Examples with PolicyViolationException com.evolveum.midpoint.util.exception.PolicyViolationException used on opensource projects

Example 56 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class SynchronizationServiceImpl method reactToChange.

private <F extends FocusType> SynchronizationSituationType reactToChange(Class<F> focusClass, ResourceObjectShadowChangeDescription change, ObjectSynchronizationType synchronizationPolicy, SynchronizationSituation<F> situation, ResourceType resource, boolean logDebug, PrismObject<SystemConfigurationType> configuration, Task task, OperationResult parentResult) throws ConfigurationException, ObjectNotFoundException, SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, CommunicationException, SecurityViolationException {
    SynchronizationSituationType newSituation = situation.getSituation();
    SynchronizationReactionType reactionDefinition = findReactionDefinition(synchronizationPolicy, situation, change.getSourceChannel(), resource);
    if (reactionDefinition == null) {
        LOGGER.trace("No reaction is defined for situation {} in {}", situation.getSituation(), resource);
        return newSituation;
    }
    // seems to be unused so commented it out [med]
    // PrismObject<? extends ObjectType> shadow = null;
    // if (change.getCurrentShadow() != null) {
    // shadow = change.getCurrentShadow();
    // } else if (change.getOldShadow() != null) {
    // shadow = change.getOldShadow();
    // }
    Boolean doReconciliation = determineReconciliation(synchronizationPolicy, reactionDefinition);
    if (doReconciliation == null) {
        // shadow.
        if (change.getObjectDelta() == null) {
            doReconciliation = true;
        }
    }
    Boolean limitPropagation = determinePropagationLimitation(synchronizationPolicy, reactionDefinition, change.getSourceChannel());
    ModelExecuteOptions options = new ModelExecuteOptions();
    options.setReconcile(doReconciliation);
    options.setLimitPropagation(limitPropagation);
    final boolean willSynchronize = isSynchronize(reactionDefinition);
    LensContext<F> lensContext = null;
    if (willSynchronize) {
        lensContext = createLensContext(focusClass, change, reactionDefinition, synchronizationPolicy, situation, options, configuration, parentResult);
    }
    if (LOGGER.isTraceEnabled() && lensContext != null) {
        LOGGER.trace("---[ SYNCHRONIZATION context before action execution ]-------------------------\n" + "{}\n------------------------------------------", lensContext.debugDump());
    }
    if (willSynchronize) {
        // there's no point in calling executeAction without context - so
        // the actions are executed only if synchronize == true
        executeActions(reactionDefinition, lensContext, situation, BeforeAfterType.BEFORE, resource, logDebug, task, parentResult);
        Iterator<LensProjectionContext> iterator = lensContext.getProjectionContextsIterator();
        LensProjectionContext originalProjectionContext = iterator.hasNext() ? iterator.next() : null;
        try {
            clockwork.run(lensContext, task, parentResult);
        } catch (ConfigurationException | ObjectNotFoundException | SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | CommunicationException | SecurityViolationException e) {
            LOGGER.error("SYNCHRONIZATION: Error in synchronization on {} for situation {}: {}: {}. Change was {}", new Object[] { resource, situation.getSituation(), e.getClass().getSimpleName(), e.getMessage(), change, e });
        // what to do here? We cannot throw the error back. All that the notifyChange method
        // could do is to convert it to SystemException. But that indicates an internal error and it will
        // break whatever code called the notifyChange in the first place. We do not want that.
        // If the clockwork could not do anything with the exception then perhaps nothing can be done at all.
        // So just log the error (the error should be remembered in the result and task already)
        // and then just go on.
        }
        // note: actions "AFTER" seem to be useless here (basically they
        // modify lens context - which is relevant only if followed by
        // clockwork run)
        executeActions(reactionDefinition, lensContext, situation, BeforeAfterType.AFTER, resource, logDebug, task, parentResult);
        if (originalProjectionContext != null) {
            newSituation = originalProjectionContext.getSynchronizationSituationResolved();
        }
    } else {
        LOGGER.trace("Skipping clockwork run on {} for situation {}, synchronize is set to false.", new Object[] { resource, situation.getSituation() });
    }
    return newSituation;
}

Example 57 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test180JudgeExceptionalPirateAndThief.

/**
	 * Add pirate role to judge. But include policy exception in the pirate assignment, so it
	 * should go OK. The assign thief (without exception). The exception in the pirate assignment
	 * should only apply to that assignment. The assignment of thief should fail.
	 */
@Test
public void test180JudgeExceptionalPirateAndThief() throws Exception {
    final String TEST_NAME = "test180JudgeExceptionalPirateAndThief";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestSegregationOfDuties.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assignRole(USER_JACK_OID, ROLE_JUDGE_OID, task, result);
    assignRole(USER_JACK_OID, ROLE_PIRATE_OID, null, getJudgeExceptionBlock(), task, result);
    PrismObject<UserType> userJackIn = getUser(USER_JACK_OID);
    assertAssignedRoles(userJackIn, ROLE_JUDGE_OID, ROLE_PIRATE_OID);
    try {
        // This should die
        assignRole(USER_JACK_OID, ROLE_THIEF_OID, task, result);
        AssertJUnit.fail("Expected policy violation after adding thief role, but it went well");
    } catch (PolicyViolationException e) {
    // This is expected
    }
    // Cleanup
    unassignRole(USER_JACK_OID, ROLE_JUDGE_OID, task, result);
    unassignRole(USER_JACK_OID, ROLE_PIRATE_OID, null, getJudgeExceptionBlock(), task, result);
    assertAssignedNoRole(USER_JACK_OID, task, result);
}

Example 58 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test140SimpleExclusionBoth2.

@Test
public void test140SimpleExclusionBoth2() throws Exception {
    final String TEST_NAME = "test140SimpleExclusionBoth2";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestSegregationOfDuties.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    Collection<ItemDelta<?, ?>> modifications = new ArrayList<>();
    modifications.add((createAssignmentModification(ROLE_PIRATE_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    modifications.add((createAssignmentModification(ROLE_JUDGE_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    ObjectDelta<UserType> userDelta = ObjectDelta.createModifyDelta(USER_JACK_OID, modifications, UserType.class, prismContext);
    try {
        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
        AssertJUnit.fail("Expected policy violation, but it went well");
    } catch (PolicyViolationException e) {
    // This is expected
    }
    assertAssignedNoRole(USER_JACK_OID, task, result);
}

Example 59 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test232GuybrushAssignRoleExecutiveOne.

/**
	 * MID-3694
	 */
@Test
public void test232GuybrushAssignRoleExecutiveOne() throws Exception {
    final String TEST_NAME = "test232GuybrushAssignRoleExecutiveOne";
    displayTestTile(TEST_NAME);
    // GIVEN
    Task task = createTask(TEST_NAME);
    OperationResult result = task.getResult();
    try {
        // WHEN
        displayWhen(TEST_NAME);
        assignRole(USER_GUYBRUSH_OID, ROLE_EXECUTIVE_1_OID, task, result);
        assertNotReached();
    } catch (PolicyViolationException e) {
        // THEN
        displayThen(TEST_NAME);
        assertFailure(result);
    }
    PrismObject<UserType> userAfter = getUser(USER_GUYBRUSH_OID);
    display("User after", userAfter);
    assertAssignedRole(userAfter, ROLE_CONTROLLING_1_OID);
    assertNotAssignedRole(userAfter, ROLE_EXECUTIVE_1_OID);
}

Example 60 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestSegregationOfDuties method test132SimpleExclusionBoth1Deprecated.

@Test
public void test132SimpleExclusionBoth1Deprecated() throws Exception {
    final String TEST_NAME = "test132SimpleExclusionBoth1Deprecated";
    TestUtil.displayTestTile(this, TEST_NAME);
    Task task = taskManager.createTaskInstance(TestSegregationOfDuties.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    Collection<ItemDelta<?, ?>> modifications = new ArrayList<>();
    modifications.add((createAssignmentModification(ROLE_JUDGE_DEPRECATED_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    modifications.add((createAssignmentModification(ROLE_PIRATE_OID, RoleType.COMPLEX_TYPE, null, null, null, true)));
    ObjectDelta<UserType> userDelta = ObjectDelta.createModifyDelta(USER_JACK_OID, modifications, UserType.class, prismContext);
    try {
        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
        AssertJUnit.fail("Expected policy violation, but it went well");
    } catch (PolicyViolationException e) {
    // This is expected
    }
    assertAssignedNoRole(USER_JACK_OID, task, result);
}