Example 86 with IdmIdentityRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter in project CzechIdMng by bcvsolutions.
the class IdmRequestIdentityRoleServiceIntegrationTest method testUniqueConceptValidation.
@Test(expected = InvalidFormException.class)
public void testUniqueConceptValidation() {
// Create role with attribute (include the sub-definition)
IdmRoleDto role = createRoleWithAttributes(true);
IdmRoleFormAttributeFilter filter = new IdmRoleFormAttributeFilter();
filter.setRole(role.getId());
List<IdmRoleFormAttributeDto> list = roleFormAttributeService.find(filter, null).getContent();
Assert.assertEquals(2, list.size());
IdmFormDefinitionDto formAttributeSubdefinition = roleService.getFormAttributeSubdefinition(role);
Assert.assertEquals(2, formAttributeSubdefinition.getFormAttributes().size());
// Delete IP attribute from the sub-definition
list.stream().filter(roleFormAttributeDto -> {
IdmFormAttributeDto formAttributeDto = DtoUtils.getEmbedded(roleFormAttributeDto, IdmRoleFormAttribute_.formAttribute.getName(), IdmFormAttributeDto.class);
return formAttributeDto.getCode().equals(IP);
}).forEach(roleFormAttributeDto -> roleFormAttributeService.delete(roleFormAttributeDto));
formAttributeSubdefinition = roleService.getFormAttributeSubdefinition(role);
Assert.assertEquals(1, formAttributeSubdefinition.getFormAttributes().size());
Assert.assertEquals(NUMBER_OF_FINGERS, formAttributeSubdefinition.getFormAttributes().get(0).getCode());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity);
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityContractId(contract.getId());
List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(identityRoleFilter, null).getContent();
assertEquals(0, identityRoles.size());
// Create request identity-role
IdmRequestIdentityRoleDto createdRequestIdentityRole = new IdmRequestIdentityRoleDto();
createdRequestIdentityRole.setIdentityContract(contract.getId());
// Change the valid from
createdRequestIdentityRole.setValidFrom(LocalDate.now());
createdRequestIdentityRole.setRole(role.getId());
// Create role attribute value in concept
IdmFormDefinitionDto formDefinitionDto = roleService.getFormAttributeSubdefinition(role);
IdmFormInstanceDto formInstanceDto = new IdmFormInstanceDto();
IdmFormAttributeDto attribute = formDefinitionDto.getMappedAttributeByCode(NUMBER_OF_FINGERS);
IdmFormValueDto formValueDto = new IdmFormValueDto(attribute);
formValueDto.setValue(5);
List<IdmFormValueDto> values = Lists.newArrayList(formValueDto);
formInstanceDto.setValues(values);
List<IdmFormInstanceDto> forms = Lists.newArrayList(formInstanceDto);
createdRequestIdentityRole.setEavs(forms);
createdRequestIdentityRole = requestIdentityRoleService.save(createdRequestIdentityRole);
IdmRoleRequestDto request = roleRequestService.get(createdRequestIdentityRole.getRoleRequest(), new IdmRoleRequestFilter(true));
Assert.assertNotNull(request);
// Execute a role-request.
getHelper().executeRequest(request, false, true);
IdmRequestIdentityRoleFilter filterRequestIdentityRole = new IdmRequestIdentityRoleFilter();
filterRequestIdentityRole.setIdentityId(identity.getId());
filterRequestIdentityRole.setRoleRequestId(request.getId());
// Include EAV attributes
filterRequestIdentityRole.setIncludeEav(true);
// Check EAV value in the request-identity-role
List<IdmRequestIdentityRoleDto> requestIdentityRoles = requestIdentityRoleService.find(filterRequestIdentityRole, null).getContent();
Assert.assertEquals(1, requestIdentityRoles.size());
Assert.assertEquals(role.getId(), requestIdentityRoles.get(0).getRole());
Assert.assertEquals(1, requestIdentityRoles.get(0).getEavs().size());
IdmFormInstanceDto formInstance = requestIdentityRoles.get(0).getEavs().get(0);
Assert.assertEquals(1, formInstance.getValues().size());
IdmFormValueDto formValue = formInstance.getValues().get(0);
Serializable value = formValue.getValue();
Assert.assertEquals(((BigDecimal) formValueDto.getValue()).longValue(), ((BigDecimal) value).longValue());
IdmFormAttributeDto mappedAttribute = formInstance.getMappedAttribute(formValue.getFormAttribute());
Assert.assertNotNull(mappedAttribute);
Assert.assertNull(formInstance.getValidationErrors());
identityRoles = identityRoleService.find(identityRoleFilter, null).getContent();
assertEquals(1, identityRoles.size());
// Create request identity-role
createdRequestIdentityRole = new IdmRequestIdentityRoleDto();
createdRequestIdentityRole.setIdentityContract(contract.getId());
// Change the valid from
createdRequestIdentityRole.setValidFrom(LocalDate.now());
createdRequestIdentityRole.setRole(role.getId());
// Create role attribute value in concept
formDefinitionDto = roleService.getFormAttributeSubdefinition(role);
formInstanceDto = new IdmFormInstanceDto();
attribute = formDefinitionDto.getMappedAttributeByCode(NUMBER_OF_FINGERS);
formValueDto = new IdmFormValueDto(attribute);
formValueDto.setValue(5);
values = Lists.newArrayList(formValueDto);
formInstanceDto.setValues(values);
forms = Lists.newArrayList(formInstanceDto);
createdRequestIdentityRole.setEavs(forms);
requestIdentityRoleService.save(createdRequestIdentityRole);
}
Also used :
IdmRoleFormAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleFormAttributeDto)
DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils)
IdmRequestIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestIdentityRoleDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
FormService(eu.bcvsolutions.idm.core.eav.api.service.FormService)
IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService)
BigDecimal(java.math.BigDecimal)
IdmFormValueDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormValueDto)
IdmRequestIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmRequestIdentityRoleService)
After(org.junit.After)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
Set(java.util.Set)
UUID(java.util.UUID)
InvalidFormException(eu.bcvsolutions.idm.core.api.exception.InvalidFormException)
Serializable(java.io.Serializable)
List(java.util.List)
LocalDate(java.time.LocalDate)
IdmRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmRoleFormAttribute_(eu.bcvsolutions.idm.core.model.entity.IdmRoleFormAttribute_)
IdmRoleFormAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleFormAttributeDto)
PersistentType(eu.bcvsolutions.idm.core.eav.api.domain.PersistentType)
Lists(com.google.common.collect.Lists)
IdmIdentityRole(eu.bcvsolutions.idm.core.model.entity.IdmIdentityRole)
Sets(org.mockito.internal.util.collections.Sets)
ImmutableList(com.google.common.collect.ImmutableList)
IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
IdmFormInstanceDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleFormAttributeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFormAttributeFilter)
Before(org.junit.Before)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState)
Test(org.junit.Test)
IdmRoleFormAttributeService(eu.bcvsolutions.idm.core.api.service.IdmRoleFormAttributeService)
IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
Assert.assertNull(org.junit.Assert.assertNull)
IdmRequestIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestIdentityRoleFilter)
Assert(org.junit.Assert)
ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation)
Assert.assertEquals(org.junit.Assert.assertEquals)
Transactional(org.springframework.transaction.annotation.Transactional)
IdmFormInstanceDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormInstanceDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
Serializable(java.io.Serializable)
IdmRequestIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRequestIdentityRoleDto)
IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
IdmRoleFormAttributeFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFormAttributeFilter)
IdmRequestIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRequestIdentityRoleFilter)
IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)
IdmFormValueDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormValueDto)
IdmRoleRequestFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleRequestFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 87 with IdmIdentityRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter in project CzechIdMng by bcvsolutions.
the class IdentityAccountManagementTest method overloadedAttributeRemoveAllRoles.
@Transactional
@Test
public void overloadedAttributeRemoveAllRoles() {
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
Assert.assertNotNull("Account for this identity have to be found!", helper.findResource("x" + IDENTITY_USERNAME));
AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
iaccFilter.setSystemId(systemService.getByCode(SYSTEM_NAME).getId());
iaccFilter.setIdentityId(identity.getId());
// Now we have to identity roles (role_overloading_first_name and
// role_overloading_last_name and role_overloading_y_account) and
// identity accounts
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
Assert.assertEquals("Idenitity accounts have to exists (three items - override by password from version 9.3.0 is not possiblem ) after account management was started!", 3, identityAccounts.size());
IdmIdentityRoleFilter irfilter = new IdmIdentityRoleFilter();
irfilter.setIdentityId(identity.getId());
identityRoleService.find(irfilter, null).getContent().forEach(identityRole -> {
identityRoleService.delete(identityRole);
});
Assert.assertEquals("Idenitity accounts have to not exist after accounts deleted!", 0, identityAccountService.find(iaccFilter, null).getContent().size());
}
Also used :
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 88 with IdmIdentityRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupProvisioning.
@Test
public void testRoleInCrossDomainGroupProvisioning() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(true);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning NOT contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals(0, ((List<?>) ldapGroupsValue).size());
// Delete old provisioning.
provisioningOperationService.delete(provisioningOperationDto);
// Assign no-login role.
roleRequestDto = getHelper().assignRoles(contract, false, noLoginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
provisioningOperationDto = provisioningOperationDtos.stream().max(Comparator.comparing(SysProvisioningOperationDto::getCreated)).get();
provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
assertEquals(1, identityRoleService.count(identityRoleFilter));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
getHelper().deleteRole(noLoginRole.getId());
}
Also used :
IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
GuardedString(org.identityconnectors.common.security.GuardedString)
IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)
SysRoleSystemService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemService)
After(org.junit.After)
SecurityUtil(org.identityconnectors.common.security.SecurityUtil)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType)
SysProvisioningOperationService(eu.bcvsolutions.idm.acc.service.api.SysProvisioningOperationService)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
IdmRoleCompositionService(eu.bcvsolutions.idm.core.api.service.IdmRoleCompositionService)
UUID(java.util.UUID)
StandardCharsets(java.nio.charset.StandardCharsets)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
List(java.util.List)
AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService)
ConnectorManager(eu.bcvsolutions.idm.acc.service.api.ConnectorManager)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
Assert.assertFalse(org.junit.Assert.assertFalse)
AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
SysSchemaObjectClassService(eu.bcvsolutions.idm.acc.service.api.SysSchemaObjectClassService)
IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService)
IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService)
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
ProvisioningEventType(eu.bcvsolutions.idm.acc.domain.ProvisioningEventType)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
MessageFormat(java.text.MessageFormat)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
IcObjectClassInfo(eu.bcvsolutions.idm.ic.api.IcObjectClassInfo)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)
IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
ConnectorTypeDto(eu.bcvsolutions.idm.acc.dto.ConnectorTypeDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
SysSystemGroupSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupSystemService)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
IcAttributeInfo(eu.bcvsolutions.idm.ic.api.IcAttributeInfo)
Before(org.junit.Before)
SysRoleSystemAttributeService(eu.bcvsolutions.idm.acc.service.api.SysRoleSystemAttributeService)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
SysSystemService(eu.bcvsolutions.idm.acc.service.api.SysSystemService)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
Assert.assertTrue(org.junit.Assert.assertTrue)
RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState)
Test(org.junit.Test)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
SysSystemGroupService(eu.bcvsolutions.idm.acc.service.api.SysSystemGroupService)
SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)
SysSchemaAttributeService(eu.bcvsolutions.idm.acc.service.api.SysSchemaAttributeService)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SystemGroupType(eu.bcvsolutions.idm.acc.domain.SystemGroupType)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
Assert.assertNull(org.junit.Assert.assertNull)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison)
IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_)
BaseDto(eu.bcvsolutions.idm.core.api.dto.BaseDto)
TestHelper(eu.bcvsolutions.idm.acc.TestHelper)
Comparator(java.util.Comparator)
SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService)
Assert.assertEquals(org.junit.Assert.assertEquals)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 89 with IdmIdentityRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testDisableDefaultAccountCreationForBusinessRole.
@Test
public void testDisableDefaultAccountCreationForBusinessRole() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
IdmRoleDto parentNoLoginRole = helper.createRole();
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(false);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setCreateAccountByDefault(Boolean.FALSE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
IdmRoleCompositionDto roleComposition = getHelper().createRoleComposition(parentNoLoginRole, noLoginRole);
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
// Assign parent role.
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, parentNoLoginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNull(roleRequestDto.getSystemState());
assertEquals(1, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
roleCompositionService.delete(roleComposition);
getHelper().deleteRole(noLoginRole.getId());
getHelper().deleteRole(parentNoLoginRole.getId());
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
IdmRoleCompositionDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCompositionDto)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 90 with IdmIdentityRoleFilter
use of eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testRoleInCrossDomainGroupCannotCreateAccountForAutomaticRole.
@Test
public void testRoleInCrossDomainGroupCannotCreateAccountForAutomaticRole() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates no-login role.
IdmRoleDto noLoginRole = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(noLoginRole, systemDto);
roleSystem.setCreateAccountByDefault(true);
roleSystemService.save(roleSystem);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(noLoginRole.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
String automaticRoleValue = getHelper().createName();
IdmAutomaticRoleAttributeDto automaticRole = getHelper().createAutomaticRole(noLoginRole.getId());
getHelper().createAutomaticRoleRule(automaticRole.getId(), AutomaticRoleAttributeRuleComparison.EQUALS, AutomaticRoleAttributeRuleType.IDENTITY, IdmIdentity_.description.getName(), null, automaticRoleValue);
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().getPrimeContract(identity.getId());
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setIdentityId(identity.getId());
identityRoleFilter.setRoleId(noLoginRole.getId());
assertEquals(0, identityRoleService.count(identityRoleFilter));
// Assign automatic role.
identity.setDescription(automaticRoleValue);
identityService.save(identity);
assertEquals(1, identityRoleService.count(identityRoleFilter));
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
assertEquals(0, identityAccountService.find(identityAccountFilter, null).getContent().size());
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, false, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
assertEquals(1, identityAccountService.find(identityAccountFilter, null).getContent().size());
// Check if provisioning contains ldapGroups attribute with value ('ONE') from the role.
SysProvisioningOperationFilter provisioningOperationFilter = new SysProvisioningOperationFilter();
provisioningOperationFilter.setSystemId(systemDto.getId());
provisioningOperationFilter.setEntityType(SystemEntityType.IDENTITY);
provisioningOperationFilter.setEntityIdentifier(identity.getId());
List<SysProvisioningOperationDto> provisioningOperationDtos = provisioningOperationService.find(provisioningOperationFilter, null).getContent();
assertEquals(1, provisioningOperationDtos.size());
SysProvisioningOperationDto provisioningOperationDto = provisioningOperationDtos.stream().findFirst().get();
ProvisioningAttributeDto provisioningAttributeLdapGroupsDto = provisioningOperationDto.getProvisioningContext().getAccountObject().keySet().stream().filter(provisioningAtt -> MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE.equals(provisioningAtt.getSchemaAttributeName())).findFirst().get();
assertNotNull(provisioningAttributeLdapGroupsDto);
Object ldapGroupsValue = provisioningOperationDto.getProvisioningContext().getAccountObject().get(provisioningAttributeLdapGroupsDto);
assertEquals("ONE", ((List<?>) ldapGroupsValue).get(0));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
getHelper().deleteIdentity(identity.getId());
automaticRoleAttributeService.delete(automaticRole);
getHelper().deleteRole(noLoginRole.getId());
}
Also used :
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType)
ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType)
SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)
SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto)
SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
GuardedString(org.identityconnectors.common.security.GuardedString)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto)
IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)
SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)
AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)
SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Aggregations
IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)116
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)85
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)84
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)81
Test (org.junit.Test)72
IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)67
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)46
UUID (java.util.UUID)41
IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)39
IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)38
List (java.util.List)38
Autowired (org.springframework.beans.factory.annotation.Autowired)38
IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)33
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)31
LocalDate (java.time.LocalDate)31
Assert (org.junit.Assert)28
IdmRoleService (eu.bcvsolutions.idm.core.api.service.IdmRoleService)27
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)25
IdmAutomaticRoleAttributeDto (eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto)25
IdmFormAttributeDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)25
