Package com.identityworksllc.iiq.common
Class MatchUtilities
- java.lang.Object
-
- com.identityworksllc.iiq.common.AbstractBaseUtility
-
- com.identityworksllc.iiq.common.MatchUtilities
-
public class MatchUtilities extends AbstractBaseUtility
Utilities for matching objects using IIQ APIs
-
-
Field Summary
-
Fields inherited from class com.identityworksllc.iiq.common.AbstractBaseUtility
context, debug, log
-
-
Constructor Summary
Constructors Constructor Description MatchUtilities(sailpoint.api.SailPointContext c)
Basic constructor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Map<String,List<sailpoint.object.Link>>
findMatchingLinksByApplication(sailpoint.object.Bundle role, sailpoint.object.Identity identity)
Returns the list of matching Link objects by application for this role.String
getFilterHQL(sailpoint.object.Filter target, Class<? extends sailpoint.object.SailPointObject> targetClass, String... columns)
Performs some reflection digging into the Sailpoint API to transform a standardFilter
into a Hibernate HQL query.boolean
identityMatchesSimpleProfiles(sailpoint.object.Bundle role, sailpoint.object.Identity identity)
Returns true if the given identity has accounts matching all of the profiles on the given roleboolean
identitySelectorMatches(sailpoint.object.Identity test, String selectorName, Map<String,Object> requestParameters)
Returns true if the given identity would be a member of the given IdentityFilter (e.g.boolean
identitySelectorMatches(sailpoint.object.Identity test, sailpoint.object.IdentityFilter target, Map<String,Object> requestParameters)
Returns true if the given identity would be a member of the given IdentityFilter (e.g.boolean
linkMatchesProfile(sailpoint.object.Profile profile, sailpoint.object.Link link)
Returns true if the given Profile matches the given Link viaMapMatcher
.boolean
linkMatchesSimpleProfiles(sailpoint.object.Bundle role, sailpoint.object.Link link)
Returns true if the given link matches the profiles on the given roleboolean
matches(sailpoint.object.Bundle target, sailpoint.object.Identity test)
Returns true if the given Identity would be a member of the target Bundle, either by assignment or detectionboolean
matches(sailpoint.object.Filter target, sailpoint.object.Identity test)
Returns true if the given Filter would by matched by the given Identityboolean
matches(sailpoint.object.Identity target, String filter)
Returns true if the given identity would match the target filterboolean
matches(sailpoint.object.Identity target, sailpoint.object.Bundle role)
Returns true if the given Identity would be a member of the target Bundle, either by assignment or detectionboolean
matches(sailpoint.object.Identity target, sailpoint.object.CompoundFilter filter)
Returns true if the given identity would match the target filterboolean
matches(sailpoint.object.Identity target, sailpoint.object.DynamicScope scope)
Returns true if the given identity matches the given Dynamic Scopeboolean
matches(sailpoint.object.Identity target, sailpoint.object.Filter filter)
Returns true if the given identity would match the target filterboolean
matches(sailpoint.object.Identity target, sailpoint.object.GroupDefinition population)
Returns true if the given identity would match the target population’s filterboolean
matches(sailpoint.object.Identity target, sailpoint.object.IdentitySelector selector)
Returns true if the given identity would match the target filterboolean
matches(sailpoint.object.IdentitySelector target, sailpoint.object.Identity test)
Returns true if the given identity would match the target filter-
Methods inherited from class com.identityworksllc.iiq.common.AbstractBaseUtility
inject, isDebug, setDebug
-
-
-
-
Constructor Detail
-
MatchUtilities
public MatchUtilities(sailpoint.api.SailPointContext c)
Basic constructor- Parameters:
c
- The IIQ context
-
-
Method Detail
-
findMatchingLinksByApplication
public Map<String,List<sailpoint.object.Link>> findMatchingLinksByApplication(sailpoint.object.Bundle role, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Returns the list of matching Link objects by application for this role.Each profile may match more than one Link. Each Link will only be returned once, even if it matches multiple profiles.
Use
identityMatchesSimpleProfiles(Bundle, Identity)
first to determine an overall match and then this method to extract the matches.The result will be empty if the role has no profiles or is null.
- Parameters:
role
- The role from which profiles should be checkedidentity
- The identity from which to extract account details- Returns:
- A map of Application Name -> List of matching Links
- Throws:
sailpoint.tools.GeneralException
- if any lookup failures occur
-
getFilterHQL
public String getFilterHQL(sailpoint.object.Filter target, Class<? extends sailpoint.object.SailPointObject> targetClass, String... columns) throws sailpoint.tools.GeneralException
Performs some reflection digging into the Sailpoint API to transform a standardFilter
into a Hibernate HQL query.- Parameters:
target
- The target filter to transformtargetClass
- The target class (determines the queried tables)columns
- The columns to return- Returns:
- The HQL query
- Throws:
sailpoint.tools.GeneralException
- if any failures occur accessing the internal APIs
-
identityMatchesSimpleProfiles
public boolean identityMatchesSimpleProfiles(sailpoint.object.Bundle role, sailpoint.object.Identity identity) throws sailpoint.tools.GeneralException
Returns true if the given identity has accounts matching all of the profiles on the given role- Parameters:
role
- The role to checkidentity
- The identity whose links to check against the role- Returns:
- True if the link matches all of the Bundle profiles
- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
identitySelectorMatches
public boolean identitySelectorMatches(sailpoint.object.Identity test, sailpoint.object.IdentityFilter target, Map<String,Object> requestParameters) throws sailpoint.tools.GeneralException
Returns true if the given identity would be a member of the given IdentityFilter (e.g.used for searching)
- Parameters:
test
- The identity to testtarget
- The filter to checkrequestParameters
- Any parameters required by the filter script, if one exists- Returns:
- true if the identity matches the filter criteria
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
identitySelectorMatches
public boolean identitySelectorMatches(sailpoint.object.Identity test, String selectorName, Map<String,Object> requestParameters) throws sailpoint.tools.GeneralException
Returns true if the given identity would be a member of the given IdentityFilter (e.g.used for searching)
- Parameters:
test
- The identity to testselectorName
- The Identity Selector to queryrequestParameters
- Any parameters required by the filter script, if one exists- Returns:
- true if the identity matches the filter criteria
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
linkMatchesProfile
public boolean linkMatchesProfile(sailpoint.object.Profile profile, sailpoint.object.Link link) throws sailpoint.tools.GeneralException
Returns true if the given Profile matches the given Link viaMapMatcher
.- Parameters:
profile
- The profilelink
- The link- Returns:
- true if the link matches the profile
- Throws:
sailpoint.tools.GeneralException
- if any failures occur during matching (should never happen)
-
linkMatchesSimpleProfiles
public boolean linkMatchesSimpleProfiles(sailpoint.object.Bundle role, sailpoint.object.Link link) throws sailpoint.tools.GeneralException
Returns true if the given link matches the profiles on the given role- Parameters:
role
- The role to checklink
- The link to check against the role- Returns:
- True if the link matches all of the Bundle profiles
- Throws:
sailpoint.tools.GeneralException
- if any failures occur
-
matches
public boolean matches(sailpoint.object.Bundle target, sailpoint.object.Identity test) throws sailpoint.tools.GeneralException
Returns true if the given Identity would be a member of the target Bundle, either by assignment or detection- Parameters:
target
- The role to checktest
- The identity to test- Returns:
- true if the identity matches the role criteria
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Filter target, sailpoint.object.Identity test) throws sailpoint.tools.GeneralException
Returns true if the given Filter would by matched by the given Identity- Parameters:
target
- The filter to runtest
- The Identity to test against the filter- Returns:
- true if the identity matches the Filter
- Throws:
sailpoint.tools.GeneralException
- if a query exception occurs
-
matches
public boolean matches(sailpoint.object.Identity target, sailpoint.object.Bundle role) throws sailpoint.tools.GeneralException
Returns true if the given Identity would be a member of the target Bundle, either by assignment or detection- Parameters:
target
- The identity to testrole
- The bundle to test- Returns:
- true if the identity matches the role criteria
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Identity target, sailpoint.object.CompoundFilter filter) throws sailpoint.tools.GeneralException
Returns true if the given identity would match the target filter- Parameters:
target
- The target identityfilter
- The compound filter to check- Returns:
- True if the identity matches the filer
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Identity target, sailpoint.object.DynamicScope scope) throws sailpoint.tools.GeneralException
Returns true if the given identity matches the given Dynamic Scope- Parameters:
target
- The target to checkscope
- The scope to match against- Returns:
- true if the identity matches the dynamic scope filter
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Identity target, sailpoint.object.Filter filter) throws sailpoint.tools.GeneralException
Returns true if the given identity would match the target filter- Parameters:
target
- The target identityfilter
- The compound filter to check- Returns:
- True if the identity matches the filer
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Identity target, sailpoint.object.GroupDefinition population) throws sailpoint.tools.GeneralException
Returns true if the given identity would match the target population’s filter- Parameters:
target
- The target identitypopulation
- The population to check- Returns:
- True if the identity matches the filer
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Identity target, sailpoint.object.IdentitySelector selector) throws sailpoint.tools.GeneralException
Returns true if the given identity would match the target filter- Parameters:
target
- The target identityselector
- The selector / filter to check- Returns:
- True if the identity matches the filer
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.Identity target, String filter) throws sailpoint.tools.GeneralException
Returns true if the given identity would match the target filter- Parameters:
target
- The target identityfilter
- The filter string to compile and check- Returns:
- True if the identity matches the filer
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
matches
public boolean matches(sailpoint.object.IdentitySelector target, sailpoint.object.Identity test) throws sailpoint.tools.GeneralException
Returns true if the given identity would match the target filter- Parameters:
target
- The target selectortest
- The identity to examine- Returns:
- True if the identity matches the filer
- Throws:
sailpoint.tools.GeneralException
- if any match failure occurs
-
-