Examples with PolicyViolationException com.evolveum.midpoint.util.exception.PolicyViolationException used on opensource projects

Search in sources :

Example 76 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestRbac method test805ModifyRoleImmutableGlobalDescription.

@Test
public void test805ModifyRoleImmutableGlobalDescription() throws Exception {
    final String TEST_NAME = "test805ModifyRoleImmutableGlobalDescription";
    TestUtil.displayTestTile(this, TEST_NAME);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
    Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        modifyObjectReplaceProperty(RoleType.class, ROLE_IMMUTABLE_GLOBAL_OID, RoleType.F_DESCRIPTION, task, result, "whatever");
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // THEN
        TestUtil.displayThen(TEST_NAME);
        result.computeStatus();
        TestUtil.assertFailure(result);
    }
    PrismObject<RoleType> roleAfter = getObject(RoleType.class, ROLE_IMMUTABLE_GLOBAL_OID);
    PrismAsserts.assertPropertyValue(roleAfter, RoleType.F_DESCRIPTION, ROLE_IMMUTABLE_GLOBAL_DESCRIPTION);
    PrismAsserts.assertPropertyValue(roleAfter, RoleType.F_IDENTIFIER, ROLE_IMMUTABLE_GLOBAL_IDENTIFIER);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) Test(org.testng.annotations.Test) AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)

Example 77 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class AbstractSearchExpressionEvaluator method createOnDemand.

private <O extends ObjectType> String createOnDemand(Class<O> targetTypeClass, ExpressionVariables variables, ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Going to create assignment targets on demand, variables:\n{}", variables.formatVariables());
    }
    PrismObjectDefinition<O> objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(targetTypeClass);
    PrismObject<O> newObject = objectDefinition.instantiate();
    PopulateType populateObject = getExpressionEvaluatorType().getPopulateObject();
    if (populateObject == null) {
        LOGGER.warn("No populateObject in assignment expression in {}, " + "object created on demand will be empty. Subsequent operations will most likely fail", contextDescription);
    } else {
        for (PopulateItemType populateItem : populateObject.getPopulateItem()) {
            ItemDelta<?, ?> itemDelta = evaluatePopulateExpression(populateItem, variables, params, objectDefinition, contextDescription, true, task, result);
            if (itemDelta != null) {
                itemDelta.applyTo(newObject);
            }
        }
    }
    LOGGER.debug("Creating object on demand from {}: {}", contextDescription, newObject);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Creating object on demand:\n{}", newObject.debugDump());
    }
    ObjectDelta<O> addDelta = newObject.createAddDelta();
    Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(addDelta);
    try {
        modelService.executeChanges(deltas, null, task, result);
    } catch (ObjectAlreadyExistsException | CommunicationException | ConfigurationException | PolicyViolationException | SecurityViolationException e) {
        throw new ExpressionEvaluationException(e.getMessage(), e);
    }
    return addDelta.getOid();
}
Also used : ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) PopulateItemType(com.evolveum.midpoint.xml.ns._public.common.common_3.PopulateItemType) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException) PopulateType(com.evolveum.midpoint.xml.ns._public.common.common_3.PopulateType)

Example 78 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class CredentialPolicyEvaluator method validateProtectedStringValue.

protected void validateProtectedStringValue(ProtectedStringType value) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
    OperationResult validationResult = getObjectValuePolicyEvaluator().validateProtectedStringValue(value);
    result.addSubresult(validationResult);
    if (!validationResult.isAcceptable()) {
        throw new PolicyViolationException("Provided " + getCredentialHumanReadableName() + " does not satisfy the policies: " + validationResult.getMessage());
    }
}
Also used : OperationResult(com.evolveum.midpoint.schema.result.OperationResult) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException)

Example 79 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class UserProfileServiceImpl method initializePrincipalFromAssignments.

private void initializePrincipalFromAssignments(MidPointPrincipal principal, PrismObject<SystemConfigurationType> systemConfiguration) throws SchemaException {
    UserType userType = principal.getUser();
    Collection<Authorization> authorizations = principal.getAuthorities();
    List<AdminGuiConfigurationType> adminGuiConfigurations = new ArrayList<>();
    Task task = taskManager.createTaskInstance(UserProfileServiceImpl.class.getName() + ".initializePrincipalFromAssignments");
    OperationResult result = task.getResult();
    principal.setApplicableSecurityPolicy(securityHelper.locateSecurityPolicy(userType.asPrismObject(), systemConfiguration, task, result));
    if (!userType.getAssignment().isEmpty()) {
        LensContext<UserType> lensContext = new LensContextPlaceholder<>(userType.asPrismObject(), prismContext);
        AssignmentEvaluator.Builder<UserType> builder = new AssignmentEvaluator.Builder<UserType>().repository(repositoryService).focusOdo(new ObjectDeltaObject<>(userType.asPrismObject(), null, userType.asPrismObject())).channel(null).objectResolver(objectResolver).systemObjectCache(systemObjectCache).prismContext(prismContext).mappingFactory(mappingFactory).mappingEvaluator(mappingEvaluator).activationComputer(activationComputer).now(clock.currentTimeXMLGregorianCalendar()).loginMode(true).lensContext(lensContext);
        AssignmentEvaluator<UserType> assignmentEvaluator = builder.build();
        try {
            RepositoryCache.enter();
            for (AssignmentType assignmentType : userType.getAssignment()) {
                try {
                    ItemDeltaItem<PrismContainerValue<AssignmentType>, PrismContainerDefinition<AssignmentType>> assignmentIdi = new ItemDeltaItem<>();
                    assignmentIdi.setItemOld(LensUtil.createAssignmentSingleValueContainerClone(assignmentType));
                    assignmentIdi.recompute();
                    EvaluatedAssignment<UserType> assignment = assignmentEvaluator.evaluate(assignmentIdi, PlusMinusZero.ZERO, false, userType, userType.toString(), task, result);
                    if (assignment.isValid()) {
                        authorizations.addAll(assignment.getAuthorizations());
                        adminGuiConfigurations.addAll(assignment.getAdminGuiConfigurations());
                    }
                    for (EvaluatedAssignmentTarget target : assignment.getRoles().getNonNegativeValues()) {
                        if (target.getTarget() != null && target.getTarget().asObjectable() instanceof UserType && DeputyUtils.isDelegationPath(target.getAssignmentPath())) {
                            List<OtherPrivilegesLimitationType> limitations = DeputyUtils.extractLimitations(target.getAssignmentPath());
                            principal.addDelegatorWithOtherPrivilegesLimitations(new DelegatorWithOtherPrivilegesLimitations((UserType) target.getTarget().asObjectable(), limitations));
                        }
                    }
                } catch (SchemaException e) {
                    LOGGER.error("Schema violation while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                } catch (ObjectNotFoundException e) {
                    LOGGER.error("Object not found while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                } catch (ExpressionEvaluationException e) {
                    LOGGER.error("Evaluation error while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                } catch (PolicyViolationException e) {
                    LOGGER.error("Policy violation while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                }
            }
        } finally {
            RepositoryCache.exit();
        }
    }
    if (userType.getAdminGuiConfiguration() != null) {
        // config from the user object should go last (to be applied as the last one)
        adminGuiConfigurations.add(userType.getAdminGuiConfiguration());
    }
    principal.setAdminGuiConfiguration(AdminGuiConfigTypeUtil.compileAdminGuiConfiguration(adminGuiConfigurations, systemConfiguration));
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) QueryBuilder(com.evolveum.midpoint.prism.query.builder.QueryBuilder) ArrayList(java.util.ArrayList) LensContextPlaceholder(com.evolveum.midpoint.model.impl.lens.LensContextPlaceholder) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Authorization(com.evolveum.midpoint.security.api.Authorization) AssignmentEvaluator(com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator) ItemDeltaItem(com.evolveum.midpoint.repo.common.expression.ItemDeltaItem) EvaluatedAssignmentTarget(com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) PrismContainerDefinition(com.evolveum.midpoint.prism.PrismContainerDefinition) DelegatorWithOtherPrivilegesLimitations(com.evolveum.midpoint.security.api.DelegatorWithOtherPrivilegesLimitations)

Example 80 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestDependencies method test120SortToWavesBCUnsatisfied.

@Test
public void test120SortToWavesBCUnsatisfied() throws Exception {
    final String TEST_NAME = "test120SortToWavesBCUnsatisfied";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(TestDependencies.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    LensContext<UserType> context = createUserLensContext();
    LensFocusContext<UserType> focusContext = fillContextWithUser(context, USER_ELAINE_OID, result);
    fillContextWithDummyElaineAccount(context, "b", task, result);
    fillContextWithDummyElaineAccount(context, "c", task, result);
    context.recompute();
    display("Context before", context);
    context.checkConsistence();
    try {
        // WHEN
        dependencyProcessor.sortProjectionsToWaves(context);
        display("Context after", context);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
    // this is expected
    }
}
Also used : Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test) AbstractInternalModelIntegrationTest(com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)

Aggregations

PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)85 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)72 Task (com.evolveum.midpoint.task.api.Task)65 Test (org.testng.annotations.Test)50 AbstractInitializedModelIntegrationTest (com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)32 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)32 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)24 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)23 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)22 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)22 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)22 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)22 ObjectAlreadyExistsException (com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)18 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)15 ArrayList (java.util.ArrayList)12 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)11 LensProjectionContext (com.evolveum.midpoint.model.impl.lens.LensProjectionContext)9 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)9 PrismObject (com.evolveum.midpoint.prism.PrismObject)8 ItemDelta (com.evolveum.midpoint.prism.delta.ItemDelta)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial