Package org.openiam.idm.provisioning.service.user

Class AbstractUserProvisionOperation<T extends BaseObject,R extends Response>

java.lang.Object

org.openiam.idm.provisioning.service.AbstractProvisioningOperation<T,UserProvisionAPI,R,PasswordSync>

org.openiam.idm.provisioning.service.user.AbstractUserProvisionOperation<T,R>

Direct Known Subclasses:

AbstractEnableDisableProvisionUserOperation, AbstractSuspendResetOperation, AbstractUserPasswordProvisionOperation, AddEventUsersProvisioningOperation, AddModifyRequestUserProvisioningOperation, AddUserProvisionOperation, BuildManagedSystemViewerUserProvisioningOperation, BulkUserProvisioningOperation, DeleteUserDirectProvisionOperation, DeleteUserProvisionOperation, DeProvisionUsersProvisioningOperation, LoginUserProvisioningOperation, MetadataConnectionUserProvisioningOperation, ProvisionUsersProvisioningOperation, SearchUserProvisioningOperation, SendSingleEventProvisioningOperation, TestConnectionUserProvisioningOperation, UpdateUserProvisionOperation

public abstract class AbstractUserProvisionOperation<T extends BaseObject,R extends Response>
extends AbstractProvisioningOperation<T,UserProvisionAPI,R,PasswordSync>

Field Summary

Fields

Modifier and Type	Field	Description
protected AuditLogHelper	auditLogHelper
protected AbstractUserProvisioningValidator	defaultUserProvisionValidator
protected ProvisionUserObjectDiffGenerator	diffGenerator
protected GetUserWithDependenciesQueue	getUserWithDependenciesQueue
protected GroovyScriptEngineIntegration	groovyScriptEngineIntegration
protected GroupRabbitMQService	groupMQService
protected CustomJacksonMapper	jacksonMapper
protected org.apache.commons.logging.Log	log
protected LoginMQService	loginMQService
protected MailRabbitMQService	mailMQService
protected ManagedSystemCache	managedSysCache
protected ManagedSysQueue	managedSysQueue
protected ManagedSystemRabbitMQService	managedSystemRabbitMQService
protected OrganizationRabbitMQService	organizationMQService
protected PasswordQueue	passwordQueue
protected String	postProcessor
protected String	preProcessor
protected PrimaryPrincipalBuilder	principalBuilder
protected PropertyValueCache	propertyValueService
protected ProvisionDispatcherQueue	provisionDispatcherQueue
protected ProvisionStreamElasticSearchRepository	provisionStreamElasticSearchRepository
protected RoleRabbitMQService	roleMQService
protected UserRabbitMQService	userMQService
protected UserServiceQueue	userServiceQueue

Fields inherited from class org.openiam.idm.provisioning.service.AbstractProvisioningOperation

authManagerMQService, loginQueue, mapper, rabbitMQSender, resourceMQService, resourceQueue

Constructor Summary

Constructors

Constructor	Description
AbstractUserProvisionOperation()

Method Summary

Modifier and Type	Method	Description
protected void	addAssignToAllGroupsRolesMngSystems(ProvisionUser provisionUser)
protected AuditLogBuilder	applyDiffToAuditLog(ProvisionUserObjectDiff diff)
protected void	applyRequiredProperties(ProvisionUser pUser)
protected UserProvisioningPrePostprocessorBuilder	buildPrePostProcessorContext(ProvisionUserObjectDiff diff, Login login, String password)
protected void	checkOnRevokeAccess(ProvisionUser pUser)
protected String	decryptPassword(String userId, String password)
protected List<LinkedHashMap<String,Boolean>>	defineProvisionStreams(Set<String> compiledResourceIds)
protected void	evaluateBusinessRules(ProvisionUser provisionUser, AttributeOperationEnum operation)
protected abstract AuditAction	getAuditAction()
abstract UserProvisionAPI	getOperation()
protected Policy	getPasswordPolicy(String managedSystemId, String login)
protected PolicyAttribute	getPolicyAttribute(Policy policy, String attributeName)	Deprecated.
protected PolicyAttribute	getPolicyAttribute(Policy policy, PolicyAttributeNameEnum attributeName)
protected Boolean	getPolicyAttributeAsBoolean(Policy policy, PolicyAttributeNameEnum attributeName)
protected Integer	getPolicyAttributeAsInteger(Policy policy, String attributeName)	Deprecated.
protected Integer	getPolicyAttributeAsInteger(Policy policy, PolicyAttributeNameEnum attributeName)
protected String	getPolicyAttributeAsString(Policy policy, String attributeName)	Deprecated.
protected String	getPolicyAttributeAsString(Policy policy, PolicyAttributeNameEnum attributeName)
protected Set<AuthorizationResource>	getResourceIdsForNonCachedRequest(AMAdminAPI operation, String entityId, EntitlementHierarchyType type)
protected User	getUser(String userId, boolean throwExceptionIfUserNotFound, UserCollection... dependencies)
protected User	getUser(String principal, String managedSystemId, UserCollection... dependencies)
protected void	initiateCreateAccessRequest(ProvisionUser user, boolean isAdd, String parentLogId)
protected void	initiateRevokeAccessRequest(ProvisionUser pUser, String parentLogId)
protected void	processIdentities(Set<AuthorizationResource> resourcesCurrentlyEntitledTo, ProvisionUserObjectDiff diff, ProvisionUser pUser)
protected boolean	provisionUserNow(ProvisionUser user)	Determine when we are going to provision a user
protected void	runManageSysProcessorScriptOfUserIdentity(ProvisionUser pUser, ProvisionUserObjectDiff diff, ManagedSystemPropertyEnum process)
protected Set<String>	runProvisioningInStreams(AuditLogBuilder auditEvent, ProvisionUserObjectDiff diff, ProvisionUser pUser, Set<String> compiledResourceIds, Function<Login,UserProvisionAPI> operationMapper)
protected User	save(ProvisionUser pUser, UserCollection[] dependants)
protected void	saveProvisionStreamDoc(AuditLogBuilder childAuditLog, ProvisionUser pUser, LinkedHashMap<String,Boolean> stream, UserProvisionAPI api)
protected void	sendProvisioningRequestAsynchronously(ProvisionUser pUser, ProvisionUserObjectDiff diff, Predicate<String> authorizationCheck, Function<Login,UserProvisionAPI> operationMapper, String provisionRequestDocId)	Sends a Provisiong Request to the target system asynchronously
protected UserPasswordResponse	sendProvisioningRequestSynchronously(String userId, Login principal, ProvisionUserObjectDiff diff)	Sends a Provisiong Request to the target system synchronously
protected void	sendProvisioningSingleRequestAsynchronously(ProvisionUser pUser, Login principal, ProvisionUserObjectDiff diff, Predicate<String> authorizationCheck, Function<Login,UserProvisionAPI> operationMapper)	Sends Single Provisiong Request for the one target in stream asynchronously
protected void	updateUserAttributes(ProvisionUser provisionUser)
protected void	validateLoginAlreadyExisted(Login primaryLogin)
protected PasswordValidationResponse	validatePassword(Login primaryLogin, ProvisionUser user)
protected boolean	withinDateRange(MembershipXref xref, Date date)

Methods inherited from class org.openiam.idm.provisioning.service.AbstractProvisioningOperation

applyAuditLogCommonProperties, applyDiffToAuditLog, execute, fillExtensibleAttributes, getCachedEntitlementsForUser, getRequestorId, getResourcePropertyValue, getValidator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

loginMQService

@Autowired
protected LoginMQService loginMQService

principalBuilder

@Autowired
protected PrimaryPrincipalBuilder principalBuilder

organizationMQService

@Autowired
protected OrganizationRabbitMQService organizationMQService

userMQService

@Autowired
protected UserRabbitMQService userMQService

roleMQService

@Autowired
protected RoleRabbitMQService roleMQService

diffGenerator

@Autowired
protected ProvisionUserObjectDiffGenerator diffGenerator

defaultUserProvisionValidator

@Autowired
protected AbstractUserProvisioningValidator defaultUserProvisionValidator

propertyValueService

@Autowired
protected PropertyValueCache propertyValueService

managedSysCache

@Autowired
protected ManagedSystemCache managedSysCache

groupMQService

@Autowired
protected GroupRabbitMQService groupMQService

managedSysQueue

@Autowired
protected ManagedSysQueue managedSysQueue

managedSystemRabbitMQService

@Autowired
protected ManagedSystemRabbitMQService managedSystemRabbitMQService

userServiceQueue

@Autowired
protected UserServiceQueue userServiceQueue

passwordQueue

@Autowired
protected PasswordQueue passwordQueue

getUserWithDependenciesQueue

@Autowired
protected GetUserWithDependenciesQueue getUserWithDependenciesQueue

mailMQService

@Autowired
protected MailRabbitMQService mailMQService

auditLogHelper

@Autowired
protected AuditLogHelper auditLogHelper

provisionDispatcherQueue

@Autowired
protected ProvisionDispatcherQueue provisionDispatcherQueue

provisionStreamElasticSearchRepository

@Autowired
protected ProvisionStreamElasticSearchRepository provisionStreamElasticSearchRepository

jacksonMapper

@Autowired
protected CustomJacksonMapper jacksonMapper

log

protected final org.apache.commons.logging.Log log

preProcessor

@Value("${org.openiam.idm.preProcessor.groovy.script}")
protected String preProcessor

postProcessor

@Value("${org.openiam.idm.postProcessor.groovy.script}")
protected String postProcessor

groovyScriptEngineIntegration

@Autowired
protected GroovyScriptEngineIntegration groovyScriptEngineIntegration

Constructor Detail

AbstractUserProvisionOperation

public AbstractUserProvisionOperation()

Method Detail

getOperation

public abstract UserProvisionAPI getOperation()

Specified by:

getOperation in class AbstractProvisioningOperation<T extends BaseObject,UserProvisionAPI,R extends Response,PasswordSync>

getAuditAction

protected abstract AuditAction getAuditAction()

Specified by:

getAuditAction in class AbstractProvisioningOperation<T extends BaseObject,UserProvisionAPI,R extends Response,PasswordSync>

applyRequiredProperties

protected void applyRequiredProperties(ProvisionUser pUser)

withinDateRange

protected final boolean withinDateRange(MembershipXref xref,
                                        Date date)

buildPrePostProcessorContext

protected final UserProvisioningPrePostprocessorBuilder buildPrePostProcessorContext(ProvisionUserObjectDiff diff,
                                                                                     Login login,
                                                                                     String password)

applyDiffToAuditLog

protected AuditLogBuilder applyDiffToAuditLog(ProvisionUserObjectDiff diff)

provisionUserNow

protected final boolean provisionUserNow(ProvisionUser user)

Determine when we are going to provision a user

Parameters:

user -

Returns:

validatePassword

protected PasswordValidationResponse validatePassword(Login primaryLogin,
                                                      ProvisionUser user)

getPasswordPolicy

protected Policy getPasswordPolicy(String managedSystemId,
                                   String login)
                            throws BasicDataServiceException

Throws:

BasicDataServiceException

getPolicyAttributeAsInteger

@Deprecated
protected Integer getPolicyAttributeAsInteger(Policy policy,
                                              String attributeName)

Deprecated.

getPolicyAttributeAsInteger

protected Integer getPolicyAttributeAsInteger(Policy policy,
                                              PolicyAttributeNameEnum attributeName)

getPolicyAttributeAsBoolean

protected Boolean getPolicyAttributeAsBoolean(Policy policy,
                                              PolicyAttributeNameEnum attributeName)

getPolicyAttribute

@Deprecated
protected PolicyAttribute getPolicyAttribute(Policy policy,
                                             String attributeName)

Deprecated.

getPolicyAttribute

protected PolicyAttribute getPolicyAttribute(Policy policy,
                                             PolicyAttributeNameEnum attributeName)

getPolicyAttributeAsString

@Deprecated
protected String getPolicyAttributeAsString(Policy policy,
                                            String attributeName)

Deprecated.

getPolicyAttributeAsString

protected String getPolicyAttributeAsString(Policy policy,
                                            PolicyAttributeNameEnum attributeName)

save

protected final User save(ProvisionUser pUser,
                          UserCollection[] dependants)
                   throws BasicDataServiceException

Throws:

BasicDataServiceException

validateLoginAlreadyExisted

protected void validateLoginAlreadyExisted(Login primaryLogin)
                                    throws BasicDataServiceException

Throws:

BasicDataServiceException

processIdentities

protected void processIdentities(Set<AuthorizationResource> resourcesCurrentlyEntitledTo,
                                 ProvisionUserObjectDiff diff,
                                 ProvisionUser pUser)

sendProvisioningRequestSynchronously

protected UserPasswordResponse sendProvisioningRequestSynchronously(String userId,
                                                                    Login principal,
                                                                    ProvisionUserObjectDiff diff)
                                                             throws BasicDataServiceException

Sends a Provisiong Request to the target system synchronously

Parameters:

userId - - the Provision User. This object must have the ID set

diff - - the Diff

Throws:

BasicDataServiceException

sendProvisioningRequestAsynchronously

protected void sendProvisioningRequestAsynchronously(ProvisionUser pUser,
                                                     ProvisionUserObjectDiff diff,
                                                     Predicate<String> authorizationCheck,
                                                     Function<Login,UserProvisionAPI> operationMapper,
                                                     String provisionRequestDocId)
                                              throws BasicDataServiceException

Sends a Provisiong Request to the target system asynchronously

Parameters:

pUser - - the Provision User. This object must have the ID set

diff - - the Diff

authorizationCheck - - the resource set to examine

Throws:

BasicDataServiceException

sendProvisioningSingleRequestAsynchronously

protected void sendProvisioningSingleRequestAsynchronously(ProvisionUser pUser,
                                                           Login principal,
                                                           ProvisionUserObjectDiff diff,
                                                           Predicate<String> authorizationCheck,
                                                           Function<Login,UserProvisionAPI> operationMapper)
                                                    throws BasicDataServiceException

Sends Single Provisiong Request for the one target in stream asynchronously

Parameters:

pUser - - the Provision User. This object must have the ID set

principal - - principal to target from stream

diff - - the Diff

authorizationCheck - - the resource set to examine

Throws:

BasicDataServiceException

getUser

protected User getUser(String userId,
                       boolean throwExceptionIfUserNotFound,
                       UserCollection... dependencies)
                throws BasicDataServiceException

Throws:

BasicDataServiceException

getUser

protected User getUser(String principal,
                       String managedSystemId,
                       UserCollection... dependencies)
                throws BasicDataServiceException

Throws:

BasicDataServiceException

decryptPassword

protected String decryptPassword(String userId,
                                 String password)
                          throws BasicDataServiceException

Throws:

BasicDataServiceException

getResourceIdsForNonCachedRequest

protected Set<AuthorizationResource> getResourceIdsForNonCachedRequest(AMAdminAPI operation,
                                                                       String entityId,
                                                                       EntitlementHierarchyType type)

Overrides:

getResourceIdsForNonCachedRequest in class AbstractProvisioningOperation<T extends BaseObject,UserProvisionAPI,R extends Response,PasswordSync>

addAssignToAllGroupsRolesMngSystems

protected void addAssignToAllGroupsRolesMngSystems(ProvisionUser provisionUser)

defineProvisionStreams

protected List<LinkedHashMap<String,Boolean>> defineProvisionStreams(Set<String> compiledResourceIds)

evaluateBusinessRules

protected void evaluateBusinessRules(ProvisionUser provisionUser,
                                     AttributeOperationEnum operation)

saveProvisionStreamDoc

protected void saveProvisionStreamDoc(AuditLogBuilder childAuditLog,
                                      ProvisionUser pUser,
                                      LinkedHashMap<String,Boolean> stream,
                                      UserProvisionAPI api)

runProvisioningInStreams

protected Set<String> runProvisioningInStreams(AuditLogBuilder auditEvent,
                                               ProvisionUserObjectDiff diff,
                                               ProvisionUser pUser,
                                               Set<String> compiledResourceIds,
                                               Function<Login,UserProvisionAPI> operationMapper)

checkOnRevokeAccess

protected void checkOnRevokeAccess(ProvisionUser pUser)

updateUserAttributes

protected void updateUserAttributes(ProvisionUser provisionUser)

initiateCreateAccessRequest

protected void initiateCreateAccessRequest(ProvisionUser user,
                                           boolean isAdd,
                                           String parentLogId)

initiateRevokeAccessRequest

protected void initiateRevokeAccessRequest(ProvisionUser pUser,
                                           String parentLogId)

runManageSysProcessorScriptOfUserIdentity

protected void runManageSysProcessorScriptOfUserIdentity(ProvisionUser pUser,
                                                         ProvisionUserObjectDiff diff,
                                                         ManagedSystemPropertyEnum process)
                                                  throws BasicDataServiceException

Throws:

BasicDataServiceException