Examples with IdmRoleDto eu.bcvsolutions.idm.core.api.dto.IdmRoleDto used on opensource projects

Search in sources :

Example 51 with IdmRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountServiceTest method getConnectorObjectNotFullTest.

@Test
public void getConnectorObjectNotFullTest() {
    String userOneName = "UserOne";
    String eavAttributeName = "EAV_ATTRIBUTE";
    SysSystemDto system = initData();
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(system.getId());
    // Find and delete EAV schema attribute.
    SysSchemaAttributeDto eavAttribute = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase(eavAttributeName)).findFirst().orElse(null);
    Assert.assertNotNull(eavAttribute);
    schemaAttributeService.delete(eavAttribute);
    Assert.assertNotNull(system);
    // Change resources (set state on exclude) .. must be call in transaction
    this.getBean().persistResource(createResource(userOneName, new LocalDateTime()));
    AccAccountDto account = new AccAccountDto();
    account.setEntityType(SystemEntityType.IDENTITY);
    account.setSystem(system.getId());
    account.setAccountType(AccountType.PERSONAL);
    account.setUid(userOneName);
    account = accountService.save(account);
    IdmIdentityDto identity = helper.createIdentity();
    AccIdentityAccountDto accountIdentityOne = new AccIdentityAccountDto();
    accountIdentityOne.setIdentity(identity.getId());
    accountIdentityOne.setOwnership(true);
    accountIdentityOne.setAccount(account.getId());
    accountIdentityOne = identityAccountService.save(accountIdentityOne);
    // Create role with evaluator
    IdmRoleDto role = helper.createRole();
    IdmAuthorizationPolicyDto policyAccount = new IdmAuthorizationPolicyDto();
    policyAccount.setRole(role.getId());
    policyAccount.setGroupPermission(AccGroupPermission.ACCOUNT.getName());
    policyAccount.setAuthorizableType(AccAccount.class.getCanonicalName());
    policyAccount.setEvaluator(ReadAccountByIdentityEvaluator.class);
    authorizationPolicyService.save(policyAccount);
    // Assign role with evaluator
    helper.createIdentityRole(identity, role);
    logout();
    loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
    IcConnectorObject connectorObject = accountService.getConnectorObject(account, IdmBasePermission.READ);
    Assert.assertNotNull(connectorObject);
    Assert.assertEquals(userOneName, connectorObject.getUidValue());
    // EAV attribute must be null, because we deleted the schema definition
    Assert.assertNull(connectorObject.getAttributeByName(eavAttributeName));
}
Also used : LocalDateTime(org.joda.time.LocalDateTime) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AccAccount(eu.bcvsolutions.idm.acc.entity.AccAccount) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 52 with IdmRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountServiceTest method getConnectorObjectForbiddenTest.

/**
 * We do not create relation Identity account ... we must not have the
 * permissions on the account
 */
@Test(expected = ForbiddenEntityException.class)
public void getConnectorObjectForbiddenTest() {
    String userOneName = "UserOne";
    String eavAttributeName = "EAV_ATTRIBUTE";
    SysSystemDto system = initData();
    Assert.assertNotNull(system);
    IdmIdentityDto identity = helper.createIdentity();
    // Create role with evaluator
    IdmRoleDto role = helper.createRole();
    IdmAuthorizationPolicyDto policyAccount = new IdmAuthorizationPolicyDto();
    policyAccount.setRole(role.getId());
    policyAccount.setGroupPermission(AccGroupPermission.ACCOUNT.getName());
    policyAccount.setAuthorizableType(AccAccount.class.getCanonicalName());
    policyAccount.setEvaluator(ReadAccountByIdentityEvaluator.class);
    authorizationPolicyService.save(policyAccount);
    // Change resources (set state on exclude) .. must be call in transaction
    this.getBean().persistResource(createResource(userOneName, new LocalDateTime()));
    AccAccountDto account = new AccAccountDto();
    account.setEntityType(SystemEntityType.IDENTITY);
    account.setSystem(system.getId());
    account.setAccountType(AccountType.PERSONAL);
    account.setUid(userOneName);
    account = accountService.save(account);
    // Assign role with evaluator
    helper.createIdentityRole(identity, role);
    logout();
    loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
    IcConnectorObject connectorObject = accountService.getConnectorObject(account, IdmBasePermission.READ);
    Assert.assertNotNull(connectorObject);
    Assert.assertEquals(userOneName, connectorObject.getUidValue());
    Assert.assertNotNull(connectorObject.getAttributeByName(eavAttributeName));
    Assert.assertEquals(userOneName, connectorObject.getAttributeByName(eavAttributeName).getValue());
}
Also used : LocalDateTime(org.joda.time.LocalDateTime) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccAccount(eu.bcvsolutions.idm.acc.entity.AccAccount) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 53 with IdmRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultAccAccountManagementService method generateUID.

/**
 * Return UID for this identity and roleSystem. First will be find and use
 * transform script from roleSystem attribute. If isn't UID attribute for
 * roleSystem defined, then will be use default UID attribute handling.
 *
 * @param entity
 * @param roleSystem
 * @return
 */
@Override
public String generateUID(AbstractDto entity, SysRoleSystemDto roleSystem) {
    // Find attributes for this roleSystem
    SysRoleSystemAttributeFilter roleSystemAttrFilter = new SysRoleSystemAttributeFilter();
    roleSystemAttrFilter.setRoleSystemId(roleSystem.getId());
    List<SysRoleSystemAttributeDto> attributes = roleSystemAttributeService.find(roleSystemAttrFilter, null).getContent();
    List<SysRoleSystemAttributeDto> attributesUid = attributes.stream().filter(attribute -> {
        return attribute.isUid();
    }).collect(Collectors.toList());
    if (attributesUid.size() > 1) {
        IdmRoleDto roleDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.role, IdmRoleDto.class);
        DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
        SysSystemDto systemDto = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
        throw new ProvisioningException(AccResultCode.PROVISIONING_ROLE_ATTRIBUTE_MORE_UID, ImmutableMap.of("role", roleDto.getName(), "system", systemDto.getName()));
    }
    SysRoleSystemAttributeDto uidRoleAttribute = !attributesUid.isEmpty() ? attributesUid.get(0) : null;
    // script.
    if (uidRoleAttribute != null) {
        // Default values (values from schema attribute handling)
        SysSystemAttributeMappingDto systemAttributeMapping = systemAttributeMappingService.get(uidRoleAttribute.getSystemAttributeMapping());
        uidRoleAttribute.setSchemaAttribute(systemAttributeMapping.getSchemaAttribute());
        uidRoleAttribute.setTransformFromResourceScript(systemAttributeMapping.getTransformFromResourceScript());
        Object uid = systemAttributeMappingService.getAttributeValue(null, entity, uidRoleAttribute);
        if (uid == null) {
            SysSystemDto systemEntity = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system, SysSystemDto.class);
            throw new ProvisioningException(AccResultCode.PROVISIONING_GENERATED_UID_IS_NULL, ImmutableMap.of("system", systemEntity.getName()));
        }
        if (!(uid instanceof String)) {
            throw new ProvisioningException(AccResultCode.PROVISIONING_ATTRIBUTE_UID_IS_NOT_STRING, ImmutableMap.of("uid", uid));
        }
        return (String) uid;
    }
    SysSystemMappingDto mapping = systemMappingService.get(roleSystem.getSystemMapping());
    // If roleSystem UID was not found, then we use default UID schema
    // attribute handling
    SysSchemaObjectClassDto objectClassDto = schemaObjectClassService.get(mapping.getObjectClass());
    SysSystemDto system = DtoUtils.getEmbedded(objectClassDto, SysSchemaObjectClass_.system, SysSystemDto.class);
    SysSystemAttributeMappingFilter systeAttributeMappingFilter = new SysSystemAttributeMappingFilter();
    systeAttributeMappingFilter.setSystemMappingId(mapping.getId());
    List<SysSystemAttributeMappingDto> schemaHandlingAttributes = systemAttributeMappingService.find(systeAttributeMappingFilter, null).getContent();
    SysSystemAttributeMappingDto uidAttribute = systemAttributeMappingService.getUidAttribute(schemaHandlingAttributes, system);
    return systemAttributeMappingService.generateUid(entity, uidAttribute);
}
Also used : DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) SysRoleSystem_(eu.bcvsolutions.idm.acc.entity.SysRoleSystem_) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) Autowired(org.springframework.beans.factory.annotation.Autowired) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) IdmIdentityRoleRepository(eu.bcvsolutions.idm.core.model.repository.IdmIdentityRoleRepository) MessageFormat(java.text.MessageFormat) ArrayList(java.util.ArrayList) AccAccountManagementService(eu.bcvsolutions.idm.acc.service.api.AccAccountManagementService) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) SysSystemMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemMappingService) AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto) IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole) SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) Service(org.springframework.stereotype.Service) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService) SysSchemaObjectClass_(eu.bcvsolutions.idm.acc.entity.SysSchemaObjectClass_) ImmutableMap(com.google.common.collect.ImmutableMap) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) Page(org.springframework.data.domain.Page) Collectors(java.util.stream.Collectors) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) CollectionUtils(org.springframework.util.CollectionUtils) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AccountType(eu.bcvsolutions.idm.acc.domain.AccountType) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) Optional(java.util.Optional) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) Assert(org.springframework.util.Assert) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)

Example 54 with IdmRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthorizationManagerIntegrationTest method testPredicate.

@Test
public void testPredicate() {
    loginAsAdmin(InitTestData.TEST_USER_1);
    // prepare role
    IdmRoleDto role = helper.createRole();
    helper.createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
    helper.createBasePolicy(role.getId(), IdmBasePermission.AUTOCOMPLETE);
    // prepare identity
    IdmIdentityDto identity = helper.createIdentity();
    identity.setPassword(new GuardedString("heslo"));
    identityService.save(identity);
    // assign role
    helper.createIdentityRole(identity, role);
    logout();
    // 
    // empty without login
    IdmRoleFilter filter = new IdmRoleFilter();
    assertEquals(0, roleService.find(filter, null, IdmBasePermission.READ).getTotalElements());
    assertEquals(0, roleService.find(filter, null, IdmBasePermission.AUTOCOMPLETE).getTotalElements());
    // 
    try {
        loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
        // 
        // evaluate	access
        assertEquals(1, roleService.find(filter, null, IdmBasePermission.READ).getTotalElements());
        assertEquals(roleService.find(null).getTotalElements(), roleService.find(filter, null, IdmBasePermission.AUTOCOMPLETE).getTotalElements());
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 55 with IdmRoleDto

use of eu.bcvsolutions.idm.core.api.dto.IdmRoleDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthorizationManagerIntegrationTest method testEvaluate.

@Test
public void testEvaluate() {
    loginAsAdmin(InitTestData.TEST_USER_1);
    // prepare role
    IdmRoleDto role = helper.createRole();
    helper.createBasePolicy(role.getId(), IdmBasePermission.READ);
    // prepare identity
    IdmIdentityDto identity = helper.createIdentity();
    identity.setPassword(new GuardedString("heslo"));
    identityService.save(identity);
    // assign role
    helper.createIdentityRole(identity, role);
    logout();
    // 
    // without login
    assertFalse(manager.evaluate(role, IdmBasePermission.READ));
    assertFalse(manager.evaluate(role, IdmBasePermission.UPDATE));
    assertFalse(manager.evaluate(role, IdmBasePermission.ADMIN));
    assertFalse(manager.evaluate(role, IdmBasePermission.AUTOCOMPLETE));
    // 
    try {
        loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
        // 
        // evaluate	access
        assertTrue(manager.evaluate(role, IdmBasePermission.READ));
        assertFalse(manager.evaluate(role, IdmBasePermission.UPDATE));
        assertFalse(manager.evaluate(role, IdmBasePermission.ADMIN));
        assertFalse(manager.evaluate(role, IdmBasePermission.AUTOCOMPLETE));
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)288 Test (org.junit.Test)227 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)209 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)159 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)99 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)74 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)59 AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)51 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)50 ArrayList (java.util.ArrayList)50 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)45 IdmAutomaticRoleAttributeDto (eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)44 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)44 List (java.util.List)40 WorkflowFilterDto (eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowFilterDto)37 WorkflowTaskInstanceDto (eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowTaskInstanceDto)36 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)35 UUID (java.util.UUID)35 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)32 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)32
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial