Examples with ObjectNotFoundException com.evolveum.midpoint.util.exception.ObjectNotFoundException used on opensource projects

Example 26 with ObjectNotFoundException

use of com.evolveum.midpoint.util.exception.ObjectNotFoundException in project midpoint by Evolveum.

the class SecurityHelper method resolveGlobalPasswordPolicy.

private <F extends FocusType> SecurityPolicyType resolveGlobalPasswordPolicy(PrismObject<F> user, SystemConfigurationType systemConfiguration, Task task, OperationResult result) {
    ObjectReferenceType globalPasswordPolicyRef = systemConfiguration.getGlobalPasswordPolicyRef();
    if (globalPasswordPolicyRef != null) {
        try {
            ValuePolicyType globalPasswordPolicyType = objectResolver.resolve(globalPasswordPolicyRef, ValuePolicyType.class, null, "global security policy reference in system configuration", task, result);
            LOGGER.trace("Using global password policy: {}", globalPasswordPolicyType);
            SecurityPolicyType policy = postProcessPasswordPolicy(globalPasswordPolicyType);
            traceSecurityPolicy(policy, user);
            return policy;
        } catch (ObjectNotFoundException | SchemaException e) {
            LOGGER.error(e.getMessage(), e);
            traceSecurityPolicy(null, user);
            return null;
        }
    }
    return null;
}

Example 27 with ObjectNotFoundException

use of com.evolveum.midpoint.util.exception.ObjectNotFoundException in project midpoint by Evolveum.

the class SpringAuthenticationInjectorInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage message) throws Fault {
    //Note: in constructor we have specified that we will be called after we have been successfully authenticated the user through WS-Security
    //Now we will only set the Spring Authentication object based on the user found in the header
    LOGGER.trace("Intercepted message: {}", message);
    SOAPMessage saajSoapMessage = securityHelper.getSOAPMessage(message);
    if (saajSoapMessage == null) {
        LOGGER.error("No soap message in handler");
        throw createFault(WSSecurityException.ErrorCode.FAILURE);
    }
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
    String username = null;
    try {
        username = securityHelper.getUsernameFromMessage(saajSoapMessage);
        LOGGER.trace("Attempt to authenticate user '{}'", username);
        if (StringUtils.isBlank(username)) {
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, null, connEnv, "Empty username");
            throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        MidPointPrincipal principal;
        try {
            principal = userDetailsService.getPrincipal(username);
        } catch (SchemaException e) {
            LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, null, connEnv, "Schema error: " + e.getMessage());
            throw new Fault(e);
        }
        LOGGER.trace("Principal: {}", principal);
        if (principal == null) {
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, null, connEnv, "No user");
            throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        // Account validity and credentials and all this stuff should be already checked
        // in the password callback
        Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        String operationName;
        try {
            operationName = DOMUtil.getFirstChildElement(saajSoapMessage.getSOAPBody()).getLocalName();
        } catch (SOAPException e) {
            LOGGER.debug("Access to web service denied for user '{}': SOAP error: {}", username, e.getMessage(), e);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "SOAP error: " + e.getMessage());
            throw new Fault(e);
        }
        // AUTHORIZATION
        boolean isAuthorized;
        try {
            isAuthorized = securityEnforcer.isAuthorized(AuthorizationConstants.AUTZ_WS_ALL_URL, AuthorizationPhaseType.REQUEST, null, null, null, null);
            LOGGER.trace("Determined authorization for web service access (action: {}): {}", AuthorizationConstants.AUTZ_WS_ALL_URL, isAuthorized);
        } catch (SchemaException e) {
            LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
            throw createFault(WSSecurityException.ErrorCode.FAILURE);
        }
        if (!isAuthorized) {
            String action = QNameUtil.qNameToUri(new QName(AuthorizationConstants.NS_AUTHORIZATION_WS, operationName));
            try {
                isAuthorized = securityEnforcer.isAuthorized(action, AuthorizationPhaseType.REQUEST, null, null, null, null);
                LOGGER.trace("Determined authorization for web service operation {} (action: {}): {}", operationName, action, isAuthorized);
            } catch (SchemaException e) {
                LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
                message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
                securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
                throw createFault(WSSecurityException.ErrorCode.FAILURE);
            }
        }
        if (!isAuthorized) {
            LOGGER.debug("Access to web service denied for user '{}': not authorized", username);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Not authorized");
            throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    } catch (WSSecurityException e) {
        LOGGER.debug("Access to web service denied for user '{}': security exception: {}", username, e.getMessage(), e);
        message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
        securityHelper.auditLoginFailure(username, null, connEnv, "Security exception: " + e.getMessage());
        throw new Fault(e, e.getFaultCode());
    } catch (ObjectNotFoundException e) {
        LOGGER.debug("Access to web service denied for user '{}': object not found: {}", username, e.getMessage(), e);
        message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
        securityHelper.auditLoginFailure(username, null, connEnv, "No user");
        throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
    }
    // Avoid auditing login attempt again if the operation fails on internal authorization
    message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
    LOGGER.debug("Access to web service allowed for user '{}'", username);
}

Example 28 with ObjectNotFoundException

use of com.evolveum.midpoint.util.exception.ObjectNotFoundException in project midpoint by Evolveum.

the class UserProfileServiceImpl method getPrincipal.

@Override
public MidPointPrincipal getPrincipal(String username) throws ObjectNotFoundException, SchemaException {
    OperationResult result = new OperationResult(OPERATION_GET_PRINCIPAL);
    PrismObject<UserType> user;
    try {
        user = findByUsername(username, result);
    } catch (ObjectNotFoundException ex) {
        LOGGER.trace("Couldn't find user with name '{}', reason: {}.", username, ex.getMessage(), ex);
        throw ex;
    } catch (Exception ex) {
        LOGGER.warn("Error getting user with name '{}', reason: {}.", username, ex.getMessage(), ex);
        throw new SystemException(ex.getMessage(), ex);
    }
    return createPrincipal(user, result);
}

Example 29 with ObjectNotFoundException

use of com.evolveum.midpoint.util.exception.ObjectNotFoundException in project midpoint by Evolveum.

the class ModelObjectResolver method getObject.

public <T extends ObjectType> T getObject(Class<T> clazz, String oid, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    T objectType = null;
    try {
        PrismObject<T> object = null;
        ObjectTypes.ObjectManager manager = ObjectTypes.getObjectManagerForClass(clazz);
        final GetOperationOptions rootOptions = SelectorOptions.findRootOptions(options);
        switch(manager) {
            case PROVISIONING:
                object = provisioning.getObject(clazz, oid, options, task, result);
                if (object == null) {
                    throw new SystemException("Got null result from provisioning.getObject while looking for " + clazz.getSimpleName() + " with OID " + oid + "; using provisioning implementation " + provisioning.getClass().getName());
                }
                break;
            case TASK_MANAGER:
                object = taskManager.getObject(clazz, oid, options, result);
                if (object == null) {
                    throw new SystemException("Got null result from taskManager.getObject while looking for " + clazz.getSimpleName() + " with OID " + oid + "; using task manager implementation " + taskManager.getClass().getName());
                }
                if (workflowManager != null && TaskType.class.isAssignableFrom(clazz) && !GetOperationOptions.isRaw(rootOptions) && !GetOperationOptions.isNoFetch(rootOptions)) {
                    workflowManager.augmentTaskObject(object, options, task, result);
                }
                break;
            default:
                object = cacheRepositoryService.getObject(clazz, oid, options, result);
                if (object == null) {
                    throw new SystemException("Got null result from repository.getObject while looking for " + clazz.getSimpleName() + " with OID " + oid + "; using repository implementation " + cacheRepositoryService.getClass().getName());
                }
        }
        objectType = object.asObjectable();
        if (!clazz.isInstance(objectType)) {
            throw new ObjectNotFoundException("Bad object type returned for referenced oid '" + oid + "'. Expected '" + clazz + "', but was '" + (objectType == null ? "null" : objectType.getClass()) + "'.");
        }
        if (hookRegistry != null) {
            for (ReadHook hook : hookRegistry.getAllReadHooks()) {
                hook.invoke(object, options, task, result);
            }
        }
    } catch (SystemException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (RuntimeException | Error ex) {
        LoggingUtils.logException(LOGGER, "Error resolving object with oid {}, expected type was {}.", ex, oid, clazz);
        throw new SystemException("Error resolving object with oid '" + oid + "': " + ex.getMessage(), ex);
    } finally {
        result.computeStatus();
    }
    return objectType;
}

Example 30 with ObjectNotFoundException

use of com.evolveum.midpoint.util.exception.ObjectNotFoundException in project midpoint by Evolveum.

the class ModelCrudService method modifyObject.

/**
	 * <p>
	 * Modifies object using relative change description.
	 * </p>
	 * <p>
	 * Must fail if user with provided OID does not exists. Must fail if any of
	 * the described changes cannot be applied. Should be atomic.
	 * </p>
	 * <p>
	 * If two or more modify operations are executed in parallel, the operations
	 * should be merged. In case that the operations are in conflict (e.g. one
	 * operation adding a value and the other removing the same value), the
	 * result is not deterministic.
	 * </p>
	 * <p>
	 * The operation may fail if the modified object does not conform to the
	 * underlying schema of the storage system or the schema enforced by the
	 * implementation.
	 * </p>
	 * 
	 * @param parentResult
	 *            parent OperationResult (in/out)
	 * @throws ObjectNotFoundException
	 *             specified object does not exist
	 * @throws SchemaException
	 *             resulting object would violate the schema
	 * @throws ExpressionEvaluationException
	 * 				evaluation of expression associated with the object has failed
	 * @throws CommunicationException 
	 * @throws ObjectAlreadyExistsException
	 * 				If the account or another "secondary" object already exists and cannot be created
	 * @throws PolicyViolationException 
	 * 				Policy violation was detected during processing of the object
	 * @throws IllegalArgumentException
	 *             wrong OID format, described change is not applicable
	 * @throws SystemException
	 *             unknown error from underlying layers or other unexpected
	 *             state
	 */
public <T extends ObjectType> void modifyObject(Class<T> type, String oid, Collection<? extends ItemDelta> modifications, ModelExecuteOptions options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException {
    Validate.notNull(modifications, "Object modification must not be null.");
    Validate.notEmpty(oid, "Change oid must not be null or empty.");
    Validate.notNull(parentResult, "Result type must not be null.");
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Modifying object with oid {}", oid);
        LOGGER.trace(DebugUtil.debugDump(modifications));
    }
    if (modifications.isEmpty()) {
        LOGGER.warn("Calling modifyObject with empty modificaiton set");
        return;
    }
    ItemDelta.checkConsistence(modifications, ConsistencyCheckScope.THOROUGH);
    // TODO: check definitions, but tolerate missing definitions in <attributes>
    OperationResult result = parentResult.createSubresult(MODIFY_OBJECT);
    result.addCollectionOfSerializablesAsParam("modifications", modifications);
    RepositoryCache.enter();
    try {
        ObjectDelta<T> objectDelta = (ObjectDelta<T>) ObjectDelta.createModifyDelta(oid, modifications, type, prismContext);
        Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(objectDelta);
        modelService.executeChanges(deltas, options, task, result);
        result.computeStatus();
    } catch (ExpressionEvaluationException ex) {
        LOGGER.error("model.modifyObject failed: {}", ex.getMessage(), ex);
        result.recordFatalError(ex);
        throw ex;
    } catch (ObjectNotFoundException ex) {
        LOGGER.error("model.modifyObject failed: {}", ex.getMessage(), ex);
        result.recordFatalError(ex);
        throw ex;
    } catch (SchemaException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } catch (ConfigurationException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } catch (SecurityViolationException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } catch (RuntimeException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } finally {
        RepositoryCache.exit();
    }
}