Examples with PolicyViolationException com.evolveum.midpoint.util.exception.PolicyViolationException used on opensource projects

Example 31 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class AbstractPasswordTest method test125ModifyJackEmployeeNumberBad.

/**
	 * Jack employee number is mapped to ugly resource password.
	 * Change employee number to something that does NOT comply with ugly resource password policy.
	 * MID-3769
	 */
@Test
public void test125ModifyJackEmployeeNumberBad() throws Exception {
    final String TEST_NAME = "test125ModifyJackEmployeeNumberBad";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = createTask(TEST_NAME);
    OperationResult result = task.getResult();
    try {
        // WHEN
        modifyUserReplace(USER_JACK_OID, UserType.F_EMPLOYEE_NUMBER, task, result, USER_JACK_EMPLOYEE_NUMBER_NEW_BAD);
        assertNotReached();
    } catch (PolicyViolationException e) {
        // this is expected
        display("Expected exception", e);
    }
    // THEN
    result.computeStatus();
    TestUtil.assertFailure(result);
    PrismObject<UserType> userJack = getUser(USER_JACK_OID);
    display("User after", userJack);
    assertUserPassword(userJack, USER_PASSWORD_1_CLEAR);
    assertDummyPassword(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_1_CLEAR);
    assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_1_CLEAR);
    // ugly password should be changed
    assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_EMPLOYEE_NUMBER);
    assertLinks(userJack, 3);
    assertPasswordMetadata(userJack, false, lastPasswordChangeStart, lastPasswordChangeEnd);
}

Example 32 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestPasswordDefault method test202ReconcileUserJack.

/**
	 * Reconcile user after password policy change. There is a RED account with a strong password
	 * mapping. The reconcile and the strong mapping will try to set the short password to RED account.
	 * That fails on RED account password policy.
	 */
@Test
public void test202ReconcileUserJack() throws Exception {
    final String TEST_NAME = "test202ReconcileUserJack";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = taskManager.createTaskInstance(AbstractPasswordTest.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    PrismObject<UserType> userBefore = getUser(USER_JACK_OID);
    display("User before", userBefore);
    assertLinks(userBefore, 4);
    try {
        // WHEN
        reconcileUser(USER_JACK_OID, task, result);
        assertNotReached();
    } catch (PolicyViolationException e) {
        display("Expected exception", e);
    }
    // THEN
    result.computeStatus();
    TestUtil.assertFailure(result);
    PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
    display("User after", userAfter);
    assertLinks(userAfter, 4);
    accountJackYellowOid = getLinkRefOid(userAfter, RESOURCE_DUMMY_YELLOW_OID);
    // Check account in dummy resource (yellow): password is too short for this, original password should remain there
    assertDummyAccount(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
    assertDummyPasswordConditional(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_1_CLEAR);
    // Check account in dummy resource (red)
    assertDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
    assertDummyPassword(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_A_CLEAR);
    // User and default dummy account should have unchanged passwords
    assertUserPassword(userAfter, USER_PASSWORD_A_CLEAR);
    assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_A_CLEAR);
    // this one is not changed
    assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
    assertPasswordHistoryEntries(userAfter);
}

Example 33 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class AbstractPasswordTest method test300TwoParentOrgRefs.

// TODO: add user with password that violates the policy
/**
	 * Create an org, and create two parentOrgRefs for jack (MID-3099).
	 * Change to password that violates the password policy.
	 */
@Test
public void test300TwoParentOrgRefs() throws Exception {
    final String TEST_NAME = "test300TwoParentOrgRefs";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = createTask(TEST_NAME);
    OperationResult result = task.getResult();
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
    assignOrg(USER_JACK_OID, ORG_GOVERNOR_OFFICE_OID, null);
    assignOrg(USER_JACK_OID, ORG_GOVERNOR_OFFICE_OID, SchemaConstants.ORG_MANAGER);
    UserType jack = getUser(USER_JACK_OID).asObjectable();
    display("jack", jack);
    assertEquals("Wrong # of parentOrgRefs", 2, jack.getParentOrgRef().size());
    ObjectDelta<OrgType> orgDelta = (ObjectDelta<OrgType>) DeltaBuilder.deltaFor(OrgType.class, prismContext).item(OrgType.F_PASSWORD_POLICY_REF).replace(new PrismReferenceValue(PASSWORD_POLICY_GLOBAL_OID)).asObjectDelta(ORG_GOVERNOR_OFFICE_OID);
    executeChanges(orgDelta, null, task, result);
    OrgType govOffice = getObject(OrgType.class, ORG_GOVERNOR_OFFICE_OID).asObjectable();
    display("governor's office", govOffice);
    assertEquals("Wrong OID of password policy ref", PASSWORD_POLICY_GLOBAL_OID, govOffice.getPasswordPolicyRef().getOid());
    try {
        // WHEN
        modifyUserChangePassword(USER_JACK_OID, USER_PASSWORD_1_CLEAR, task, result);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // This is expected
        display("Exected exception", e);
    }
    // THEN
    result.computeStatus();
    TestUtil.assertFailure(result);
    PrismObject<UserType> userJack = getUser(USER_JACK_OID);
    display("User after change execution", userJack);
    assertLinks(userJack, 3);
    // Make sure that the password is unchanged
    assertUserPassword(userJack, USER_PASSWORD_VALID_1);
    assertPasswordMetadata(userJack, false, lastPasswordChangeStart, lastPasswordChangeEnd);
    assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_VALID_1);
    assertDummyAccount(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
    assertDummyPassword(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_VALID_1);
    assertDummyPassword(RESOURCE_DUMMY_UGLY_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_EMPLOYEE_NUMBER_NEW_GOOD);
}

Example 34 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class AbstractPasswordTest method test904ModifyUserElainePasswordAgain.

/**
	 * Password modification is obviously before the password minAge has passed.
	 * Therefore this should fail.
	 */
@Test
public void test904ModifyUserElainePasswordAgain() throws Exception {
    final String TEST_NAME = "test904ModifyUserElainePasswordAgain";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = createTask(TEST_NAME);
    OperationResult result = task.getResult();
    try {
        // WHEN
        modifyUserChangePassword(USER_ELAINE_OID, USER_PASSWORD_VALID_2, task, result);
        assertNotReached();
    } catch (PolicyViolationException e) {
    }
    // THEN
    result.computeStatus();
    TestUtil.assertFailure(result);
    PrismObject<UserType> userAfter = getUser(USER_ELAINE_OID);
    display("User after", userAfter);
    assertUserPassword(userAfter, USER_PASSWORD_VALID_1);
}

Example 35 with PolicyViolationException

use of com.evolveum.midpoint.util.exception.PolicyViolationException in project midpoint by Evolveum.

the class TestRbac method test628RedskullUnassignRoleCanibal.

@Test
public void test628RedskullUnassignRoleCanibal() throws Exception {
    final String TEST_NAME = "test628RedskullUnassignRoleCanibal";
    TestUtil.displayTestTile(this, TEST_NAME);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    assertAssignees(ROLE_CANNIBAL_OID, 2);
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        unassignRole(userRedskullOid, ROLE_CANNIBAL_OID, task, result);
        AssertJUnit.fail("Unexpected success");
    } catch (PolicyViolationException e) {
        // this is expected
        display("Expected exception", e);
    }
    // THEN
    TestUtil.displayThen(TEST_NAME);
    result.computeStatus();
    TestUtil.assertFailure(result);
    assertAssignedRole(userRedskullOid, ROLE_CANNIBAL_OID, task, result);
    assertDefaultDummyAccount(USER_REDSKULL_NAME, USER_REDSKULL_FULLNAME, true);
    assertDefaultDummyAccountAttribute(USER_REDSKULL_NAME, "title", "Voracious Cannibal");
    assertAssignees(ROLE_CANNIBAL_OID, 2);
    assertAssignees(ROLE_GOVERNOR_OID, 1);
}