Search in sources :

Example 6 with IcObjectClassImpl

use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.

the class DefaultAccAuthenticator method authenticate.

@Override
public LoginDto authenticate(LoginDto loginDto) {
    // temporary solution for get system id, this is not nice.
    String systemCodeable = configurationService.getValue(PROPERTY_AUTH_SYSTEM_ID);
    if (StringUtils.isEmpty(systemCodeable)) {
        // without system can't check
        return null;
    }
    // 
    SysSystemDto system = (SysSystemDto) lookupService.lookupDto(SysSystemDto.class, systemCodeable);
    // 
    if (system == null) {
        LOG.warn("System by codeable identifier [{}] not found. Check configuration property [{}]", systemCodeable, PROPERTY_AUTH_SYSTEM_ID);
        // system doesn't exist
        return null;
    }
    IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, loginDto.getUsername());
    if (identity == null) {
        throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", loginDto.getUsername()));
    }
    // 
    // search authentication attribute for system with provisioning mapping, only for identity
    SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
    // 
    if (attribute == null) {
        // attribute MUST exist
        throw new ResultCodeException(AccResultCode.AUTHENTICATION_AUTHENTICATION_ATTRIBUTE_DONT_SET, ImmutableMap.of("name", system.getName()));
    }
    // 
    // find if identity has account on system
    List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
    if (accounts.isEmpty()) {
        // user hasn't account on system, continue
        return null;
    }
    // 
    ResultCodeException authFailedException = null;
    IcUidAttribute auth = null;
    for (AccAccountDto account : accounts) {
        SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
        SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass, SysSchemaObjectClassDto.class);
        SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
        IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
        IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
        // 
        if (connectorObject == null) {
            continue;
        }
        // 
        String transformUsername = null;
        // iterate over all attributes to find authentication attribute
        for (IcAttribute icAttribute : connectorObject.getAttributes()) {
            if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
                transformUsername = String.valueOf(icAttribute.getValue());
                break;
            }
        }
        if (transformUsername == null) {
            throw new ResultCodeException(AccResultCode.AUTHENTICATION_USERNAME_DONT_EXISTS, ImmutableMap.of("username", loginDto.getUsername(), "name", system.getName()));
        }
        // authentication over system, when password or username not exist or bad credentials - throw error
        try {
            // authentication against system
            auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
            authFailedException = null;
            // check auth
            if (auth == null || auth.getValue() == null) {
                authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
                // failed, continue to another
                break;
            }
            // everything success break
            break;
        } catch (ResultCodeException e) {
            // failed, continue to another
            authFailedException = new ResultCodeException(CoreResultCode.AUTH_FAILED, "Invalid login or password.", e);
        }
    }
    if (auth == null || auth.getValue() == null) {
        authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
    }
    // 
    if (authFailedException != null) {
        throw authFailedException;
    }
    String module = this.getModule();
    loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, module);
    LOG.info("Identity with username [{}] is authenticated by system [{}]", loginDto.getUsername(), system.getName());
    return loginDto;
}
Also used : IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)

Example 7 with IcObjectClassImpl

use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method prepareProvisioningForAttribute.

private SysProvisioningOperationDto prepareProvisioningForAttribute(SysSystemEntityDto systemEntity, AttributeMapping attributeMapping, Object value, ProvisioningOperationType operationType, DTO dto) {
    Assert.notNull(systemEntity);
    Assert.notNull(systemEntity.getSystem());
    Assert.notNull(systemEntity.getEntityType());
    Assert.notNull(systemEntity.getUid());
    Assert.notNull(attributeMapping);
    SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attributeMapping);
    if (!schemaAttributeDto.isUpdateable()) {
        throw new ProvisioningException(AccResultCode.PROVISIONING_SCHEMA_ATTRIBUTE_IS_NOT_UPDATEABLE, ImmutableMap.of("property", attributeMapping.getIdmPropertyName(), "uid", systemEntity.getUid()));
    }
    SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(schemaAttributeDto.getObjectClass());
    String objectClassName = schemaObjectClassDto.getObjectClassName();
    // We do transformation to system if is attribute only constant
    Object valueTransformed = value;
    if (!attributeMapping.isEntityAttribute() && !attributeMapping.isExtendedAttribute()) {
    // If is attribute handling resolve as constant, then we don't want
    // do transformation again (was did in getAttributeValue)
    } else {
        valueTransformed = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, attributeMapping, dto);
    }
    IcAttribute icAttributeForCreate = attributeMappingService.createIcAttribute(schemaAttributeDto, valueTransformed);
    // 
    // Call ic modul for update single attribute
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(systemEntity.getUid(), new IcObjectClassImpl(objectClassName), ImmutableList.of(icAttributeForCreate));
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningEventType.UPDATE).setSystemEntity(systemEntity).setEntityIdentifier(dto == null ? null : dto.getId()).setProvisioningContext(new ProvisioningContext(connectorObject));
    // 
    return operationBuilder.build();
}
Also used : IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)

Example 8 with IcObjectClassImpl

use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.

the class TreeSynchronizationExecutor method process.

@Override
public AbstractSysSyncConfigDto process(UUID synchronizationConfigId) {
    // Clear cache
    this.clearCache();
    // Validate and create basic context
    SynchronizationContext context = this.validate(synchronizationConfigId);
    AbstractSysSyncConfigDto config = context.getConfig();
    SystemEntityType entityType = context.getEntityType();
    SysSystemDto system = context.getSystem();
    IcConnectorConfiguration connectorConfig = context.getConnectorConfig();
    List<SysSystemAttributeMappingDto> mappedAttributes = context.getMappedAttributes();
    SysSystemMappingDto systemMapping = systemMappingService.get(context.getConfig().getSystemMapping());
    SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(systemMapping.getObjectClass());
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
    // Load last token
    Object lastToken = config.isReconciliation() ? null : config.getToken();
    // Create basic synchronization log
    SysSyncLogDto log = new SysSyncLogDto();
    log.setSynchronizationConfig(config.getId());
    log.setStarted(LocalDateTime.now());
    log.setRunning(true);
    log.setToken(lastToken != null ? lastToken.toString() : null);
    log.addToLog(MessageFormat.format("Synchronization was started in {0}.", log.getStarted()));
    // List of all accounts with full IC object (used in tree sync)
    Map<String, IcConnectorObject> accountsMap = new HashMap<>();
    longRunningTaskExecutor.setCounter(0L);
    try {
        log = synchronizationLogService.save(log);
        List<SysSyncActionLogDto> actionsLog = new ArrayList<>();
        // Add logs to context
        context.addLog(log).addActionLogs(actionsLog);
        boolean export = false;
        if (export) {
            // Start exporting entities to resource
            log.addToLog("Exporting entities to resource started...");
            this.startExport(entityType, config, mappedAttributes, log, actionsLog);
        } else {
            if (config.getTokenAttribute() == null && !config.isReconciliation()) {
                throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TOKEN_ATTRIBUTE_NOT_FOUND);
            }
            TreeResultsHandler resultHandler = new TreeResultsHandler(accountsMap);
            // We have to search all data for tree
            IcFilter filter = null;
            log.addToLog(MessageFormat.format("Start search with filter {0}.", "NONE"));
            log = synchronizationLogService.save(log);
            connectorFacade.search(system.getConnectorInstance(), connectorConfig, objectClass, filter, resultHandler);
            // Execute sync for this tree and searched accounts
            processTreeSync(context, accountsMap);
            log = context.getLog();
        }
        // 
        log.addToLog(MessageFormat.format("Synchronization was correctly ended in {0}.", LocalDateTime.now()));
        synchronizationConfigService.save(config);
    } catch (Exception e) {
        String message = "Error during synchronization";
        log.addToLog(message);
        log.setContainsError(true);
        log.addToLog(Throwables.getStackTraceAsString(e));
        LOG.error(message, e);
    } finally {
        log.setRunning(false);
        log.setEnded(LocalDateTime.now());
        log = synchronizationLogService.save(log);
        // 
        longRunningTaskExecutor.setCount(longRunningTaskExecutor.getCounter());
        longRunningTaskExecutor.updateState();
        // Clear cache
        this.clearCache();
    }
    return config;
}
Also used : IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) HashMap(java.util.HashMap) SystemEntityType(eu.bcvsolutions.idm.acc.domain.SystemEntityType) ArrayList(java.util.ArrayList) SynchronizationContext(eu.bcvsolutions.idm.acc.domain.SynchronizationContext) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ProvisioningException(eu.bcvsolutions.idm.acc.exception.ProvisioningException) SysSyncActionLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncActionLogDto) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) IcFilter(eu.bcvsolutions.idm.ic.filter.api.IcFilter)

Example 9 with IcObjectClassImpl

use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method createProvisioningOperation.

/**
 * Prepare provisioning context and operation
 *
 * @param system
 * @return
 */
private SysProvisioningOperationDto createProvisioningOperation(SysSystemDto system, String firstname) {
    ProvisioningContext context = new ProvisioningContext();
    SysSystemEntityDto systemEntity = helper.createSystemEntity(system);
    Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
    context.setAccountObject(accoutObject);
    // 
    // prepare provisioning operation
    SysSystemMappingDto systemMapping = helper.getDefaultMapping(system);
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.CREATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
    return operationBuilder.build();
}
Also used : ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)

Example 10 with IcObjectClassImpl

use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method updateProvisioningOperation.

private SysProvisioningOperationDto updateProvisioningOperation(SysSystemEntityDto systemEntity, String firstname) {
    ProvisioningContext context = new ProvisioningContext();
    Map<ProvisioningAttributeDto, Object> accoutObject = createAccountObject(systemEntity, firstname);
    context.setAccountObject(accoutObject);
    // 
    // prepare provisioning operation
    SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemEntity.getSystem());
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setOperationType(ProvisioningOperationType.UPDATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
    return operationBuilder.build();
}
Also used : ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) IcConnectorObjectImpl(eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)

Aggregations

IcObjectClassImpl (eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)15 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)9 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)7 IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)6 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)5 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)5 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)5 IcException (eu.bcvsolutions.idm.ic.exception.IcException)5 IcConnectorObjectImpl (eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)5 ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)4 SysProvisioningOperationDto (eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto)4 ProvisioningException (eu.bcvsolutions.idm.acc.exception.ProvisioningException)4 IcConnector (eu.bcvsolutions.idm.ic.api.IcConnector)4 IcConnectorConfiguration (eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration)4 ArrayList (java.util.ArrayList)4 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)3 IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)3 IcUidAttribute (eu.bcvsolutions.idm.ic.api.IcUidAttribute)3 VsAccountDto (eu.bcvsolutions.idm.vs.dto.VsAccountDto)3 SynchronizationContext (eu.bcvsolutions.idm.acc.domain.SynchronizationContext)2