Example 1 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class VsReqeustServiceTest method systemAccountFilterTest.
@Test
public void systemAccountFilterTest() {
SysSystemDto system = this.createVirtualSystem(USER_IMPLEMENTER_NAME, null);
this.assignRoleSystem(system, helper.createIdentity(USER_ONE_NAME), ROLE_ONE_NAME);
// Find created requests
VsRequestFilter requestFilter = new VsRequestFilter();
requestFilter.setSystemId(system.getId());
requestFilter.setUid(USER_ONE_NAME);
List<VsRequestDto> requests = requestService.find(requestFilter, null).getContent();
Assert.assertEquals(1, requests.size());
VsRequestDto request = requests.get(0);
Assert.assertEquals(USER_ONE_NAME, request.getUid());
Assert.assertEquals(VsOperationType.CREATE, request.getOperationType());
Assert.assertEquals(VsRequestState.IN_PROGRESS, request.getState());
VsAccountDto account = accountService.findByUidSystem(USER_ONE_NAME, system.getId());
Assert.assertNull("Account must be null, because request was not realized yet!", account);
// We try realize the request
super.logout();
loginService.login(new LoginDto(USER_IMPLEMENTER_NAME, new GuardedString("password")));
request = requestService.realize(request);
Assert.assertEquals(VsRequestState.REALIZED, request.getState());
account = accountService.findByUidSystem(USER_ONE_NAME, system.getId());
Assert.assertNotNull("Account cannot be null, because request was realized!", account);
IcConnectorConfiguration configuration = systemService.getConnectorConfiguration(system);
IcObjectClass objectClass = new IcObjectClassImpl("__ACCOUNT__");
List<String> uids = new ArrayList<>();
connectorFacade.search(system.getConnectorInstance(), configuration, objectClass, null, new IcResultsHandler() {
@Override
public boolean handle(IcConnectorObject connectorObject) {
uids.add(connectorObject.getUidValue());
return true;
}
});
Assert.assertEquals(1, uids.size());
Assert.assertEquals(USER_ONE_NAME, uids.get(0));
}
Also used :
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
IcResultsHandler(eu.bcvsolutions.idm.ic.filter.api.IcResultsHandler)
ArrayList(java.util.ArrayList)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
VsAccountDto(eu.bcvsolutions.idm.vs.dto.VsAccountDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
VsRequestFilter(eu.bcvsolutions.idm.vs.dto.filter.VsRequestFilter)
VsRequestDto(eu.bcvsolutions.idm.vs.dto.VsRequestDto)
LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 2 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class AbstractSynchronizationExecutor method process.
@Override
public AbstractSysSyncConfigDto process(UUID synchronizationConfigId) {
// Clear cache
idmCacheManager.evictCache(CACHE_NAME);
SysSyncLogDto log = new SysSyncLogDto();
// Create basic synchronization log
log.setSynchronizationConfig(synchronizationConfigId);
log.setStarted(ZonedDateTime.now());
try {
// Validate and create basic context
SynchronizationContext context = this.validate(synchronizationConfigId);
AbstractSysSyncConfigDto config = context.getConfig();
SystemEntityType entityType = context.getEntityType();
SysSystemDto system = context.getSystem();
IcConnectorConfiguration connectorConfig = context.getConnectorConfig();
SysSystemMappingDto systemMapping = systemMappingService.get(config.getSystemMapping());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(systemMapping.getObjectClass());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
// Load last token
String lastToken = config.isReconciliation() ? null : config.getToken();
IcSyncToken lastIcToken = Strings.isNullOrEmpty(lastToken) ? null : new IcSyncTokenImpl(lastToken);
log.setToken(lastToken != null ? lastToken : null);
log.setRunning(true);
log = syncStarted(log, context);
// List of all accounts keys (used in reconciliation)
Set<String> systemAccountsList = new HashSet<>();
longRunningTaskExecutor.setCounter(0L);
log = synchronizationLogService.save(log);
List<SysSyncActionLogDto> actionsLog = new ArrayList<>();
// add logs to context
context.addLog(log).addActionLogs(actionsLog);
// Is differential sync enabled?
if (config.isDifferentialSync()) {
log.addToLog("Synchronization is running as differential (entities will be updated only if least one attribute was changed).");
}
if (config.isCustomFilter() || config.isReconciliation()) {
// Custom filter Sync
log.addToLog("Synchronization will use custom filter (not synchronization implemented in connector).");
AttributeMapping tokenAttribute = null;
if (config.getTokenAttribute() != null) {
tokenAttribute = systemAttributeMappingService.get(config.getTokenAttribute());
}
if (tokenAttribute == null && !config.isReconciliation()) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TOKEN_ATTRIBUTE_NOT_FOUND);
}
context.addTokenAttribute(tokenAttribute);
// Resolve filter for custom search
IcFilter filter = resolveSynchronizationFilter(config);
log.addToLog(MessageFormat.format("Start search with filter [{0}].", filter != null ? filter : "NONE"));
connectorFacade.search(systemService.getConnectorInstance(system), connectorConfig, objectClass, filter, new DefaultResultHandler(context, systemAccountsList));
} else {
// Inner Sync
log.addToLog("Synchronization will use inner connector synchronization implementation.");
DefalutSyncResultHandler syncResultsHandler = new DefalutSyncResultHandler(context, systemAccountsList);
connectorFacade.synchronization(systemService.getConnectorInstance(system), connectorConfig, objectClass, lastIcToken, syncResultsHandler);
}
// We do reconciliation (find missing account)
if (config.isReconciliation() && log.isRunning()) {
startReconciliation(entityType, systemAccountsList, config, system, log, actionsLog);
}
// Sync is correctly ends if wasn't cancelled
if (log.isRunning()) {
log = syncCorrectlyEnded(log, context);
}
return synchronizationConfigService.save(config);
} catch (Exception e) {
String message = "Error during synchronization";
log.addToLog(message);
log.setContainsError(true);
log.addToLog(Throwables.getStackTraceAsString(e));
throw e;
} finally {
syncEnd(log, syncContext);
log.setRunning(false);
log.setEnded(ZonedDateTime.now());
synchronizationLogService.save(log);
//
longRunningTaskExecutor.setCount(longRunningTaskExecutor.getCounter());
longRunningTaskExecutor.updateState();
// Clear cache
idmCacheManager.evictCache(CACHE_NAME);
}
}
Also used :
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
IcSyncToken(eu.bcvsolutions.idm.ic.api.IcSyncToken)
ArrayList(java.util.ArrayList)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IntrospectionException(java.beans.IntrospectionException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)
AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)
SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext)
IcSyncTokenImpl(eu.bcvsolutions.idm.ic.impl.IcSyncTokenImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
AttributeMapping(eu.bcvsolutions.idm.acc.domain.AttributeMapping)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
HashSet(java.util.HashSet)
Example 3 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class DefaultSysSchemaObjectClassService method findByAccount.
@Override
public IcObjectClass findByAccount(UUID systemId, SystemEntityType entityType) {
Assert.notNull(systemId, "System ID cannot be null!");
Assert.notNull(entityType, "Entity type cannot be null!");
// Find first mapping with for entity type and system from the account.
SysSystemMappingFilter mappingFilter = new SysSystemMappingFilter();
mappingFilter.setEntityType(entityType);
mappingFilter.setSystemId(systemId);
SysSystemMappingDto systemMappingDto = systemMappingService.find(mappingFilter, null).getContent().stream().findFirst().orElse(null);
if (systemMappingDto == null) {
return null;
}
SysSchemaObjectClassDto objectClass = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
return new IcObjectClassImpl(objectClass.getObjectClassName());
}
Also used :
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
Example 4 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class CzechIdMIcConnectorService method updateObject.
@Override
public IcUidAttribute updateObject(IcConnectorInstance connectorInstance, IcConnectorConfiguration connectorConfiguration, IcObjectClass objectClass, IcUidAttribute uid, List<IcAttribute> replaceAttributes) {
Assert.notNull(connectorInstance, "Connector instance is required.");
Assert.notNull(connectorInstance.getConnectorKey(), "Connector key is required.");
Assert.notNull(connectorConfiguration, "Configuration is required.");
Assert.notNull(replaceAttributes, "Replace attributes are required.");
Assert.notNull(uid, "Uid is required.");
String key = connectorInstance.getConnectorKey().toString();
LOG.debug("Update object - CzechIdM (Uid= {} {} {})", uid, key, replaceAttributes.toString());
if (objectClass == null) {
objectClass = new IcObjectClassImpl(IcObjectClassInfo.ACCOUNT);
}
IcConnector connector = this.getConnectorInstance(connectorInstance, connectorConfiguration);
if (!(connector instanceof IcCanUpdate)) {
throw new IcException(MessageFormat.format("Connector [{0}] not supports update operation!", key));
}
IcUidAttribute updatedUid = ((IcCanUpdate) connector).update(uid, objectClass, replaceAttributes);
LOG.debug("Updated object - CzechIdM ({} {}) Uid= {})", connectorInstance.getConnectorKey().toString(), replaceAttributes.toString(), updatedUid);
return updatedUid;
}
Also used :
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
IcCanUpdate(eu.bcvsolutions.idm.ic.api.operation.IcCanUpdate)
IcConnector(eu.bcvsolutions.idm.ic.api.IcConnector)
IcException(eu.bcvsolutions.idm.ic.exception.IcException)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
Example 5 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class AbstractAccAuthenticator method authenticateOverSystem.
/**
* Process authentication against given system with login and password.
*
* @param systemCodeable
* @param loginDto
* @param identity
* @return
*/
protected IcUidAttribute authenticateOverSystem(SysSystemDto system, LoginDto loginDto, IdmIdentityDto identity) {
// search authentication attribute for system with provisioning mapping, only for identity
SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
//
if (attribute == null) {
// attribute doesn't exists
LOG.error("System id [{}] is configured for authenticate, but for the system doesn't exist authentication attribute.", system.getId());
return null;
}
//
// find if identity has account on system
List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
if (accounts.isEmpty()) {
LOG.debug("Identity id [{}] hasn't account for system id [{}].", identity.getId(), system.getId());
// user hasn't account on system, continue
return null;
}
//
IcUidAttribute auth = null;
// authenticate over all accounts find first, or throw error
for (AccAccountDto account : accounts) {
SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass);
SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
String transformUsername = null;
if (!attribute.isUid()) {
IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
//
if (connectorObject == null) {
continue;
}
// iterate over all attributes to find authentication attribute
for (IcAttribute icAttribute : connectorObject.getAttributes()) {
if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
transformUsername = String.valueOf(icAttribute.getValue());
break;
}
}
if (transformUsername == null) {
LOG.error("For system id [{}] cant be transformed username for identity id [{}]. The system will be skipped for autentication.", system.getId(), identity.getId());
return null;
}
} else {
transformUsername = systemEntityDto.getUid();
}
// authentication over system, when password or username not exist or bad credentials - throw error
try {
// authentication against system
auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
// check auth
if (auth == null || auth.getValue() == null) {
// failed, continue to another account
continue;
}
// everything success break and the authentication will be returned
break;
} catch (ResultCodeException e) {
String message = StringUtils.trimToEmpty(e.getMessage());
LOG.error("Authentication trought system name [{}] for identity username [{}] failed! Error message: [{}]", system.getCode(), identity.getUsername(), message);
}
}
return auth;
}
Also used :
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
Aggregations
IcObjectClassImpl (eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)35
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)26
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)19
IcConnectorObjectImpl (eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)19
SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)16
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16
Test (org.junit.Test)16
IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)14
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)12
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)12
IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)12
IcAttributeImpl (eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)12
ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)10
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)9
ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)7
SysProvisioningArchiveDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningArchiveDto)7
SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)7
SysProvisioningAttribute (eu.bcvsolutions.idm.acc.entity.SysProvisioningAttribute)7
IcConnectorConfiguration (eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)6
ArrayList (java.util.ArrayList)6
