use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.
the class TestClockwork method assertJackAccountShadow.
private void assertJackAccountShadow(LensContext<UserType> context) throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
Collection<LensProjectionContext> accountContexts = context.getProjectionContexts();
assertEquals(1, accountContexts.size());
LensProjectionContext accContext = accountContexts.iterator().next();
String accountOid = accContext.getOid();
assertNotNull("No OID in account context " + accContext, accountOid);
PrismObject<ShadowType> newAccount = getShadowModel(accountOid);
assertEquals(DEFAULT_INTENT, newAccount.findProperty(ShadowType.F_INTENT).getRealValue());
getDummyResourceType();
assertEquals(new QName(MidPointConstants.NS_RI, "AccountObjectClass"), newAccount.findProperty(ShadowType.F_OBJECT_CLASS).getRealValue());
PrismReference resourceRef = newAccount.findReference(ShadowType.F_RESOURCE_REF);
assertEquals(getDummyResourceType().getOid(), resourceRef.getOid());
PrismContainer<?> attributes = newAccount.findContainer(ShadowType.F_ATTRIBUTES);
assertEquals("jack", attributes.findProperty(SchemaTestConstants.ICFS_NAME).getRealValue());
getDummyResourceType();
assertEquals("Jack Sparrow", attributes.findProperty(new ItemName(MidPointConstants.NS_RI, "fullname")).getRealValue());
}
use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.
the class TestSecurityBasic method test259AutzJackSelfAccountsPartialControl.
/**
* Test getEditObjectDefinition for shadow.
* It should also call and apply edited schema for attributes.
*/
@Test
public void test259AutzJackSelfAccountsPartialControl() throws Exception {
given();
cleanupAutzTest(USER_JACK_OID);
assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
assignAccountToUser(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
when();
login(USER_JACK_USERNAME);
then();
assertGetAllow(UserType.class, USER_JACK_OID);
assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
assertAddDeny();
assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
assertDeleteDeny();
assertDeleteDeny(UserType.class, USER_JACK_OID);
PrismObject<UserType> user = getUser(USER_JACK_OID);
String accountOid = getSingleLinkOid(user);
assertGetAllow(ShadowType.class, accountOid);
PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
display("Jack's shadow", shadow);
Task task = getTestTask();
OperationResult result = task.getResult();
PrismObjectDefinition<ShadowType> rOcDef = modelInteractionService.getEditObjectDefinition(shadow, null, task, result);
shadow.applyDefinition(rOcDef, true);
ResourceAttributeContainer resourceAttributeCOntainer = ShadowUtil.getAttributesContainer(shadow);
ResourceObjectDefinition containerDef = resourceAttributeCOntainer.getDefinition().getComplexTypeDefinition();
Item attr = resourceAttributeCOntainer.findItem(new ItemName("weapon"));
ItemDefinition attrDf = attr.getDefinition();
assertTrue("Expected that attribute can be read", attrDf.canRead());
assertFalse("Expected that attribute cannot be added", attrDf.canAdd());
assertFalse("Expected that attribute cannot be modified", attrDf.canModify());
displayDumpable("Refined objectclass def", containerDef);
assertAttributeFlags(containerDef, SchemaConstants.ICFS_UID, true, false, false);
assertAttributeFlags(containerDef, SchemaConstants.ICFS_NAME, true, false, false);
assertAttributeFlags(containerDef, new ItemName("location"), true, true, true);
assertAttributeFlags(containerDef, new ItemName("weapon"), true, false, false);
// Not linked to jack
assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
// Not linked to jack
assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
// Not even jack's account
assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
assertPasswordChangeAllow(UserType.class, USER_JACK_OID, "nbusr123");
assertPasswordChangeDeny(UserType.class, USER_GUYBRUSH_OID, "nbusr123");
PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
assertGlobalStateUntouched();
}
use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method configure.
@Override
public synchronized void configure(@NotNull PrismContainerValue<?> configurationOriginal, List<QName> generateObjectClasses, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SchemaException, ConfigurationException {
OperationResult result = parentResult.createSubresult(ConnectorInstance.OPERATION_CONFIGURE);
LOGGER.trace("Configuring connector {}, provided configuration:\n{}", connectorType, configurationOriginal.debugDumpLazily(1));
try {
this.generateObjectClasses = generateObjectClasses;
// Get default configuration for the connector. This is important,
// as it contains types of connector configuration properties.
// Make sure that the proper configuration schema is applied. This
// will cause that all the "raw" elements are parsed
PrismContainerValue<?> configurationCloned = configurationOriginal.clone();
configurationCloned.applyDefinition(getConfigurationContainerDefinition());
ConnIdConfigurationTransformer configTransformer = new ConnIdConfigurationTransformer(connectorType, connectorInfo, protector);
// Transform XML configuration from the resource to the ConnId connector configuration
try {
apiConfig = configTransformer.transformConnectorConfiguration(configurationCloned);
} catch (SchemaException e) {
result.recordFatalError(e.getMessage(), e);
throw e;
}
logTransformedConfiguration();
apiConfig.setInstanceName(getInstanceName());
ConnectorFacade oldConnIdConnectorFacade = connIdConnectorFacade;
// Create new connector instance using the transformed configuration
connIdConnectorFacade = ConnectorFacadeFactory.getInstance().newInstance(apiConfig);
if (oldConnIdConnectorFacade != null) {
// Make sure old connector instance is disposed. We do not want to waste resources.
// In case that old and new facade are the same, this will cause all existing
// ConnId connector instances to dispose (i.e. connector pool is emptied).
// But this is exactly what we want on reconfigure. We want the connections to
// be closed and re-opened.
LOGGER.debug("Disposing old ConnId ConnectorFacade for instance: {} (connector reconfiguration)", instanceName);
oldConnIdConnectorFacade.dispose();
}
result.recordSuccess();
PrismProperty<Boolean> legacySchemaConfigProperty = configurationCloned.findProperty(new ItemName(SchemaConstants.NS_ICF_CONFIGURATION, ConnectorFactoryConnIdImpl.CONNECTOR_SCHEMA_LEGACY_SCHEMA_XML_ELEMENT_NAME));
if (legacySchemaConfigProperty != null) {
legacySchema = legacySchemaConfigProperty.getRealValue();
}
LOGGER.trace("Legacy schema (config): {}", legacySchema);
} catch (Throwable ex) {
Throwable midpointEx = processConnIdException(ex, this, result);
result.computeStatus("Removing attribute values failed");
// exception
if (midpointEx instanceof CommunicationException) {
throw (CommunicationException) midpointEx;
} else if (midpointEx instanceof GenericFrameworkException) {
throw (GenericFrameworkException) midpointEx;
} else if (midpointEx instanceof SchemaException) {
throw (SchemaException) midpointEx;
} else if (midpointEx instanceof ConfigurationException) {
throw (ConfigurationException) midpointEx;
} else if (midpointEx instanceof RuntimeException) {
throw (RuntimeException) midpointEx;
} else if (midpointEx instanceof Error) {
throw (Error) midpointEx;
} else {
throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
}
use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.
the class TransformationalAsyncUpdateMessageListener method getIdentifiers.
@NotNull
private Collection<ResourceAttribute<?>> getIdentifiers(UcfChangeType changeBean, ResourceObjectDefinition ocDef, Holder<Object> primaryIdentifierRealValueHolder) throws SchemaException {
Collection<ResourceAttribute<?>> rv = new ArrayList<>();
PrismContainerValue<ShadowAttributesType> attributesPcv;
boolean mayContainNonIdentifiers;
if (changeBean.getIdentifiers() != null) {
// noinspection unchecked
attributesPcv = changeBean.getIdentifiers().asPrismContainerValue();
mayContainNonIdentifiers = false;
} else if (changeBean.getObject() != null) {
// noinspection unchecked
attributesPcv = changeBean.getObject().getAttributes().asPrismContainerValue();
mayContainNonIdentifiers = true;
} else if (changeBean.getObjectDelta() != null && changeBean.getObjectDelta().getChangeType() == ChangeTypeType.ADD && changeBean.getObjectDelta().getObjectToAdd() instanceof ShadowType) {
// noinspection unchecked
attributesPcv = ((ShadowType) changeBean.getObjectDelta().getObjectToAdd()).getAttributes().asPrismContainerValue();
mayContainNonIdentifiers = true;
} else {
throw new SchemaException("Change does not contain identifiers");
}
Set<ItemName> identifiers = ocDef.getAllIdentifiers().stream().map(ItemDefinition::getItemName).collect(Collectors.toSet());
Set<ItemName> primaryIdentifiers = ocDef.getPrimaryIdentifiers().stream().map(ItemDefinition::getItemName).collect(Collectors.toSet());
Set<Object> primaryIdentifierRealValues = new HashSet<>();
for (Item<?, ?> attribute : attributesPcv.getItems()) {
if (QNameUtil.matchAny(attribute.getElementName(), identifiers)) {
ResourceAttribute<Object> resourceAttribute;
if (attribute instanceof ResourceAttribute) {
// noinspection unchecked
resourceAttribute = ((ResourceAttribute) attribute).clone();
} else {
// noinspection unchecked
ResourceAttributeDefinition<Object> definition = (ResourceAttributeDefinition<Object>) ocDef.findAttributeDefinition(attribute.getElementName());
if (definition == null) {
throw new SchemaException("No definition of " + attribute.getElementName() + " in " + ocDef);
}
resourceAttribute = definition.instantiate();
for (Object realValue : attribute.getRealValues()) {
resourceAttribute.addRealValue(realValue);
}
}
rv.add(resourceAttribute);
if (QNameUtil.matchAny(attribute.getElementName(), primaryIdentifiers)) {
primaryIdentifierRealValues.addAll(resourceAttribute.getRealValues());
}
} else {
if (!mayContainNonIdentifiers) {
LOGGER.warn("Attribute {} is not an identifier in {} -- ignoring it", attribute, ocDef);
}
}
}
if (primaryIdentifierRealValues.isEmpty()) {
throw new SchemaException("No primary identifier real value in " + changeBean);
}
primaryIdentifierRealValueHolder.setValue(primaryIdentifierRealValues.iterator().next());
if (primaryIdentifierRealValues.size() > 1) {
LOGGER.warn("More than one primary identifier real value in {}: {}. Using the first one: {}", changeBean, primaryIdentifierRealValues, primaryIdentifierRealValueHolder.getValue());
}
return rv;
}
use of com.evolveum.midpoint.prism.path.ItemName in project midpoint by Evolveum.
the class DelegatingItemDeltaProcessor method resolvePath.
private QName resolvePath(ItemDelta<?, ?> modification) throws RepositoryException {
ItemPath path = modification.getPath();
while (!path.isSingleName()) {
ItemName firstName = path.firstName();
path = path.rest();
QueryModelMapping<?, ?, ?> mapping = context.mapping();
ItemRelationResolver<?, ?, ?, ?> relationResolver = mapping.getRelationResolver(firstName);
if (relationResolver == null) {
// unmapped, not persisted, nothing to do
return null;
}
if (!(relationResolver instanceof SqaleItemRelationResolver)) {
// Again, programmers fault.
throw new IllegalArgumentException("Relation resolver for " + firstName + " in mapping " + mapping + " does not support delta modifications. " + "Used modification: " + modification);
}
ItemPath subcontextPath = firstName;
if (relationResolver instanceof ContainerTableRelationResolver) {
Object cid = path.first();
path = path.rest();
subcontextPath = ItemPath.create(firstName, cid);
}
// We want to use the same subcontext for the same item path to use one UPDATE.
SqaleUpdateContext<?, ?, ?> subcontext = context.getSubcontext(subcontextPath);
if (subcontext == null) {
// we know nothing about context and resolver types, so we have to ignore it
// noinspection unchecked,rawtypes
subcontext = ((SqaleItemRelationResolver) relationResolver).resolve(this.context, subcontextPath);
if (subcontext == null) {
// this means "ignore"
return null;
}
context.addSubcontext(subcontextPath, subcontext);
}
context = subcontext;
}
return path.asSingleName();
}
Aggregations