Example 1 with IcFilter
use of eu.bcvsolutions.idm.ic.filter.api.IcFilter in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method process.
@Override
public AbstractSysSyncConfigDto process(UUID synchronizationConfigId) {
// Clear cache
idmCacheManager.evictCache(CACHE_NAME);
SysSyncLogDto log = new SysSyncLogDto();
// Create basic synchronization log
log.setSynchronizationConfig(synchronizationConfigId);
log.setStarted(ZonedDateTime.now());
try {
// Validate and create basic context
SynchronizationContext context = this.validate(synchronizationConfigId);
AbstractSysSyncConfigDto config = context.getConfig();
SystemEntityType entityType = context.getEntityType();
SysSystemDto system = context.getSystem();
IcConnectorConfiguration connectorConfig = context.getConnectorConfig();
SysSystemMappingDto systemMapping = systemMappingService.get(config.getSystemMapping());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(systemMapping.getObjectClass());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
// Load last token
String lastToken = config.isReconciliation() ? null : config.getToken();
IcSyncToken lastIcToken = Strings.isNullOrEmpty(lastToken) ? null : new IcSyncTokenImpl(lastToken);
log.setToken(lastToken != null ? lastToken : null);
log.setRunning(true);
log = syncStarted(log, context);
// List of all accounts keys (used in reconciliation)
Set<String> systemAccountsList = new HashSet<>();
longRunningTaskExecutor.setCounter(0L);
log = synchronizationLogService.save(log);
List<SysSyncActionLogDto> actionsLog = new ArrayList<>();
// add logs to context
context.addLog(log).addActionLogs(actionsLog);
// Is differential sync enabled?
if (config.isDifferentialSync()) {
log.addToLog("Synchronization is running as differential (entities will be updated only if least one attribute was changed).");
}
if (config.isCustomFilter() || config.isReconciliation()) {
// Custom filter Sync
log.addToLog("Synchronization will use custom filter (not synchronization implemented in connector).");
AttributeMapping tokenAttribute = null;
if (config.getTokenAttribute() != null) {
tokenAttribute = systemAttributeMappingService.get(config.getTokenAttribute());
}
if (tokenAttribute == null && !config.isReconciliation()) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TOKEN_ATTRIBUTE_NOT_FOUND);
}
context.addTokenAttribute(tokenAttribute);
// Resolve filter for custom search
IcFilter filter = resolveSynchronizationFilter(config);
log.addToLog(MessageFormat.format("Start search with filter [{0}].", filter != null ? filter : "NONE"));
connectorFacade.search(systemService.getConnectorInstance(system), connectorConfig, objectClass, filter, new DefaultResultHandler(context, systemAccountsList));
} else {
// Inner Sync
log.addToLog("Synchronization will use inner connector synchronization implementation.");
DefalutSyncResultHandler syncResultsHandler = new DefalutSyncResultHandler(context, systemAccountsList);
connectorFacade.synchronization(systemService.getConnectorInstance(system), connectorConfig, objectClass, lastIcToken, syncResultsHandler);
}
// We do reconciliation (find missing account)
if (config.isReconciliation() && log.isRunning()) {
startReconciliation(entityType, systemAccountsList, config, system, log, actionsLog);
}
// Sync is correctly ends if wasn't cancelled
if (log.isRunning()) {
log = syncCorrectlyEnded(log, context);
}
return synchronizationConfigService.save(config);
} catch (Exception e) {
String message = "Error during synchronization";
log.addToLog(message);
log.setContainsError(true);
log.addToLog(Throwables.getStackTraceAsString(e));
throw e;
} finally {
syncEnd(log, syncContext);
log.setRunning(false);
log.setEnded(ZonedDateTime.now());
synchronizationLogService.save(log);
//
longRunningTaskExecutor.setCount(longRunningTaskExecutor.getCounter());
longRunningTaskExecutor.updateState();
// Clear cache
idmCacheManager.evictCache(CACHE_NAME);
}
}
Also used :
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
IcSyncToken(eu.bcvsolutions.idm.ic.api.IcSyncToken)
ArrayList(java.util.ArrayList)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IntrospectionException(java.beans.IntrospectionException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)
AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)
SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext)
IcSyncTokenImpl(eu.bcvsolutions.idm.ic.impl.IcSyncTokenImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
HashSet(java.util.HashSet)
Example 2 with IcFilter
use of eu.bcvsolutions.idm.ic.filter.api.IcFilter in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method resolveSynchronizationFilter.
/**
* Compile filter for search from filter attribute and filter script
*
* @param config
* @return
*/
protected IcFilter resolveSynchronizationFilter(AbstractSysSyncConfigDto config) {
// If is reconciliation, then is filter null
if (config.isReconciliation()) {
return null;
}
IcFilter filter = null;
AttributeMapping filterAttributeMapping = null;
if (config.getFilterAttribute() != null) {
filterAttributeMapping = systemAttributeMappingService.get(config.getFilterAttribute());
}
String configToken = config.getToken();
String filterScript = config.getCustomFilterScript();
if (filterAttributeMapping == null && configToken == null && StringUtils.isEmpty(filterScript)) {
return null;
}
if (filterAttributeMapping != null) {
Object transformedValue = systemAttributeMappingService.transformValueToResource(null, configToken, filterAttributeMapping, config);
if (transformedValue != null) {
SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.get(filterAttributeMapping.getSchemaAttribute());
IcAttributeImpl filterAttribute = new IcAttributeImpl(schemaAttributeDto.getName(), transformedValue);
switch(config.getFilterOperation()) {
case GREATER_THAN:
filter = IcFilterBuilder.greaterThan(filterAttribute);
break;
case LESS_THAN:
filter = IcFilterBuilder.lessThan(filterAttribute);
break;
case EQUAL_TO:
filter = IcFilterBuilder.equalTo(filterAttribute);
break;
case CONTAINS:
filter = IcFilterBuilder.contains(filterAttribute);
break;
case ENDS_WITH:
filter = IcFilterBuilder.endsWith(filterAttribute);
break;
case STARTS_WITH:
filter = IcFilterBuilder.startsWith(filterAttribute);
break;
}
}
}
if (StringUtils.hasLength(filterScript)) {
Map<String, Object> variables = new HashMap<>();
variables.put("filter", filter);
variables.put("token", configToken);
IcFilterOperationType[] values = IcFilterOperationType.values();
List<Class<?>> allowTypes = new ArrayList<>(values.length + 6);
// Allow all IC filter operator
for (IcFilterOperationType operation : values) {
allowTypes.add(operation.getImplementation());
}
allowTypes.add(IcAndFilter.class);
allowTypes.add(IcOrFilter.class);
allowTypes.add(IcFilterBuilder.class);
allowTypes.add(IcAttributeImpl.class);
allowTypes.add(IcAttribute.class);
allowTypes.add(IcNotFilter.class);
Object filterObj = groovyScriptService.evaluate(filterScript, variables, allowTypes);
if (filterObj != null && !(filterObj instanceof IcFilter)) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_FILTER_VALUE_WRONG_TYPE, ImmutableMap.of("type", filterObj.getClass().getName()));
}
filter = (IcFilter) filterObj;
}
return filter;
}
Also used :
HashMap(java.util.HashMap)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
ArrayList(java.util.ArrayList)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcFilterOperationType(eu.bcvsolutions.idm.ic.domain.IcFilterOperationType)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Example 3 with IcFilter
use of eu.bcvsolutions.idm.ic.filter.api.IcFilter in project CzechIdMng by bcvsolutions.
the class AdUserConnectorType method searchGroups.
protected Set<String> searchGroups(String memberAttribute, IcConnectorConfiguration icConfig, IcConnectorInstance connectorInstance, String dn) {
// Disable filter validations for connector results (validation does not work for AD properly).
Map<String, Object> systemOperationOptions = icConfig.getSystemOperationOptions();
if (systemOperationOptions == null) {
systemOperationOptions = new HashMap<>();
}
systemOperationOptions.put(IcConnectorConfiguration.DISABLE_FILTER_VALIDATION_KEY, Boolean.TRUE);
if (icConfig instanceof IcConnectorConfigurationImpl) {
IcConnectorConfigurationImpl config = (IcConnectorConfigurationImpl) icConfig;
config.setOperationOptions(systemOperationOptions);
}
Set<String> groups = Sets.newHashSet();
IcAttributeImpl dnFilterAttribute = new IcAttributeImpl(memberAttribute, dn);
IcFilter icFilter = IcFilterBuilder.equalTo(dnFilterAttribute);
IcObjectClass groupObjectClass = new IcObjectClassImpl(IcObjectClassInfo.GROUP);
connectorFacade.search(connectorInstance, icConfig, groupObjectClass, icFilter, connectorObject -> {
if (connectorObject != null) {
IcAttribute attribute = connectorObject.getAttributeByName(IcAttributeInfo.NAME);
if (attribute != null) {
groups.add((String) attribute.getValue());
}
}
return true;
});
return groups;
}
Also used :
IcConnectorConfigurationImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorConfigurationImpl)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Example 4 with IcFilter
use of eu.bcvsolutions.idm.ic.filter.api.IcFilter in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method transformDnToUid.
/**
* Transform given user identifier (DN) to UID, by call user system.
*/
private boolean transformDnToUid(SysSyncRoleConfigDto config, Map<String, String> usersUidCache, SysSchemaAttributeDto memberIdentifierAttribute, Set<String> membersUid, IcConnectorConfiguration icConfig, IcConnectorInstance connectorInstance, IcObjectClass objectClass, int[] count, String member) {
// On every 20th item will be hibernate flushed and check if sync was not ended.
if (count[0] % 20 == 0 && count[0] > 0) {
if (!checkForCancelAndFlush(config)) {
return false;
}
}
count[0]++;
if (usersUidCache.containsKey(member)) {
membersUid.add(usersUidCache.get(member));
return true;
}
IcAttributeImpl dnFilterAttribute = new IcAttributeImpl(memberIdentifierAttribute.getName(), member);
IcFilter icFilter = IcFilterBuilder.equalTo(dnFilterAttribute);
connectorFacade.search(connectorInstance, icConfig, objectClass, icFilter, connectorObject -> {
if (connectorObject != null) {
String uidValue = connectorObject.getUidValue();
membersUid.add(uidValue);
}
return false;
});
return true;
}
Also used :
IcAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Example 5 with IcFilter
use of eu.bcvsolutions.idm.ic.filter.api.IcFilter in project CzechIdMng by bcvsolutions.
the class ConnIdIcConvertUtil method convertIcFilter.
public static Filter convertIcFilter(IcFilter filter) {
if (filter == null) {
return null;
}
if (filter instanceof IcAndFilter) {
List<IcFilter> subFilters = (List<IcFilter>) ((IcAndFilter) filter).getFilters();
LinkedList<Filter> subFiltersConnId = new LinkedList<>();
if (!subFilters.isEmpty()) {
subFilters.forEach(subFilter -> {
subFiltersConnId.add(ConnIdIcConvertUtil.convertIcFilter(subFilter));
});
}
return new AndFilter(subFiltersConnId);
}
if (filter instanceof IcOrFilter) {
List<IcFilter> subFilters = (List<IcFilter>) ((IcOrFilter) filter).getFilters();
LinkedList<Filter> subFiltersConnId = new LinkedList<>();
if (!subFilters.isEmpty()) {
subFilters.forEach(subFilter -> {
subFiltersConnId.add(ConnIdIcConvertUtil.convertIcFilter(subFilter));
});
}
return new OrFilter(subFiltersConnId);
}
if (filter instanceof IcNotFilter) {
return new NotFilter(ConnIdIcConvertUtil.convertIcFilter(((IcNotFilter) filter).getFilter()));
}
if (filter instanceof IcAttributeFilter) {
Attribute attr = ConnIdIcConvertUtil.convertIcAttribute(((IcAttributeFilter) filter).getAttribute());
if (filter instanceof IcEqualsFilter) {
return new EqualsFilter(attr);
}
if (filter instanceof IcContainsFilter) {
return new ContainsFilter(attr);
}
if (filter instanceof IcEndsWithFilter) {
return new EndsWithFilter(attr);
}
if (filter instanceof IcContainsAllValuesFilter) {
return new ContainsAllValuesFilter(attr);
}
if (filter instanceof IcStartsWithFilter) {
return new StartsWithFilter(attr);
}
if (filter instanceof IcGreaterThanFilter) {
return new GreaterThanFilter(attr);
}
if (filter instanceof IcLessThanFilter) {
return new LessThanFilter(attr);
}
}
return null;
}
Also used :
IcEnabledAttribute(eu.bcvsolutions.idm.ic.api.IcEnabledAttribute)
IcPasswordAttribute(eu.bcvsolutions.idm.ic.api.IcPasswordAttribute)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
IcLoginAttribute(eu.bcvsolutions.idm.ic.api.IcLoginAttribute)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcContainsFilter(eu.bcvsolutions.idm.ic.filter.impl.IcContainsFilter)
ContainsFilter(org.identityconnectors.framework.common.objects.filter.ContainsFilter)
IcAndFilter(eu.bcvsolutions.idm.ic.filter.impl.IcAndFilter)
IcNotFilter(eu.bcvsolutions.idm.ic.filter.impl.IcNotFilter)
IcOrFilter(eu.bcvsolutions.idm.ic.filter.impl.IcOrFilter)
IcStartsWithFilter(eu.bcvsolutions.idm.ic.filter.impl.IcStartsWithFilter)
IcContainsFilter(eu.bcvsolutions.idm.ic.filter.impl.IcContainsFilter)
IcLessThanFilter(eu.bcvsolutions.idm.ic.filter.impl.IcLessThanFilter)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
EqualsFilter(org.identityconnectors.framework.common.objects.filter.EqualsFilter)
IcEqualsFilter(eu.bcvsolutions.idm.ic.filter.impl.IcEqualsFilter)
IcAttributeFilter(eu.bcvsolutions.idm.ic.filter.impl.IcAttributeFilter)
IcEqualsFilter(eu.bcvsolutions.idm.ic.filter.impl.IcEqualsFilter)
IcContainsAllValuesFilter(eu.bcvsolutions.idm.ic.filter.impl.IcContainsAllValuesFilter)
IcOrFilter(eu.bcvsolutions.idm.ic.filter.impl.IcOrFilter)
OrFilter(org.identityconnectors.framework.common.objects.filter.OrFilter)
IcEndsWithFilter(eu.bcvsolutions.idm.ic.filter.impl.IcEndsWithFilter)
EndsWithFilter(org.identityconnectors.framework.common.objects.filter.EndsWithFilter)
LinkedList(java.util.LinkedList)
IcAndFilter(eu.bcvsolutions.idm.ic.filter.impl.IcAndFilter)
AndFilter(org.identityconnectors.framework.common.objects.filter.AndFilter)
IcLessThanFilter(eu.bcvsolutions.idm.ic.filter.impl.IcLessThanFilter)
LessThanFilter(org.identityconnectors.framework.common.objects.filter.LessThanFilter)
IcContainsFilter(eu.bcvsolutions.idm.ic.filter.impl.IcContainsFilter)
IcNotFilter(eu.bcvsolutions.idm.ic.filter.impl.IcNotFilter)
Filter(org.identityconnectors.framework.common.objects.filter.Filter)
IcStartsWithFilter(eu.bcvsolutions.idm.ic.filter.impl.IcStartsWithFilter)
ContainsAllValuesFilter(org.identityconnectors.framework.common.objects.filter.ContainsAllValuesFilter)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
NotFilter(org.identityconnectors.framework.common.objects.filter.NotFilter)
IcEndsWithFilter(eu.bcvsolutions.idm.ic.filter.impl.IcEndsWithFilter)
IcAttributeFilter(eu.bcvsolutions.idm.ic.filter.impl.IcAttributeFilter)
EqualsFilter(org.identityconnectors.framework.common.objects.filter.EqualsFilter)
EndsWithFilter(org.identityconnectors.framework.common.objects.filter.EndsWithFilter)
StartsWithFilter(org.identityconnectors.framework.common.objects.filter.StartsWithFilter)
IcLessThanFilter(eu.bcvsolutions.idm.ic.filter.impl.IcLessThanFilter)
IcEqualsFilter(eu.bcvsolutions.idm.ic.filter.impl.IcEqualsFilter)
LessThanFilter(org.identityconnectors.framework.common.objects.filter.LessThanFilter)
IcOrFilter(eu.bcvsolutions.idm.ic.filter.impl.IcOrFilter)
IcAndFilter(eu.bcvsolutions.idm.ic.filter.impl.IcAndFilter)
IcContainsAllValuesFilter(eu.bcvsolutions.idm.ic.filter.impl.IcContainsAllValuesFilter)
AndFilter(org.identityconnectors.framework.common.objects.filter.AndFilter)
ContainsFilter(org.identityconnectors.framework.common.objects.filter.ContainsFilter)
GreaterThanFilter(org.identityconnectors.framework.common.objects.filter.GreaterThanFilter)
IcGreaterThanFilter(eu.bcvsolutions.idm.ic.filter.impl.IcGreaterThanFilter)
OrFilter(org.identityconnectors.framework.common.objects.filter.OrFilter)
IcGreaterThanFilter(eu.bcvsolutions.idm.ic.filter.impl.IcGreaterThanFilter)
IcStartsWithFilter(eu.bcvsolutions.idm.ic.filter.impl.IcStartsWithFilter)
StartsWithFilter(org.identityconnectors.framework.common.objects.filter.StartsWithFilter)
IcNotFilter(eu.bcvsolutions.idm.ic.filter.impl.IcNotFilter)
NotFilter(org.identityconnectors.framework.common.objects.filter.NotFilter)
GreaterThanFilter(org.identityconnectors.framework.common.objects.filter.GreaterThanFilter)
IcGreaterThanFilter(eu.bcvsolutions.idm.ic.filter.impl.IcGreaterThanFilter)
ContainsAllValuesFilter(org.identityconnectors.framework.common.objects.filter.ContainsAllValuesFilter)
IcContainsAllValuesFilter(eu.bcvsolutions.idm.ic.filter.impl.IcContainsAllValuesFilter)
IcEndsWithFilter(eu.bcvsolutions.idm.ic.filter.impl.IcEndsWithFilter)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Aggregations
IcFilter (eu.bcvsolutions.idm.ic.filter.api.IcFilter)10
IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)6
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)5
ArrayList (java.util.ArrayList)5
ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)4
IcObjectClassImpl (eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)4
SynchronizationContext (eu.bcvsolutions.idm.acc.domain.SynchronizationContext)3
AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)3
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)3
SysSyncActionLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)3
SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)3
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)3
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)3
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)3
IcConnectorConfiguration (eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)3
IcAttributeImpl (eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)3
HashMap (java.util.HashMap)3
AttributeMapping (eu.bcvsolutions.idm.acc.domain.AttributeMapping)2
IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)2
Filter (org.identityconnectors.framework.common.objects.filter.Filter)2
