@Override
  public String getConsolidatorToken(PerunSession sess) throws PerunException {

    Map<String, Object> value = new HashMap<String, Object>();

    String actor = sess.getPerunPrincipal().getActor();
    String extSourceName = sess.getPerunPrincipal().getExtSourceName();
    String extSourceType = sess.getPerunPrincipal().getExtSourceType();
    Integer extSourceLoa = sess.getPerunPrincipal().getExtSourceLoa();
    User user = sess.getPerunPrincipal().getUser();

    value.put("actor", actor);
    value.put("extSourceName", extSourceName);
    value.put("extSourceType", extSourceType);
    value.put("extSourceLoa", extSourceLoa);
    value.put("user", user);

    // create token from actual properties
    String token =
        registrarManager
            .getMailManager()
            .getMessageAuthenticationCode(
                System.currentTimeMillis() + actor + extSourceName + extSourceType + extSourceLoa);

    requestCache.putIfAbsent(token, value);

    return token;
  }
Beispiel #2
0
 public Member addMember(
     PerunSession sess, Group group, Member member, MembershipType type, int sourceGroupId)
     throws InternalErrorException, AlreadyMemberException, WrongAttributeValueException,
         WrongReferenceAttributeValueException {
   // TODO already member exception
   member.setMembershipType(type);
   try {
     jdbc.update(
         "insert into groups_members (group_id, member_id, created_by, created_at, modified_by, modified_at, created_by_uid, modified_by_uid, membership_type, source_group_id) "
             + "values (?,?,?,"
             + Compatibility.getSysdate()
             + ",?,"
             + Compatibility.getSysdate()
             + ",?,?,?,?)",
         group.getId(),
         member.getId(),
         sess.getPerunPrincipal().getActor(),
         sess.getPerunPrincipal().getActor(),
         sess.getPerunPrincipal().getUserId(),
         sess.getPerunPrincipal().getUserId(),
         type.getCode(),
         sourceGroupId);
   } catch (RuntimeException ex) {
     throw new InternalErrorException(ex);
   }
   return member;
 }
  /**
   * Retrieves whole application object from DB (authz in parent methods)
   *
   * @param sess PerunSession for Authz and to resolve User
   * @param vo VO to get application for
   * @param group Group
   * @return application object / null if not exists
   */
  private Application getLatestApplication(
      PerunSession sess, Vo vo, Group group, Application.AppType type) {
    try {

      if (sess.getPerunPrincipal().getUser() != null) {

        if (group != null) {

          return jdbc.queryForObject(
              RegistrarManagerImpl.APP_SELECT
                  + " where a.id=(select max(id) from application where vo_id=? and group_id=? and apptype=? and user_id=? )",
              RegistrarManagerImpl.APP_MAPPER,
              vo.getId(),
              group.getId(),
              String.valueOf(type),
              sess.getPerunPrincipal().getUserId());

        } else {

          return jdbc.queryForObject(
              RegistrarManagerImpl.APP_SELECT
                  + " where a.id=(select max(id) from application where vo_id=? and apptype=? and user_id=? )",
              RegistrarManagerImpl.APP_MAPPER,
              vo.getId(),
              String.valueOf(type),
              sess.getPerunPrincipal().getUserId());
        }

      } else {

        if (group != null) {

          return jdbc.queryForObject(
              RegistrarManagerImpl.APP_SELECT
                  + " where a.id=(select max(id) from application where vo_id=? and group_id=? and apptype=? and created_by=? and extsourcename=? )",
              RegistrarManagerImpl.APP_MAPPER,
              vo.getId(),
              group.getId(),
              String.valueOf(type),
              sess.getPerunPrincipal().getActor(),
              sess.getPerunPrincipal().getExtSourceName());

        } else {

          return jdbc.queryForObject(
              RegistrarManagerImpl.APP_SELECT
                  + " where a.id=(select max(id) from application where vo_id=? and apptype=? and created_by=? and extsourcename=? )",
              RegistrarManagerImpl.APP_MAPPER,
              vo.getId(),
              String.valueOf(type),
              sess.getPerunPrincipal().getActor(),
              sess.getPerunPrincipal().getExtSourceName());
        }
      }

    } catch (EmptyResultDataAccessException ex) {
      return null;
    }
  }
  public int deletePublicationById(PerunSession sess, Integer id) throws CabinetException {

    Publication pub = findPublicationById(id);
    if (pub == null) throw new CabinetException(ErrorCodes.PUBLICATION_NOT_EXISTS);

    // To delete publication user must be either PERUNADMIN
    // or user who created record (publication.createdBy==actor property)
    try {
      if (!AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)
          && !pub.getCreatedBy().equalsIgnoreCase(sess.getPerunPrincipal().getActor())
          && !pub.getCreatedByUid().equals(sess.getPerunPrincipal().getUserId())) {
        // not perun admin or author of record
        throw new CabinetException(
            "You are not allowed to delete publications you didn't created.",
            ErrorCodes.NOT_AUTHORIZED);
      }
    } catch (PerunException pe) {
      throw new CabinetException(ErrorCodes.PERUN_EXCEPTION, pe);
    }

    // delete action
    try {

      // delete authors
      for (Authorship a : authorshipService.findAuthorshipsByPublicationId(id)) {
        authorshipService.deleteAuthorshipById(sess, a.getId());
      }
      // delete thanks
      for (Thanks t : thanksService.findThanksByPublicationId(id)) {
        thanksService.deleteThanksById(sess, t.getId());
      }

      // delete publication
      if (AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)) {

        // only perun admin can actually delete publication
        return publicationDao.deletePublicationById(id);

      } else {

        return 1; // for others return as OK - perunadmin then deletes pubs manually
      }

    } catch (DataIntegrityViolationException ex) {
      throw new CabinetException(
          "Can't delete publication with authors or thanks. Please remove them first in order to delete publication.",
          ErrorCodes.PUBLICATION_HAS_AUTHORS_OR_THANKS);
    } catch (PerunException ex) {
      throw new CabinetException(ErrorCodes.PERUN_EXCEPTION, ex);
    }
  }
Beispiel #5
0
  public Group updateGroupName(PerunSession sess, Group group) throws InternalErrorException {
    Utils.notNull(group.getName(), "group.getName()");

    // Get the group stored in the DB
    Group dbGroup;
    try {
      dbGroup = this.getGroupById(sess, group.getId());
    } catch (GroupNotExistsException e) {
      throw new InternalErrorException("Group existence was checked at the higher level", e);
    }

    if (!dbGroup.getName().equals(group.getName())) {
      dbGroup.setName(group.getName());
      try {
        jdbc.update(
            "update groups set name=?,modified_by=?, modified_by_uid=?, modified_at="
                + Compatibility.getSysdate()
                + " where id=?",
            dbGroup.getName(),
            sess.getPerunPrincipal().getActor(),
            sess.getPerunPrincipal().getUserId(),
            dbGroup.getId());
      } catch (RuntimeException e) {
        throw new InternalErrorException(e);
      }
    }
    return dbGroup;
  }
 @Before
 public void setUpSession() throws Exception {
   session =
       perun.getPerunSession(
           new PerunPrincipal(
               "perunTests",
               ExtSourcesManager.EXTSOURCE_INTERNAL,
               ExtSourcesManager.EXTSOURCE_INTERNAL));
   user1 = setUpUser1();
   setUpBackground();
   session.getPerunPrincipal().setUser(user1);
 }
  public List<Vo> getVos(PerunSession sess) throws InternalErrorException, PrivilegeException {
    Utils.notNull(sess, "sess");

    // Perun admin can see everything
    if (AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)) {
      return vosManagerBl.getVos(sess);
    } else {
      if (sess.getPerunPrincipal().getRoles().hasRole(Role.VOADMIN)
          || sess.getPerunPrincipal().getRoles().hasRole(Role.GROUPADMIN)) {

        Set<Vo> vos = new HashSet<Vo>();

        // Get Vos where user is VO Admin
        for (PerunBean vo :
            AuthzResolver.getComplementaryObjectsForRole(sess, Role.VOADMIN, Vo.class)) {
          vos.add((Vo) vo);
        }

        // Get Vos where user has an group admin right on some of the group
        for (PerunBean group :
            AuthzResolver.getComplementaryObjectsForRole(sess, Role.GROUPADMIN, Group.class)) {
          try {
            vos.add(vosManagerBl.getVoById(sess, ((Group) group).getVoId()));
          } catch (VoNotExistsException e) {
            throw new ConsistencyErrorException(
                "User has group admin role for group from non-existent VO id:"
                    + ((Group) group).getVoId(),
                e);
          }
        }

        return new ArrayList<Vo>(vos);
      } else {
        throw new PrivilegeException(sess, "getVos");
      }
    }
  }
Beispiel #8
0
  /** All new members will be given role VOOBSERVER and TOPGROUPCREATOR */
  @Override
  public Application approveApplication(PerunSession session, Application app)
      throws PerunException {

    if (Application.AppType.INITIAL.equals(app.getType())) {

      Vo vo = app.getVo();
      User user = app.getUser();

      AuthzResolver.setRole(session, user, vo, Role.TOPGROUPCREATOR);

      Group membersGroup =
          session.getPerun().getGroupsManager().getGroupByName(session, vo, "members");
      AuthzResolver.setRole(session, user, membersGroup, Role.GROUPADMIN);
    }

    return app;
  }
  public int createPublication(PerunSession sess, Publication p) throws CabinetException {

    if (p.getCreatedDate() == null) p.setCreatedDate(new Date());
    if (p.getLocked() == null) {
      p.setLocked(false);
    }
    if (p.getCreatedByUid() == null && sess != null) {
      p.setCreatedByUid(sess.getPerunPrincipal().getUserId());
    }

    if (p.getExternalId() == 0 && p.getPublicationSystemId() == 0) {
      // check existence
      if (publicationExists(p)) {
        throw new CabinetException(
            "Cannot create duplicate publication: " + p, ErrorCodes.PUBLICATION_ALREADY_EXISTS);
      }
      // get internal pub. system
      PublicationSystem filter = new PublicationSystem();
      filter.setFriendlyName("INTERNAL");
      List<PublicationSystem> list =
          publicationSystemService.findPublicationSystemsByFilter(filter);
      if (list == null || list.isEmpty()) {
        throw new CabinetException(
            "Can't create publication, internal publication system is missing");
      }
      // There is only one internal system so, get(0) is safe
      p.setPublicationSystemId(list.get(0).getId());
      //
      stripLongParams(p);
      // create internal
      return publicationDao.createInternalPublication(sess, p);
    } else {
      if (publicationExists(p))
        throw new CabinetException(
            "Cannot create duplicate publication: " + p, ErrorCodes.PUBLICATION_ALREADY_EXISTS);

      stripLongParams(p);

      return publicationDao.createPublication(sess, p);
    }
  }
  @Override
  public List<Identity> checkForSimilarUsers(
      PerunSession sess, List<ApplicationFormItemData> formItems) throws PerunException {

    if (sess.getPerunPrincipal().getUser() != null || formItems == null) {
      return new ArrayList<Identity>();
    }

    Set<RichUser> res = new HashSet<RichUser>();
    List<String> attrNames = new ArrayList<String>();
    attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
    attrNames.add("urn:perun:user:attribute-def:def:organization");

    for (ApplicationFormItemData item : formItems) {

      String value = item.getValue();

      if (item.getFormItem().getType().equals(ApplicationFormItem.Type.VALIDATED_EMAIL)) {
        // search by email
        if (value != null && !value.isEmpty())
          res.addAll(
              perun
                  .getUsersManager()
                  .findRichUsersWithAttributesByExactMatch(registrarSession, value, attrNames));
      }
      if (Objects.equals(
          item.getFormItem().getPerunDestinationAttribute(),
          "urn:perun:user:attribute-def:core:displayName")) {
        // search by name
        if (value != null && !value.isEmpty())
          res.addAll(
              perun
                  .getUsersManager()
                  .findRichUsersWithAttributesByExactMatch(registrarSession, value, attrNames));
      }
    }

    return convertToIdentities(new ArrayList<RichUser>(res));
  }
Beispiel #11
0
  public Group createGroup(PerunSession sess, Vo vo, Group group)
      throws GroupExistsException, InternalErrorException {
    Utils.notNull(group, "group");
    Utils.notNull(group.getName(), "group.getName()");

    // Check if the group already exists
    if (group.getParentGroupId() == null) {
      if (1
          == jdbc.queryForInt(
              "select count('x') from groups where lower(name)=lower(?) and vo_id=? and parent_group_id IS NULL",
              group.getName(),
              vo.getId())) {
        throw new GroupExistsException(
            "Group ["
                + group.getName()
                + "] already exists under VO ["
                + vo.getShortName()
                + "] and has parent Group with id is [NULL]");
      }
    } else {
      if (1
          == jdbc.queryForInt(
              "select count('x') from groups where lower(name)=lower(?) and vo_id=? and parent_group_id=?",
              group.getName(),
              vo.getId(),
              group.getParentGroupId())) {
        throw new GroupExistsException(
            "Group ["
                + group.getName()
                + "] already exists under VO ["
                + vo.getShortName()
                + "] and has parent Group with id ["
                + group.getParentGroupId()
                + "]");
      }
    }

    // Check the group name, it can contain only a-Z0-9_- and space
    if (!group.getShortName().matches("^[- a-zA-Z.0-9_]+$")) {
      throw new InternalErrorException(
          new IllegalArgumentException(
              "Wrong group name, group name can contain only a-Z0-9.-_: and space characters. "
                  + group));
    }

    try {
      // Store the group into the DB
      int newId = Utils.getNewId(jdbc, "groups_id_seq");

      jdbc.update(
          "insert into groups (id, parent_group_id, name, dsc, vo_id, created_by,created_at,modified_by,modified_at,created_by_uid,modified_by_uid) "
              + "values (?,?,?,?,?,?,"
              + Compatibility.getSysdate()
              + ",?,"
              + Compatibility.getSysdate()
              + ",?,?)",
          newId,
          group.getParentGroupId(),
          group.getName(),
          group.getDescription(),
          vo.getId(),
          sess.getPerunPrincipal().getActor(),
          sess.getPerunPrincipal().getActor(),
          sess.getPerunPrincipal().getUserId(),
          sess.getPerunPrincipal().getUserId());
      group.setId(newId);

      group.setVoId(vo.getId());

      return group;
    } catch (RuntimeException err) {
      throw new InternalErrorException(err);
    }
  }
  @Override
  public List<Identity> checkForSimilarUsers(PerunSession sess) throws PerunException {

    // if user known, doesn't actually search and offer joining.
    if (sess.getPerunPrincipal().getUser() != null) {
      return new ArrayList<Identity>();
    }

    // if user known, doesn't actually search and offer joining.
    try {
      perun
          .getUsersManager()
          .getUserByExtSourceNameAndExtLogin(
              registrarSession,
              sess.getPerunPrincipal().getExtSourceName(),
              sess.getPerunPrincipal().getActor());
      return new ArrayList<Identity>();
    } catch (Exception ex) {
      // we don't care, that search failed. That is actually OK case.
    }

    String name = "";
    String mail = "";

    Set<RichUser> res = new HashSet<RichUser>();

    List<String> attrNames = new ArrayList<String>();
    attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
    attrNames.add("urn:perun:user:attribute-def:def:organization");

    mail = sess.getPerunPrincipal().getAdditionalInformations().get("mail");

    if (mail != null) {
      if (mail.contains(";")) {
        String mailSearch[] = mail.split(";");
        for (String m : mailSearch) {
          if (m != null && !m.isEmpty())
            res.addAll(
                perun
                    .getUsersManager()
                    .findRichUsersWithAttributesByExactMatch(registrarSession, m, attrNames));
        }
      } else {
        res.addAll(
            perun
                .getUsersManager()
                .findRichUsersWithAttributesByExactMatch(registrarSession, mail, attrNames));
      }
    }

    // check by mail is more precise, so check by name only if nothing is found.
    if (res.isEmpty()) {

      name = sess.getPerunPrincipal().getAdditionalInformations().get("cn");

      if (name != null && !name.isEmpty())
        res.addAll(
            perun
                .getUsersManager()
                .findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));

      name = sess.getPerunPrincipal().getAdditionalInformations().get("displayName");

      if (name != null && !name.isEmpty())
        res.addAll(
            perun
                .getUsersManager()
                .findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
    }

    return convertToIdentities(new ArrayList<RichUser>(res));
  }
  @Override
  public List<UserExtSource> consolidateIdentityUsingToken(PerunSession sess, String token)
      throws PerunException {

    Map<String, Object> originalIdentity = requestCache.get(token);

    if (originalIdentity == null) {
      throw new InvalidTokenException(
          "Your token for joining identities is no longer valid. Please retry from the start.");
    }

    User originalUser = (User) originalIdentity.get("user");
    User currentUser = sess.getPerunPrincipal().getUser();

    if (originalUser == null && currentUser == null) {
      IdentityUnknownException ex =
          new IdentityUnknownException(
              "Neither original or current identity is know to Perun. Please use at least one identity known to Perun.");
      ex.setLogin((String) originalIdentity.get("actor"));
      ex.setSource2((String) originalIdentity.get("extSourceName"));
      ex.setSourceType2((String) originalIdentity.get("extSourceType"));
      ex.setLogin2(sess.getPerunPrincipal().getActor());
      ex.setSource2(sess.getPerunPrincipal().getExtSourceName());
      ex.setSourceType2(sess.getPerunPrincipal().getExtSourceType());
      throw ex;
    }

    if (originalIdentity.get("extSourceName").equals(sess.getPerunPrincipal().getExtSourceName())
        && originalIdentity.get("actor").equals(sess.getPerunPrincipal().getActor())
        && originalIdentity
            .get("extSourceType")
            .equals(sess.getPerunPrincipal().getExtSourceType())) {
      IdentityIsSameException ex =
          new IdentityIsSameException(
              "You tried to join same identity with itself. Please try again but select different identity.");
      ex.setLogin(sess.getPerunPrincipal().getActor());
      ex.setSource(sess.getPerunPrincipal().getExtSourceName());
      ex.setSourceType(sess.getPerunPrincipal().getExtSourceType());
      throw ex;
    }

    if (originalUser != null && currentUser != null && originalUser.equals(currentUser)) {
      throw new IdentitiesAlreadyJoinedException("You already have both identities joined.");
    }

    if (originalUser != null && currentUser != null && !originalUser.equals(currentUser)) {
      throw new IdentityAlreadyInUseException(
          "Your identity is already associated with a different user. If you are really the same person, please contact support to help you.",
          originalUser,
          currentUser);
    }

    // merge original identity into current user
    if (originalUser == null) {
      createExtSourceAndUserExtSource(
          currentUser,
          (String) originalIdentity.get("actor"),
          (String) originalIdentity.get("extSourceName"),
          (String) originalIdentity.get("extSourceType"),
          (Integer) originalIdentity.get("extSourceLoa"));
    }

    // merge current identity into original user
    if (currentUser == null) {
      createExtSourceAndUserExtSource(
          originalUser,
          sess.getPerunPrincipal().getActor(),
          sess.getPerunPrincipal().getExtSourceName(),
          sess.getPerunPrincipal().getExtSourceType(),
          sess.getPerunPrincipal().getExtSourceLoa());
    }

    AuthzResolverBlImpl.refreshSession(sess);

    requestCache.remove(token);

    return perun.getUsersManager().getUserExtSources(sess, sess.getPerunPrincipal().getUser());
  }
  @Override
  public List<Identity> checkForSimilarUsers(PerunSession sess, int appId) throws PerunException {

    String email = "";
    String name = "";
    List<RichUser> result = new ArrayList<RichUser>();

    List<String> attrNames = new ArrayList<String>();
    attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
    attrNames.add("urn:perun:user:attribute-def:def:organization");

    Application app = registrarManager.getApplicationById(registrarSession, appId);

    if (app.getGroup() == null) {
      if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())) {
        if (sess.getPerunPrincipal().getUser() != null) {
          // check if application to find similar users by belongs to user
          if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
            throw new PrivilegeException("checkForSimilarUsers");
        } else {
          if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName())
              && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
            throw new PrivilegeException("checkForSimilarUsers");
        }
      }
    } else {
      if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())
          && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) {
        if (sess.getPerunPrincipal().getUser() != null) {
          // check if application to find similar users by belongs to user
          if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
            throw new PrivilegeException("checkForSimilarUsers");
        } else {
          if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName())
              && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
            throw new PrivilegeException("checkForSimilarUsers");
        }
      }
    }

    // only for initial VO applications if user==null
    if (app.getType().equals(Application.AppType.INITIAL)
        && app.getGroup() == null
        && app.getUser() == null) {

      try {
        User u =
            perun
                .getUsersManager()
                .getUserByExtSourceNameAndExtLogin(
                    registrarSession, app.getExtSourceName(), app.getCreatedBy());
        if (u != null) {
          // user connected his identity after app creation and before it's approval.
          // do not show error message in GUI by returning an empty array.
          return convertToIdentities(result);
        }
      } catch (Exception ex) {
        // we don't care, let's try to search by name
      }

      List<ApplicationFormItemData> data = registrarManager.getApplicationDataById(sess, appId);

      // search by email, which should be unique (check is more precise)
      for (ApplicationFormItemData item : data) {
        if ("urn:perun:user:attribute-def:def:preferredMail"
            .equals(item.getFormItem().getPerunDestinationAttribute())) {
          email = item.getValue();
        }
        if (email != null && !email.isEmpty()) break;
      }

      List<RichUser> users =
          (email != null && !email.isEmpty())
              ? perun
                  .getUsersManager()
                  .findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames)
              : new ArrayList<RichUser>();

      if (users != null && !users.isEmpty()) {
        // found by preferredMail
        return convertToIdentities(users);
      }

      // search by different mail

      email = ""; // clear previous value
      for (ApplicationFormItemData item : data) {
        if ("urn:perun:member:attribute-def:def:mail"
            .equals(item.getFormItem().getPerunDestinationAttribute())) {
          email = item.getValue();
        }
        if (email != null && !email.isEmpty()) break;
      }

      users =
          (email != null && !email.isEmpty())
              ? perun
                  .getUsersManager()
                  .findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames)
              : new ArrayList<RichUser>();
      if (users != null && !users.isEmpty()) {
        // found by member mail
        return convertToIdentities(users);
      }

      // continue to search by display name

      for (ApplicationFormItemData item : data) {
        if (RegistrarManagerImpl.URN_USER_DISPLAY_NAME.equals(
            item.getFormItem().getPerunDestinationAttribute())) {
          name = item.getValue();
          // use parsed name to drop mistakes on IDP side
          try {
            if (name != null && !name.isEmpty()) {
              Map<String, String> nameMap = Utils.parseCommonName(name);
              // drop name titles to spread search
              String newName = "";
              if (nameMap.get("firstName") != null && !nameMap.get("firstName").isEmpty()) {
                newName += nameMap.get("firstName") + " ";
              }
              if (nameMap.get("lastName") != null && !nameMap.get("lastName").isEmpty()) {
                newName += nameMap.get("lastName");
              }
              // fill parsed name instead of input
              if (newName != null && !newName.isEmpty()) {
                name = newName;
              }
            }
          } catch (Exception ex) {
            log.error(
                "[REGISTRAR] Unable to parse new user's display/common name when searching for similar users. Exception: {}",
                ex);
          }
          if (name != null && !name.isEmpty()) break;
        }
      }

      users =
          (name != null && !name.isEmpty())
              ? perun
                  .getUsersManager()
                  .findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames)
              : new ArrayList<RichUser>();
      if (users != null && !users.isEmpty()) {
        // found by member display name
        return convertToIdentities(users);
      }

      // continue to search by last name

      name = ""; // clear previous value
      for (ApplicationFormItemData item : data) {
        if (RegistrarManagerImpl.URN_USER_LAST_NAME.equals(
            item.getFormItem().getPerunDestinationAttribute())) {
          name = item.getValue();
          if (name != null && !name.isEmpty()) break;
        }
      }

      if (name != null && !name.isEmpty()) {
        // what was found by name
        return convertToIdentities(
            perun
                .getUsersManager()
                .findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
      } else {
        // not found by name
        return convertToIdentities(result);
      }

    } else {
      // not found, since not proper type of application to check users for
      return convertToIdentities(result);
    }
  }