use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class PrepareConnectorObjectProcessor method updateAttribute.
/**
* Update attribute on resource by given handling attribute and mapped value
* in entity
*
* @param uid
* @param entity
* @param attributeMapping
* @param schemaAttribute
* @param connectorObject
*/
private IcAttribute updateAttribute(String uid, Object idmValue, SysSchemaAttributeDto schemaAttribute, IcConnectorObject existsConnectorObject, SysSystemDto system, ProvisioningAttributeDto provisioningAttributeDto) {
List<IcAttribute> icAttributes = existsConnectorObject.getAttributes();
//
Optional<IcAttribute> icAttributeOptional = icAttributes.stream().filter(ica -> {
return schemaAttribute.getName().equals(ica.getName());
}).findFirst();
IcAttribute icAttribute = null;
if (icAttributeOptional.isPresent()) {
icAttribute = icAttributeOptional.get();
}
return updateAttributeValue(uid, idmValue, schemaAttribute, icAttribute, icAttributes, system, provisioningAttributeDto.getTransformValueFromResourceScript(), provisioningAttributeDto.isSendAlways());
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class ProvisioningSendNotificationProcessor method process.
@Override
public EventResult<SysProvisioningOperationDto> process(EntityEvent<SysProvisioningOperationDto> event) {
SysProvisioningOperationDto provisioningOperation = event.getContent();
String uid = provisioningOperationService.getByProvisioningOperation(provisioningOperation).getUid();
IdmIdentityDto identity = null;
if (provisioningOperation.getEntityIdentifier() != null && SystemEntityType.IDENTITY == provisioningOperation.getEntityType()) {
identity = identityService.get(provisioningOperation.getEntityIdentifier());
}
// TODO: identity or email null, send message to actual log user?
if (identity != null && identity.getState() != IdentityState.CREATED) {
for (IcAttribute attribute : provisioningOperationService.getFullConnectorObject(provisioningOperation).getAttributes()) {
// TODO: send password always, when create?
if (attribute instanceof IcPasswordAttribute && attribute.getValue() != null) {
GuardedString password = ((IcPasswordAttribute) attribute).getPasswordValue();
//
// send message with new password to identity, topic has connection to templates
SysSystemDto system = systemService.get(provisioningOperation.getSystem());
notificationManager.send(AccModuleDescriptor.TOPIC_NEW_PASSWORD, new IdmMessageDto.Builder().setLevel(NotificationLevel.SUCCESS).addParameter("systemName", system.getName()).addParameter("uid", uid).addParameter("password", password).build(), identity);
break;
}
}
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class DefaultAccAuthenticator method authenticate.
@Override
public LoginDto authenticate(LoginDto loginDto) {
// temporary solution for get system id, this is not nice.
String systemCodeable = configurationService.getValue(PROPERTY_AUTH_SYSTEM_ID);
if (StringUtils.isEmpty(systemCodeable)) {
// without system can't check
return null;
}
//
SysSystemDto system = (SysSystemDto) lookupService.lookupDto(SysSystemDto.class, systemCodeable);
//
if (system == null) {
LOG.warn("System by codeable identifier [{}] not found. Check configuration property [{}]", systemCodeable, PROPERTY_AUTH_SYSTEM_ID);
// system doesn't exist
return null;
}
IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, loginDto.getUsername());
if (identity == null) {
throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", loginDto.getUsername()));
}
//
// search authentication attribute for system with provisioning mapping, only for identity
SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
//
if (attribute == null) {
// attribute MUST exist
throw new ResultCodeException(AccResultCode.AUTHENTICATION_AUTHENTICATION_ATTRIBUTE_DONT_SET, ImmutableMap.of("name", system.getName()));
}
//
// find if identity has account on system
List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
if (accounts.isEmpty()) {
// user hasn't account on system, continue
return null;
}
//
ResultCodeException authFailedException = null;
IcUidAttribute auth = null;
for (AccAccountDto account : accounts) {
SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass, SysSchemaObjectClassDto.class);
SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
//
if (connectorObject == null) {
continue;
}
//
String transformUsername = null;
// iterate over all attributes to find authentication attribute
for (IcAttribute icAttribute : connectorObject.getAttributes()) {
if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
transformUsername = String.valueOf(icAttribute.getValue());
break;
}
}
if (transformUsername == null) {
throw new ResultCodeException(AccResultCode.AUTHENTICATION_USERNAME_DONT_EXISTS, ImmutableMap.of("username", loginDto.getUsername(), "name", system.getName()));
}
// authentication over system, when password or username not exist or bad credentials - throw error
try {
// authentication against system
auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
authFailedException = null;
// check auth
if (auth == null || auth.getValue() == null) {
authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
// failed, continue to another
break;
}
// everything success break
break;
} catch (ResultCodeException e) {
// failed, continue to another
authFailedException = new ResultCodeException(CoreResultCode.AUTH_FAILED, "Invalid login or password.", e);
}
}
if (auth == null || auth.getValue() == null) {
authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
}
//
if (authFailedException != null) {
throw authFailedException;
}
String module = this.getModule();
loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, module);
LOG.info("Identity with username [{}] is authenticated by system [{}]", loginDto.getUsername(), system.getName());
return loginDto;
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class AbstractProvisioningExecutor method prepareProvisioningForAttribute.
private SysProvisioningOperationDto prepareProvisioningForAttribute(SysSystemEntityDto systemEntity, AttributeMapping attributeMapping, Object value, ProvisioningOperationType operationType, DTO dto) {
Assert.notNull(systemEntity);
Assert.notNull(systemEntity.getSystem());
Assert.notNull(systemEntity.getEntityType());
Assert.notNull(systemEntity.getUid());
Assert.notNull(attributeMapping);
SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attributeMapping);
if (!schemaAttributeDto.isUpdateable()) {
throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_NOT_UPDATEABLE, ImmutableMap.of("property", attributeMapping.getIdmPropertyName(), "uid", systemEntity.getUid()));
}
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(schemaAttributeDto.getObjectClass());
String objectClassName = schemaObjectClassDto.getObjectClassName();
// We do transformation to system if is attribute only constant
Object valueTransformed = value;
if (!attributeMapping.isEntityAttribute() && !attributeMapping.isExtendedAttribute()) {
// If is attribute handling resolve as constant, then we don't want
// do transformation again (was did in getAttributeValue)
} else {
valueTransformed = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, attributeMapping, dto);
}
IcAttribute icAttributeForCreate = attributeMappingService.createIcAttribute(schemaAttributeDto, valueTransformed);
//
// Call ic modul for update single attribute
IcConnectorObject connectorObject = new IcConnectorObjectImpl(systemEntity.getUid(), new IcObjectClassImpl(objectClassName), ImmutableList.of(icAttributeForCreate));
SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningEventType.UPDATE).setSystemEntity(systemEntity).setEntityIdentifier(dto == null ? null : dto.getId()).setProvisioningContext(new ProvisioningContext(connectorObject));
//
return operationBuilder.build();
}
use of eu.bcvsolutions.idm.ic.api.IcAttribute in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method updateExtendedAttributes.
/**
* Update extended attribute for given entity. Entity must be persisted first.
*
* @param mappedAttributes
* @param uid
* @param icAttributes
* @param entity
* @param create
* (is create or update entity situation)
* @param context
* @return
*/
@SuppressWarnings("unchecked")
protected DTO updateExtendedAttributes(List<SysSystemAttributeMappingDto> mappedAttributes, String uid, List<IcAttribute> icAttributes, DTO dto, boolean create, SynchronizationContext context) {
mappedAttributes.stream().filter(attribute -> {
// Skip disabled attributes
// Only for extended attributes
boolean fastResult = !attribute.isDisabledAttribute() && attribute.isExtendedAttribute();
if (!fastResult) {
return false;
}
// Can be value set by attribute strategy?
return this.canSetValue(uid, attribute, dto, create);
}).forEach(attribute -> {
String attributeProperty = attribute.getIdmPropertyName();
Object transformedValue = getValueByMappedAttribute(attribute, icAttributes, context);
// Save to extended attribute
if (!formService.isFormable(dto.getClass())) {
String message = MessageFormat.format("Entity [{0}] is not instance of fromable entity!", dto.getId());
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_ERROR_DURING_SYNC_ITEM, ImmutableMap.of("uid", uid, "message", message));
}
IdmFormAttributeDto defAttribute = formService.getDefinition(dto.getClass()).getMappedAttributeByCode(attributeProperty);
if (defAttribute == null) {
// eav definition could be changed
String message = MessageFormat.format("Form attribute defininion [{0}] was not found!", attributeProperty);
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_ERROR_DURING_SYNC_ITEM, ImmutableMap.of("uid", uid, "message", message));
}
if (transformedValue instanceof List<?>) {
((List<?>) transformedValue).stream().forEach(value -> {
if (value != null && !(value instanceof Serializable)) {
String message = MessageFormat.format("Value is not serializable [{0}] for attribute [{1}] and UID [{2}]!", value, attribute, uid);
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_ERROR_DURING_SYNC_ITEM, ImmutableMap.of("uid", uid, "message", message));
}
});
formService.saveValues(dto, defAttribute, (List<Serializable>) transformedValue);
} else {
formService.saveValues(dto, defAttribute, Lists.newArrayList((Serializable) transformedValue));
}
});
return dto;
}
Aggregations