Example 6 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class DefaultAccAuthenticator method authenticate.
@Override
public LoginDto authenticate(LoginDto loginDto) {
// temporary solution for get system id, this is not nice.
String systemCodeable = configurationService.getValue(PROPERTY_AUTH_SYSTEM_ID);
if (StringUtils.isEmpty(systemCodeable)) {
// without system can't check
return null;
}
//
SysSystemDto system = (SysSystemDto) lookupService.lookupDto(SysSystemDto.class, systemCodeable);
//
if (system == null) {
LOG.warn("System by codeable identifier [{}] not found. Check configuration property [{}]", systemCodeable, PROPERTY_AUTH_SYSTEM_ID);
// system doesn't exist
return null;
}
IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, loginDto.getUsername());
if (identity == null) {
throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", loginDto.getUsername()));
}
//
// search authentication attribute for system with provisioning mapping, only for identity
SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
//
if (attribute == null) {
// attribute MUST exist
throw new ResultCodeException(AccResultCode.AUTHENTICATION_AUTHENTICATION_ATTRIBUTE_DONT_SET, ImmutableMap.of("name", system.getName()));
}
//
// find if identity has account on system
List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
if (accounts.isEmpty()) {
// user hasn't account on system, continue
return null;
}
//
ResultCodeException authFailedException = null;
IcUidAttribute auth = null;
for (AccAccountDto account : accounts) {
SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass, SysSchemaObjectClassDto.class);
SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
//
if (connectorObject == null) {
continue;
}
//
String transformUsername = null;
// iterate over all attributes to find authentication attribute
for (IcAttribute icAttribute : connectorObject.getAttributes()) {
if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
transformUsername = String.valueOf(icAttribute.getValue());
break;
}
}
if (transformUsername == null) {
throw new ResultCodeException(AccResultCode.AUTHENTICATION_USERNAME_DONT_EXISTS, ImmutableMap.of("username", loginDto.getUsername(), "name", system.getName()));
}
// authentication over system, when password or username not exist or bad credentials - throw error
try {
// authentication against system
auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
authFailedException = null;
// check auth
if (auth == null || auth.getValue() == null) {
authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
// failed, continue to another
break;
}
// everything success break
break;
} catch (ResultCodeException e) {
// failed, continue to another
authFailedException = new ResultCodeException(CoreResultCode.AUTH_FAILED, "Invalid login or password.", e);
}
}
if (auth == null || auth.getValue() == null) {
authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
}
//
if (authFailedException != null) {
throw authFailedException;
}
String module = this.getModule();
loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, module);
LOG.info("Identity with username [{}] is authenticated by system [{}]", loginDto.getUsername(), system.getName());
return loginDto;
}
Also used :
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
Example 7 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class AbstractProvisioningExecutor method prepareProvisioningForAttribute.
private SysProvisioningOperationDto prepareProvisioningForAttribute(SysSystemEntityDto systemEntity, AttributeMapping attributeMapping, Object value, ProvisioningOperationType operationType, DTO dto) {
Assert.notNull(systemEntity);
Assert.notNull(systemEntity.getSystem());
Assert.notNull(systemEntity.getEntityType());
Assert.notNull(systemEntity.getUid());
Assert.notNull(attributeMapping);
SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attributeMapping);
if (!schemaAttributeDto.isUpdateable()) {
throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_NOT_UPDATEABLE, ImmutableMap.of("property", attributeMapping.getIdmPropertyName(), "uid", systemEntity.getUid()));
}
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(schemaAttributeDto.getObjectClass());
String objectClassName = schemaObjectClassDto.getObjectClassName();
// We do transformation to system if is attribute only constant
Object valueTransformed = value;
if (!attributeMapping.isEntityAttribute() && !attributeMapping.isExtendedAttribute()) {
// If is attribute handling resolve as constant, then we don't want
// do transformation again (was did in getAttributeValue)
} else {
valueTransformed = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, attributeMapping, dto);
}
IcAttribute icAttributeForCreate = attributeMappingService.createIcAttribute(schemaAttributeDto, valueTransformed);
//
// Call ic modul for update single attribute
IcConnectorObject connectorObject = new IcConnectorObjectImpl(systemEntity.getUid(), new IcObjectClassImpl(objectClassName), ImmutableList.of(icAttributeForCreate));
SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningEventType.UPDATE).setSystemEntity(systemEntity).setEntityIdentifier(dto == null ? null : dto.getId()).setProvisioningContext(new ProvisioningContext(connectorObject));
//
return operationBuilder.build();
}
Also used :
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
Example 8 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class TreeSynchronizationExecutor method process.
@Override
public AbstractSysSyncConfigDto process(UUID synchronizationConfigId) {
// Clear cache
this.clearCache();
// Validate and create basic context
SynchronizationContext context = this.validate(synchronizationConfigId);
AbstractSysSyncConfigDto config = context.getConfig();
SystemEntityType entityType = context.getEntityType();
SysSystemDto system = context.getSystem();
IcConnectorConfiguration connectorConfig = context.getConnectorConfig();
List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
SysSystemMappingDto systemMapping = systemMappingService.get(context.getConfig().getSystemMapping());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(systemMapping.getObjectClass());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
// Load last token
Object lastToken = config.isReconciliation() ? null : config.getToken();
// Create basic synchronization log
SysSyncLogDto log = new SysSyncLogDto();
log.setSynchronizationConfig(config.getId());
log.setStarted(LocalDateTime.now());
log.setRunning(true);
log.setToken(lastToken != null ? lastToken.toString() : null);
log.addToLog(MessageFormat.format("Synchronization was started in {0}.", log.getStarted()));
// List of all accounts with full IC object (used in tree sync)
Map<String, IcConnectorObject> accountsMap = new HashMap<>();
longRunningTaskExecutor.setCounter(0L);
try {
log = synchronizationLogService.save(log);
List<SysSyncActionLogDto> actionsLog = new ArrayList<>();
// Add logs to context
context.addLog(log).addActionLogs(actionsLog);
boolean export = false;
if (export) {
// Start exporting entities to resource
log.addToLog("Exporting entities to resource started...");
this.startExport(entityType, config, mappedAttributes, log, actionsLog);
} else {
if (config.getTokenAttribute() == null && !config.isReconciliation()) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TOKEN_ATTRIBUTE_NOT_FOUND);
}
TreeResultsHandler resultHandler = new TreeResultsHandler(accountsMap);
// We have to search all data for tree
IcFilter filter = null;
log.addToLog(MessageFormat.format("Start search with filter {0}.", "NONE"));
log = synchronizationLogService.save(log);
connectorFacade.search(system.getConnectorInstance(), connectorConfig, objectClass, filter, resultHandler);
// Execute sync for this tree and searched accounts
processTreeSync(context, accountsMap);
log = context.getLog();
}
//
log.addToLog(MessageFormat.format("Synchronization was correctly ended in {0}.", LocalDateTime.now()));
synchronizationConfigService.save(config);
} catch (Exception e) {
String message = "Error during synchronization";
log.addToLog(message);
log.setContainsError(true);
log.addToLog(Throwables.getStackTraceAsString(e));
LOG.error(message, e);
} finally {
log.setRunning(false);
log.setEnded(LocalDateTime.now());
log = synchronizationLogService.save(log);
//
longRunningTaskExecutor.setCount(longRunningTaskExecutor.getCounter());
longRunningTaskExecutor.updateState();
// Clear cache
this.clearCache();
}
return config;
}
Also used :
IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
HashMap(java.util.HashMap)
SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType)
ArrayList(java.util.ArrayList)
SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException)
SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto)
AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)
Example 9 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class DefaultProvisioningExecutorIntegrationTest method createProvisioningOperation.
/**
* Prepare provisioning context and operation
*
* @param system
* @return
*/
private SysProvisioningOperationDto createProvisioningOperation(SysSystemDto system, String firstname) {
ProvisioningContext context = new ProvisioningContext();
SysSystemEntityDto systemEntity = helper.createSystemEntity(system);
Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
context.setAccountObject(accoutObject);
//
// prepare provisioning operation
SysSystemMappingDto systemMapping = helper.getDefaultMapping(system);
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.CREATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
return operationBuilder.build();
}
Also used :
ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
Example 10 with IcObjectClassImpl
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class DefaultProvisioningExecutorIntegrationTest method updateProvisioningOperation.
private SysProvisioningOperationDto updateProvisioningOperation(SysSystemEntityDto systemEntity, String firstname) {
ProvisioningContext context = new ProvisioningContext();
Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
context.setAccountObject(accoutObject);
//
// prepare provisioning operation
SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemEntity.getSystem());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.UPDATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
return operationBuilder.build();
}
Also used :
ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext)
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)
IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)
SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)
Aggregations
IcObjectClassImpl (eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)15
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)9
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)7
IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)6
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)5
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)5
SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)5
IcException (eu.bcvsolutions.idm.ic.exception.IcException)5
IcConnectorObjectImpl (eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)5
ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)4
SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)4
ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)4
IcConnector (eu.bcvsolutions.idm.ic.api.IcConnector)4
IcConnectorConfiguration (eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)4
ArrayList (java.util.ArrayList)4
ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)3
IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)3
IcUidAttribute (eu.bcvsolutions.idm.ic.api.IcUidAttribute)3
VsAccountDto (eu.bcvsolutions.idm.vs.dto.VsAccountDto)3
SynchronizationContext (eu.bcvsolutions.idm.acc.domain.SynchronizationContext)2
