Examples with RefinedObjectClassDefinition com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition used on opensource projects

Search in sources :

Example 21 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class TestSecurityBasic method test256AutzJackSelfAccountsPartialControl.

@Test
public void test256AutzJackSelfAccountsPartialControl() throws Exception {
    final String TEST_NAME = "test256AutzJackSelfAccountsPartialControl";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    RefinedObjectClassDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null);
    display("Refined objectclass def", rOcDef);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
    assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    ProtectedStringType passwordPs = new ProtectedStringType();
    passwordPs.setClearValue("nbusr123");
    assertModifyDeny(UserType.class, USER_JACK_OID, PASSWORD_PATH, passwordPs);
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, PASSWORD_PATH, passwordPs);
    Task task = taskManager.createTaskInstance(TEST_NAME);
    OperationResult result = task.getResult();
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    //        // Linked to jack
    //        assertAllow("add jack's account to jack", new Attempt() {
    //            @Override
    //            public void run(Task task, OperationResult result) throws Exception {
    //                modifyUserAddAccount(USER_JACK_OID, ACCOUNT_JACK_DUMMY_RED_FILE, task, result);
    //            }
    //        });
    //        user = getUser(USER_JACK_OID);
    //        display("Jack after red account link", user);
    //        String accountRedOid = getLinkRefOid(user, RESOURCE_DUMMY_RED_OID);
    //        assertNotNull("Strange, red account not linked to jack", accountRedOid);
    //
    //        // Linked to other user
    //        assertDeny("add gyubrush's account", new Attempt() {
    //            @Override
    //            public void run(Task task, OperationResult result) throws Exception {
    //                modifyUserAddAccount(USER_LARGO_OID, ACCOUNT_HERMAN_DUMMY_FILE, task, result);
    //            }
    //        });
    //
    //        assertDeleteAllow(ShadowType.class, accountRedOid);
    //        assertDeleteDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    assertGlobalStateUntouched();
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) Task(com.evolveum.midpoint.task.api.Task) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) QName(javax.xml.namespace.QName) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) Test(org.testng.annotations.Test)

Example 22 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class AbstractSecurityTest method assertGlobalStateUntouched.

protected void assertGlobalStateUntouched() throws SchemaException {
    RefinedResourceSchema refinedSchema = RefinedResourceSchema.getRefinedSchema(getDummyResourceObject());
    RefinedObjectClassDefinition rOcDef = refinedSchema.getDefaultRefinedDefinition(ShadowKindType.ACCOUNT);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, true, true);
    assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
    assertAttributeFlags(rOcDef, new QName("weapon"), true, true, true);
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) QName(javax.xml.namespace.QName) RefinedResourceSchema(com.evolveum.midpoint.common.refinery.RefinedResourceSchema)

Example 23 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class ResourceObjectReferenceResolver method resolvePrimaryIdentifier.

/**
	 * Resolve primary identifier from a collection of identifiers that may contain only secondary identifiers. 
	 */
Collection<? extends ResourceAttribute<?>> resolvePrimaryIdentifier(ProvisioningContext ctx, Collection<? extends ResourceAttribute<?>> identifiers, final String desc, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    if (identifiers == null) {
        return null;
    }
    Collection<ResourceAttribute<?>> secondaryIdentifiers = ShadowUtil.getSecondaryIdentifiers(identifiers, ctx.getObjectClassDefinition());
    PrismObject<ShadowType> repoShadow = shadowManager.lookupShadowBySecondaryIdentifiers(ctx, secondaryIdentifiers, result);
    if (repoShadow == null) {
        return null;
    }
    PrismContainer<Containerable> attributesContainer = repoShadow.findContainer(ShadowType.F_ATTRIBUTES);
    if (attributesContainer == null) {
        return null;
    }
    RefinedObjectClassDefinition ocDef = ctx.getObjectClassDefinition();
    Collection primaryIdentifiers = new ArrayList<>();
    for (PrismProperty<?> property : attributesContainer.getValue().getProperties()) {
        if (ocDef.isPrimaryIdentifier(property.getElementName())) {
            RefinedAttributeDefinition<?> attrDef = ocDef.findAttributeDefinition(property.getElementName());
            ResourceAttribute<?> primaryIdentifier = new ResourceAttribute<>(property.getElementName(), attrDef, prismContext);
            primaryIdentifier.setRealValue(property.getRealValue());
            primaryIdentifiers.add(primaryIdentifier);
        }
    }
    LOGGER.trace("Resolved identifiers {} to primary identifiers {} (object class {})", identifiers, primaryIdentifiers, ocDef);
    return primaryIdentifiers;
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) ArrayList(java.util.ArrayList) Collection(java.util.Collection) Containerable(com.evolveum.midpoint.prism.Containerable) ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute)

Example 24 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class ResourceObjectReferenceResolver method fetchResourceObject.

public PrismObject<ShadowType> fetchResourceObject(ProvisioningContext ctx, Collection<? extends ResourceAttribute<?>> identifiers, AttributesToReturn attributesToReturn, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException {
    ResourceType resource = ctx.getResource();
    ConnectorInstance connector = ctx.getConnector(ReadCapabilityType.class, parentResult);
    RefinedObjectClassDefinition objectClassDefinition = ctx.getObjectClassDefinition();
    try {
        if (!ResourceTypeUtil.isReadCapabilityEnabled(resource)) {
            throw new UnsupportedOperationException("Resource does not support 'read' operation");
        }
        ResourceObjectIdentification identification = ResourceObjectIdentification.create(objectClassDefinition, identifiers);
        identification = resolvePrimaryIdentifiers(ctx, identification, parentResult);
        identification.validatePrimaryIdenfiers();
        return connector.fetchObject(ShadowType.class, identification, attributesToReturn, ctx, parentResult);
    } catch (ObjectNotFoundException e) {
        parentResult.recordFatalError("Object not found. Identifiers: " + identifiers + ". Reason: " + e.getMessage(), e);
        throw new ObjectNotFoundException("Object not found. identifiers=" + identifiers + ", objectclass=" + PrettyPrinter.prettyPrint(objectClassDefinition.getTypeName()) + ": " + e.getMessage(), e);
    } catch (CommunicationException e) {
        parentResult.recordFatalError("Error communication with the connector " + connector + ": " + e.getMessage(), e);
        throw e;
    } catch (GenericFrameworkException e) {
        parentResult.recordFatalError("Generic error in the connector " + connector + ". Reason: " + e.getMessage(), e);
        throw new GenericConnectorException("Generic error in the connector " + connector + ". Reason: " + e.getMessage(), e);
    } catch (SchemaException ex) {
        parentResult.recordFatalError("Can't get resource object, schema error: " + ex.getMessage(), ex);
        throw ex;
    } catch (ExpressionEvaluationException ex) {
        parentResult.recordFatalError("Can't get resource object, expression error: " + ex.getMessage(), ex);
        throw ex;
    } catch (ConfigurationException e) {
        parentResult.recordFatalError(e);
        throw e;
    }
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ConnectorInstance(com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) GenericFrameworkException(com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException) ResourceObjectIdentification(com.evolveum.midpoint.schema.processor.ResourceObjectIdentification) GenericConnectorException(com.evolveum.midpoint.provisioning.api.GenericConnectorException) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ResourceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType)

Example 25 with RefinedObjectClassDefinition

use of com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition in project midpoint by Evolveum.

the class ShadowCache method countObjects.

public Integer countObjects(ObjectQuery query, Task task, final OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    ResourceShadowDiscriminator coordinates = ObjectQueryUtil.getCoordinates(query.getFilter());
    final ProvisioningContext ctx = ctxFactory.create(coordinates, null, result);
    ctx.assertDefinition();
    applyDefinition(ctx, query);
    RefinedObjectClassDefinition objectClassDef = ctx.getObjectClassDefinition();
    ResourceType resourceType = ctx.getResource();
    CountObjectsCapabilityType countObjectsCapabilityType = objectClassDef.getEffectiveCapability(CountObjectsCapabilityType.class);
    if (countObjectsCapabilityType == null) {
        // Unable to count. Return null which means "I do not know"
        result.recordNotApplicableIfUnknown();
        return null;
    } else {
        CountObjectsSimulateType simulate = countObjectsCapabilityType.getSimulate();
        if (simulate == null) {
            // We have native capability
            ConnectorInstance connector = ctx.getConnector(ReadCapabilityType.class, result);
            try {
                ObjectQuery attributeQuery = createAttributeQuery(query);
                int count;
                try {
                    count = connector.count(objectClassDef.getObjectClassDefinition(), attributeQuery, objectClassDef.getPagedSearches(), ctx, result);
                } catch (CommunicationException | GenericFrameworkException | SchemaException | UnsupportedOperationException e) {
                    result.recordFatalError(e);
                    throw e;
                }
                result.computeStatus();
                result.cleanupResult();
                return count;
            } catch (GenericFrameworkException | UnsupportedOperationException e) {
                SystemException ex = new SystemException("Couldn't count objects on resource " + resourceType + ": " + e.getMessage(), e);
                result.recordFatalError(ex);
                throw ex;
            }
        } else if (simulate == CountObjectsSimulateType.PAGED_SEARCH_ESTIMATE) {
            if (!objectClassDef.isPagedSearchEnabled()) {
                throw new ConfigurationException("Configured count object capability to be simulated using a paged search but paged search capability is not present");
            }
            final Holder<Integer> countHolder = new Holder<Integer>(0);
            final ShadowHandler<ShadowType> handler = new ShadowHandler<ShadowType>() {

                @Override
                public boolean handle(ShadowType object) {
                    int count = countHolder.getValue();
                    count++;
                    countHolder.setValue(count);
                    return true;
                }
            };
            query = query.clone();
            ObjectPaging paging = ObjectPaging.createEmptyPaging();
            paging.setMaxSize(1);
            query.setPaging(paging);
            Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(new ItemPath(ShadowType.F_ASSOCIATION), GetOperationOptions.createRetrieve(RetrieveOption.EXCLUDE));
            SearchResultMetadata resultMetadata;
            try {
                resultMetadata = searchObjectsIterative(query, options, handler, false, task, result);
            } catch (SchemaException | ObjectNotFoundException | ConfigurationException | SecurityViolationException e) {
                result.recordFatalError(e);
                throw e;
            }
            result.computeStatus();
            result.cleanupResult();
            return resultMetadata.getApproxNumberOfAllResults();
        } else if (simulate == CountObjectsSimulateType.SEQUENTIAL_SEARCH) {
            // traditional way of counting objects (i.e. counting them one
            // by one)
            final Holder<Integer> countHolder = new Holder<Integer>(0);
            final ShadowHandler<ShadowType> handler = new ShadowHandler<ShadowType>() {

                @Override
                public boolean handle(ShadowType object) {
                    int count = countHolder.getValue();
                    count++;
                    countHolder.setValue(count);
                    return true;
                }
            };
            Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(new ItemPath(ShadowType.F_ASSOCIATION), GetOperationOptions.createRetrieve(RetrieveOption.EXCLUDE));
            searchObjectsIterative(query, options, handler, false, task, result);
            // TODO: better error handling
            result.computeStatus();
            result.cleanupResult();
            return countHolder.getValue();
        } else {
            throw new IllegalArgumentException("Unknown count capability simulate type " + simulate);
        }
    }
}
Also used : CountObjectsCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CountObjectsCapabilityType) RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) GenericFrameworkException(com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException) Holder(com.evolveum.midpoint.util.Holder) CountObjectsSimulateType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CountObjectsSimulateType) ConnectorInstance(com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance) Collection(java.util.Collection) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Aggregations

RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)72 RefinedResourceSchema (com.evolveum.midpoint.common.refinery.RefinedResourceSchema)33 QName (javax.xml.namespace.QName)28 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)20 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)18 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)17 RefinedAttributeDefinition (com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition)13 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)13 ArrayList (java.util.ArrayList)13 Test (org.testng.annotations.Test)12 PrismObject (com.evolveum.midpoint.prism.PrismObject)10 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)9 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)8 Task (com.evolveum.midpoint.task.api.Task)8 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)8 PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)7 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)7 SystemException (com.evolveum.midpoint.util.exception.SystemException)7 Collection (java.util.Collection)7 RefinedAssociationDefinition (com.evolveum.midpoint.common.refinery.RefinedAssociationDefinition)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial