Search in sources :

Example 1 with UserExtSourceExistsException

use of cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException in project perun by CESNET.

the class MembersManagerBlImpl method createMember.

// MAIN METHOD
@Override
public Member createMember(PerunSession sess, Vo vo, SpecificUserType specificUserType, Candidate candidate, List<Group> groups, List<String> overwriteUserAttributes) throws WrongAttributeValueException, WrongReferenceAttributeValueException, AlreadyMemberException, ExtendMembershipException {
    log.debug("Creating member for VO {} from candidate {}", vo, candidate);
    // Get the user
    User user = null;
    if (candidate.getUserExtSources() != null) {
        for (UserExtSource ues : candidate.getUserExtSources()) {
            // Check if the extSource exists
            ExtSource tmpExtSource = getPerunBl().getExtSourcesManagerBl().checkOrCreateExtSource(sess, ues.getExtSource().getName(), ues.getExtSource().getType());
            // Set the extSource ID
            ues.getExtSource().setId(tmpExtSource.getId());
            try {
                // Try to find the user by userExtSource
                user = getPerunBl().getUsersManagerBl().getUserByExtSourceNameAndExtLogin(sess, ues.getExtSource().getName(), ues.getLogin());
            } catch (UserExtSourceNotExistsException e) {
            // This is OK, non-existent userExtSource will be assigned later
            } catch (UserNotExistsException | ExtSourceNotExistsException e) {
            // Ignore, we are only checking if the user exists
            }
        }
    }
    // If user hasn't been found, then create him
    if (user == null) {
        user = new User();
        user.setFirstName(candidate.getFirstName());
        user.setLastName(candidate.getLastName());
        user.setMiddleName(candidate.getMiddleName());
        user.setTitleAfter(candidate.getTitleAfter());
        user.setTitleBefore(candidate.getTitleBefore());
        if (specificUserType.equals(SpecificUserType.SERVICE))
            user.setServiceUser(true);
        if (specificUserType.equals(SpecificUserType.SPONSORED))
            user.setSponsoredUser(true);
        // Store the user, this must be done in separate transaction
        user = getPerunBl().getUsersManagerBl().createUser(sess, user);
        log.debug("createMember: new user: {}", user);
    }
    // Assign missing userExtSource and update LoA
    if (candidate.getUserExtSources() != null) {
        for (UserExtSource userExtSource : candidate.getUserExtSources()) {
            try {
                UserExtSource currentUserExtSource = getPerunBl().getUsersManagerBl().getUserExtSourceByExtLogin(sess, userExtSource.getExtSource(), userExtSource.getLogin());
                // Update LoA
                currentUserExtSource.setLoa(userExtSource.getLoa());
                getPerunBl().getUsersManagerBl().updateUserExtSource(sess, currentUserExtSource);
            } catch (UserExtSourceNotExistsException e) {
                // Create userExtSource
                try {
                    getPerunBl().getUsersManagerBl().addUserExtSource(sess, user, userExtSource);
                } catch (UserExtSourceExistsException e1) {
                    throw new ConsistencyErrorException("Adding userExtSource which already exists: " + userExtSource);
                }
            } catch (UserExtSourceExistsException e1) {
                throw new ConsistencyErrorException("Updating login of userExtSource to value which already exists: " + userExtSource);
            }
        }
    }
    try {
        Member member = getMemberByUser(sess, vo, user);
        throw new AlreadyMemberException(member);
    } catch (MemberNotExistsException IGNORE) {
    }
    // Create the member
    Member member = getMembersManagerImpl().createMember(sess, vo, user);
    getPerunBl().getAuditer().log(sess, new MemberCreated(member));
    // Create the member's attributes
    List<Attribute> membersAttributes = new ArrayList<>();
    List<Attribute> usersAttributesToMerge = new ArrayList<>();
    List<Attribute> usersAttributesToModify = new ArrayList<>();
    if (candidate.getAttributes() != null) {
        for (String attributeName : candidate.getAttributes().keySet()) {
            AttributeDefinition attributeDefinition;
            try {
                attributeDefinition = getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, attributeName);
            } catch (AttributeNotExistsException ex) {
                throw new InternalErrorException(ex);
            }
            Attribute attribute = new Attribute(attributeDefinition);
            attribute.setValue(getPerunBl().getAttributesManagerBl().stringToAttributeValue(candidate.getAttributes().get(attributeName), attribute.getType()));
            if (getPerunBl().getAttributesManagerBl().isFromNamespace(sess, attribute, AttributesManager.NS_MEMBER_ATTR_DEF) || getPerunBl().getAttributesManagerBl().isFromNamespace(sess, attribute, AttributesManager.NS_MEMBER_ATTR_OPT)) {
                // This is member's attribute
                membersAttributes.add(attribute);
            } else if (getPerunBl().getAttributesManagerBl().isFromNamespace(sess, attribute, AttributesManager.NS_USER_ATTR_DEF) || getPerunBl().getAttributesManagerBl().isFromNamespace(sess, attribute, AttributesManager.NS_USER_ATTR_OPT)) {
                if (overwriteUserAttributes != null && !overwriteUserAttributes.isEmpty() && overwriteUserAttributes.contains(attribute.getName())) {
                    usersAttributesToModify.add(attribute);
                } else {
                    usersAttributesToMerge.add(attribute);
                }
            }
        }
    }
    // Store the attributes
    try {
        // If empty, skip setting or merging empty arrays of attributes at all
        if (!membersAttributes.isEmpty())
            getPerunBl().getAttributesManagerBl().setAttributes(sess, member, membersAttributes);
        if (!usersAttributesToMerge.isEmpty())
            getPerunBl().getAttributesManagerBl().mergeAttributesValues(sess, user, usersAttributesToMerge);
        if (!usersAttributesToModify.isEmpty())
            getPerunBl().getAttributesManagerBl().setAttributes(sess, user, usersAttributesToModify);
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
    // Set the initial membershipExpiration
    // Get user LOA
    String memberLoa = null;
    try {
        Attribute loa = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_VIRT + ":loa");
        memberLoa = Integer.toString((Integer) loa.getValue());
    } catch (AttributeNotExistsException e) {
    // user has no loa defined - if required by VO, it will be stopped in checking method later
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
    // Check if user can be member
    this.canBeMemberInternal(sess, vo, user, memberLoa, true);
    // set initial membership expiration
    this.extendMembership(sess, member);
    insertToMemberGroup(sess, member, vo);
    // Add member also to all groups in list
    if (groups != null && !groups.isEmpty()) {
        for (Group group : groups) {
            try {
                perunBl.getGroupsManagerBl().addMember(sess, group, member);
            } catch (GroupNotExistsException e) {
                throw new ConsistencyErrorException(e);
            }
        }
    }
    return member;
}
Also used : Group(cz.metacentrum.perun.core.api.Group) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) User(cz.metacentrum.perun.core.api.User) RichUser(cz.metacentrum.perun.core.api.RichUser) MemberNotExistsException(cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException) GroupNotExistsException(cz.metacentrum.perun.core.api.exceptions.GroupNotExistsException) ParentGroupNotExistsException(cz.metacentrum.perun.core.api.exceptions.ParentGroupNotExistsException) UserNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserNotExistsException) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException) MemberCreated(cz.metacentrum.perun.audit.events.MembersManagerEvents.MemberCreated) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) ArrayList(java.util.ArrayList) AlreadyMemberException(cz.metacentrum.perun.core.api.exceptions.AlreadyMemberException) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSource(cz.metacentrum.perun.core.api.ExtSource) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException) RichMember(cz.metacentrum.perun.core.api.RichMember) Member(cz.metacentrum.perun.core.api.Member)

Example 2 with UserExtSourceExistsException

use of cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException in project perun by CESNET.

the class PerunBlImpl method getPerunSession.

@Override
public PerunSession getPerunSession(PerunPrincipal principal, PerunClient client) {
    PerunSessionImpl perunSession = new PerunSessionImpl(this, principal, client);
    log.debug("creating PerunSession for user {}", principal.getActor());
    if (principal.getUser() == null && usersManagerBl != null && !dontLookupUsersForLogins.contains(principal.getActor())) {
        // Get the user if we are completely initialized
        try {
            PerunSession internalSession = getPerunSession();
            User user = usersManagerBl.getUserByExtSourceInformation(internalSession, principal);
            principal.setUser(user);
            if (client.getType() != PerunClient.Type.OAUTH) {
                // Try to update LoA for userExtSource
                UserExtSource ues;
                String shibIdentityProvider = principal.getAdditionalInformations().get(UsersManagerBl.ORIGIN_IDENTITY_PROVIDER_KEY);
                if (shibIdentityProvider != null && extSourcesWithMultipleIdentifiers.contains(shibIdentityProvider)) {
                    ues = usersManagerBl.getUserExtSourceFromMultipleIdentifiers(internalSession, principal);
                } else {
                    ExtSource es = extSourcesManagerBl.getExtSourceByName(internalSession, principal.getExtSourceName());
                    ues = usersManagerBl.getUserExtSourceByExtLogin(internalSession, es, principal.getActor());
                }
                if (!BeansUtils.isPerunReadOnly()) {
                    if (ues != null && ues.getLoa() != principal.getExtSourceLoa()) {
                        ues.setLoa(principal.getExtSourceLoa());
                        usersManagerBl.updateUserExtSource(internalSession, ues);
                    }
                    // Update last access for userExtSource
                    usersManagerBl.updateUserExtSourceLastAccess(internalSession, ues);
                    // update selected attributes for given extsourcetype
                    setUserExtSourceAttributes(perunSession, ues, principal.getAdditionalInformations());
                }
            }
        } catch (ExtSourceNotExistsException | UserExtSourceNotExistsException | UserNotExistsException | UserExtSourceExistsException e) {
        // OK - We don't know user yet or we are modifying more than a LoA and we shouldn't !!
        }
    }
    return perunSession;
}
Also used : UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) PerunSession(cz.metacentrum.perun.core.api.PerunSession) User(cz.metacentrum.perun.core.api.User) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) UserNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserNotExistsException) UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException) ExtSource(cz.metacentrum.perun.core.api.ExtSource) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException) PerunSessionImpl(cz.metacentrum.perun.core.impl.PerunSessionImpl)

Example 3 with UserExtSourceExistsException

use of cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException in project perun by CESNET.

the class urn_perun_user_attribute_def_def_login_namespace_einfraid_persistent_shadow method changedAttributeHook.

/**
 * ChangedAttributeHook() sets UserExtSource with following properties:
 *  - extSourceType is IdP
 *  - extSourceName is {getExtSourceName()}
 *  - user's extSource login is the same as his persistent attribute
 */
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) {
    try {
        // create default identity based on module configuration
        super.changedAttributeHook(session, user, attribute);
        // duplicate logic for e-INFRA CZ proxy identity
        String userNamespace = attribute.getFriendlyNameParameter();
        if (userNamespace.equals(getFriendlyNameParameter()) && attribute.getValue() != null) {
            ExtSource extSource = session.getPerunBl().getExtSourcesManagerBl().getExtSourceByName(session, extSourceNameEinfraCZ);
            UserExtSource userExtSource = new UserExtSource(extSource, 0, attribute.getValue().toString());
            session.getPerunBl().getUsersManagerBl().addUserExtSource(session, user, userExtSource);
        }
    } catch (UserExtSourceExistsException ex) {
        log.warn("Attribute: {}, External source already exists for the user.", getFriendlyNameParameter(), ex);
    } catch (ExtSourceNotExistsException ex) {
        throw new InternalErrorException("Attribute: " + getFriendlyNameParameter() + ", IdP external source doesn't exist.", ex);
    }
}
Also used : UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSource(cz.metacentrum.perun.core.api.ExtSource) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)

Example 4 with UserExtSourceExistsException

use of cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException in project perun by CESNET.

the class urn_perun_user_attribute_def_def_login_namespace_ceitec method handleChangedAttributeHook.

private void handleChangedAttributeHook(PerunSessionImpl session, User user, Attribute attribute, String entityId, String scope) {
    /*
		 * "Synchornize" this attribute to user extSource. Means it creates, updates and removes userExtSource
		 * whenever this attribute is added, edited or removed.
		 *
		 * Ceitec proxy UserExtSourceLogin has form: {login-namespace:ceitec}@ceitec.cz
		 */
    String newLogin = "";
    try {
        ExtSource ceitecProxyIdp = session.getPerunBl().getExtSourcesManagerBl().getExtSourceByName(session, entityId);
        UserExtSource ceitecUes = getCeitecProxyUserExtSource(session, user, ceitecProxyIdp, scope);
        log.debug("changedAttributeHook UserExtSourceLogin to be synchronized: " + ceitecUes);
        if (attribute.getValue() == null) {
            // Deleting attribute
            if (ceitecUes == null) {
                log.debug("Deleting ceitec login but proxy UES does not exist. Probably ceitec login was not set before.");
            } else {
                session.getPerunBl().getUsersManagerBl().removeUserExtSource(session, user, ceitecUes);
            }
        } else {
            newLogin = attribute.getValue() + "@" + scope;
            if (ceitecUes == null) {
                // Creating UES
                ceitecUes = new UserExtSource(ceitecProxyIdp, 0, newLogin);
                session.getPerunBl().getUsersManagerBl().addUserExtSource(session, user, ceitecUes);
            } else {
                // Updating UES
                ceitecUes.setLogin(newLogin);
                session.getPerunBl().getUsersManagerBl().updateUserExtSource(session, ceitecUes);
            }
        }
    } catch (ExtSourceNotExistsException e) {
        throw new InternalErrorException("Attribute module 'urn_perun_user_attribute_def_def_login_namespace_ceitec' " + " require extSource with name (entityId): " + entityId + ". User: " + user, e);
    } catch (UserExtSourceAlreadyRemovedException e) {
        throw new InternalErrorException("Inconsistency. Attribute module 'urn_perun_user_attribute_def_def_login_namespace_ceitec' " + " tries to delete extSource but it does not exists. " + "extSource with name (entityId): " + entityId + ". User: " + user, e);
    } catch (UserExtSourceExistsException e) {
        throw new InternalErrorException("Login: '" + newLogin + "' of user: " + user + " is already taken by another user in namespace ceitec. Cannot add UserExtSource to the user. Different login must be used", e);
    }
}
Also used : UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) UserExtSourceAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceAlreadyRemovedException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSource(cz.metacentrum.perun.core.api.ExtSource) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)

Example 5 with UserExtSourceExistsException

use of cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException in project perun by CESNET.

the class urn_perun_user_attribute_def_def_login_namespace_researcher_access_persistent_shadow method changedAttributeHook.

/**
 * ChangedAttributeHook() sets UserExtSource with following properties:
 *  - extSourceType is IdP
 *  - extSourceName is {getExtSourceName()}
 *  - user's extSource login is the same as his persistent attribute
 */
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) {
    try {
        String userNamespace = attribute.getFriendlyNameParameter();
        if (userNamespace.equals(FRIENDLY_NAME_PARAMETER) && attribute.getValue() != null && !attribute.valueAsString().isEmpty()) {
            ExtSource extSource = session.getPerunBl().getExtSourcesManagerBl().getExtSourceByName(session, getExtSourceName());
            UserExtSource userExtSource = new UserExtSource(extSource, 0, attribute.getValue().toString());
            session.getPerunBl().getUsersManagerBl().addUserExtSource(session, user, userExtSource);
        }
    } catch (UserExtSourceExistsException ex) {
        log.warn("Attribute: {}, External source already exists for the user.", FRIENDLY_NAME_PARAMETER, ex);
    } catch (ExtSourceNotExistsException ex) {
        throw new InternalErrorException("Attribute: " + FRIENDLY_NAME_PARAMETER + ", IdP external source doesn't exist.", ex);
    }
}
Also used : UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSource(cz.metacentrum.perun.core.api.ExtSource) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)

Aggregations

UserExtSourceExistsException (cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException)30 UserExtSource (cz.metacentrum.perun.core.api.UserExtSource)28 ExtSource (cz.metacentrum.perun.core.api.ExtSource)27 ExtSourceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)22 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)21 PerunBl (cz.metacentrum.perun.core.bl.PerunBl)16 Attribute (cz.metacentrum.perun.core.api.Attribute)15 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)11 User (cz.metacentrum.perun.core.api.User)10 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)10 WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)10 WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)10 ArrayList (java.util.ArrayList)10 UserExtSourceNotExistsException (cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException)9 Member (cz.metacentrum.perun.core.api.Member)6 ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)5 UserNotExistsException (cz.metacentrum.perun.core.api.exceptions.UserNotExistsException)5 Vo (cz.metacentrum.perun.core.api.Vo)4 RichUser (cz.metacentrum.perun.core.api.RichUser)3 RichUserExtSource (cz.metacentrum.perun.core.api.RichUserExtSource)3