use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class PrepareConnectorObjectProcessor method processCreate.
/**
* Create object on target system
*
* @param provisioningOperation
* @param connectorConfig
*/
private void processCreate(SysProvisioningOperationDto provisioningOperation) {
SysSystemDto system = systemService.get(provisioningOperation.getSystem());
ProvisioningContext provisioningContext = provisioningOperation.getProvisioningContext();
IcConnectorObject connectorObject = provisioningContext.getConnectorObject();
//
// prepare provisioning attributes from account attributes
Map<ProvisioningAttributeDto, Object> fullAccountObject = provisioningOperationService.getFullAccountObject(provisioningOperation);
if (fullAccountObject != null) {
connectorObject.getAttributes().clear();
SysSystemMappingDto mapping = getMapping(system, provisioningOperation.getEntityType());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(mapping.getObjectClass());
List<SysSchemaAttributeDto> schemaAttributes = findSchemaAttributes(system, schemaObjectClassDto);
for (Entry<ProvisioningAttributeDto, Object> entry : fullAccountObject.entrySet()) {
ProvisioningAttributeDto provisioningAttribute = entry.getKey();
Optional<SysSchemaAttributeDto> schemaAttributeOptional = schemaAttributes.stream().filter(schemaAttribute -> {
return provisioningAttribute.getSchemaAttributeName().equals(schemaAttribute.getName());
}).findFirst();
if (!schemaAttributeOptional.isPresent()) {
throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_FOUND, ImmutableMap.of("attribute", provisioningAttribute.getSchemaAttributeName()));
}
Object idmValue = fullAccountObject.get(provisioningAttribute);
SysSchemaAttributeDto schemaAttribute = schemaAttributeOptional.get();
if (provisioningAttribute.isSendOnlyIfNotNull()) {
if (this.isValueEmpty(idmValue)) {
// Skip this attribute (marked with flag sendOnlyIfNotNull), because IdM value is null
continue;
}
}
if (AttributeMappingStrategyType.CREATE == provisioningAttribute.getStrategyType() || AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttribute.getStrategyType()) {
boolean existSetAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.SET == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
boolean existIfResourceNulltAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
boolean existMergeAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.MERGE == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
boolean existAuthMergeAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.AUTHORITATIVE_MERGE == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
if (AttributeMappingStrategyType.CREATE == provisioningAttribute.getStrategyType()) {
if (existIfResourceNulltAttribute || existSetAttribute || existAuthMergeAttribute || existMergeAttribute) {
// (this strategies has higher priority)
continue;
}
}
if (AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttribute.getStrategyType()) {
if (existSetAttribute || existAuthMergeAttribute || existMergeAttribute) {
// (this strategies has higher priority)
continue;
}
}
}
IcAttribute createdAttribute = createAttribute(schemaAttribute, fullAccountObject.get(provisioningAttribute));
if (createdAttribute != null) {
connectorObject.getAttributes().add(createdAttribute);
}
}
provisioningContext.setConnectorObject(connectorObject);
}
provisioningOperation.setOperationType(ProvisioningEventType.CREATE);
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class PrepareConnectorObjectProcessor method processUpdate.
@SuppressWarnings("unchecked")
private void processUpdate(SysProvisioningOperationDto provisioningOperation, IcConnectorConfiguration connectorConfig, IcConnectorObject existsConnectorObject) {
SysSystemDto system = systemService.get(provisioningOperation.getSystem());
String systemEntityUid = provisioningOperationService.getByProvisioningOperation(provisioningOperation).getUid();
ProvisioningContext provisioningContext = provisioningOperation.getProvisioningContext();
IcConnectorObject connectorObject = provisioningContext.getConnectorObject();
IcObjectClass objectClass = connectorObject.getObjectClass();
//
IcConnectorObject updateConnectorObject;
if (provisioningContext.getAccountObject() == null) {
updateConnectorObject = connectorObject;
} else {
Map<ProvisioningAttributeDto, Object> fullAccountObject = provisioningOperationService.getFullAccountObject(provisioningOperation);
updateConnectorObject = new IcConnectorObjectImpl(systemEntityUid, objectClass, null);
SysSystemMappingDto mapping = getMapping(system, provisioningOperation.getEntityType());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(mapping.getObjectClass());
List<SysSchemaAttributeDto> schemaAttributes = findSchemaAttributes(system, schemaObjectClassDto);
SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
filter.setEntityIdentifier(provisioningOperation.getEntityIdentifier());
filter.setEntityType(provisioningOperation.getEntityType());
filter.setResultState(OperationState.EXECUTED);
SysProvisioningArchiveDto lastSuccessEntity = null;
for (Entry<ProvisioningAttributeDto, Object> entry : fullAccountObject.entrySet()) {
ProvisioningAttributeDto provisioningAttribute = entry.getKey();
Optional<SysSchemaAttributeDto> schemaAttributeOptional = schemaAttributes.stream().filter(schemaAttribute -> {
return provisioningAttribute.getSchemaAttributeName().equals(schemaAttribute.getName());
}).findFirst();
if (!schemaAttributeOptional.isPresent()) {
throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_FOUND, ImmutableMap.of("attribute", provisioningAttribute.getSchemaAttributeName()));
}
SysSchemaAttributeDto schemaAttribute = schemaAttributeOptional.get();
if (schemaAttribute.isUpdateable()) {
if (schemaAttribute.isReturnedByDefault()) {
Object idmValue = fullAccountObject.get(provisioningAttribute);
IcAttribute attribute = existsConnectorObject.getAttributeByName(schemaAttribute.getName());
Object connectorValue = attribute != null ? (attribute.isMultiValue() ? attribute.getValues() : attribute.getValue()) : null;
Object resultValue = idmValue;
if (AttributeMappingStrategyType.CREATE == provisioningAttribute.getStrategyType()) {
// We do update, attributes with create strategy will be skipped
continue;
}
if (provisioningAttribute.isSendOnlyIfNotNull()) {
if (this.isValueEmpty(idmValue)) {
// Skip this attribute (marked with flag sendOnlyIfNotNull), because idm value is null
continue;
}
}
if (AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttribute.getStrategyType()) {
boolean existSetAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.SET == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
boolean existMergeAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.MERGE == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
boolean existAuthMergeAttribute = fullAccountObject.keySet().stream().filter(provisioningAttributeKey -> {
return provisioningAttributeKey.getSchemaAttributeName().equals(schemaAttribute.getName()) && AttributeMappingStrategyType.AUTHORITATIVE_MERGE == provisioningAttributeKey.getStrategyType();
}).findFirst().isPresent();
if (AttributeMappingStrategyType.WRITE_IF_NULL == provisioningAttribute.getStrategyType()) {
List<IcAttribute> icAttributes = existsConnectorObject.getAttributes();
//
Optional<IcAttribute> icAttributeOptional = icAttributes.stream().filter(ica -> {
return schemaAttribute.getName().equals(ica.getName());
}).findFirst();
IcAttribute icAttribute = null;
if (icAttributeOptional.isPresent()) {
icAttribute = icAttributeOptional.get();
}
// We need do transform from resource first
Object transformedConnectorValue = this.transformValueFromResource(provisioningAttribute.getTransformValueFromResourceScript(), schemaAttribute, icAttribute, icAttributes, system);
if (transformedConnectorValue != null || existSetAttribute || existAuthMergeAttribute || existMergeAttribute) {
// or exists same attribute with SET/MERGE/AUTH_MERGE strategy (this strategies has higher priority)
continue;
}
}
}
if (AttributeMappingStrategyType.MERGE == provisioningAttribute.getStrategyType()) {
// Load last provisioning history
if (lastSuccessEntity == null) {
List<SysProvisioningArchiveDto> lastSuccessEntities = provisioningArchiveService.find(filter, new PageRequest(0, 1, new Sort(Direction.DESC, MODIFIED_FIELD_NAME))).getContent();
if (!lastSuccessEntities.isEmpty()) {
lastSuccessEntity = lastSuccessEntities.get(0);
}
}
// Merge IdM values with connector values
if (connectorValue instanceof List) {
List<Object> connectorValues = new ArrayList<>((List<Object>) connectorValue);
List<Object> idmValues = null;
if (idmValue instanceof List) {
idmValues = (List<Object>) idmValue;
}
if (idmValues != null) {
idmValues.stream().forEach(value -> {
if (!connectorValues.contains(value)) {
connectorValues.add(value);
}
});
}
resultValue = connectorValues;
}
// Delete missing values by last provisioning history
if (lastSuccessEntity != null && lastSuccessEntity.getProvisioningContext() != null && lastSuccessEntity.getProvisioningContext().getAccountObject() != null && lastSuccessEntity.getProvisioningContext().getAccountObject().containsKey(provisioningAttribute)) {
Object oldValue = lastSuccessEntity.getProvisioningContext().getAccountObject().get(provisioningAttribute);
if (oldValue instanceof List) {
if (!oldValue.equals(idmValue)) {
// Search all deleted values (managed by IdM) by founded last provisioning values
List<?> deletedValues = ((List<?>) oldValue).stream().filter(value -> {
List<?> idmValues = null;
if (idmValue instanceof List) {
idmValues = (List<?>) idmValue;
}
if (idmValues != null && idmValues.contains(value)) {
return false;
}
return true;
}).collect(Collectors.toList());
if (resultValue instanceof List) {
List<?> resultValues = new ArrayList<>((List<Object>) resultValue);
// Remove all deleted values (managed by IdM)
resultValues.removeAll(deletedValues);
resultValue = resultValues;
}
}
}
}
}
// Update attribute on resource by given mapping
// attribute and mapped value in entity
IcAttribute updatedAttribute = updateAttribute(systemEntityUid, resultValue, schemaAttribute, existsConnectorObject, system, provisioningAttribute);
if (updatedAttribute != null) {
updateConnectorObject.getAttributes().add(updatedAttribute);
}
} else {
// filled values only
if (fullAccountObject.get(provisioningAttribute) != null) {
IcAttribute createdAttribute = createAttribute(schemaAttribute, fullAccountObject.get(provisioningAttribute));
if (createdAttribute != null) {
updateConnectorObject.getAttributes().add(createdAttribute);
}
}
}
}
}
}
//
provisioningOperation.getProvisioningContext().setConnectorObject(updateConnectorObject);
provisioningOperation.setOperationType(ProvisioningEventType.UPDATE);
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class ProvisioningCreateProcessor method processInternal.
@Override
public IcUidAttribute processInternal(SysProvisioningOperationDto provisioningOperation, IcConnectorConfiguration connectorConfig) {
// get system for password policy
SysSystemDto system = systemService.get(provisioningOperation.getSystem());
// execute provisioning
IcConnectorObject connectorObject = provisioningOperation.getProvisioningContext().getConnectorObject();
for (IcAttribute attribute : connectorObject.getAttributes()) {
// if attribute is password and his value is empty, generate new password
if (attribute instanceof IcPasswordAttribute && ((IcPasswordAttribute) attribute).getPasswordValue() == null) {
UUID passwordPolicyId = system.getPasswordPolicyGenerate();
//
String password = null;
if (passwordPolicyId == null) {
LOG.debug("Generate password policy for system [{}], not found. Password will be generate by default password policy", system.getCode());
password = passwordPolicyService.generatePasswordByDefault();
} else {
LOG.debug("Generate password policy for system [{}] found", system.getCode());
password = passwordPolicyService.generatePassword(passwordPolicyService.get(passwordPolicyId));
}
//
connectorObject.getAttributes().remove(attribute);
connectorObject.getAttributes().add(new IcPasswordAttributeImpl(ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME, new GuardedString(password)));
break;
}
}
//
IcUidAttribute icUid = connectorFacade.createObject(systemService.getConnectorInstance(system), connectorConfig, connectorObject.getObjectClass(), connectorObject.getAttributes());
//
// set connector object back to provisioning context
provisioningOperation.getProvisioningContext().setConnectorObject(connectorObject);
// has to be first - we need to replace guarded strings before systemEntityService.save(systemEntity)
provisioningOperation = provisioningOperationService.save(provisioningOperation);
return icUid;
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method updateConfidentialAttributes.
/**
* Update confidential attribute for given entity. Entity must be persisted
* first.
*
* @param mappedAttributes
* @param uid
* @param icAttributes
* @param entity
* @param create
* (is create or update entity situation)
* @param context
* @return
*/
protected DTO updateConfidentialAttributes(List<SysSystemAttributeMappingDto> mappedAttributes, String uid, List<IcAttribute> icAttributes, DTO dto, boolean create, SynchronizationContext context) {
mappedAttributes.stream().filter(attribute -> {
// Skip disabled attributes
// Only for confidential attribute
boolean fastResult = !attribute.isDisabledAttribute() && attribute.isConfidentialAttribute();
if (!fastResult) {
return false;
}
// Can be value set by attribute strategy?
return this.canSetValue(uid, attribute, dto, create);
}).forEach(attribute -> {
String attributeProperty = attribute.getIdmPropertyName();
Object transformedValue = getValueByMappedAttribute(attribute, icAttributes, context);
// secured storage
if (!(transformedValue == null || transformedValue instanceof GuardedString)) {
throw new ProvisioningException(AccResultCode.CONFIDENTIAL_VALUE_IS_NOT_GUARDED_STRING, ImmutableMap.of("property", attributeProperty, "class", transformedValue.getClass().getName()));
}
confidentialStorage.saveGuardedString(dto.getId(), dto.getClass(), attribute.getIdmPropertyName(), (GuardedString) transformedValue);
});
return dto;
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method doItemSynchronization.
@Override
public boolean doItemSynchronization(SynchronizationContext context) {
Assert.notNull(context);
String uid = context.getUid();
IcConnectorObject icObject = context.getIcObject();
IcSyncDeltaTypeEnum type = context.getType();
AbstractSysSyncConfigDto config = context.getConfig();
SysSystemDto system = context.getSystem();
SystemEntityType entityType = context.getEntityType();
AccAccountDto account = context.getAccount();
SysSyncLogDto log = context.getLog();
SysSyncItemLogDto logItem = context.getLogItem();
List<SysSyncActionLogDto> actionLogs = context.getActionLogs();
// Set default unknown action type
context.addActionType(SynchronizationActionType.UNKNOWN);
try {
// Find system entity for uid
SysSystemEntityDto systemEntity = findSystemEntity(uid, system, entityType);
context.addSystemEntity(systemEntity);
// Find acc account for uid or system entity
if (account == null) {
account = findAccount(context);
if (systemEntity == null) {
addToItemLog(logItem, "SystemEntity for this uid doesn't exist. We will create it.");
systemEntity = createSystemEntity(uid, entityType, system);
}
}
context.addSystemEntity(systemEntity).addAccount(account);
if (IcSyncDeltaTypeEnum.CREATE == type || IcSyncDeltaTypeEnum.UPDATE == type || IcSyncDeltaTypeEnum.CREATE_OR_UPDATE == type) {
// Update or create
Assert.notNull(icObject);
List<IcAttribute> icAttributes = icObject.getAttributes();
if (account == null) {
// Account doesn't exist in IDM
resolveAccountNotExistSituation(context, systemEntity, icAttributes);
} else {
// Account exist in IdM (LINKED)
context.addActionType(config.getLinkedAction().getAction());
SynchronizationSituationType situation = SynchronizationSituationType.LINKED;
if (StringUtils.hasLength(config.getLinkedActionWfKey())) {
SynchronizationLinkedActionType linkedAction = config.getLinkedAction();
SynchronizationActionType action = linkedAction.getAction();
// We will start specific workflow
startWorkflow(config.getLinkedActionWfKey(), situation, action, null, context);
} else {
resolveLinkedSituation(config.getLinkedAction(), context);
}
addToItemLog(logItem, "Account exist in IdM (LINKED) - ended");
}
} else if (IcSyncDeltaTypeEnum.DELETE == type) {
// Missing account situation, can be call from connector
// (support delete account event) and from reconciliation
context.addActionType(config.getMissingAccountAction().getAction());
SynchronizationSituationType situation = SynchronizationSituationType.MISSING_ACCOUNT;
if (StringUtils.hasLength(config.getMissingAccountActionWfKey())) {
ReconciliationMissingAccountActionType missingAccountActionType = config.getMissingAccountAction();
SynchronizationActionType action = missingAccountActionType.getAction();
// We will start specific workflow
startWorkflow(config.getMissingAccountActionWfKey(), situation, action, null, context);
} else {
// Resolve missing account situation for one item
this.resolveMissingAccountSituation(config.getMissingAccountAction(), context);
}
} else if (context.isExportAction()) {
// Export situation - create account to system
this.resolveUnlinkedSituation(SynchronizationUnlinkedActionType.LINK_AND_UPDATE_ACCOUNT, context);
}
// Call hard hibernate session flush and clear
if (getHibernateSession().isOpen()) {
getHibernateSession().flush();
getHibernateSession().clear();
}
return true;
} catch (Exception e) {
loggingException(context.getActionType(), log, logItem, actionLogs, uid, e);
throw e;
}
}
Aggregations