use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class DefaultVsRequestServiceIntegrationTest method systemAccountFilterTest.
@Test
public void systemAccountFilterTest() {
SysSystemDto system = this.createVirtualSystem(USER_IMPLEMENTER_NAME, null);
this.assignRoleSystem(system, helper.createIdentity(USER_ONE_NAME), ROLE_ONE_NAME);
// Find created requests
VsRequestFilter requestFilter = new VsRequestFilter();
requestFilter.setSystemId(system.getId());
requestFilter.setUid(USER_ONE_NAME);
List<VsRequestDto> requests = requestService.find(requestFilter, null).getContent();
Assert.assertEquals(1, requests.size());
VsRequestDto request = requests.get(0);
Assert.assertEquals(USER_ONE_NAME, request.getUid());
Assert.assertEquals(VsOperationType.CREATE, request.getOperationType());
Assert.assertEquals(VsRequestState.IN_PROGRESS, request.getState());
VsAccountDto account = accountService.findByUidSystem(USER_ONE_NAME, system.getId());
Assert.assertNull("Account must be null, because request was not realized yet!", account);
// We try realize the request
super.logout();
loginService.login(new LoginDto(USER_IMPLEMENTER_NAME, new GuardedString("password")));
request = requestService.realize(request);
Assert.assertEquals(VsRequestState.REALIZED, request.getState());
account = accountService.findByUidSystem(USER_ONE_NAME, system.getId());
Assert.assertNotNull("Account cannot be null, because request was realized!", account);
IcConnectorConfiguration configuration = systemService.getConnectorConfiguration(system);
IcObjectClass objectClass = new IcObjectClassImpl("__ACCOUNT__");
List<String> uids = new ArrayList<>();
connectorFacade.search(systemService.getConnectorInstance(system), configuration, objectClass, null, new IcResultsHandler() {
@Override
public boolean handle(IcConnectorObject connectorObject) {
uids.add(connectorObject.getUidValue());
return true;
}
});
Assert.assertEquals(1, uids.size());
Assert.assertEquals(USER_ONE_NAME, uids.get(0));
}
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class BasicVirtualConnector method read.
@Override
public IcConnectorObject read(IcUidAttribute uid, IcObjectClass objectClass) {
Assert.notNull(objectClass, "Object class cannot be null!");
Assert.notNull(uid, "UID cannot be null!");
if (!IcObjectClassInfo.ACCOUNT.equals(objectClass.getType())) {
throw new IcException("Only ACCOUNT object class is supported now!");
}
String uidValue = uid.getUidValue();
if (uidValue == null) {
throw new IcException("UID value cannot be null!");
}
// Find account by UID and System ID
VsAccountDto account = accountService.findByUidSystem(uidValue, systemId);
// All attributes from VS account
List<IcAttribute> vsAttributes = new ArrayList<>();
// Create uid attribute
IcAttributeImpl uidAttribute = new IcAttributeImpl(IcAttributeInfo.NAME, uidValue);
vsAttributes.add(uidAttribute);
if (account != null) {
// Create enable attribute
if (this.virtualConfiguration.isDisableSupported()) {
IcAttributeImpl enableAttribute = new IcAttributeImpl(IcAttributeInfo.ENABLE, account.isEnable());
vsAttributes.add(enableAttribute);
}
// Attributes from definition and configuration
UUID accountId = account.getId();
Arrays.asList(virtualConfiguration.getAttributes()).forEach(virtualAttirbute -> {
IcAttribute attribute = accountService.getIcAttribute(accountId, virtualAttirbute, formDefinition);
if (attribute == null) {
return;
}
vsAttributes.add(attribute);
});
}
// Overwrite attributes form VS account with attributes from unresloved
// requests
List<IcAttribute> attributes = this.overwriteAttributesByUnresolvedRequests(account, uidValue, vsAttributes);
if (attributes == null) {
return null;
}
IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl();
connectorObject.setUidValue(uidValue);
connectorObject.setObjectClass(new IcObjectClassImpl(IcObjectClassInfo.ACCOUNT));
connectorObject.setAttributes(attributes);
return connectorObject;
}
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class RoleSynchronizationExecutor method resolveAssignRole.
private boolean resolveAssignRole(boolean isNew, SynchronizationContext context, IdmRoleDto roleDto, SysSyncRoleConfigDto config, SysSyncItemLogDto logItem, IcConnectorObject connectorObject, SysSystemAttributeMappingDto memberOfAttributeDto, SysSchemaObjectClassDto schemaObjectClassDto) {
// Find attribute for get members (DNs)
SysSystemAttributeMappingDto roleMembersAttributeDto = context.getMappedAttributes().stream().filter(attribute -> !attribute.isDisabledAttribute() && attribute.isEntityAttribute() && ROLE_MEMBERS_FIELD.equals(attribute.getIdmPropertyName())).findFirst().orElse(null);
Assert.notNull(roleMembersAttributeDto, "Mapped attribute with role's members was not found. Please create it!");
if (!isNew && AttributeMappingStrategyType.CREATE == roleMembersAttributeDto.getStrategyType()) {
addToItemLog(logItem, "The attribute with role's members has strategy set to 'Set only for new entity'. Role isn't new, so resolving controlling an assignment of roles to users by the external system will be skipped for this role.");
} else {
addToItemLog(logItem, "Controlling an assignment of roles to users by the external system is activated.");
Object membersObj = this.getValueByMappedAttribute(roleMembersAttributeDto, connectorObject.getAttributes(), context);
if (membersObj == null) {
membersObj = Lists.newArrayList();
}
if (membersObj instanceof String) {
membersObj = Lists.newArrayList(membersObj);
}
Assert.isInstanceOf(List.class, membersObj, "The value from attribute with role's members must be List of Strings!");
@SuppressWarnings("unchecked") List<String> members = (List<String>) membersObj;
SysRoleSystemDto roleSystemDto = findRoleSystemDto(roleDto, memberOfAttributeDto, schemaObjectClassDto);
if (roleSystemDto == null) {
addToItemLog(logItem, "Relation between this role and system was not found. Assigning of role to users will be skip for this role.");
return false;
}
SysRoleSystemAttributeDto memberAttribute = findMemberAttribute(memberOfAttributeDto, schemaObjectClassDto, roleSystemDto);
if (memberAttribute == null) {
addToItemLog(logItem, "The member attribute between this role and system was not found. Assigning of role to users will be skip for this role.");
return false;
}
// Find identities with this role.
IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
identityRoleFilter.setRoleId(roleDto.getId());
List<IdmIdentityRoleDto> existsIdentityRoleDtos = identityRoleService.find(identityRoleFilter, null).getContent();
// Get cache with users (DN vs UID).
Map<String, String> usersUidCache = getUserUidCache();
SysSchemaAttributeDto memberIdentifierAttribute = lookupService.lookupEmbeddedDto(config, SysSyncRoleConfig_.memberIdentifierAttribute);
Assert.notNull(memberIdentifierAttribute, "User identifier attribute cannot be null!");
Set<String> membersUid = Sets.newHashSet();
Set<UUID> membersContractIds = Sets.newHashSet();
// Call user system for every member (if isn't already in the cache).
SysSystemDto userSystemDto = systemService.get(roleSystemDto.getSystem());
IcConnectorConfiguration icConfig = systemService.getConnectorConfiguration(userSystemDto);
IcConnectorInstance connectorInstance = systemService.getConnectorInstance(userSystemDto);
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
if (icConfig instanceof IcConnectorConfigurationImpl) {
// Enable pooling - a performance reason.
IcConnectorConfigurationImpl icConfigImpl = (IcConnectorConfigurationImpl) icConfig;
icConfigImpl.setConnectorPoolingSupported(true);
}
final int[] count = { 0 };
for (String member : members) {
if (!transformDnToUid(config, usersUidCache, memberIdentifierAttribute, membersUid, icConfig, connectorInstance, objectClass, count, member)) {
return false;
}
}
count[0] = 0;
membersUid.forEach(uid -> assignMissingIdentityRoles(roleDto, config, logItem, existsIdentityRoleDtos, membersContractIds, userSystemDto, count, uid, context));
if (!checkForCancelAndFlush(config)) {
return false;
}
// Remove redundant identity roles.
List<IdmIdentityRoleDto> redundantIdentityRoles = existsIdentityRoleDtos.stream().filter(existsIdentityRole -> !membersContractIds.contains(existsIdentityRole.getIdentityContract())).collect(Collectors.toList());
count[0] = 0;
redundantIdentityRoles.forEach(redundantIdentityRole -> removeRedundantIdentityRoles(roleDto, config, logItem, count, redundantIdentityRole));
}
return true;
}
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class RoleCatalogueSynchronizationExecutor method process.
@Override
public AbstractSysSyncConfigDto process(UUID synchronizationConfigId) {
// Clear cache
cacheManager.evictCache(CACHE_NAME);
// Validate and create basic context
SynchronizationContext context = this.validate(synchronizationConfigId);
AbstractSysSyncConfigDto config = context.getConfig();
SysSystemDto system = context.getSystem();
IcConnectorConfiguration connectorConfig = context.getConnectorConfig();
SysSystemMappingDto systemMapping = systemMappingService.get(context.getConfig().getSystemMapping());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(systemMapping.getObjectClass());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
// Load last token
Object lastToken = config.isReconciliation() ? null : config.getToken();
// Create basic synchronization log
SysSyncLogDto log = new SysSyncLogDto();
log.setSynchronizationConfig(config.getId());
log.setStarted(ZonedDateTime.now());
log.setRunning(true);
log.setToken(lastToken != null ? lastToken.toString() : null);
log.addToLog(MessageFormat.format("Synchronization was started in {0}.", log.getStarted()));
// List of all accounts with full IC object (used in catalogue sync)
Map<String, IcConnectorObject> accountsMap = new HashMap<>();
longRunningTaskExecutor.setCounter(0L);
try {
log = synchronizationLogService.save(log);
List<SysSyncActionLogDto> actionsLog = new ArrayList<>();
// Add logs to context
context.addLog(log).addActionLogs(actionsLog);
if (config.getTokenAttribute() == null && !config.isReconciliation()) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TOKEN_ATTRIBUTE_NOT_FOUND);
}
TreeResultsHandler resultHandler = new TreeResultsHandler(accountsMap);
// We have to search all data for tree
IcFilter filter = null;
log.addToLog(MessageFormat.format("Start search with filter {0}.", "NONE"));
log = synchronizationLogService.save(log);
connectorFacade.search(systemService.getConnectorInstance(system), connectorConfig, objectClass, filter, resultHandler);
// Execute sync for this catalogue and searched accounts
processTreeSync(context, accountsMap);
log = context.getLog();
// Sync is correctly ends if wasn't cancelled
if (log.isRunning()) {
log = syncCorrectlyEnded(log, context);
}
//
synchronizationConfigService.save(config);
} catch (Exception e) {
String message = "Error during synchronization";
log.addToLog(message);
log.setContainsError(true);
log.addToLog(Throwables.getStackTraceAsString(e));
LOG.error(message, e);
} finally {
log.setRunning(false);
log.setEnded(ZonedDateTime.now());
log = synchronizationLogService.save(log);
//
longRunningTaskExecutor.setCount(longRunningTaskExecutor.getCounter());
longRunningTaskExecutor.updateState();
// Clear cache
cacheManager.evictCache(CACHE_NAME);
}
return config;
}
use of eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl in project CzechIdMng by bcvsolutions.
the class TreeSynchronizationExecutor method process.
@Override
public AbstractSysSyncConfigDto process(UUID synchronizationConfigId) {
// Clear cache
cacheManager.evictCache(CACHE_NAME);
// Validate and create basic context
SynchronizationContext context = this.validate(synchronizationConfigId);
AbstractSysSyncConfigDto config = context.getConfig();
SysSystemDto system = context.getSystem();
IcConnectorConfiguration connectorConfig = context.getConnectorConfig();
SysSystemMappingDto systemMapping = systemMappingService.get(context.getConfig().getSystemMapping());
SysSchemaObjectClassDto schemaObjectClassDto = schemaObjectClassService.get(systemMapping.getObjectClass());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
// Load last token
Object lastToken = config.isReconciliation() ? null : config.getToken();
// Create basic synchronization log
SysSyncLogDto log = new SysSyncLogDto();
log.setSynchronizationConfig(config.getId());
log.setStarted(ZonedDateTime.now());
log.setRunning(true);
log.setToken(lastToken != null ? lastToken.toString() : null);
log.addToLog(MessageFormat.format("Synchronization was started in {0}.", log.getStarted()));
// List of all accounts with full IC object (used in tree sync)
Map<String, IcConnectorObject> accountsMap = new HashMap<>();
longRunningTaskExecutor.setCounter(0L);
try {
log = synchronizationLogService.save(log);
List<SysSyncActionLogDto> actionsLog = new ArrayList<>();
// Add logs to context
context.addLog(log).addActionLogs(actionsLog);
if (config.getTokenAttribute() == null && !config.isReconciliation()) {
throw new ProvisioningException(AccResultCode.SYNCHRONIZATION_TOKEN_ATTRIBUTE_NOT_FOUND);
}
TreeResultsHandler resultHandler = new TreeResultsHandler(accountsMap);
// We have to search all data for tree
IcFilter filter = null;
log.addToLog(MessageFormat.format("Start search with filter {0}.", "NONE"));
log = synchronizationLogService.save(log);
connectorFacade.search(systemService.getConnectorInstance(system), connectorConfig, objectClass, filter, resultHandler);
// Execute sync for this tree and searched accounts
processTreeSync(context, accountsMap);
log = context.getLog();
// Sync is correctly ends if wasn't cancelled
if (log.isRunning()) {
log = syncCorrectlyEnded(log, context);
}
//
synchronizationConfigService.save(config);
} catch (Exception e) {
String message = "Error during synchronization";
log.addToLog(message);
log.setContainsError(true);
log.addToLog(Throwables.getStackTraceAsString(e));
LOG.error(message, e);
} finally {
log.setRunning(false);
log.setEnded(ZonedDateTime.now());
log = synchronizationLogService.save(log);
//
longRunningTaskExecutor.setCount(longRunningTaskExecutor.getCounter());
longRunningTaskExecutor.updateState();
// Clear cache
cacheManager.evictCache(CACHE_NAME);
}
return config;
}
Aggregations