Examples with StringPolicyResolver com.evolveum.midpoint.repo.common.expression.StringPolicyResolver used on opensource projects

Example 1 with StringPolicyResolver

use of com.evolveum.midpoint.repo.common.expression.StringPolicyResolver in project midpoint by Evolveum.

the class MappingTestEvaluator method createMappingBuilder.

public <T> Mapping.Builder<PrismPropertyValue<T>, PrismPropertyDefinition<T>> createMappingBuilder(String filename, String testName, final StringPolicyType policy, ItemPath defaultTargetPropertyPath, ObjectDelta<UserType> userDelta, PrismObject<UserType> userOld) throws SchemaException, IOException, JAXBException {
    MappingType mappingType = PrismTestUtil.parseAtomicValue(new File(TEST_DIR, filename), MappingType.COMPLEX_TYPE);
    Mapping.Builder<PrismPropertyValue<T>, PrismPropertyDefinition<T>> mappingBuilder = mappingFactory.createMappingBuilder(mappingType, testName);
    // Source context: user
    ObjectDeltaObject<UserType> userOdo = new ObjectDeltaObject<>(userOld, userDelta, null);
    userOdo.recompute();
    mappingBuilder.setSourceContext(userOdo);
    // Variable $user
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_USER, userOdo);
    // Variable $account
    PrismObject<ShadowType> account = getAccount();
    ObjectDeltaObject<ShadowType> accountOdo = new ObjectDeltaObject<ShadowType>(account, null, null);
    accountOdo.recompute();
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_ACCOUNT, accountOdo);
    // Target context: user
    PrismObjectDefinition<UserType> userDefinition = getUserDefinition();
    mappingBuilder.setTargetContext(userDefinition);
    StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {

        ItemPath outputPath;

        ItemDefinition outputDefinition;

        @Override
        public void setOutputPath(ItemPath outputPath) {
            this.outputPath = outputPath;
        }

        @Override
        public void setOutputDefinition(ItemDefinition outputDefinition) {
            this.outputDefinition = outputDefinition;
        }

        @Override
        public StringPolicyType resolve() {
            return policy;
        }
    };
    mappingBuilder.setStringPolicyResolver(stringPolicyResolver);
    // Default target
    if (defaultTargetPropertyPath != null) {
        PrismPropertyDefinition<T> targetDefDefinition = userDefinition.findItemDefinition(defaultTargetPropertyPath);
        if (targetDefDefinition == null) {
            throw new IllegalArgumentException("The item path '" + defaultTargetPropertyPath + "' does not have a definition in " + userDefinition);
        }
        mappingBuilder.setDefaultTargetDefinition(targetDefDefinition);
    }
    return mappingBuilder;
}

Example 2 with StringPolicyResolver

use of com.evolveum.midpoint.repo.common.expression.StringPolicyResolver in project midpoint by Evolveum.

the class ProjectionCredentialsProcessor method processProjectionPasswordMapping.

private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> context, final LensProjectionContext projCtx, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
    LensFocusContext<F> focusContext = context.getFocusContext();
    PrismObject<F> userNew = focusContext.getObjectNew();
    if (userNew == null) {
        // This must be a user delete or something similar. No point in proceeding
        LOGGER.trace("userNew is null, skipping credentials processing");
        return;
    }
    PrismObjectDefinition<ShadowType> accountDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
    PrismPropertyDefinition<ProtectedStringType> projPasswordPropertyDefinition = accountDefinition.findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
    ResourceShadowDiscriminator rsd = projCtx.getResourceShadowDiscriminator();
    RefinedObjectClassDefinition refinedProjDef = projCtx.getStructuralObjectClassDefinition();
    if (refinedProjDef == null) {
        LOGGER.trace("No RefinedObjectClassDefinition, therefore also no password outbound definition, skipping credentials processing for projection {}", rsd);
        return;
    }
    List<MappingType> outboundMappingTypes = refinedProjDef.getPasswordOutbound();
    if (outboundMappingTypes == null || outboundMappingTypes.isEmpty()) {
        LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", rsd);
        return;
    }
    // HACK
    if (!projCtx.isDoReconciliation() && !projCtx.isAdd() && !isActivated(outboundMappingTypes, focusContext.getDelta())) {
        LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", rsd);
        return;
    }
    final ObjectDelta<ShadowType> projDelta = projCtx.getDelta();
    final PropertyDelta<ProtectedStringType> projPasswordDelta;
    if (projDelta != null && projDelta.getChangeType() == MODIFY) {
        projPasswordDelta = projDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
    } else {
        projPasswordDelta = null;
    }
    checkExistingDeltaSanity(projCtx, projPasswordDelta);
    boolean evaluateWeak = getEvaluateWeak(projCtx);
    final ItemDeltaItem<PrismPropertyValue<PasswordType>, PrismPropertyDefinition<ProtectedStringType>> userPasswordIdi = focusContext.getObjectDeltaObject().findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
    StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {

        @Override
        public void setOutputPath(ItemPath outputPath) {
        }

        @Override
        public void setOutputDefinition(ItemDefinition outputDefinition) {
        }

        @Override
        public StringPolicyType resolve() {
            if (passwordPolicy == null) {
                return null;
            }
            return passwordPolicy.getStringPolicy();
        }
    };
    MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> initializer = (builder) -> {
        builder.defaultTargetDefinition(projPasswordPropertyDefinition);
        builder.defaultSource(new Source<>(userPasswordIdi, ExpressionConstants.VAR_INPUT));
        builder.stringPolicyResolver(stringPolicyResolver);
        return builder;
    };
    MappingOutputProcessor<PrismPropertyValue<ProtectedStringType>> processor = (mappingOutputPath, outputStruct) -> {
        PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = outputStruct.getOutputTriple();
        if (outputTriple == null) {
            LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", rsd);
            return false;
        }
        boolean projectionIsNew = projDelta != null && (projDelta.getChangeType() == ChangeType.ADD || projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD);
        Collection<PrismPropertyValue<ProtectedStringType>> newValues = outputTriple.getPlusSet();
        if (projectionIsNew) {
            newValues = outputTriple.getNonNegativeValues();
        } else {
            newValues = outputTriple.getPlusSet();
        }
        if (!canGetCleartext(newValues)) {
            ObjectDelta<ShadowType> projectionPrimaryDelta = projCtx.getPrimaryDelta();
            if (projectionPrimaryDelta != null) {
                PropertyDelta<ProtectedStringType> passwordPrimaryDelta = projectionPrimaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
                if (passwordPrimaryDelta != null) {
                    // We have only hashed value coming from the mapping. There are not very useful
                    // for provisioning. But we have primary projection delta - and that is very likely
                    // to be better.
                    // Skip all password mappings in this case. Primary delta trumps everything. 
                    // No weak, normal or even strong mapping can change that.
                    // We need to disregard even strong mapping in this case. If we would heed the strong
                    // mapping then account initialization won't be possible.
                    LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
                    return false;
                }
            }
        }
        return true;
    };
    mappingEvaluator.evaluateOutboundMapping(context, projCtx, outboundMappingTypes, SchemaConstants.PATH_PASSWORD_VALUE, SchemaConstants.PATH_PASSWORD_VALUE, initializer, processor, now, true, evaluateWeak, "password mapping", task, result);
}

Example 3 with StringPolicyResolver

use of com.evolveum.midpoint.repo.common.expression.StringPolicyResolver in project midpoint by Evolveum.

the class GenerateExpressionEvaluator method evaluate.

/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * com.evolveum.midpoint.common.expression.ExpressionEvaluator#evaluate(java
	 * .util.Collection, java.util.Map, boolean, java.lang.String,
	 * com.evolveum.midpoint.schema.result.OperationResult)
	 */
@Override
public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
    StringPolicyType stringPolicyType = null;
    ObjectReferenceType generateEvaluatorValuePolicyRef = generateEvaluatorType.getValuePolicyRef();
    if (generateEvaluatorValuePolicyRef != null) {
        if (generateEvaluatorType.getValuePolicyRef() != null) {
            ValuePolicyType valuePolicyType = objectResolver.resolve(generateEvaluatorValuePolicyRef, ValuePolicyType.class, null, "resolving value policy reference in generateExpressionEvaluator", context.getTask(), context.getResult());
            stringPolicyType = valuePolicyType.getStringPolicy();
        }
    }
    // would be generated
    if (stringPolicyType == null) {
        StringPolicyResolver stringPolicyResolver = context.getStringPolicyResolver();
        if (stringPolicyResolver != null) {
            stringPolicyType = stringPolicyResolver.resolve();
        }
    }
    elementStringPolicy = stringPolicyType;
    // } else {
    // stringPolicyType = elementStringPolicy;
    // }
    //
    String stringValue = null;
    GenerateExpressionEvaluatorModeType mode = generateEvaluatorType.getMode();
    Item<V, D> output = outputDefinition.instantiate();
    if (mode == null || mode == GenerateExpressionEvaluatorModeType.POLICY) {
        PrismObject<? extends ObjectType> object = getObject(context);
        // TODO: generate value based on stringPolicyType (if not null)
        if (stringPolicyType != null) {
            if (isNotEmptyMinLength(stringPolicyType)) {
                stringValue = valuePolicyGenerator.generate(output.getPath(), stringPolicyType, DEFAULT_LENGTH, true, object, context.getContextDescription(), context.getTask(), context.getResult());
            } else {
                stringValue = valuePolicyGenerator.generate(output.getPath(), stringPolicyType, DEFAULT_LENGTH, false, object, context.getContextDescription(), context.getTask(), context.getResult());
            }
            context.getResult().computeStatus();
            if (context.getResult().isError()) {
                throw new ExpressionEvaluationException("Failed to generate value according to policy: " + stringPolicyType.getDescription() + ". " + context.getResult().getMessage());
            }
        }
        if (stringValue == null) {
            int length = DEFAULT_LENGTH;
            RandomString randomString = new RandomString(length);
            stringValue = randomString.nextString();
        }
    } else if (mode == GenerateExpressionEvaluatorModeType.UUID) {
        UUID randomUUID = UUID.randomUUID();
        stringValue = randomUUID.toString();
    } else {
        throw new ExpressionEvaluationException("Unknown mode for generate expression: " + mode);
    }
    Object value = ExpressionUtil.convertToOutputValue(stringValue, outputDefinition, protector);
    if (output instanceof PrismProperty) {
        PrismPropertyValue<Object> pValue = new PrismPropertyValue<Object>(value);
        ((PrismProperty<Object>) output).add(pValue);
    } else {
        throw new UnsupportedOperationException("Can only generate values of property, not " + output.getClass());
    }
    return ItemDelta.toDeltaSetTriple(output, null);
}

Example 4 with StringPolicyResolver

use of com.evolveum.midpoint.repo.common.expression.StringPolicyResolver in project midpoint by Evolveum.

the class OutboundProcessor method evaluateMapping.

private <F extends FocusType, V extends PrismValue, D extends ItemDefinition> Mapping<V, D> evaluateMapping(final Mapping.Builder<V, D> mappingBuilder, QName mappingQName, D targetDefinition, ObjectDeltaObject<F> focusOdo, ObjectDeltaObject<ShadowType> projectionOdo, String operation, RefinedObjectClassDefinition rOcDef, RefinedObjectClassDefinition assocTargetObjectClassDefinition, LensContext<F> context, LensProjectionContext projCtx, final Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
    if (!mappingBuilder.isApplicableToChannel(context.getChannel())) {
        LOGGER.trace("Skipping outbound mapping for {} because the channel does not match", mappingQName);
        return null;
    }
    // TODO: check access
    // This is just supposed to be an optimization. The consolidation should deal with the weak mapping
    // even if it is there. But in that case we do not need to evaluate it at all.
    // Edit 2017-02-16 pmed: It's not quite true. If the attribute is non-tolerant, it will get removed if we would
    // skip evaluation of this mapping. So we really need to do this.
    //		if (mappingBuilder.getStrength() == MappingStrengthType.WEAK && projCtx.hasValueForAttribute(mappingQName)) {
    //			LOGGER.trace("Skipping outbound mapping for {} because it is weak", mappingQName);
    //			return null;
    //		}
    mappingBuilder.setDefaultTargetDefinition(targetDefinition);
    mappingBuilder.setSourceContext(focusOdo);
    mappingBuilder.setMappingQName(mappingQName);
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_USER, focusOdo);
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_FOCUS, focusOdo);
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_ACCOUNT, projectionOdo);
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_SHADOW, projectionOdo);
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_PROJECTION, projectionOdo);
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_CONFIGURATION, context.getSystemConfiguration());
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_ITERATION, LensUtil.getIterationVariableValue(projCtx));
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_ITERATION_TOKEN, LensUtil.getIterationTokenVariableValue(projCtx));
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_RESOURCE, projCtx.getResource());
    mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_OPERATION, operation);
    if (assocTargetObjectClassDefinition != null) {
        mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_ASSOCIATION_TARGET_OBJECT_CLASS_DEFINITION, assocTargetObjectClassDefinition);
    }
    mappingBuilder.setRootNode(focusOdo);
    mappingBuilder.setOriginType(OriginType.OUTBOUND);
    mappingBuilder.setRefinedObjectClassDefinition(rOcDef);
    StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {

        private ItemPath outputPath;

        private ItemDefinition outputDefinition;

        @Override
        public void setOutputPath(ItemPath outputPath) {
            this.outputPath = outputPath;
        }

        @Override
        public void setOutputDefinition(ItemDefinition outputDefinition) {
            this.outputDefinition = outputDefinition;
        }

        @Override
        public StringPolicyType resolve() {
            if (mappingBuilder.getMappingType().getExpression() != null) {
                List<JAXBElement<?>> evaluators = mappingBuilder.getMappingType().getExpression().getExpressionEvaluator();
                for (JAXBElement jaxbEvaluator : evaluators) {
                    Object object = jaxbEvaluator.getValue();
                    if (object instanceof GenerateExpressionEvaluatorType && ((GenerateExpressionEvaluatorType) object).getValuePolicyRef() != null) {
                        ObjectReferenceType ref = ((GenerateExpressionEvaluatorType) object).getValuePolicyRef();
                        try {
                            ValuePolicyType valuePolicyType = mappingBuilder.getObjectResolver().resolve(ref, ValuePolicyType.class, null, "resolving value policy for generate attribute " + outputDefinition.getName() + "value", task, new OperationResult("Resolving value policy"));
                            if (valuePolicyType != null) {
                                return valuePolicyType.getStringPolicy();
                            }
                        } catch (CommonException ex) {
                            throw new SystemException(ex.getMessage(), ex);
                        }
                    }
                }
            }
            return null;
        }
    };
    mappingBuilder.setStringPolicyResolver(stringPolicyResolver);
    // (e.g. in old values in ADD situations and new values in DELETE situations).
    if (focusOdo.getOldObject() == null) {
        mappingBuilder.setConditionMaskOld(false);
    }
    if (focusOdo.getNewObject() == null) {
        mappingBuilder.setConditionMaskNew(false);
    }
    Mapping<V, D> mapping = mappingBuilder.build();
    mappingEvaluator.evaluateMapping(mapping, context, projCtx, task, result);
    return mapping;
}

Example 5 with StringPolicyResolver

use of com.evolveum.midpoint.repo.common.expression.StringPolicyResolver in project midpoint by Evolveum.

the class MappingTestEvaluator method createInboudMapping.

public <T> Mapping<PrismPropertyValue<T>, PrismPropertyDefinition<T>> createInboudMapping(String filename, String testName, ItemDelta delta, UserType user, ShadowType account, ResourceType resource, final StringPolicyType policy) throws SchemaException, IOException, JAXBException {
    MappingType mappingType = PrismTestUtil.parseAtomicValue(new File(TEST_DIR, filename), MappingType.COMPLEX_TYPE);
    Mapping.Builder<PrismPropertyValue<T>, PrismPropertyDefinition<T>> builder = mappingFactory.createMappingBuilder(mappingType, testName);
    Source<PrismPropertyValue<T>, PrismPropertyDefinition<T>> defaultSource = new Source<>(null, delta, null, ExpressionConstants.VAR_INPUT);
    defaultSource.recompute();
    builder.setDefaultSource(defaultSource);
    builder.setTargetContext(getUserDefinition());
    builder.addVariableDefinition(ExpressionConstants.VAR_USER, user);
    builder.addVariableDefinition(ExpressionConstants.VAR_FOCUS, user);
    builder.addVariableDefinition(ExpressionConstants.VAR_ACCOUNT, account.asPrismObject());
    builder.addVariableDefinition(ExpressionConstants.VAR_SHADOW, account.asPrismObject());
    StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {

        ItemPath outputPath;

        ItemDefinition outputDefinition;

        @Override
        public void setOutputPath(ItemPath outputPath) {
            this.outputPath = outputPath;
        }

        @Override
        public void setOutputDefinition(ItemDefinition outputDefinition) {
            this.outputDefinition = outputDefinition;
        }

        @Override
        public StringPolicyType resolve() {
            return policy;
        }
    };
    builder.setStringPolicyResolver(stringPolicyResolver);
    builder.setOriginType(OriginType.INBOUND);
    builder.setOriginObject(resource);
    return builder.build();
}