Examples with LocalizableMessageBuilder com.evolveum.midpoint.util.LocalizableMessageBuilder used on opensource projects

Example 16 with LocalizableMessageBuilder

use of com.evolveum.midpoint.util.LocalizableMessageBuilder in project midpoint by Evolveum.

the class ValuePolicyProcessor method testMaximalOccurrence.

private StringLimitationResult testMaximalOccurrence(StringLimitType stringLimitation, int count, OperationResult result, List<LocalizableMessage> messages, StringLimitationResult limitation) {
    if (stringLimitation.getMaxOccurs() == null) {
        return limitation;
    }
    if (limitation == null) {
        limitation = new StringLimitationResult();
        limitation.setMaxOccurs(stringLimitation.getMaxOccurs());
        limitation.setSuccess(true);
    } else {
        limitation.setMaxOccurs(stringLimitation.getMaxOccurs());
    }
    if (count > stringLimitation.getMaxOccurs()) {
        LocalizableMessage msg = new LocalizableMessageBuilder().key("ValuePolicy.maximalOccurrenceExceeded").arg(stringLimitation.getMaxOccurs()).arg(stringLimitation.getDescription()).arg(count).build();
        result.addSubresult(new OperationResult("Check maximal occurrence of characters", OperationResultStatus.FATAL_ERROR, msg));
        messages.add(msg);
        limitation.setSuccess(false);
    }
    return limitation;
}

Example 17 with LocalizableMessageBuilder

use of com.evolveum.midpoint.util.LocalizableMessageBuilder in project midpoint by Evolveum.

the class ValuePolicyProcessor method testMinimalUniqueCharacters.

private StringLimitationResult testMinimalUniqueCharacters(String password, LimitationsType limitations, OperationResult result, List<LocalizableMessage> message) {
    if (limitations.getMinUniqueChars() == null) {
        return null;
    }
    HashSet<String> distinctCharacters = new HashSet<>(StringPolicyUtils.stringTokenizer(password));
    StringLimitationResult limitation = new StringLimitationResult();
    limitation.setMinOccurs(limitations.getMinUniqueChars());
    PolyStringType name = new PolyStringType("unique characters");
    PolyStringTranslationType translation = new PolyStringTranslationType();
    translation.setKey("ValuePolicy.uniqueCharacters");
    name.setTranslation(translation);
    limitation.setName(name);
    limitation.setSuccess(true);
    if (limitations.getMinUniqueChars() > distinctCharacters.size()) {
        LocalizableMessage msg = new LocalizableMessageBuilder().key("ValuePolicy.minimalUniqueCharactersNotMet").arg(limitations.getMinUniqueChars()).arg(distinctCharacters.size()).build();
        result.addSubresult(new OperationResult("Check minimal count of unique chars", OperationResultStatus.FATAL_ERROR, msg));
        message.add(msg);
        limitation.setSuccess(false);
    }
    return limitation;
}

Example 18 with LocalizableMessageBuilder

use of com.evolveum.midpoint.util.LocalizableMessageBuilder in project midpoint by Evolveum.

the class ValuePolicyProcessor method testMinimalOccurrence.

private StringLimitationResult testMinimalOccurrence(StringLimitType stringLimitation, int count, OperationResult result, List<LocalizableMessage> messages, StringLimitationResult limitation) {
    if (stringLimitation.getMinOccurs() == null) {
        return limitation;
    }
    if (limitation == null) {
        limitation = new StringLimitationResult();
        limitation.setMinOccurs(stringLimitation.getMinOccurs());
        limitation.setSuccess(true);
    } else {
        limitation.setMinOccurs(stringLimitation.getMinOccurs());
    }
    if (count < stringLimitation.getMinOccurs()) {
        LocalizableMessage msg = new LocalizableMessageBuilder().key("ValuePolicy.minimalOccurrenceNotMet").arg(stringLimitation.getMinOccurs()).arg(stringLimitation.getDescription()).arg(count).build();
        result.addSubresult(new OperationResult("Check minimal occurrence of characters", OperationResultStatus.FATAL_ERROR, msg));
        messages.add(msg);
        limitation.setSuccess(false);
    }
    return limitation;
}

Example 19 with LocalizableMessageBuilder

use of com.evolveum.midpoint.util.LocalizableMessageBuilder in project midpoint by Evolveum.

the class ProjectionCredentialsProcessor method validateProjectionPassword.

private <F extends FocusType> void validateProjectionPassword(LensProjectionContext projectionContext, SecurityPolicyType securityPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
    if (securityPolicy == null) {
        LOGGER.trace("Skipping processing password policies. Security policy not specified.");
        return;
    }
    ObjectDelta<ShadowType> accountDelta = projectionContext.getCurrentDelta();
    if (accountDelta == null) {
        LOGGER.trace("Skipping processing password policies. Shadow delta not specified.");
        return;
    }
    if (accountDelta.isDelete()) {
        return;
    }
    PrismObject<ShadowType> accountShadow = null;
    PrismProperty<ProtectedStringType> password = null;
    if (accountDelta.isAdd()) {
        accountShadow = accountDelta.getObjectToAdd();
        if (accountShadow != null) {
            password = accountShadow.findProperty(SchemaConstants.PATH_PASSWORD_VALUE);
        }
    }
    if (accountDelta.isModify() || password == null) {
        PropertyDelta<ProtectedStringType> passwordValueDelta = accountDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
        // Modification sanity check
        if (accountDelta.getChangeType() == ChangeType.MODIFY && passwordValueDelta != null && (passwordValueDelta.isAdd() || passwordValueDelta.isDelete())) {
            throw new SchemaException("Shadow password value cannot be added or deleted, it can only be replaced");
        }
        if (passwordValueDelta == null) {
            LOGGER.trace("Skipping processing password policies. Shadow delta does not contain password change.");
            return;
        }
        password = (PrismProperty<ProtectedStringType>) passwordValueDelta.getItemNewMatchingPath(null);
    }
    if (accountShadow == null) {
        accountShadow = projectionContext.getObjectNew();
    }
    String passwordValue = determinePasswordValue(password);
    ObjectValuePolicyEvaluator objectValuePolicyEvaluator = new ObjectValuePolicyEvaluator.Builder().now(now).originResolver(getOriginResolver(accountShadow)).protector(protector).securityPolicy(securityPolicy).shortDesc("password for " + accountShadow).task(task).valueItemPath(SchemaConstants.PATH_PASSWORD_VALUE).valuePolicyProcessor(valuePolicyProcessor).build();
    OperationResult validationResult = objectValuePolicyEvaluator.validateStringValue(passwordValue, result);
    if (!validationResult.isSuccess()) {
        LOGGER.debug("Password for projection {} is not valid (policy={}): {}", projectionContext.getHumanReadableName(), securityPolicy, validationResult.getUserFriendlyMessage());
        result.computeStatus();
        throw new PolicyViolationException(new LocalizableMessageBuilder().key("PolicyViolationException.message.projectionPassword").arg(projectionContext.getHumanReadableName()).arg(validationResult.getUserFriendlyMessage()).build());
    }
}

Example 20 with LocalizableMessageBuilder

use of com.evolveum.midpoint.util.LocalizableMessageBuilder in project midpoint by Evolveum.

the class PruningOperation method processPruneRuleExclusionTrigger.

private void processPruneRuleExclusionTrigger(EvaluatedAssignmentImpl<F> newAssignment, EvaluatedPolicyRuleImpl pruneRule, EvaluatedExclusionTrigger exclusionTrigger) {
    EvaluatedAssignment<FocusType> conflictingAssignment = exclusionTrigger.getConflictingAssignment();
    if (conflictingAssignment == null) {
        throw new SystemException("Added assignment " + newAssignment + ", the exclusion prune rule was triggered but there is no conflicting assignment in the trigger");
    }
    LOGGER.debug("Pruning assignment {} because it conflicts with added assignment {}", conflictingAssignment, newAssignment);
    if (conflictingAssignment.isPresentInOldObject()) {
        // This is the usual (good) case. The conflicting assignment was present in the old object so we can remove it
        // by means of secondary delta.
        // noinspection unchecked
        PrismContainerValue<AssignmentType> assignmentValueToRemove = conflictingAssignment.getAssignment().asPrismContainerValue().clone();
        PrismObjectDefinition<F> focusDef = context.getFocusContext().getObjectDefinition();
        ContainerDelta<AssignmentType> assignmentDelta = beans.prismContext.deltaFactory().container().createDelta(FocusType.F_ASSIGNMENT, focusDef);
        // noinspection unchecked
        assignmentDelta.addValuesToDelete(assignmentValueToRemove);
        context.getFocusContext().swallowToSecondaryDeltaUnchecked(assignmentDelta);
        prunedViaSecondaryDelta = true;
    } else {
        // Conflicting assignment was not present in old object i.e. it was added in the meanwhile into secondary delta.
        // We create trigger for this with enforcementOverride = true, so it will be reported as policy violation
        // even if not enforcement policy action is present. See also MID-4766.
        SingleLocalizableMessage message = new LocalizableMessageBuilder().key("PolicyViolationException.message.prunedRolesAssigned").arg(ObjectTypeUtil.createDisplayInformation(newAssignment.getTarget(), false)).arg(ObjectTypeUtil.createDisplayInformation(conflictingAssignment.getTarget(), false)).build();
        pruneRule.addTrigger(new EvaluatedExclusionTrigger(exclusionTrigger.getConstraint(), message, null, exclusionTrigger.getConflictingAssignment(), exclusionTrigger.getConflictingTarget(), exclusionTrigger.getConflictingPath(), true));
        enforcementOverrideGenerated = true;
    }
}