Package com.identityworksllc.iiq.common

Class MatchUtilities

    • Constructor Summary

      Constructors 
      Constructor Description
      MatchUtilities​(sailpoint.api.SailPointContext c)
      Basic constructor

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      Map<String,​List<sailpoint.object.Link>> findMatchingLinksByApplication​(sailpoint.object.Bundle role, sailpoint.object.Identity identity)
      Returns the list of matching Link objects by application for this role.
      String getFilterHQL​(sailpoint.object.Filter target, Class<? extends sailpoint.object.SailPointObject> targetClass, String... columns)
      Performs some reflection digging into the Sailpoint API to transform a standard Filter into a Hibernate HQL query.
      boolean identityMatchesSimpleProfiles​(sailpoint.object.Bundle role, sailpoint.object.Identity identity)
      Returns true if the given identity has accounts matching all of the profiles on the given role
      boolean identitySelectorMatches​(sailpoint.object.Identity test, String selectorName, Map<String,​Object> requestParameters)
      Returns true if the given identity would be a member of the given IdentityFilter (e.g.
      boolean identitySelectorMatches​(sailpoint.object.Identity test, sailpoint.object.IdentityFilter target, Map<String,​Object> requestParameters)
      Returns true if the given identity would be a member of the given IdentityFilter (e.g.
      boolean linkMatchesProfile​(sailpoint.object.Profile profile, sailpoint.object.Link link)
      Returns true if the given Profile matches the given Link via MapMatcher.
      boolean linkMatchesSimpleProfiles​(sailpoint.object.Bundle role, sailpoint.object.Link link)
      Returns true if the given link matches the profiles on the given role
      boolean matches​(sailpoint.object.Bundle target, sailpoint.object.Identity test)
      Returns true if the given Identity would be a member of the target Bundle, either by assignment or detection
      boolean matches​(sailpoint.object.Filter target, sailpoint.object.Identity test)
      Returns true if the given Filter would by matched by the given Identity
      boolean matches​(sailpoint.object.Identity target, String filter)
      Returns true if the given identity would match the target filter
      boolean matches​(sailpoint.object.Identity target, sailpoint.object.Bundle role)
      Returns true if the given Identity would be a member of the target Bundle, either by assignment or detection
      boolean matches​(sailpoint.object.Identity target, sailpoint.object.CompoundFilter filter)
      Returns true if the given identity would match the target filter
      boolean matches​(sailpoint.object.Identity target, sailpoint.object.DynamicScope scope)
      Returns true if the given identity matches the given Dynamic Scope
      boolean matches​(sailpoint.object.Identity target, sailpoint.object.Filter filter)
      Returns true if the given identity would match the target filter
      boolean matches​(sailpoint.object.Identity target, sailpoint.object.GroupDefinition population)
      Returns true if the given identity would match the target population’s filter
      boolean matches​(sailpoint.object.Identity target, sailpoint.object.IdentitySelector selector)
      Returns true if the given identity would match the target filter
      boolean matches​(sailpoint.object.IdentitySelector target, sailpoint.object.Identity test)
      Returns true if the given identity would match the target filter

    • Constructor Detail

      • MatchUtilities

        public MatchUtilities​(sailpoint.api.SailPointContext c)
        Basic constructor
        Parameters:
        c - The IIQ context

    • Method Detail

      • findMatchingLinksByApplication

        public Map<String,​List<sailpoint.object.Link>> findMatchingLinksByApplication​(sailpoint.object.Bundle role,
                                                                                    sailpoint.object.Identity identity)
                                                                             throws sailpoint.tools.GeneralException
        Returns the list of matching Link objects by application for this role.

        Each profile may match more than one Link. Each Link will only be returned once, even if it matches multiple profiles.

        Use identityMatchesSimpleProfiles(Bundle, Identity) first to determine an overall match and then this method to extract the matches.

        The result will be empty if the role has no profiles or is null.

        Parameters:
        role - The role from which profiles should be checked
        identity - The identity from which to extract account details
        Returns:
        A map of Application Name -> List of matching Links
        Throws:
        sailpoint.tools.GeneralException - if any lookup failures occur

      • getFilterHQL

        public String getFilterHQL​(sailpoint.object.Filter target,
                           Class<? extends sailpoint.object.SailPointObject> targetClass,
                           String... columns)
                    throws sailpoint.tools.GeneralException
        Performs some reflection digging into the Sailpoint API to transform a standard Filter into a Hibernate HQL query.
        Parameters:
        target - The target filter to transform
        targetClass - The target class (determines the queried tables)
        columns - The columns to return
        Returns:
        The HQL query
        Throws:
        sailpoint.tools.GeneralException - if any failures occur accessing the internal APIs

      • identityMatchesSimpleProfiles

        public boolean identityMatchesSimpleProfiles​(sailpoint.object.Bundle role,
                                             sailpoint.object.Identity identity)
                                      throws sailpoint.tools.GeneralException
        Returns true if the given identity has accounts matching all of the profiles on the given role
        Parameters:
        role - The role to check
        identity - The identity whose links to check against the role
        Returns:
        True if the link matches all of the Bundle profiles
        Throws:
        sailpoint.tools.GeneralException - if any failures occur

      • identitySelectorMatches

        public boolean identitySelectorMatches​(sailpoint.object.Identity test,
                                       sailpoint.object.IdentityFilter target,
                                       Map<String,​Object> requestParameters)
                                throws sailpoint.tools.GeneralException
        Returns true if the given identity would be a member of the given IdentityFilter (e.g.

        used for searching)

        Parameters:
        test - The identity to test
        target - The filter to check
        requestParameters - Any parameters required by the filter script, if one exists
        Returns:
        true if the identity matches the filter criteria
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • identitySelectorMatches

        public boolean identitySelectorMatches​(sailpoint.object.Identity test,
                                       String selectorName,
                                       Map<String,​Object> requestParameters)
                                throws sailpoint.tools.GeneralException
        Returns true if the given identity would be a member of the given IdentityFilter (e.g.

        used for searching)

        Parameters:
        test - The identity to test
        selectorName - The Identity Selector to query
        requestParameters - Any parameters required by the filter script, if one exists
        Returns:
        true if the identity matches the filter criteria
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • linkMatchesProfile

        public boolean linkMatchesProfile​(sailpoint.object.Profile profile,
                                  sailpoint.object.Link link)
                           throws sailpoint.tools.GeneralException
        Returns true if the given Profile matches the given Link via MapMatcher.
        Parameters:
        profile - The profile
        link - The link
        Returns:
        true if the link matches the profile
        Throws:
        sailpoint.tools.GeneralException - if any failures occur during matching (should never happen)

      • linkMatchesSimpleProfiles

        public boolean linkMatchesSimpleProfiles​(sailpoint.object.Bundle role,
                                         sailpoint.object.Link link)
                                  throws sailpoint.tools.GeneralException
        Returns true if the given link matches the profiles on the given role
        Parameters:
        role - The role to check
        link - The link to check against the role
        Returns:
        True if the link matches all of the Bundle profiles
        Throws:
        sailpoint.tools.GeneralException - if any failures occur

      • matches

        public boolean matches​(sailpoint.object.Bundle target,
                       sailpoint.object.Identity test)
                throws sailpoint.tools.GeneralException
        Returns true if the given Identity would be a member of the target Bundle, either by assignment or detection
        Parameters:
        target - The role to check
        test - The identity to test
        Returns:
        true if the identity matches the role criteria
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Filter target,
                       sailpoint.object.Identity test)
                throws sailpoint.tools.GeneralException
        Returns true if the given Filter would by matched by the given Identity
        Parameters:
        target - The filter to run
        test - The Identity to test against the filter
        Returns:
        true if the identity matches the Filter
        Throws:
        sailpoint.tools.GeneralException - if a query exception occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       sailpoint.object.Bundle role)
                throws sailpoint.tools.GeneralException
        Returns true if the given Identity would be a member of the target Bundle, either by assignment or detection
        Parameters:
        target - The identity to test
        role - The bundle to test
        Returns:
        true if the identity matches the role criteria
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       sailpoint.object.CompoundFilter filter)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity would match the target filter
        Parameters:
        target - The target identity
        filter - The compound filter to check
        Returns:
        True if the identity matches the filer
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       sailpoint.object.DynamicScope scope)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity matches the given Dynamic Scope
        Parameters:
        target - The target to check
        scope - The scope to match against
        Returns:
        true if the identity matches the dynamic scope filter
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       sailpoint.object.Filter filter)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity would match the target filter
        Parameters:
        target - The target identity
        filter - The compound filter to check
        Returns:
        True if the identity matches the filer
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       sailpoint.object.GroupDefinition population)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity would match the target population’s filter
        Parameters:
        target - The target identity
        population - The population to check
        Returns:
        True if the identity matches the filer
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       sailpoint.object.IdentitySelector selector)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity would match the target filter
        Parameters:
        target - The target identity
        selector - The selector / filter to check
        Returns:
        True if the identity matches the filer
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.Identity target,
                       String filter)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity would match the target filter
        Parameters:
        target - The target identity
        filter - The filter string to compile and check
        Returns:
        True if the identity matches the filer
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs

      • matches

        public boolean matches​(sailpoint.object.IdentitySelector target,
                       sailpoint.object.Identity test)
                throws sailpoint.tools.GeneralException
        Returns true if the given identity would match the target filter
        Parameters:
        target - The target selector
        test - The identity to examine
        Returns:
        True if the identity matches the filer
        Throws:
        sailpoint.tools.GeneralException - if any match failure occurs