use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmTreeNodeServiceIntegrationTest method testSkipAndAssignAutomaticRoleOnPositionAfterNodeIsMovedWithUpRecursion.
@Test
public void testSkipAndAssignAutomaticRoleOnPositionAfterNodeIsMovedWithUpRecursion() {
IdmTreeNodeDto parentNode = getHelper().createTreeNode();
IdmTreeNodeDto node = getHelper().createTreeNode();
// define automatic role for parent
IdmRoleDto role = getHelper().createRole();
IdmRoleTreeNodeDto automaticRole = getHelper().createRoleTreeNode(role, node, RecursionType.UP, true);
// create identity with contract on node
IdmIdentityDto identity = getHelper().createIdentity((GuardedString) null);
getHelper().createContractPosition(getHelper().getPrimeContract(identity), parentNode);
// no role should be assigned now
List<IdmIdentityRoleDto> assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.isEmpty());
//
node.setParent(parentNode.getId());
EntityEvent<IdmTreeNodeDto> event = new TreeNodeEvent(TreeNodeEventType.UPDATE, node);
event.getProperties().put(AutomaticRoleManager.SKIP_RECALCULATION, Boolean.TRUE);
node = service.publish(event).getContent();
IdmEntityStateFilter filter = new IdmEntityStateFilter();
filter.setStates(Lists.newArrayList(OperationState.BLOCKED));
filter.setResultCode(CoreResultCode.AUTOMATIC_ROLE_SKIPPED.getCode());
filter.setOwnerType(entityStateManager.getOwnerType(IdmRoleTreeNodeDto.class));
List<IdmEntityStateDto> skippedStates = entityStateManager.findStates(filter, null).getContent();
Assert.assertTrue(skippedStates.stream().anyMatch(s -> s.getOwnerId().equals(automaticRole.getId())));
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertTrue(assignedRoles.isEmpty());
//
// recount skipped automatic roles
longRunningTaskManager.execute(new ProcessSkippedAutomaticRoleByTreeTaskExecutor());
skippedStates = entityStateManager.findStates(filter, null).getContent();
Assert.assertFalse(skippedStates.stream().anyMatch(s -> s.getOwnerId().equals(automaticRole.getId())));
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(1, assignedRoles.size());
Assert.assertEquals(automaticRole.getId(), assignedRoles.get(0).getAutomaticRole());
//
IdmTreeNodeDto otherNode = getHelper().createTreeNode(null, null, node);
IdmRoleDto roleOther = getHelper().createRole();
IdmRoleTreeNodeDto otherAutomaticRole = getHelper().createRoleTreeNode(roleOther, otherNode, RecursionType.UP, false);
//
assignedRoles = identityRoleService.findAllByIdentity(identity.getId());
Assert.assertEquals(2, assignedRoles.size());
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> automaticRole.getId().equals(ir.getAutomaticRole())));
Assert.assertTrue(assignedRoles.stream().anyMatch(ir -> otherAutomaticRole.getId().equals(ir.getAutomaticRole())));
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class DefaultUniformPasswordManagerIntegrationTest method testCreateEntityState.
@Test
public void testCreateEntityState() {
try {
// Turn on an async execution.
getHelper().enableAsynchronousProcessing();
SysSystemDto system = initData();
Assert.assertNotNull(system);
AbstractSysSyncConfigDto config = doCreateSyncConfig(system, null);
Assert.assertTrue(config instanceof SysSyncContractConfigDto);
IdmIdentityDto ownerOne = helper.createIdentity();
IdmIdentityDto ownerTwo = helper.createIdentity();
List<TestContractResource> contractResources = Lists.newArrayList(this.createContract("1", ownerOne.getUsername(), null, "true", null, null, null, null), this.createContract("2", ownerTwo.getUsername(), null, "false", null, null, null, null));
this.getBean().initContractData(contractResources);
IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
contractFilter.setIdentity(ownerOne.getId());
contractService.find(contractFilter, null).getContent().forEach(contract -> contractService.delete(contract));
Assert.assertEquals(0, contractService.find(contractFilter, null).getTotalElements());
contractFilter.setIdentity(ownerTwo.getId());
contractService.find(contractFilter, null).getContent().forEach(contract -> contractService.delete(contract));
Assert.assertEquals(0, contractService.find(contractFilter, null).getTotalElements());
ownerOne = identityService.get(ownerOne.getId());
ownerTwo = identityService.get(ownerTwo.getId());
// Identities should be in the CREATED state.
Assert.assertEquals(IdentityState.NO_CONTRACT, ownerOne.getState());
Assert.assertEquals(IdentityState.NO_CONTRACT, ownerTwo.getState());
SynchronizationSchedulableTaskExecutor lrt = new SynchronizationSchedulableTaskExecutor(config.getId());
LongRunningFutureTask<Boolean> longRunningFutureTask = longRunningTaskManager.execute(lrt);
UUID transactionIdLrt = longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).getTransactionId();
// Waiting for the LRT will be running.
getHelper().waitForResult(res -> {
return !longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).isRunning();
}, 50, 40);
// Waiting for the LRT will be EXECUTED.
getHelper().waitForResult(res -> {
return longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).getResultState() != OperationState.EXECUTED;
}, 250, 100);
Assert.assertEquals(OperationState.EXECUTED, longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).getResultState());
SysSyncLogDto log = helper.checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 2, OperationResultType.SUCCESS);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
UUID transactionId = log.getTransactionId();
Assert.assertNotNull(transactionId);
Assert.assertEquals(transactionIdLrt, transactionId);
contractFilter.setIdentity(ownerOne.getId());
Assert.assertEquals(1, contractService.count(contractFilter));
contractFilter.setIdentity(ownerTwo.getId());
Assert.assertEquals(1, contractService.count(contractFilter));
ownerOne = identityService.get(ownerOne.getId());
ownerTwo = identityService.get(ownerTwo.getId());
// Identities should have a valid state.
Assert.assertEquals(IdentityState.VALID, ownerOne.getState());
Assert.assertEquals(IdentityState.VALID, ownerTwo.getState());
// LRT ended, entityStates must be removed.
IdmEntityStateDto entityStateDtoOwnerOne = uniformPasswordManager.getEntityState(ownerOne.getId(), IdmIdentityDto.class, transactionId);
Assert.assertNull(entityStateDtoOwnerOne);
IdmEntityStateDto entityStateDtoOwnerTwo = uniformPasswordManager.getEntityState(ownerTwo.getId(), IdmIdentityDto.class, transactionId);
Assert.assertNull(entityStateDtoOwnerTwo);
contractFilter.setValue("1");
Assert.assertEquals(1, contractService.find(contractFilter, null).getTotalElements());
contractFilter.setValue("2");
List<IdmIdentityContractDto> contractsTwo = contractService.find(contractFilter, null).getContent();
Assert.assertEquals(1, contractsTwo.size());
// Delete log
syncLogService.delete(log);
// Delete identities.
identityService.delete(ownerOne);
identityService.delete(ownerTwo);
} finally {
// Turn off an async execution.
getHelper().disableAsynchronousProcessing();
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class DefaultUniformPasswordManagerIntegrationTest method testUniformPasswordInIdM.
@Test
public void testUniformPasswordInIdM() {
try {
// Turn on an async execution.
getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, true);
getHelper().setConfigurationValue(SchedulerConfiguration.PROPERTY_TASK_ASYNCHRONOUS_ENABLED, true);
SysSystemDto contractSystem = initData();
Assert.assertNotNull(contractSystem);
IdmTreeTypeDto treeType = helper.createTreeType();
AbstractSysSyncConfigDto config = doCreateSyncConfig(contractSystem, treeType);
Assert.assertTrue(config instanceof SysSyncContractConfigDto);
SysSystemDto targetSystemOne = helper.createTestResourceSystem(true);
// Create system two with account suffix "_targetSystemTwo".
String targetSystemTwoSuffix = "_targetSystemTwo";
SysSystemDto targetSystemTwo = helper.createTestResourceSystem(true);
// Create uniform password definition.
AccUniformPasswordDto uniformPasswordDef = createUniformPasswordDef(targetSystemOne, targetSystemTwo);
// Enable change in the IdM.
uniformPasswordDef.setChangeInIdm(true);
uniformPasswordService.save(uniformPasswordDef);
SysSystemMappingDto provisioningMapping = systemMappingService.findProvisioningMapping(targetSystemTwo.getId(), SystemEntityType.IDENTITY);
List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(provisioningMapping);
SysSystemAttributeMappingDto uidAttribute = schemaAttributeMappingService.getUidAttribute(attributeMappingDtos, targetSystemTwo);
uidAttribute.setTransformToResourceScript("return attributeValue + \"" + targetSystemTwoSuffix + "\"");
schemaAttributeMappingService.save(uidAttribute);
IdmRoleDto automaticRoleTreeOne = helper.createRole();
helper.createRoleSystem(automaticRoleTreeOne, targetSystemOne);
IdmTreeNodeDto treeNodeOne = helper.createTreeNode(treeType, null);
helper.createAutomaticRole(automaticRoleTreeOne, treeNodeOne);
IdmRoleDto automaticRoleTreeTwo = helper.createRole();
helper.createRoleSystem(automaticRoleTreeTwo, targetSystemTwo);
IdmTreeNodeDto treeNodeTwo = helper.createTreeNode(treeType, null);
helper.createAutomaticRole(automaticRoleTreeTwo, treeNodeTwo);
IdmIdentityDto ownerOne = helper.createIdentityOnly();
List<TestContractResource> contractResources = Lists.newArrayList(this.createContract("1", ownerOne.getUsername(), null, "true", treeNodeOne.getCode(), null, null, null), this.createContract("2", ownerOne.getUsername(), null, "false", treeNodeTwo.getCode(), null, null, null));
this.getBean().initContractData(contractResources);
IdmIdentityContractFilter contractFilter = new IdmIdentityContractFilter();
contractFilter.setIdentity(ownerOne.getId());
contractService.find(contractFilter, null).getContent().forEach(contract -> contractService.delete(contract));
Assert.assertEquals(0, contractService.find(contractFilter, null).getTotalElements());
IdmIdentityFilter identityFilter = new IdmIdentityFilter();
identityFilter.setAddPasswordMetadata(true);
ownerOne = identityService.get(ownerOne.getId(), identityFilter);
// Identities should be in the CREATED state.
Assert.assertEquals(IdentityState.CREATED, ownerOne.getState());
Assert.assertNull(ownerOne.getPassword());
Assert.assertNull(ownerOne.getPasswordMetadata());
SynchronizationSchedulableTaskExecutor lrt = new SynchronizationSchedulableTaskExecutor(config.getId());
LongRunningFutureTask<Boolean> longRunningFutureTask = longRunningTaskManager.execute(lrt);
UUID transactionIdLrt = longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).getTransactionId();
// Waiting for the LRT will be running.
getHelper().waitForResult(res -> {
return !longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).isRunning();
}, 50, 40);
// Waiting for the LRT will be EXECUTED.
getHelper().waitForResult(res -> {
return longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).getResultState() != OperationState.EXECUTED;
}, 250, 100);
Assert.assertEquals(longRunningTaskService.get(longRunningFutureTask.getExecutor().getLongRunningTaskId()).getResultState(), OperationState.EXECUTED);
SysSyncLogDto log = helper.checkSyncLog(config, SynchronizationActionType.CREATE_ENTITY, 2, OperationResultType.SUCCESS);
Assert.assertFalse(log.isRunning());
Assert.assertFalse(log.isContainsError());
UUID transactionId = log.getTransactionId();
Assert.assertNotNull(transactionId);
Assert.assertEquals(transactionIdLrt, transactionId);
contractFilter.setIdentity(ownerOne.getId());
Assert.assertEquals(2, contractService.count(contractFilter));
ownerOne = identityService.get(ownerOne.getId());
// Identities should have a valid state.
Assert.assertEquals(IdentityState.VALID, ownerOne.getState());
// Waiting for removing entity state.
IdmIdentityDto finalOwnerOne = ownerOne;
getHelper().waitForResult(res -> {
return uniformPasswordManager.getEntityState(finalOwnerOne.getId(), IdmIdentityDto.class, transactionId) != null;
}, 50, 100);
// LRT ended, entityStates must be removed.
IdmEntityStateDto entityStateDtoOwnerOne = uniformPasswordManager.getEntityState(ownerOne.getId(), IdmIdentityDto.class, transactionId);
Assert.assertNull(entityStateDtoOwnerOne);
TestResource resourceOwnerOne = helper.findResource(ownerOne.getUsername());
Assert.assertNotNull(resourceOwnerOne);
TestResource resourceOwnerTwo = helper.findResource(ownerOne.getUsername() + targetSystemTwoSuffix);
Assert.assertNotNull(resourceOwnerTwo);
String passwordOwnerOne = resourceOwnerOne.getPassword();
String passwordOwnerTwo = resourceOwnerTwo.getPassword();
Assert.assertNotNull(passwordOwnerOne);
Assert.assertNotNull(passwordOwnerTwo);
Assert.assertEquals(passwordOwnerOne, passwordOwnerTwo);
// Change in the IdM is enabled.
ownerOne = identityService.get(ownerOne.getId(), identityFilter);
Assert.assertNotNull(ownerOne.getPasswordMetadata());
// One uniform password notification was send.
IdmNotificationFilter notificationFilter = new IdmNotificationFilter();
notificationFilter.setRecipient(ownerOne.getUsername());
notificationFilter.setNotificationType(IdmEmailLog.class);
notificationFilter.setTopic(CoreModule.TOPIC_UNIFORM_PASSWORD_SET);
List<IdmNotificationLogDto> notificationLogDtos = notificationLogService.find(notificationFilter, null).getContent();
Assert.assertEquals(1, notificationLogDtos.size());
// None a new password notification was send.
notificationFilter.setTopic(AccModuleDescriptor.TOPIC_NEW_PASSWORD);
notificationLogDtos = notificationLogService.find(notificationFilter, null).getContent();
Assert.assertEquals(0, notificationLogDtos.size());
// None password set notification was send.
notificationFilter.setTopic(CoreModule.TOPIC_PASSWORD_SET);
notificationLogDtos = notificationLogService.find(notificationFilter, null).getContent();
Assert.assertEquals(0, notificationLogDtos.size());
// None password change notification was send.
notificationFilter.setTopic(CoreModule.TOPIC_PASSWORD_CHANGED);
notificationLogDtos = notificationLogService.find(notificationFilter, null).getContent();
Assert.assertEquals(0, notificationLogDtos.size());
// Delete log
syncLogService.delete(log);
// Delete identities.
identityService.delete(ownerOne);
// Delete uniform password def.
uniformPasswordService.delete(uniformPasswordDef);
} finally {
// Turn off an async execution.
getHelper().setConfigurationValue(EventConfiguration.PROPERTY_EVENT_ASYNCHRONOUS_ENABLED, false);
getHelper().setConfigurationValue(SchedulerConfiguration.PROPERTY_TASK_ASYNCHRONOUS_ENABLED, false);
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class IdentityDeleteProcessor method process.
@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
IdmIdentityDto identity = event.getContent();
UUID identityId = identity.getId();
Assert.notNull(identityId, "Identity ID is required!");
boolean forceDelete = getBooleanProperty(PROPERTY_FORCE_DELETE, event.getProperties());
//
// delete contract slices
IdmContractSliceFilter sliceFilter = new IdmContractSliceFilter();
sliceFilter.setIdentity(identityId);
contractSliceService.find(sliceFilter, null).forEach(guarantee -> {
contractSliceService.delete(guarantee);
});
// delete contract slice guarantees
IdmContractSliceGuaranteeFilter sliceGuaranteeFilter = new IdmContractSliceGuaranteeFilter();
sliceGuaranteeFilter.setGuaranteeId(identityId);
contractSliceGuaranteeService.find(sliceGuaranteeFilter, null).forEach(guarantee -> {
contractSliceGuaranteeService.delete(guarantee);
});
//
// contracts
identityContractService.findAllByIdentity(identityId).forEach(identityContract -> {
// when identity is deleted, then HR processes has to be skipped (prevent to update deleted identity, when contract is removed)
Map<String, Serializable> properties = new HashMap<>();
properties.put(IdmIdentityContractService.SKIP_HR_PROCESSES, Boolean.TRUE);
// propagate force attribute
properties.put(PROPERTY_FORCE_DELETE, forceDelete);
// prepare event
IdentityContractEvent contractEvent = new IdentityContractEvent(IdentityContractEventType.DELETE, identityContract, properties);
contractEvent.setPriority(PriorityType.HIGH);
//
identityContractService.publish(contractEvent);
});
// delete contract guarantees
IdmContractGuaranteeFilter filter = new IdmContractGuaranteeFilter();
filter.setGuaranteeId(identityId);
contractGuaranteeService.find(filter, null).forEach(guarantee -> {
contractGuaranteeService.delete(guarantee);
});
// remove role guarantee
IdmRoleGuaranteeFilter roleGuaranteeFilter = new IdmRoleGuaranteeFilter();
roleGuaranteeFilter.setGuarantee(identityId);
roleGuaranteeService.find(roleGuaranteeFilter, null).forEach(roleGuarantee -> {
roleGuaranteeService.delete(roleGuarantee);
});
// remove password
passwordProcessor.deletePassword(identity);
// delete password history for identity
passwordHistoryService.deleteAllByIdentity(identityId);
// disable related tokens - tokens has to be disabled to prevent their usage (when tokens are deleted, then token is recreated)
tokenManager.disableTokens(identity);
//
// delete all identity's profiles
IdmProfileFilter profileFilter = new IdmProfileFilter();
profileFilter.setIdentityId(identityId);
profileService.find(profileFilter, null).forEach(profile -> {
profileService.delete(profile);
});
// remove all IdentityRoleValidRequest for this identity
List<IdmIdentityRoleValidRequestDto> validRequests = identityRoleValidRequestService.findAllValidRequestForIdentityId(identityId);
identityRoleValidRequestService.deleteAll(validRequests);
//
// delete all identity's delegations - delegate
IdmDelegationDefinitionFilter delegationFilter = new IdmDelegationDefinitionFilter();
delegationFilter.setDelegateId(identityId);
delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
delegationDefinitionService.delete(delegation);
});
//
// delete all identity's delegations - delegator
delegationFilter = new IdmDelegationDefinitionFilter();
delegationFilter.setDelegatorId(identityId);
delegationDefinitionService.find(delegationFilter, null).forEach(delegation -> {
delegationDefinitionService.delete(delegation);
});
// deletes identity
if (forceDelete) {
LOG.debug("Identity [{}] should be deleted by caller after all asynchronus processes are completed.", identityId);
//
// dirty flag only - will be processed after asynchronous events ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(identity, stateDeleted);
//
// set disabled (automatically)
identity.setState(IdentityState.DISABLED);
service.saveInternal(identity);
} else {
// delete all role requests where is this identity applicant
IdmRoleRequestFilter roleRequestFilter = new IdmRoleRequestFilter();
roleRequestFilter.setApplicantId(identityId);
roleRequestService.find(roleRequestFilter, null).forEach(request -> {
roleRequestService.delete(request);
});
//
service.deleteInternal(identity);
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto in project CzechIdMng by bcvsolutions.
the class DuplicateRoleAutomaticByTreeProcessor method process.
@Override
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
IdmRoleDto cloned = event.getContent();
IdmRoleDto originalSource = event.getOriginalSource();
IdmRoleTreeNodeFilter filter = new IdmRoleTreeNodeFilter();
filter.setRoleId(cloned.getId());
Set<UUID> usedAutomaticRoles = new HashSet<>();
List<IdmRoleTreeNodeDto> currentAutomaticRoles = roleTreeNodeService.find(filter, null).getContent();
//
filter.setRoleId(originalSource.getId());
roleTreeNodeService.find(filter, null).forEach(automaticRole -> {
UUID exists = exists(currentAutomaticRoles, automaticRole);
if (exists != null) {
usedAutomaticRoles.add(exists);
} else {
IdmRoleTreeNodeDto clonedAutomaticRole = new IdmRoleTreeNodeDto();
clonedAutomaticRole.setName(automaticRole.getName());
clonedAutomaticRole.setRole(cloned.getId());
clonedAutomaticRole.setTreeNode(automaticRole.getTreeNode());
clonedAutomaticRole.setRecursionType(automaticRole.getRecursionType());
//
RoleTreeNodeEvent automaticRoleEvent = new RoleTreeNodeEvent(RoleTreeNodeEventType.CREATE, clonedAutomaticRole);
// execute sync
automaticRoleEvent.setPriority(PriorityType.IMMEDIATE);
roleTreeNodeService.publish(automaticRoleEvent, event);
}
});
//
// remove not used originals
currentAutomaticRoles.stream().filter(automaticRole -> {
return !usedAutomaticRoles.contains(automaticRole.getId());
}).forEach(automaticRole -> {
// dirty flag automatic role only - will be processed after parent action ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setSuperOwnerId(cloned.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(automaticRole, stateDeleted);
});
//
return new DefaultEventResult<>(event, this);
}
Aggregations