View Javadoc
1   /**
2    * Copyright 2005-2014 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.impl.identity;
17  
18  import java.security.GeneralSecurityException;
19  import java.util.ArrayList;
20  import java.util.Collection;
21  import java.util.Collections;
22  import java.util.HashMap;
23  import java.util.HashSet;
24  import java.util.Iterator;
25  import java.util.List;
26  import java.util.Map;
27  import java.util.Set;
28  
29  import org.apache.commons.beanutils.PropertyUtils;
30  import org.apache.commons.lang.StringUtils;
31  import org.apache.log4j.Logger;
32  import org.kuali.rice.core.api.CoreApiServiceLocator;
33  import org.kuali.rice.core.api.criteria.CountFlag;
34  import org.kuali.rice.core.api.criteria.Predicate;
35  import org.kuali.rice.core.api.criteria.PredicateUtils;
36  import org.kuali.rice.core.api.criteria.QueryByCriteria;
37  import org.kuali.rice.kim.api.identity.IdentityService;
38  import org.kuali.rice.kim.api.identity.Person;
39  import org.kuali.rice.kim.api.identity.PersonService;
40  import org.kuali.rice.kim.api.identity.entity.EntityDefault;
41  import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
42  import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
43  import org.kuali.rice.kim.api.identity.principal.Principal;
44  import org.kuali.rice.kim.api.identity.type.EntityTypeContactInfoDefault;
45  import org.kuali.rice.kim.api.role.RoleService;
46  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
47  import org.kuali.rice.kim.impl.KIMPropertyConstants;
48  import org.kuali.rice.kns.service.BusinessObjectMetaDataService;
49  import org.kuali.rice.kns.service.KNSServiceLocator;
50  import org.kuali.rice.kns.service.MaintenanceDocumentDictionaryService;
51  import org.kuali.rice.krad.bo.BusinessObject;
52  import org.kuali.rice.krad.bo.DataObjectRelationship;
53  import org.kuali.rice.krad.data.DataObjectWrapper;
54  import org.kuali.rice.krad.data.KradDataServiceLocator;
55  import org.kuali.rice.krad.lookup.CollectionIncomplete;
56  import org.kuali.rice.krad.util.KRADConstants;
57  import org.kuali.rice.krad.util.KRADPropertyConstants;
58  import org.kuali.rice.krad.util.KRADUtils;
59  import org.springframework.beans.PropertyAccessorUtils;
60  
61  /**
62   * This is a description of what this class does - kellerj don't forget to fill this in.
63   *
64   * @author Kuali Rice Team (rice.collab@kuali.org)
65   *
66   */
67  public class PersonServiceImpl implements PersonService {
68  
69  	private static Logger LOG = Logger.getLogger( PersonServiceImpl.class );
70  	protected static final String ENTITY_EXT_ID_PROPERTY_PREFIX = "externalIdentifiers.";
71  	protected static final String ENTITY_AFFILIATION_PROPERTY_PREFIX = "affiliations.";
72  	protected static final String ENTITY_TYPE_PROPERTY_PREFIX = "entityTypeContactInfos.";
73  	protected static final String ENTITY_EMAIL_PROPERTY_PREFIX = "entityTypeContactInfos.emailAddresses.";
74  	protected static final String ENTITY_PHONE_PROPERTY_PREFIX = "entityTypeContactInfos.phoneNumbers.";
75  	protected static final String ENTITY_ADDRESS_PROPERTY_PREFIX = "entityTypeContactInfos.addresses.";
76  	protected static final String ENTITY_NAME_PROPERTY_PREFIX = "names.";
77  	protected static final String PRINCIPAL_PROPERTY_PREFIX = "principals.";
78  	protected static final String ENTITY_EMPLOYEE_ID_PROPERTY_PREFIX = "employmentInformation.";
79  	// KULRICE-4442 Special handling for extension objects
80  	protected static final String EXTENSION = "extension";
81  
82  	private IdentityService identityService;
83  	private RoleService roleService;
84  	private BusinessObjectMetaDataService businessObjectMetaDataService;
85  	private MaintenanceDocumentDictionaryService maintenanceDocumentDictionaryService;
86  
87  	protected List<String> personEntityTypeCodes = new ArrayList<String>( 4 );
88  	// String that can be passed to the lookup framework to create an type = X OR type = Y criteria
89  	private String personEntityTypeLookupCriteria = null;
90  
91  	protected Map<String,String> baseLookupCriteria = new HashMap<String,String>();
92  	protected Map<String,String> criteriaConversion = new HashMap<String,String>();
93  	protected ArrayList<String> personCachePropertyNames = new ArrayList<String>();
94  	{
95  		// init the criteria which will need to be applied to every lookup against
96  		// the identity data tables
97  		baseLookupCriteria.put( KIMPropertyConstants.Person.ACTIVE, "Y" );
98  		baseLookupCriteria.put( ENTITY_TYPE_PROPERTY_PREFIX + KRADPropertyConstants.ACTIVE, "Y" );
99  
100 		// create the field mappings between the Person object and the KimEntity object
101 		criteriaConversion.put( KIMPropertyConstants.Person.ENTITY_ID, KIMPropertyConstants.Entity.ID);
102 		criteriaConversion.put( KIMPropertyConstants.Person.ACTIVE, PRINCIPAL_PROPERTY_PREFIX + KRADPropertyConstants.ACTIVE );
103 		criteriaConversion.put( KIMPropertyConstants.Person.PRINCIPAL_ID, PRINCIPAL_PROPERTY_PREFIX + KIMPropertyConstants.Person.PRINCIPAL_ID );
104 		criteriaConversion.put( KIMPropertyConstants.Person.PRINCIPAL_NAME, PRINCIPAL_PROPERTY_PREFIX + KIMPropertyConstants.Person.PRINCIPAL_NAME );
105 		criteriaConversion.put( KIMPropertyConstants.Person.FIRST_NAME, "names.firstName" );
106 		criteriaConversion.put( KIMPropertyConstants.Person.LAST_NAME, "names.lastName" );
107 		criteriaConversion.put( KIMPropertyConstants.Person.MIDDLE_NAME, "names.middleName" );
108 		criteriaConversion.put( KIMPropertyConstants.Person.EMAIL_ADDRESS, "entityTypeContactInfos.emailAddresses.emailAddress" );
109 		criteriaConversion.put( KIMPropertyConstants.Person.PHONE_NUMBER, "entityTypeContactInfos.phoneNumbers.phoneNumber" );
110 		criteriaConversion.put( KIMPropertyConstants.Person.ADDRESS_LINE_1, "entityTypeContactInfos.addresses.line1" );
111 		criteriaConversion.put( KIMPropertyConstants.Person.ADDRESS_LINE_2, "entityTypeContactInfos.addresses.line2" );
112 		criteriaConversion.put( KIMPropertyConstants.Person.ADDRESS_LINE_3, "entityTypeContactInfos.addresses.line3" );
113 		criteriaConversion.put( KIMPropertyConstants.Person.CITY, "entityTypeContactInfos.addresses.city" );
114 		criteriaConversion.put( KIMPropertyConstants.Person.STATE_CODE, "entityTypeContactInfos.addresses.stateProvinceCode" );
115 		criteriaConversion.put( KIMPropertyConstants.Person.POSTAL_CODE, "entityTypeContactInfos.addresses.postalCode" );
116 		criteriaConversion.put( KIMPropertyConstants.Person.COUNTRY_CODE, "entityTypeContactInfos.addresses.countryCode" );
117 		criteriaConversion.put( KIMPropertyConstants.Person.CAMPUS_CODE, "affiliations.campusCode" );
118 		criteriaConversion.put( KIMPropertyConstants.Person.AFFILIATION_TYPE_CODE, "affiliations.affiliationTypeCode" );
119 		criteriaConversion.put( KIMPropertyConstants.Person.EXTERNAL_IDENTIFIER_TYPE_CODE, "externalIdentifiers.externalIdentifierTypeCode" );
120 		criteriaConversion.put( KIMPropertyConstants.Person.EXTERNAL_ID, "externalIdentifiers.externalId" );
121 		criteriaConversion.put( KIMPropertyConstants.Person.EMPLOYEE_TYPE_CODE, "employmentInformation.employeeTypeCode" );
122 		criteriaConversion.put( KIMPropertyConstants.Person.EMPLOYEE_STATUS_CODE, "employmentInformation.employeeStatusCode" );
123 		criteriaConversion.put( KIMPropertyConstants.Person.EMPLOYEE_ID, "employmentInformation.employeeId" );
124 		criteriaConversion.put( KIMPropertyConstants.Person.BASE_SALARY_AMOUNT, "employmentInformation.baseSalaryAmount" );
125 		criteriaConversion.put( KIMPropertyConstants.Person.PRIMARY_DEPARTMENT_CODE, "employmentInformation.primaryDepartmentCode" );
126 
127 		personCachePropertyNames.add( KIMPropertyConstants.Person.PRINCIPAL_ID );
128 		personCachePropertyNames.add( KIMPropertyConstants.Person.PRINCIPAL_NAME );
129 		personCachePropertyNames.add( KIMPropertyConstants.Person.ENTITY_ID );
130 		personCachePropertyNames.add( KIMPropertyConstants.Person.FIRST_NAME );
131 		personCachePropertyNames.add( KIMPropertyConstants.Person.LAST_NAME );
132 		personCachePropertyNames.add( KIMPropertyConstants.Person.MIDDLE_NAME );
133 		personCachePropertyNames.add( KIMPropertyConstants.Person.CAMPUS_CODE );
134 		personCachePropertyNames.add( KIMPropertyConstants.Person.EMPLOYEE_ID );
135 		personCachePropertyNames.add( KIMPropertyConstants.Person.PRIMARY_DEPARTMENT_CODE );
136 	}
137 
138 
139 	/**
140 	 * @see org.kuali.rice.kim.api.identity.PersonService#getPerson(java.lang.String)
141 	 */
142 	@Override
143     public Person getPerson(String principalId) {
144 		if ( StringUtils.isBlank(principalId) ) {
145 			return null;
146 		}
147 
148 		// get the corresponding principal
149 		final Principal principal = getIdentityService().getPrincipal( principalId );
150 		// get the identity
151 		if ( principal != null ) {
152 			final EntityDefault entity = getIdentityService().getEntityDefault(principal.getEntityId());
153          	// convert the principal and identity to a Person
154             // skip if the person was created from the DB cache
155             if (entity != null ) {
156                 return convertEntityToPerson( entity, principal );
157             }
158 		}
159 		return null;
160 	}
161 
162 	protected PersonImpl convertEntityToPerson( EntityDefault entity, Principal principal ) {
163 		try {
164 			// get the EntityEntityType for the EntityType corresponding to a Person
165 			for ( String entityTypeCode : personEntityTypeCodes ) {
166 				EntityTypeContactInfoDefault entType = entity.getEntityType( entityTypeCode );
167 				// if no "person" identity type present for the given principal, skip to the next type in the list
168 				if ( entType == null ) {
169 					continue;
170 				}
171 				// attach the principal and identity objects
172 				// PersonImpl has logic to pull the needed elements from the KimEntity-related classes
173 				return new PersonImpl( principal, entity, entityTypeCode );
174 			}
175 			return null;
176 		} catch ( Exception ex ) {
177 			// allow runtime exceptions to pass through
178 			if ( ex instanceof RuntimeException ) {
179 				throw (RuntimeException)ex;
180 			}
181 			throw new RuntimeException( "Problem building person object", ex );
182 		}
183 	}
184 
185 
186 	/**
187 	 * @see org.kuali.rice.kim.api.identity.PersonService#getPersonByPrincipalName(java.lang.String)
188 	 */
189 	@Override
190     public Person getPersonByPrincipalName(String principalName) {
191 		if ( StringUtils.isBlank(principalName) ) {
192 			return null;
193 		}
194 
195 		// get the corresponding principal
196 		final Principal principal = getIdentityService().getPrincipalByPrincipalName( principalName );
197 		// get the identity
198 		if ( principal != null ) {
199             final EntityDefault entity = getIdentityService().getEntityDefault(principal.getEntityId());
200 
201             // convert the principal and identity to a Person
202             if ( entity != null ) {
203                 return convertEntityToPerson( entity, principal );
204             }
205 		}
206 		return null;
207 	}
208 
209 	@Override
210     public Person getPersonByEmployeeId(String employeeId) {
211 		if ( StringUtils.isBlank( employeeId  ) ) {
212 			return null;
213 		}
214 
215 		final List<Person> people = findPeople( Collections.singletonMap(KIMPropertyConstants.Person.EMPLOYEE_ID, employeeId) );
216 		if ( !people.isEmpty() ) {
217 			return people.get(0);
218 
219 		}
220 
221 	    // If no person was found above, check for inactive records
222         EntityDefault entity = getIdentityService().getEntityDefaultByEmployeeId(employeeId);
223         if (entity != null) {
224             if ( !entity.getPrincipals().isEmpty() ) {
225                 Principal principal = getIdentityService().getPrincipal(entity.getPrincipals().get(0).getPrincipalId());
226                 if (principal != null) {
227                     return convertEntityToPerson( entity, principal );
228                 }
229             }
230         }
231 
232 		return null;
233 	}
234 
235 	/**
236 	 * @see org.kuali.rice.kim.api.identity.PersonService#findPeople(Map)
237 	 */
238 	@Override
239     public List<Person> findPeople(Map<String, String> criteria) {
240 		return findPeople(criteria, true);
241 	}
242 
243 	/**
244 	 * @see org.kuali.rice.kim.api.identity.PersonService#findPeople(java.util.Map, boolean)
245 	 */
246 	@Override
247     public List<Person> findPeople(Map<String, String> criteria, boolean unbounded) {
248 		List<Person> people = null;
249 		// protect from NPEs
250 		if ( criteria == null ) {
251 			criteria = Collections.emptyMap();
252 		}
253 		// make a copy so it can be modified safely in this method
254 		criteria = new HashMap<String, String>( criteria );
255 
256 		// extract the role lookup parameters and then remove them since later code will not know what to do with them
257 		String roleName = criteria.get( "lookupRoleName" );
258 		String namespaceCode = criteria.get( "lookupRoleNamespaceCode" );
259 		criteria.remove("lookupRoleName");
260 		criteria.remove("lookupRoleNamespaceCode");
261 		if ( StringUtils.isNotBlank(namespaceCode) && StringUtils.isNotBlank(roleName) ) {
262 			Integer searchResultsLimit = org.kuali.rice.kns.lookup.LookupUtils.getSearchResultsLimit(PersonImpl.class);
263 			int searchResultsLimitInt = Integer.MAX_VALUE;
264 			if (searchResultsLimit != null) {
265 				searchResultsLimitInt = searchResultsLimit.intValue();
266 			}
267 			if ( LOG.isDebugEnabled() ) {
268 				LOG.debug("Performing Person search including role filter: " + namespaceCode + "/" + roleName );
269 			}
270 			if ( criteria.size() == 1 && criteria.containsKey(KIMPropertyConstants.Person.ACTIVE) ) { // if only active is specified
271 				if ( LOG.isDebugEnabled() ) {
272 					LOG.debug( "Only active criteria specified, running role search first" );
273 				}
274 				// in this case, run the role lookup first and pass those results to the person lookup
275 				Collection<String> principalIds = getRoleService().getRoleMemberPrincipalIds(namespaceCode, roleName,  Collections.<String, String>emptyMap());
276 				StringBuffer sb = new StringBuffer(principalIds.size()*15);
277 				Iterator<String> pi = principalIds.iterator();
278 				while ( pi.hasNext() ) {
279 					sb.append( pi.next() );
280 					if ( pi.hasNext() ) {
281                         sb.append( '|' );
282                     }
283 				}
284 				// add the list of principal IDs to the lookup so that only matching Person objects are returned
285 				criteria.put( KIMPropertyConstants.Person.PRINCIPAL_ID, sb.toString() );
286 				people = findPeopleInternal(criteria, false); // can allow internal method to filter here since no more filtering necessary
287 			} else if ( !criteria.isEmpty() ) { // i.e., person criteria are specified
288 				if ( LOG.isDebugEnabled() ) {
289 					LOG.debug( "Person criteria also specified, running that search first" );
290 				}
291 				// run the person lookup first
292 				people = findPeopleInternal(criteria, true); // get all, since may need to be filtered
293 				// TODO - now check if these people have the given role
294 				// build a principal list
295 				List<String> principalIds = peopleToPrincipalIds( people );
296 				// get sublist of principals that have the given roles
297 				principalIds = getRoleService().getPrincipalIdSubListWithRole(principalIds, namespaceCode, roleName,  Collections.<String, String>emptyMap());
298 				// re-convert into people objects, wrapping in CollectionIncomplete if needed
299 				if ( !unbounded && principalIds.size() > searchResultsLimitInt ) {
300 					int actualResultSize = principalIds.size();
301 					// trim the list down before converting to people
302 					principalIds = new ArrayList<String>(principalIds).subList(0, searchResultsLimitInt); // yes, this is a little wasteful
303 					people = getPeople(principalIds); // convert the results to people
304 					people = new CollectionIncomplete<Person>( people.subList(0, searchResultsLimitInt), new Long(actualResultSize) );
305 				} else {
306 					people = getPeople(principalIds);
307 				}
308 			} else { // only role criteria specified
309 				if ( LOG.isDebugEnabled() ) {
310 					LOG.debug( "No Person criteria specified - only using role service." );
311 				}
312 				// run the role criteria to get the principals with the role
313 				Collection<String> principalIds = getRoleService().getRoleMemberPrincipalIds(namespaceCode, roleName,  Collections.<String, String>emptyMap());
314 				if ( !unbounded && principalIds.size() > searchResultsLimitInt ) {
315 					int actualResultSize = principalIds.size();
316 					// trim the list down before converting to people
317 					principalIds = new ArrayList<String>(principalIds).subList(0, searchResultsLimitInt); // yes, this is a little wasteful
318 					people = getPeople(principalIds); // convert the results to people
319 					people = new CollectionIncomplete<Person>( people.subList(0, searchResultsLimitInt), new Long(actualResultSize) );
320 				} else {
321 					people = getPeople(principalIds); // convert the results to people
322 				}
323 			}
324 		} else {
325 			if ( LOG.isDebugEnabled() ) {
326 				LOG.debug( "No Role criteria specified, running person lookup as normal." );
327 			}
328 			people = findPeopleInternal(criteria, unbounded);
329 		}
330 
331 		// The following change is for KULRICE-5694 - It prevents duplicate rows from being returned for the
332 		// person inquiry (In this case, duplicate meaning same entityId, principalId, and principalNm).
333 		// This allows for multiple rows to be returned if an entityID has more then one principal name
334 		// or more than one principal ID.
335         Set<String> peopleNoDupsSet = new HashSet<String>();
336         List<Person> peopleNoDupsList = new ArrayList<Person>();
337 
338 	    for (Iterator<Person> iter = people.iterator(); iter.hasNext(); ) {
339 	        Person person = iter.next();
340 	        if (peopleNoDupsSet.add(person.getEntityId() + person.getPrincipalId() + person.getPrincipalName())) {
341 	            peopleNoDupsList.add(person);
342 	        }
343 	    }
344 
345 	    people.clear();
346 	    people.addAll(peopleNoDupsList);
347 
348 	    return people;
349 	}
350 
351 	@SuppressWarnings("unchecked")
352 	protected List<Person> findPeopleInternal(Map<String,String> criteria, boolean unbounded ) {
353 		// convert the criteria to a form that can be used by the ORM layer
354 
355         //TODO convert this to the new criteria predicates
356 		Map<String,String> entityCriteria = convertPersonPropertiesToEntityProperties( criteria );
357 
358         Predicate predicate = PredicateUtils.convertMapToPredicate(entityCriteria);
359 
360         QueryByCriteria.Builder queryBuilder = QueryByCriteria.Builder.create();
361         queryBuilder.setPredicates(predicate);
362 
363 		if (!unbounded) {
364 			Integer searchResultsLimit = org.kuali.rice.kns.lookup.LookupUtils.getSearchResultsLimit(PersonImpl.class);
365     		if (searchResultsLimit != null && searchResultsLimit >= 0) {
366     			queryBuilder.setMaxResults(searchResultsLimit);
367     			queryBuilder.setCountFlag(CountFlag.INCLUDE);
368 			}
369 		}
370 
371 		List<Person> people = new ArrayList<Person>();
372 
373 		EntityDefaultQueryResults qr = getIdentityService().findEntityDefaults( queryBuilder.build() );
374 
375         if (qr.getResults().size() > 0) {
376 
377             for ( EntityDefault e : qr.getResults() ) {
378 			    // get to get all principals for the identity as well
379 			    for ( Principal p : e.getPrincipals() ) {
380 			    	people.add( convertEntityToPerson( e, p ) );
381 			    }
382 		    }
383         } else if (!qr.isMoreResultsAvailable() && entityCriteria.containsKey("principals.principalId")) {
384             if (!(entityCriteria.containsKey(KIMPropertyConstants.Person.ACTIVE)) || (criteria.get(KIMPropertyConstants.Person.ACTIVE).equals("N"))) {
385                 String principalId =  entityCriteria.get("principals.principalId");
386                 try {
387                     EntityDefault entityDefault = getIdentityService().getEntityDefaultByPrincipalId(principalId);
388                     for ( Principal p : entityDefault.getPrincipals() ) {
389                         if (!p.isActive()){
390                             people.add( convertEntityToPerson(entityDefault, p ) );
391                         }
392                     }
393                 } catch ( Exception e ) {
394                     LOG.info( "A principal Id of " + principalId + " dose not exist in the system");
395                 }
396             }
397         } else if (!qr.isMoreResultsAvailable() &&  entityCriteria.containsKey("principals.principalName")) {
398             if (!(entityCriteria.containsKey(KIMPropertyConstants.Person.ACTIVE)) || (criteria.get(KIMPropertyConstants.Person.ACTIVE).equals("N"))) {
399                 String principalNm =  entityCriteria.get("principals.principalName");
400                 try {
401                     EntityDefault entityDefault = getIdentityService().getEntityDefaultByPrincipalName(principalNm);
402                     for ( Principal p : entityDefault.getPrincipals() ) {
403                         if (!p.isActive()){
404                             people.add( convertEntityToPerson(entityDefault, p ) );
405                         }
406                     }
407                 } catch ( Exception e ) {
408                     LOG.info( "A principal name of " + principalNm + " dose not exist in the system");
409                 }
410             }
411         }
412         return people;
413 	}
414 
415 	public Map<String,String> convertPersonPropertiesToEntityProperties( Map<String,String> criteria ) {
416 		if ( LOG.isDebugEnabled() ) {
417 			LOG.debug( "convertPersonPropertiesToEntityProperties: " + criteria );
418 		}
419 		boolean nameCriteria = false;
420 		boolean addressCriteria = false;
421 		boolean externalIdentifierCriteria = false;
422 		boolean affiliationCriteria = false;
423 		boolean affiliationDefaultOnlyCriteria = false;
424 		boolean phoneCriteria = false;
425 		boolean emailCriteria = false;
426 		boolean employeeIdCriteria = false;
427 		// add base lookups for all person lookups
428 		HashMap<String,String> newCriteria = new HashMap<String,String>();
429 		newCriteria.putAll( baseLookupCriteria );
430 
431 		newCriteria.put( "entityTypeContactInfos.entityTypeCode", personEntityTypeLookupCriteria );
432 
433         if ( criteria != null ) {
434 			for ( String key : criteria.keySet() ) {
435 			    //check active radio button
436 	            if(key.equals(KIMPropertyConstants.Person.ACTIVE)) {
437 	                newCriteria.put(criteriaConversion.get(KIMPropertyConstants.Person.ACTIVE), criteria.get(KIMPropertyConstants.Person.ACTIVE));
438 	            } else {
439 	                // The following if statement enables the "both" button to work correctly.
440 	                if (!(criteria.containsKey(KIMPropertyConstants.Person.ACTIVE))) {
441 	                    newCriteria.remove( KIMPropertyConstants.Person.ACTIVE );
442 	                }
443 	            }
444 
445 				// if no value was passed, skip the entry in the Map
446 				if ( StringUtils.isEmpty( criteria.get(key) ) ) {
447 					continue;
448 				}
449 				// check if the value needs to be encrypted
450 				// handle encrypted external identifiers
451 				if ( key.equals( KIMPropertyConstants.Person.EXTERNAL_ID ) && StringUtils.isNotBlank(criteria.get(key)) ) {
452 					// look for a ext ID type property
453 					if ( criteria.containsKey( KIMPropertyConstants.Person.EXTERNAL_IDENTIFIER_TYPE_CODE ) ) {
454 						String extIdTypeCode = criteria.get(KIMPropertyConstants.Person.EXTERNAL_IDENTIFIER_TYPE_CODE);
455 						if ( StringUtils.isNotBlank(extIdTypeCode) ) {
456 							// if found, load that external ID Type via service
457 							EntityExternalIdentifierType extIdType = getIdentityService().getExternalIdentifierType(extIdTypeCode);
458 							// if that type needs to be encrypted, encrypt the value in the criteria map
459 							if ( extIdType != null && extIdType.isEncryptionRequired() ) {
460 								try {
461                                     if(CoreApiServiceLocator.getEncryptionService().isEnabled()) {
462 									    criteria.put(key,
463 										    	CoreApiServiceLocator.getEncryptionService().encrypt(criteria.get(key))
464 										    	);
465                                     }
466 								} catch (GeneralSecurityException ex) {
467 									LOG.error("Unable to encrypt value for external ID search of type " + extIdTypeCode, ex );
468 								}
469 							}
470 						}
471 					}
472 				}
473 
474 				// convert the property to the Entity data model
475 				String entityProperty = criteriaConversion.get( key );
476 				if ( entityProperty != null ) {
477 					newCriteria.put( entityProperty, criteria.get( key ) );
478 				} else {
479 					entityProperty = key;
480 					// just pass it through if no translation present
481 					newCriteria.put( key, criteria.get( key ) );
482 				}
483 				// check if additional criteria are needed based on the types of properties specified
484 				if ( isNameEntityCriteria( entityProperty ) ) {
485 					nameCriteria = true;
486 				}
487 				if ( isExternalIdentifierEntityCriteria( entityProperty ) ) {
488 					externalIdentifierCriteria = true;
489 				}
490 				if ( isAffiliationEntityCriteria( entityProperty ) ) {
491 					affiliationCriteria = true;
492 				}
493 				if ( isAddressEntityCriteria( entityProperty ) ) {
494 					addressCriteria = true;
495 				}
496 				if ( isPhoneEntityCriteria( entityProperty ) ) {
497 					phoneCriteria = true;
498 				}
499 				if ( isEmailEntityCriteria( entityProperty ) ) {
500 					emailCriteria = true;
501 				}
502 				if ( isEmployeeIdEntityCriteria( entityProperty ) ) {
503 					employeeIdCriteria = true;
504 				}
505 				// special handling for the campus code, since that forces the query to look
506 				// at the default affiliation record only
507 				if ( key.equals( "campusCode" ) ) {
508 					affiliationDefaultOnlyCriteria = true;
509 				}
510 			}
511 
512 			if ( nameCriteria ) {
513 				newCriteria.put( ENTITY_NAME_PROPERTY_PREFIX + "active", "Y" );
514 				newCriteria.put( ENTITY_NAME_PROPERTY_PREFIX + "defaultValue", "Y" );
515 				//newCriteria.put(ENTITY_NAME_PROPERTY_PREFIX + "nameCode", "PRFR");//so we only display 1 result
516 			}
517 			if ( addressCriteria ) {
518 				newCriteria.put( ENTITY_ADDRESS_PROPERTY_PREFIX + "active", "Y" );
519 				newCriteria.put( ENTITY_ADDRESS_PROPERTY_PREFIX + "defaultValue", "Y" );
520 			}
521 			if ( phoneCriteria ) {
522 				newCriteria.put( ENTITY_PHONE_PROPERTY_PREFIX + "active", "Y" );
523 				newCriteria.put( ENTITY_PHONE_PROPERTY_PREFIX + "defaultValue", "Y" );
524 			}
525 			if ( emailCriteria ) {
526 				newCriteria.put( ENTITY_EMAIL_PROPERTY_PREFIX + "active", "Y" );
527 				newCriteria.put( ENTITY_EMAIL_PROPERTY_PREFIX + "defaultValue", "Y" );
528 			}
529 			if ( employeeIdCriteria ) {
530 				newCriteria.put( ENTITY_EMPLOYEE_ID_PROPERTY_PREFIX + "active", "Y" );
531 				newCriteria.put( ENTITY_EMPLOYEE_ID_PROPERTY_PREFIX + "primary", "Y" );
532 			}
533 			if ( affiliationCriteria ) {
534 				newCriteria.put( ENTITY_AFFILIATION_PROPERTY_PREFIX + "active", "Y" );
535 			}
536 			if ( affiliationDefaultOnlyCriteria ) {
537 				newCriteria.put( ENTITY_AFFILIATION_PROPERTY_PREFIX + "defaultValue", "Y" );
538 			}
539         }
540 
541 		if ( LOG.isDebugEnabled() ) {
542 			LOG.debug( "Converted: " + newCriteria );
543 		}
544 		return newCriteria;
545 	}
546 
547 	protected boolean isNameEntityCriteria( String propertyName ) {
548 		return propertyName.startsWith( ENTITY_NAME_PROPERTY_PREFIX );
549 	}
550 	protected boolean isAddressEntityCriteria( String propertyName ) {
551 		return propertyName.startsWith( ENTITY_ADDRESS_PROPERTY_PREFIX );
552 	}
553 	protected boolean isPhoneEntityCriteria( String propertyName ) {
554 		return propertyName.startsWith( ENTITY_PHONE_PROPERTY_PREFIX );
555 	}
556 	protected boolean isEmailEntityCriteria( String propertyName ) {
557 		return propertyName.startsWith( ENTITY_EMAIL_PROPERTY_PREFIX );
558 	}
559 	protected boolean isEmployeeIdEntityCriteria( String propertyName ) {
560 		return propertyName.startsWith( ENTITY_EMPLOYEE_ID_PROPERTY_PREFIX );
561 	}
562 	protected boolean isAffiliationEntityCriteria( String propertyName ) {
563 		return propertyName.startsWith( ENTITY_AFFILIATION_PROPERTY_PREFIX );
564 	}
565 	protected boolean isExternalIdentifierEntityCriteria( String propertyName ) {
566 		return propertyName.startsWith( ENTITY_EXT_ID_PROPERTY_PREFIX );
567 	}
568 
569 	/**
570 	 * Get the entityTypeCode that can be associated with a Person.  This will determine
571 	 * where EntityType-related data is pulled from within the KimEntity object.  The codes
572 	 * in the list will be examined in the order present.
573 	 */
574 	public List<String> getPersonEntityTypeCodes() {
575 		return this.personEntityTypeCodes;
576 	}
577 
578 	public void setPersonEntityTypeCodes(List<String> personEntityTypeCodes) {
579 		this.personEntityTypeCodes = personEntityTypeCodes;
580 		personEntityTypeLookupCriteria = null;
581 		for ( String entityTypeCode : personEntityTypeCodes ) {
582 			if ( personEntityTypeLookupCriteria == null ) {
583 				personEntityTypeLookupCriteria = entityTypeCode;
584 			} else {
585 				personEntityTypeLookupCriteria = personEntityTypeLookupCriteria + "|" + entityTypeCode;
586 			}
587 		}
588 	}
589 
590 
591 	protected List<Person> getPeople( Collection<String> principalIds ) {
592 		List<Person> people = new ArrayList<Person>( principalIds.size() );
593 		for ( String principalId : principalIds ) {
594 			people.add( getPerson(principalId) );
595 		}
596 		return people;
597 	}
598 
599 	protected List<String> peopleToPrincipalIds( List<Person> people ) {
600 		List<String> principalIds = new ArrayList<String>();
601 
602 		for ( Person person : people ) {
603 			principalIds.add( person.getPrincipalId() );
604 		}
605 
606 		return principalIds;
607 	}
608 
609 	/**
610 	 * @see org.kuali.rice.kim.api.identity.PersonService#getPersonByExternalIdentifier(java.lang.String, java.lang.String)
611 	 */
612 	@Override
613     public List<Person> getPersonByExternalIdentifier(String externalIdentifierTypeCode, String externalId) {
614 		if (StringUtils.isBlank( externalIdentifierTypeCode ) || StringUtils.isBlank( externalId ) ) {
615 			return null;
616 		}
617 		Map<String,String> criteria = new HashMap<String,String>( 2 );
618 		criteria.put( KIMPropertyConstants.Person.EXTERNAL_IDENTIFIER_TYPE_CODE, externalIdentifierTypeCode );
619 		criteria.put( KIMPropertyConstants.Person.EXTERNAL_ID, externalId );
620 		return findPeople( criteria );
621 	}
622 
623 	/**
624 	 * @see org.kuali.rice.kim.api.identity.PersonService#updatePersonIfNecessary(java.lang.String, org.kuali.rice.kim.api.identity.Person)
625 	 */
626     @Override
627     public Person updatePersonIfNecessary(String sourcePrincipalId, Person currentPerson ) {
628         if (currentPerson  == null // no person set
629                 || !StringUtils.equals(sourcePrincipalId, currentPerson.getPrincipalId() ) // principal ID mismatch
630                 || currentPerson.getEntityId() == null ) { // syntheticially created Person object
631             Person person = getPerson( sourcePrincipalId );
632             // if a synthetically created person object is present, leave it - required for property derivation and the UI layer for
633             // setting the principal name
634             if ( person == null ) {
635                 if ( currentPerson != null && currentPerson.getEntityId() == null ) {
636                     return currentPerson;
637                 }
638             }
639             // if both are null, create an empty object for property derivation
640             if ( person == null && currentPerson == null ) {
641             	try {
642             		return new PersonImpl();
643             	} catch ( Exception ex ) {
644             		LOG.error( "unable to instantiate an object of type: " + getPersonImplementationClass() + " - returning null", ex );
645             		return null;
646             	}
647             }
648             return person;
649         }
650         // otherwise, no need to change the given object
651         return currentPerson;
652     }
653 
654     /**
655      * Builds a map containing entries from the passed in Map that do NOT represent properties on an embedded
656      * Person object.
657      */
658     private Map<String,String> getNonPersonSearchCriteria( Object bo, Map<String,String> fieldValues) {
659         Map<String,String> nonUniversalUserSearchCriteria = new HashMap<String,String>();
660         for ( String propertyName : fieldValues.keySet() ) {
661             if (!isPersonProperty(bo, propertyName)) {
662                 nonUniversalUserSearchCriteria.put(propertyName, fieldValues.get(propertyName));
663             }
664         }
665         return nonUniversalUserSearchCriteria;
666     }
667 
668 
669     private boolean isPersonProperty(Object bo, String propertyName) {
670         try {
671         	if (PropertyAccessorUtils.isNestedOrIndexedProperty( propertyName ) // is a nested property
672             		&& !StringUtils.contains(propertyName, "add.") ) {// exclude add line properties (due to path parsing problems in PropertyUtils.getPropertyType)
673                 int lastIndex = PropertyAccessorUtils.getLastNestedPropertySeparatorIndex(propertyName);
674                 String propertyTypeName = lastIndex != -1 ? StringUtils.substring(propertyName, 0, lastIndex) : StringUtils.EMPTY;
675         		Class<?> type = PropertyUtils.getPropertyType(bo, propertyTypeName);
676         		// property type indicates a Person object
677         		if ( type != null ) {
678         			return Person.class.isAssignableFrom(type);
679         		}
680         		LOG.warn( "Unable to determine type of nested property: " + bo.getClass().getName() + " / " + propertyName );
681         	}
682         } catch (Exception ex) {
683         	if ( LOG.isDebugEnabled() ) {
684         		LOG.debug("Unable to determine if property on " + bo.getClass().getName() + " to a person object: " + propertyName, ex );
685         	}
686         }
687         return false;
688     }
689 
690     /**
691      * @see org.kuali.rice.kim.api.identity.PersonService#resolvePrincipalNamesToPrincipalIds(org.kuali.rice.krad.bo.BusinessObject, java.util.Map)
692      */
693     @Override
694     @SuppressWarnings("unchecked")
695 	public Map<String,String> resolvePrincipalNamesToPrincipalIds(BusinessObject businessObject, Map<String,String> fieldValues) {
696     	if ( fieldValues == null ) {
697     		return null;
698     	}
699     	if ( businessObject == null ) {
700     		return fieldValues;
701     	}
702     	StringBuffer resolvedPrincipalIdPropertyName = new StringBuffer();
703     	// save off all criteria which are not references to Person properties
704     	// leave person properties out so they can be resolved and replaced by this method
705         Map<String,String> processedFieldValues = getNonPersonSearchCriteria(businessObject, fieldValues);
706         for ( String propertyName : fieldValues.keySet() ) {
707             if (	!StringUtils.isBlank(fieldValues.get(propertyName))  // property has a value
708             		&& isPersonProperty(businessObject, propertyName) // is a property on a Person object
709             		) {
710             	// strip off the prefix on the property
711                 int lastPropertyIndex = PropertyAccessorUtils.getLastNestedPropertySeparatorIndex(propertyName);
712                 String personPropertyName = lastPropertyIndex != -1 ? StringUtils.substring(propertyName, lastPropertyIndex + 1) : propertyName;
713                 // special case - the user ID
714                 if ( StringUtils.equals( KIMPropertyConstants.Person.PRINCIPAL_NAME, personPropertyName) ) {
715                     Class targetBusinessObjectClass = null;
716                     BusinessObject targetBusinessObject = null;
717                     resolvedPrincipalIdPropertyName.setLength( 0 ); // clear the buffer without requiring a new object allocation on each iteration
718                 	// get the property name up until the ".principalName"
719                 	// this should be a reference to the Person object attached to the BusinessObject
720                     String personReferenceObjectPropertyName =  lastPropertyIndex != -1 ? StringUtils.substring(propertyName, 0, lastPropertyIndex) : StringUtils.EMPTY;
721                 	// check if the person was nested within another BO under the master BO.  If so, go up one more level
722                 	// otherwise, use the passed in BO class as the target class
723                     if ( PropertyAccessorUtils.isNestedOrIndexedProperty(personReferenceObjectPropertyName) ) {
724                         int lastTargetIndex = PropertyAccessorUtils.getLastNestedPropertySeparatorIndex(personReferenceObjectPropertyName);
725                         String targetBusinessObjectPropertyName = lastTargetIndex != -1 ? StringUtils.substring(personReferenceObjectPropertyName, 0, lastTargetIndex) : StringUtils.EMPTY;
726                         DataObjectWrapper<BusinessObject> wrapper = KradDataServiceLocator.getDataObjectService().wrap(businessObject);
727                         targetBusinessObject = (BusinessObject) wrapper.getPropertyValueNullSafe(targetBusinessObjectPropertyName);
728                         if (targetBusinessObject != null) {
729                             targetBusinessObjectClass = targetBusinessObject.getClass();
730                             resolvedPrincipalIdPropertyName.append(targetBusinessObjectPropertyName).append(".");
731                         } else {
732                             LOG.error("Could not find target property '"+propertyName+"' in class "+businessObject.getClass().getName()+". Property value was null.");
733                         }
734                     } else { // not a nested Person property
735                         targetBusinessObjectClass = businessObject.getClass();
736                         targetBusinessObject = businessObject;
737                     }
738 
739                     if (targetBusinessObjectClass != null) {
740                     	// use the relationship metadata in the KNS to determine the property on the
741                     	// host business object to put back into the map now that the principal ID
742                     	// (the value stored in application tables) has been resolved
743                         int lastIndex = PropertyAccessorUtils.getLastNestedPropertySeparatorIndex(personReferenceObjectPropertyName);
744                         String propName = lastIndex != -1 ? StringUtils.substring(personReferenceObjectPropertyName, lastIndex + 1) : personReferenceObjectPropertyName;
745                         DataObjectRelationship rel = getBusinessObjectMetaDataService().getBusinessObjectRelationship( targetBusinessObject, propName );
746                         if ( rel != null ) {
747                             String sourcePrimitivePropertyName = rel.getParentAttributeForChildAttribute(KIMPropertyConstants.Person.PRINCIPAL_ID);
748                             resolvedPrincipalIdPropertyName.append(sourcePrimitivePropertyName);
749                         	// get the principal - for translation of the principalName to principalId
750                             String principalName = fieldValues.get( propertyName );
751                         	Principal principal = getIdentityService().getPrincipalByPrincipalName( principalName );
752                             if (principal != null ) {
753                                 processedFieldValues.put(resolvedPrincipalIdPropertyName.toString(), principal.getPrincipalId());
754                             } else {
755                                 processedFieldValues.put(resolvedPrincipalIdPropertyName.toString(), null);
756                                 try {
757                                     // if the principalName is bad, then we need to clear out the Person object
758                                     // and base principalId property
759                                     // so that their values are no longer accidentally used or re-populate
760                                     // the object
761                                     KRADUtils.setObjectProperty(targetBusinessObject,
762                                             resolvedPrincipalIdPropertyName.toString(), null);
763                                     KRADUtils.setObjectProperty(targetBusinessObject, propName, null );
764                                     KRADUtils.setObjectProperty(targetBusinessObject, propName + ".principalName", principalName );
765                                 } catch ( Exception ex ) {
766                                     LOG.error( "Unable to blank out the person object after finding that the person with the given principalName does not exist.", ex );
767                                 }
768                             }
769                         } else {
770                         	LOG.error( "Missing relationship for " + propName + " on " + targetBusinessObjectClass.getName() );
771                         }
772                     } else { // no target BO class - the code below probably will not work
773                         processedFieldValues.put(resolvedPrincipalIdPropertyName.toString(), null);
774                     }
775                 }
776             // if the property does not seem to match the definition of a Person property but it
777             // does end in principalName then...
778             // this is to handle the case where the user ID is on an ADD line - a case excluded from isPersonProperty()
779             } else if (propertyName.endsWith("." + KIMPropertyConstants.Person.PRINCIPAL_NAME)){
780                 // if we're adding to a collection and we've got the principalName; let's populate universalUser
781                 String principalName = fieldValues.get(propertyName);
782                 if ( StringUtils.isNotEmpty( principalName ) ) {
783                     String containerPropertyName = propertyName;
784                     if (containerPropertyName.startsWith(KRADConstants.MAINTENANCE_ADD_PREFIX)) {
785                         containerPropertyName = StringUtils.substringAfter( propertyName, KRADConstants.MAINTENANCE_ADD_PREFIX );
786                     }
787                     // get the class of the object that is referenced by the property name
788                     // if this is not true then there's a principalName collection or primitive attribute
789                     // directly on the BO on the add line, so we just ignore that since something is wrong here
790                     if ( PropertyAccessorUtils.isNestedOrIndexedProperty(containerPropertyName) ) {
791                     	// the first part of the property is the collection name
792                         String collectionName = StringUtils.substringBefore( containerPropertyName, "." );
793                         // what is the class held by that collection?
794                         // JHK: I don't like this.  This assumes that this method is only used by the maintenance
795                         // document service.  If that will always be the case, this method should be moved over there.
796                         Class<? extends BusinessObject> collectionBusinessObjectClass = getMaintenanceDocumentDictionaryService()
797                         		.getCollectionBusinessObjectClass(
798                         				getMaintenanceDocumentDictionaryService()
799                         						.getDocumentTypeName(businessObject.getClass()), collectionName);
800                         if (collectionBusinessObjectClass != null) {
801                             // we are adding to a collection; get the relationships for that object;
802                         	// is there one for personUniversalIdentifier?
803                             List<DataObjectRelationship> relationships =
804                             		getBusinessObjectMetaDataService().getBusinessObjectRelationships( collectionBusinessObjectClass );
805                             // JHK: this seems like a hack - looking at all relationships for a BO does not guarantee that we get the right one
806                             // JHK: why not inspect the objects like above?  Is it the property path problems because of the .add. portion?
807                             for ( DataObjectRelationship rel : relationships ) {
808                             	String parentAttribute = rel.getParentAttributeForChildAttribute( KIMPropertyConstants.Person.PRINCIPAL_ID );
809                             	if ( parentAttribute == null ) {
810                             		continue;
811                             	}
812                                 // there is a relationship for personUserIdentifier; use that to find the universal user
813                             	processedFieldValues.remove( propertyName );
814                         		String fieldPrefix = StringUtils.substringBeforeLast( StringUtils.substringBeforeLast( propertyName, "." + KIMPropertyConstants.Person.PRINCIPAL_NAME ), "." );
815                                 String relatedPrincipalIdPropertyName = fieldPrefix + "." + parentAttribute;
816                                 // KR-683 Special handling for extension objects
817                          	 	if(EXTENSION.equals(StringUtils.substringAfterLast(fieldPrefix, ".")) && EXTENSION.equals(StringUtils.substringBefore(parentAttribute, ".")))
818                          	 	{
819                          	 		relatedPrincipalIdPropertyName = fieldPrefix + "." + StringUtils.substringAfter(parentAttribute, ".");
820                          	 	}
821                                 String currRelatedPersonPrincipalId = processedFieldValues.get(relatedPrincipalIdPropertyName);
822                                 if ( StringUtils.isBlank( currRelatedPersonPrincipalId ) ) {
823                                 	Principal principal = getIdentityService().getPrincipalByPrincipalName( principalName );
824                                 	if ( principal != null ) {
825                                 		processedFieldValues.put(relatedPrincipalIdPropertyName, principal.getPrincipalId());
826                                 	} else {
827                                 		processedFieldValues.put(relatedPrincipalIdPropertyName, null);
828                                 	}
829                                 }
830                             } // relationship loop
831                         } else {
832                         	if ( LOG.isDebugEnabled() ) {
833                         		LOG.debug( "Unable to determine class for collection referenced as part of property: " + containerPropertyName + " on " + businessObject.getClass().getName() );
834                         	}
835                         }
836                     } else {
837                     	if ( LOG.isDebugEnabled() ) {
838                     		LOG.debug( "Non-nested property ending with 'principalName': " + containerPropertyName + " on " + businessObject.getClass().getName() );
839                     	}
840                     }
841                 }
842             }
843         }
844         return processedFieldValues;
845     }
846 
847 	// OTHER METHODS
848 
849 	protected IdentityService getIdentityService() {
850 		if ( identityService == null ) {
851 			identityService = KimApiServiceLocator.getIdentityService();
852 		}
853 		return identityService;
854 	}
855 
856 	protected RoleService getRoleService() {
857 		if ( roleService == null ) {
858 			roleService = KimApiServiceLocator.getRoleService();
859 		}
860 		return roleService;
861 	}
862 
863 
864 	@Override
865     public Class<? extends Person> getPersonImplementationClass() {
866 		return PersonImpl.class;
867 	}
868 
869 	protected BusinessObjectMetaDataService getBusinessObjectMetaDataService() {
870 		if ( businessObjectMetaDataService == null ) {
871 			businessObjectMetaDataService = KNSServiceLocator.getBusinessObjectMetaDataService();
872 		}
873 		return businessObjectMetaDataService;
874 	}
875 
876 	protected MaintenanceDocumentDictionaryService getMaintenanceDocumentDictionaryService() {
877 		if ( maintenanceDocumentDictionaryService == null ) {
878 			maintenanceDocumentDictionaryService = KNSServiceLocator.getMaintenanceDocumentDictionaryService();
879 		}
880 		return maintenanceDocumentDictionaryService;
881 	}
882 }