with ConnectorType

use of eu.bcvsolutions.idm.acc.service.api.ConnectorType in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testUpdateAccountInCrossDomainOnTwoSystems.

@Test
public void testUpdateAccountInCrossDomainOnTwoSystems() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    // System one
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // System two
    SysSystemDto systemTwoDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filterTwo = new SysSystemAttributeMappingFilter();
    filterTwo.setSystemId(systemTwoDto.getId());
    filterTwo.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributesTwo = attributeMappingService.find(filterTwo, null).getContent();
    assertEquals(1, attributesTwo.size());
    SysSystemAttributeMappingDto ldapGroupsAttributeTwo = attributesTwo.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    SysSystemGroupSystemDto systemGroupSystemTwo = new SysSystemGroupSystemDto();
    systemGroupSystemTwo.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemTwo.setMergeAttribute(ldapGroupsAttributeTwo.getId());
    systemGroupSystemTwo.setSystem(systemTwoDto.getId());
    systemGroupSystemService.save(systemGroupSystemTwo);
    // Creates the login role ONE.
    IdmRoleDto loginRole = helper.createRole();
    helper.createRoleSystem(loginRole, systemDto);
    // Creates the login role TWO.
    IdmRoleDto loginRoleTwo = helper.createRole();
    helper.createRoleSystem(loginRoleTwo, systemTwoDto);
    // Creates cross-domain no-login role ONE.
    IdmRoleDto noLoginRole = helper.createRole();
    SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
    roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilter.setId(roleSystem.getId());
    List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(0, roleSystemDtos.size());
    createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
    // Creates cross-domain no-login role TWO.
    SysRoleSystemDto roleSystemTwo = helper.createRoleSystem(noLoginRole, systemTwoDto);
    SysRoleSystemFilter roleSystemFilterTwo = new SysRoleSystemFilter();
    roleSystemFilterTwo.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
    roleSystemFilterTwo.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
    roleSystemFilterTwo.setId(roleSystemTwo.getId());
    List<SysRoleSystemDto> roleSystemDtosTwo = roleSystemService.find(roleSystemFilterTwo, null).getContent();
    assertEquals(0, roleSystemDtosTwo.size());
    createOverriddenLdapGroupAttribute(ldapGroupsAttributeTwo, roleSystemTwo, "return 'TWO';");
    // Role-system should be in cross-domain group now.
    roleSystemDtos = roleSystemService.find(roleSystemFilterTwo, null).getContent();
    assertEquals(1, roleSystemDtos.size());
    SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
    assertTrue(roleSystemDto.isInCrossDomainGroup());
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityContractDto contract = getHelper().createContract(identity);
    mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack((system, uid, objectClass) -> {
        IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl(identity.getUsername(), null, null);
        connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE, "THREE"));
        connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.SID_ATTRIBUTE_KEY, "SID".getBytes(StandardCharsets.UTF_8)));
        return mockCrossDomainAdUserConnectorType.getCrossDomainConnectorObject(system, uid, objectClass, connectorObject);
    });
    // Assign login (ONE and TWO) and no-login roles.
    IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, noLoginRole, loginRole, loginRoleTwo);
    assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
    assertNotNull(roleRequestDto.getSystemState());
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setIdentityId(identity.getId());
    assertEquals(2, identityAccountService.find(identityAccountFilter, null).getContent().size());
    // Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
    SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
    ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals(1, ((List<?>) ldapGroupsValue).size());
    assertTrue(((List<?>) ldapGroupsValue).stream().anyMatch(value -> value.equals("ONE")));
    IcAttribute ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    IcAttribute ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
    assertNotNull(ldapGroups);
    assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("ONE")));
    assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("THREE")));
    assertNotNull(ldapGroupsOld);
    assertEquals(2, ldapGroupsOld.getValues().size());
    assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("THREE")));
    assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("EXTERNAL_ONE")));
    // Check if provisioning contains ldapGroups attribute with value ('TWO') from the role.
    provisioningOperationFilter = new SysProvisioningOperationFilter();
    provisioningOperationFilter.setSystemId(systemTwoDto.getId());
    provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
    provisioningOperationFilter.setEntityIdentifier(identity.getId());
    provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
    assertEquals(1, provisioningOperationDtos.size());
    provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
    assertEquals(ProvisioningEventType.UPDATE, provisioningOperationDto.getOperationType());
    provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
    assertNotNull(provisioningAttributeLdapGroupsDto);
    ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
    assertEquals(1, ((List<?>) ldapGroupsValue).size());
    assertTrue(((List<?>) ldapGroupsValue).stream().anyMatch(value -> value.equals("TWO")));
    ldapGroups = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    ldapGroupsOld = provisioningOperationDto.getProvisioningContext().getConnectorObject().getAttributeByName(MessageFormat.format(MockCrossDomainAdUserConnectorType.OLD_ATTRIBUTE_PATTERN, MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE));
    assertNotNull(ldapGroups);
    assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("TWO")));
    assertTrue(ldapGroups.getValues().stream().anyMatch(value -> value.equals("THREE")));
    assertNotNull(ldapGroupsOld);
    assertEquals(2, ldapGroupsOld.getValues().size());
    assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("THREE")));
    assertTrue(ldapGroupsOld.getValues().stream().anyMatch(value -> value.equals("EXTERNAL_ONE")));
    // Clean
    provisioningOperationService.deleteOperations(systemDto.getId());
    provisioningOperationService.deleteOperations(systemTwoDto.getId());
    systemGroupService.delete(groupSystemDto);
    getHelper().deleteIdentity(identity.getId());
    mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack(null);
}