Search in sources :

Example 21 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class ProvisioningUpdateProcessor method processInternal.

@Override
public IcUidAttribute processInternal(SysProvisioningOperationDto provisioningOperation, IcConnectorConfiguration connectorConfig) {
    String uid = provisioningOperationService.getByProvisioningOperation(provisioningOperation).getUid();
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject connectorObject = provisioningOperation.getProvisioningContext().getConnectorObject();
    if (!connectorObject.getAttributes().isEmpty()) {
        SysSystemDto system = systemService.get(provisioningOperation.getSystem());
        return connectorFacade.updateObject(systemService.getConnectorInstance(system), connectorConfig, connectorObject.getObjectClass(), uidAttribute, connectorObject.getAttributes());
    } else {
    // TODO: appropriate message - provisioning is not executed - attributes don't change
    // Operation was logged only. Provisioning was not executes, because attributes does'nt change.
    }
    return null;
}
Also used : IcUidAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcUidAttributeImpl) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)

Example 22 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class AccAccountController method getConnectorObject.

@ResponseBody
@PreAuthorize("hasAuthority('" + AccGroupPermission.SYSTEM_READ + "')")
@RequestMapping(value = "/{backendId}/connector-object", method = RequestMethod.GET)
@ApiOperation(value = "Connector object for the account. Contains only attributes for witch have a schema attribute definitons.", nickname = "getConnectorObject", response = IcConnectorObject.class, tags = { SysSystemEntityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = AccGroupPermission.SYSTEM_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = AccGroupPermission.SYSTEM_READ, description = "") }) })
public ResponseEntity<IcConnectorObject> getConnectorObject(@ApiParam(value = "Account's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
    AccAccountDto account = this.getDto(backendId);
    if (account == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    IcConnectorObject connectorObject = ((AccAccountService) getService()).getConnectorObject(account, IdmBasePermission.READ);
    if (connectorObject == null) {
        return new ResponseEntity<IcConnectorObject>(HttpStatus.NO_CONTENT);
    }
    return new ResponseEntity<IcConnectorObject>(connectorObject, HttpStatus.OK);
}
Also used : AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) ResponseEntity(org.springframework.http.ResponseEntity) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 23 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class SysSystemEntityController method getConnectorObject.

@ResponseBody
@PreAuthorize("hasAuthority('" + AccGroupPermission.SYSTEM_READ + "')")
@RequestMapping(value = "/{backendId}/connector-object", method = RequestMethod.GET)
@ApiOperation(value = "Connector object for the system entity", nickname = "getConnectorObject", response = IcConnectorObject.class, tags = { SysSystemEntityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = AccGroupPermission.SYSTEM_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = AccGroupPermission.SYSTEM_READ, description = "") }) })
public ResponseEntity<IcConnectorObject> getConnectorObject(@ApiParam(value = "System entity's uuid identifier.", required = true) @PathVariable @NotNull String backendId) {
    SysSystemEntityDto systemEntity = this.getDto(backendId);
    if (systemEntity == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    IcConnectorObject connectorObject = ((SysSystemEntityService) getService()).getConnectorObject(systemEntity, IdmBasePermission.READ);
    if (connectorObject == null) {
        return new ResponseEntity<IcConnectorObject>(HttpStatus.NO_CONTENT);
    }
    return new ResponseEntity<IcConnectorObject>(connectorObject, HttpStatus.OK);
}
Also used : SysSystemEntityService(eu.bcvsolutions.idm.acc.service.api.SysSystemEntityService) ResponseEntity(org.springframework.http.ResponseEntity) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 24 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class DefaultAccAuthenticator method authenticate.

@Override
public LoginDto authenticate(LoginDto loginDto) {
    // temporary solution for get system id, this is not nice.
    String systemCodeable = configurationService.getValue(PROPERTY_AUTH_SYSTEM_ID);
    if (StringUtils.isEmpty(systemCodeable)) {
        // without system can't check
        return null;
    }
    // 
    SysSystemDto system = (SysSystemDto) lookupService.lookupDto(SysSystemDto.class, systemCodeable);
    // 
    if (system == null) {
        LOG.warn("System by codeable identifier [{}] not found. Check configuration property [{}]", systemCodeable, PROPERTY_AUTH_SYSTEM_ID);
        // system doesn't exist
        return null;
    }
    IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, loginDto.getUsername());
    if (identity == null) {
        throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", loginDto.getUsername()));
    }
    // 
    // search authentication attribute for system with provisioning mapping, only for identity
    SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
    // 
    if (attribute == null) {
        // attribute MUST exist
        throw new ResultCodeException(AccResultCode.AUTHENTICATION_AUTHENTICATION_ATTRIBUTE_DONT_SET, ImmutableMap.of("name", system.getName()));
    }
    // 
    // find if identity has account on system
    List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
    if (accounts.isEmpty()) {
        // user hasn't account on system, continue
        return null;
    }
    // 
    ResultCodeException authFailedException = null;
    IcUidAttribute auth = null;
    for (AccAccountDto account : accounts) {
        SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
        SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass, SysSchemaObjectClassDto.class);
        SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
        IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
        IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
        // 
        if (connectorObject == null) {
            continue;
        }
        // 
        String transformUsername = null;
        // iterate over all attributes to find authentication attribute
        for (IcAttribute icAttribute : connectorObject.getAttributes()) {
            if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
                transformUsername = String.valueOf(icAttribute.getValue());
                break;
            }
        }
        if (transformUsername == null) {
            throw new ResultCodeException(AccResultCode.AUTHENTICATION_USERNAME_DONT_EXISTS, ImmutableMap.of("username", loginDto.getUsername(), "name", system.getName()));
        }
        // authentication over system, when password or username not exist or bad credentials - throw error
        try {
            // authentication against system
            auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
            authFailedException = null;
            // check auth
            if (auth == null || auth.getValue() == null) {
                authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
                // failed, continue to another
                break;
            }
            // everything success break
            break;
        } catch (ResultCodeException e) {
            // failed, continue to another
            authFailedException = new ResultCodeException(CoreResultCode.AUTH_FAILED, "Invalid login or password.", e);
        }
    }
    if (auth == null || auth.getValue() == null) {
        authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
    }
    // 
    if (authFailedException != null) {
        throw authFailedException;
    }
    String module = this.getModule();
    loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, module);
    LOG.info("Identity with username [{}] is authenticated by system [{}]", loginDto.getUsername(), system.getName());
    return loginDto;
}
Also used : IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)

Example 25 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method prepareProvisioningForAttribute.

private SysProvisioningOperationDto prepareProvisioningForAttribute(SysSystemEntityDto systemEntity, AttributeMapping attributeMapping, Object value, ProvisioningOperationType operationType, DTO dto) {
    Assert.notNull(systemEntity);
    Assert.notNull(systemEntity.getSystem());
    Assert.notNull(systemEntity.getEntityType());
    Assert.notNull(systemEntity.getUid());
    Assert.notNull(attributeMapping);
    SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attributeMapping);
    if (!schemaAttributeDto.isUpdateable()) {
        throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_NOT_UPDATEABLE, ImmutableMap.of("property", attributeMapping.getIdmPropertyName(), "uid", systemEntity.getUid()));
    }
    SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(schemaAttributeDto.getObjectClass());
    String objectClassName = schemaObjectClassDto.getObjectClassName();
    // We do transformation to system if is attribute only constant
    Object valueTransformed = value;
    if (!attributeMapping.isEntityAttribute() && !attributeMapping.isExtendedAttribute()) {
    // If is attribute handling resolve as constant, then we don't want
    // do transformation again (was did in getAttributeValue)
    } else {
        valueTransformed = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, attributeMapping, dto);
    }
    IcAttribute icAttributeForCreate = attributeMappingService.createIcAttribute(schemaAttributeDto, valueTransformed);
    // 
    // Call ic modul for update single attribute
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(systemEntity.getUid(), new IcObjectClassImpl(objectClassName), ImmutableList.of(icAttributeForCreate));
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningEventType.UPDATE).setSystemEntity(systemEntity).setEntityIdentifier(dto == null ? null : dto.getId()).setProvisioningContext(new ProvisioningContext(connectorObject));
    // 
    return operationBuilder.build();
}
Also used : IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)

Aggregations

IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)39 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)21 IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)17 IcUidAttribute (eu.bcvsolutions.idm.ic.api.IcUidAttribute)13 SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)12 IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)12 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)11 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)11 SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)10 ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)10 IcConnectorObjectImpl (eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)9 ArrayList (java.util.ArrayList)9 ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)8 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)8 IcConnectorConfiguration (eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)8 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)8 Test (org.junit.Test)8 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)7 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)7 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)7