Example 31 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testDisableDefaultAccountCreationForBusinessRole.
@Test
public void testDisableDefaultAccountCreationForBusinessRole() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
IdmRoleDto parentNoLoginRole = helper.createRole();
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(false);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setCreateAccountByDefault(Boolean.FALSE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(parentNoLoginRole, noLoginRole);
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
// Assign parent role.
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, parentNoLoginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNull(roleRequestDto.getSystemState());
assertEquals(1, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
roleCompositionService.delete(roleComposition);
getHelper().deleteRole(noLoginRole.getId());
getHelper().deleteRole(parentNoLoginRole.getId());
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 32 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class DuplicateRoleCompositionProcessor method process.
@Override
@SuppressWarnings("unchecked")
public EventResult<IdmRoleDto> process(EntityEvent<IdmRoleDto> event) {
IdmRoleDto cloned = event.getContent();
IdmRoleDto originalSource = event.getOriginalSource();
//
Map<String, Serializable> props = resolveProperties(event);
Set<UUID> processedRoles = (Set<UUID>) props.get(RoleEvent.PROPERTY_PROCESSED_ROLES);
processedRoles.add(cloned.getId());
//
// find and clone business role composition
// clone roles recursively
Set<String> processedSubRoles = new HashSet<>();
Map<String, IdmRoleCompositionDto> currentSubRoles = new HashMap<>();
roleCompositionService.findDirectSubRoles(cloned.getId()).forEach(composition -> {
IdmRoleDto subRole = DtoUtils.getEmbedded(composition, IdmRoleComposition_.sub);
currentSubRoles.put(subRole.getCode(), composition);
});
//
roleCompositionService.findDirectSubRoles(originalSource.getId()).stream().filter(composition -> {
return includeComposition(event, composition);
}).forEach(composition -> {
// find sub role on the target environment
IdmRoleDto subRole = DtoUtils.getEmbedded(composition, IdmRoleComposition_.sub);
IdmRoleDto targetRole = roleService.getByBaseCodeAndEnvironment(subRole.getBaseCode(), cloned.getEnvironment());
//
if (targetRole != null || duplicateRecursively(event, subRole, targetRole)) {
if (targetRole == null) {
// new clone
targetRole = prepareRole(subRole.getBaseCode(), cloned.getEnvironment());
}
if (targetRole != null && subRole.getId().equals(targetRole.getId())) {
LOG.debug("Role [{}] is duplicated on the same environment - skipping recursion for the same roles", targetRole.getCode());
} else if (targetRole != null && processedRoles.contains(targetRole.getId())) {
LOG.debug("Role [{}] was already processed by other business role composition - cycle, skipping", targetRole.getCode());
} else {
//
// clone / update
EntityEvent<IdmRoleDto> subEvent = new RoleEvent(RoleEventType.DUPLICATE, targetRole, props);
// original source is the cloned role
subEvent.setOriginalSource(subRole);
// we want to be sync
subEvent.setPriority(PriorityType.IMMEDIATE);
EventContext<IdmRoleDto> resultSubRole = roleService.publish(subEvent, event);
targetRole = resultSubRole.getContent();
}
//
// create the composition (or check composition exists)
// find exists
processedSubRoles.add(targetRole.getCode());
if (!currentSubRoles.containsKey(targetRole.getCode())) {
IdmRoleCompositionDto cloneComposition = new IdmRoleCompositionDto(cloned.getId(), targetRole.getId());
EntityEvent<IdmRoleCompositionDto> createCompositionEvent = new RoleCompositionEvent(RoleCompositionEventType.CREATE, cloneComposition);
// we want to be sync
createCompositionEvent.setPriority(PriorityType.IMMEDIATE);
roleCompositionService.publish(createCompositionEvent, event);
}
}
});
//
// remove unprocessed sub roles, which was removed in surce role
currentSubRoles.entrySet().stream().filter(entry -> {
return !processedSubRoles.contains(entry.getKey());
}).filter(entry -> {
return includeComposition(event, entry.getValue());
}).forEach(entry -> {
// dirty flag role composition only - will be processed after parent action ends
IdmEntityStateDto stateDeleted = new IdmEntityStateDto();
stateDeleted.setEvent(event.getId());
stateDeleted.setSuperOwnerId(cloned.getId());
stateDeleted.setResult(new OperationResultDto.Builder(OperationState.RUNNING).setModel(new DefaultResultModel(CoreResultCode.DELETED)).build());
entityStateManager.saveState(entry.getValue(), stateDeleted);
});
//
return new DefaultEventResult<>(event, this);
}
Also used :
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
HashMap(java.util.HashMap)
CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor)
RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)
PersistentType(eu.bcvsolutions.idm.core.eav.api.domain.PersistentType)
HashSet(java.util.HashSet)
EntityStateManager(eu.bcvsolutions.idm.core.api.service.EntityStateManager)
Lists(com.google.common.collect.Lists)
OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto)
Map(java.util.Map)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
EventResult(eu.bcvsolutions.idm.core.api.event.EventResult)
RoleEventType(eu.bcvsolutions.idm.core.model.event.RoleEvent.RoleEventType)
EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent)
Description(org.springframework.context.annotation.Description)
RoleCompositionEventType(eu.bcvsolutions.idm.core.model.event.RoleCompositionEvent.RoleCompositionEventType)
RoleProcessor(eu.bcvsolutions.idm.core.api.event.processor.RoleProcessor)
IdmRoleComposition_(eu.bcvsolutions.idm.core.model.entity.IdmRoleComposition_)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
Set(java.util.Set)
OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
UUID(java.util.UUID)
RoleCompositionEvent(eu.bcvsolutions.idm.core.model.event.RoleCompositionEvent)
EventContext(eu.bcvsolutions.idm.core.api.event.EventContext)
PriorityType(eu.bcvsolutions.idm.core.api.domain.PriorityType)
Serializable(java.io.Serializable)
IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto)
List(java.util.List)
Component(org.springframework.stereotype.Component)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
IdmEntityStateDto(eu.bcvsolutions.idm.core.api.dto.IdmEntityStateDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
Serializable(java.io.Serializable)
HashSet(java.util.HashSet)
Set(java.util.Set)
RoleCompositionEvent(eu.bcvsolutions.idm.core.model.event.RoleCompositionEvent)
DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)
HashMap(java.util.HashMap)
OperationResultDto(eu.bcvsolutions.idm.core.api.dto.OperationResultDto)
RoleEvent(eu.bcvsolutions.idm.core.model.event.RoleEvent)
EventContext(eu.bcvsolutions.idm.core.api.event.EventContext)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
UUID(java.util.UUID)
HashSet(java.util.HashSet)
Example 33 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionAfterCreateProcessor method process.
@Override
public EventResult<IdmRoleCompositionDto> process(EntityEvent<IdmRoleCompositionDto> event) {
IdmRoleCompositionDto roleComposition = event.getContent();
Assert.notNull(roleComposition.getId(), "Composition identifier is required.");
// just for sure
Assert.notNull(roleComposition.getSub(), "Composition sub role is required.");
//
AddNewRoleCompositionTaskExecutor addRoleCompositionTask = AutowireHelper.createBean(AddNewRoleCompositionTaskExecutor.class);
addRoleCompositionTask.setRoleCompositionId(roleComposition.getId());
try {
if (event.getPriority() == PriorityType.IMMEDIATE) {
longRunningTaskManager.executeSync(addRoleCompositionTask);
} else {
longRunningTaskManager.execute(addRoleCompositionTask);
}
} catch (AcceptedException ex) {
DefaultEventResult<IdmRoleCompositionDto> result = new DefaultEventResult<>(event, this);
result.setSuspended(true);
//
return result;
}
//
return new DefaultEventResult<>(event, this);
}
Also used :
AddNewRoleCompositionTaskExecutor(eu.bcvsolutions.idm.core.scheduler.task.impl.AddNewRoleCompositionTaskExecutor)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException)
Example 34 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class RoleCompositionDeleteProcessor method process.
@Override
public EventResult<IdmRoleCompositionDto> process(EntityEvent<IdmRoleCompositionDto> event) {
IdmRoleCompositionDto roleComposition = event.getContent();
//
if (roleComposition.getId() == null) {
return new DefaultEventResult<>(event, this);
}
//
// delete all assigned roles gained by this automatic role by long running task
RemoveRoleCompositionTaskExecutor roleCompositionTask = AutowireHelper.createBean(RemoveRoleCompositionTaskExecutor.class);
roleCompositionTask.setRoleCompositionId(roleComposition.getId());
if (event.getPriority() == PriorityType.IMMEDIATE) {
longRunningTaskManager.executeSync(roleCompositionTask);
return new DefaultEventResult<>(event, this);
}
//
roleCompositionTask.setRequireNewTransaction(true);
longRunningTaskManager.execute(roleCompositionTask);
// TODO: new flag asynchronous?
return new DefaultEventResult.Builder<>(event, this).setSuspended(true).build();
}
Also used :
RemoveRoleCompositionTaskExecutor(eu.bcvsolutions.idm.core.scheduler.task.impl.RemoveRoleCompositionTaskExecutor)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)
Example 35 with IdmRoleCompositionDto
use of eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto in project CzechIdMng by bcvsolutions.
the class IdmRequestRoleController method getIncompatibleRoles.
@ResponseBody
@RequestMapping(value = "/{requestId}" + REQUEST_SUB_PATH + "/{backendId}/incompatible-roles", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.ROLE_READ + "')")
@ApiOperation(value = "Incompatible roles from sub roles and the current request", nickname = "getRequestRoleIncompatibleRoles", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.ROLE_READ, description = "") }) }, notes = "Incompatible roles from sub roles and the current request.")
public Resources<?> getIncompatibleRoles(@PathVariable @NotNull String requestId, @ApiParam(value = "Roles's uuid identifier or code.", required = true) @PathVariable String backendId) {
IdmRoleDto role = getDto(backendId);
if (role == null) {
if (requestId == null) {
// We are not able compute incompatible roles for not approving role.
throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
} else {
return toResources(Sets.newLinkedHashSet(), ResolvedIncompatibleRoleDto.class);
}
}
//
// find all sub role composition
List<IdmRoleCompositionDto> subRoles = roleCompositionService.findAllSubRoles(role.getId(), IdmBasePermission.READ);
// extract all sub roles - role above is included thx to composition
Set<IdmRoleDto> distinctRoles = roleCompositionService.resolveDistinctRoles(subRoles);
// resolve incompatible roles defined by business role
Set<ResolvedIncompatibleRoleDto> incompatibleRoles = incompatibleRoleService.resolveIncompatibleRoles(Lists.newArrayList(distinctRoles));
//
return toResources(incompatibleRoles, ResolvedIncompatibleRoleDto.class);
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
ResolvedIncompatibleRoleDto(eu.bcvsolutions.idm.core.api.dto.ResolvedIncompatibleRoleDto)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
ApiOperation(io.swagger.annotations.ApiOperation)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
IdmRoleCompositionDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)47
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)35
Test (org.junit.Test)24
UUID (java.util.UUID)23
List (java.util.List)22
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)21
Autowired (org.springframework.beans.factory.annotation.Autowired)21
IdmRoleCompositionService (eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)20
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)19
IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)18
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16
Set (java.util.Set)16
IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)15
Assert (org.junit.Assert)15
Transactional (org.springframework.transaction.annotation.Transactional)15
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)14
IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)13
IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)13
ArrayList (java.util.ArrayList)13
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)12
