Examples with SchemaException com.evolveum.midpoint.util.exception.SchemaException used on opensource projects

Example 51 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class ProjectionCredentialsProcessor method processProjectionPasswordMapping.

private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> context, final LensProjectionContext projCtx, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
    LensFocusContext<F> focusContext = context.getFocusContext();
    PrismObject<F> userNew = focusContext.getObjectNew();
    if (userNew == null) {
        // This must be a user delete or something similar. No point in proceeding
        LOGGER.trace("userNew is null, skipping credentials processing");
        return;
    }
    PrismObjectDefinition<ShadowType> accountDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
    PrismPropertyDefinition<ProtectedStringType> projPasswordPropertyDefinition = accountDefinition.findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
    ResourceShadowDiscriminator rsd = projCtx.getResourceShadowDiscriminator();
    RefinedObjectClassDefinition refinedProjDef = projCtx.getStructuralObjectClassDefinition();
    if (refinedProjDef == null) {
        LOGGER.trace("No RefinedObjectClassDefinition, therefore also no password outbound definition, skipping credentials processing for projection {}", rsd);
        return;
    }
    List<MappingType> outboundMappingTypes = refinedProjDef.getPasswordOutbound();
    if (outboundMappingTypes == null || outboundMappingTypes.isEmpty()) {
        LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", rsd);
        return;
    }
    // HACK
    if (!projCtx.isDoReconciliation() && !projCtx.isAdd() && !isActivated(outboundMappingTypes, focusContext.getDelta())) {
        LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", rsd);
        return;
    }
    final ObjectDelta<ShadowType> projDelta = projCtx.getDelta();
    final PropertyDelta<ProtectedStringType> projPasswordDelta;
    if (projDelta != null && projDelta.getChangeType() == MODIFY) {
        projPasswordDelta = projDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
    } else {
        projPasswordDelta = null;
    }
    checkExistingDeltaSanity(projCtx, projPasswordDelta);
    boolean evaluateWeak = getEvaluateWeak(projCtx);
    final ItemDeltaItem<PrismPropertyValue<PasswordType>, PrismPropertyDefinition<ProtectedStringType>> userPasswordIdi = focusContext.getObjectDeltaObject().findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
    StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {

        @Override
        public void setOutputPath(ItemPath outputPath) {
        }

        @Override
        public void setOutputDefinition(ItemDefinition outputDefinition) {
        }

        @Override
        public StringPolicyType resolve() {
            if (passwordPolicy == null) {
                return null;
            }
            return passwordPolicy.getStringPolicy();
        }
    };
    MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> initializer = (builder) -> {
        builder.defaultTargetDefinition(projPasswordPropertyDefinition);
        builder.defaultSource(new Source<>(userPasswordIdi, ExpressionConstants.VAR_INPUT));
        builder.stringPolicyResolver(stringPolicyResolver);
        return builder;
    };
    MappingOutputProcessor<PrismPropertyValue<ProtectedStringType>> processor = (mappingOutputPath, outputStruct) -> {
        PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = outputStruct.getOutputTriple();
        if (outputTriple == null) {
            LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", rsd);
            return false;
        }
        boolean projectionIsNew = projDelta != null && (projDelta.getChangeType() == ChangeType.ADD || projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD);
        Collection<PrismPropertyValue<ProtectedStringType>> newValues = outputTriple.getPlusSet();
        if (projectionIsNew) {
            newValues = outputTriple.getNonNegativeValues();
        } else {
            newValues = outputTriple.getPlusSet();
        }
        if (!canGetCleartext(newValues)) {
            ObjectDelta<ShadowType> projectionPrimaryDelta = projCtx.getPrimaryDelta();
            if (projectionPrimaryDelta != null) {
                PropertyDelta<ProtectedStringType> passwordPrimaryDelta = projectionPrimaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
                if (passwordPrimaryDelta != null) {
                    // We have only hashed value coming from the mapping. There are not very useful
                    // for provisioning. But we have primary projection delta - and that is very likely
                    // to be better.
                    // Skip all password mappings in this case. Primary delta trumps everything. 
                    // No weak, normal or even strong mapping can change that.
                    // We need to disregard even strong mapping in this case. If we would heed the strong
                    // mapping then account initialization won't be possible.
                    LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
                    return false;
                }
            }
        }
        return true;
    };
    mappingEvaluator.evaluateOutboundMapping(context, projCtx, outboundMappingTypes, SchemaConstants.PATH_PASSWORD_VALUE, SchemaConstants.PATH_PASSWORD_VALUE, initializer, processor, now, true, evaluateWeak, "password mapping", task, result);
}

Example 52 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class CorrelationConfirmationEvaluator method matchUserCorrelationRule.

public <F extends FocusType> boolean matchUserCorrelationRule(Class<F> focusType, PrismObject<ShadowType> currentShadow, PrismObject<F> userType, ObjectSynchronizationType synchronization, ResourceType resourceType, SystemConfigurationType configurationType, Task task, OperationResult result) {
    if (synchronization == null) {
        LOGGER.warn("Resource does not support synchronization. Skipping evaluation correlation/confirmation for  {} and  {}", userType, currentShadow);
        return false;
    }
    List<ConditionalSearchFilterType> conditionalFilters = synchronization.getCorrelation();
    try {
        for (ConditionalSearchFilterType conditionalFilter : conditionalFilters) {
            if (matchUserCorrelationRule(focusType, currentShadow, userType, resourceType, configurationType, conditionalFilter, task, result)) {
                LOGGER.debug("SYNCHRONIZATION: CORRELATION: expression for {} match user: {}", currentShadow, userType);
                return true;
            }
        }
    } catch (SchemaException ex) {
        throw new SystemException("Failed to match user using correlation rule. " + ex.getMessage(), ex);
    }
    LOGGER.debug("SYNCHRONIZATION: CORRELATION: expression for {} does not match user: {}", new Object[] { currentShadow, userType });
    return false;
}

Example 53 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class CorrelationConfirmationEvaluator method findUsersByCorrelationRule.

private <F extends FocusType> List<PrismObject<F>> findUsersByCorrelationRule(Class<F> focusType, ShadowType currentShadow, ConditionalSearchFilterType conditionalFilter, ResourceType resourceType, SystemConfigurationType configurationType, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
    if (!conditionalFilter.containsFilterClause()) {
        LOGGER.warn("Correlation rule for resource '{}' doesn't contain filter clause, " + "returning empty list of users.", resourceType);
        return null;
    }
    ObjectQuery q;
    try {
        q = QueryJaxbConvertor.createObjectQuery(focusType, conditionalFilter, prismContext);
        q = updateFilterWithAccountValues(currentShadow, resourceType, configurationType, q, "Correlation expression", task, result);
        if (q == null) {
            // to null and the processing should be skipped
            return null;
        }
    } catch (SchemaException ex) {
        LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", ex, SchemaDebugUtil.prettyPrint(conditionalFilter));
        throw new SchemaException("Couldn't convert query.", ex);
    } catch (ObjectNotFoundException ex) {
        LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", ex, SchemaDebugUtil.prettyPrint(conditionalFilter));
        throw new ObjectNotFoundException("Couldn't convert query.", ex);
    } catch (ExpressionEvaluationException ex) {
        LoggingUtils.logException(LOGGER, "Couldn't convert query (simplified)\n{}.", ex, SchemaDebugUtil.prettyPrint(conditionalFilter));
        throw new ExpressionEvaluationException("Couldn't convert query.", ex);
    }
    List<PrismObject<F>> users;
    try {
        LOGGER.trace("SYNCHRONIZATION: CORRELATION: expression for results in filter\n{}", q.debugDumpLazily());
        users = repositoryService.searchObjects(focusType, q, null, result);
    } catch (RuntimeException ex) {
        LoggingUtils.logException(LOGGER, "Couldn't search users in repository, based on filter (simplified)\n{}.", ex, q.debugDump());
        throw new SystemException("Couldn't search users in repository, based on filter (See logs).", ex);
    }
    return users;
}

Example 54 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class CorrelationConfirmationEvaluator method findUserByConfirmationRule.

public <F extends FocusType> List<PrismObject<F>> findUserByConfirmationRule(Class<F> focusType, List<PrismObject<F>> users, ShadowType currentShadow, ResourceType resource, SystemConfigurationType configuration, ExpressionType expression, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
    List<PrismObject<F>> list = new ArrayList<PrismObject<F>>();
    for (PrismObject<F> user : users) {
        try {
            F userType = user.asObjectable();
            boolean confirmedUser = evaluateConfirmationExpression(focusType, userType, currentShadow, resource, configuration, expression, task, result);
            if (confirmedUser) {
                list.add(user);
            }
        } catch (RuntimeException ex) {
            LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", ex, user.getElementName());
            throw new SystemException("Couldn't confirm user " + user.getElementName(), ex);
        } catch (ExpressionEvaluationException ex) {
            LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", ex, user.getElementName());
            throw new ExpressionEvaluationException("Couldn't confirm user " + user.getElementName(), ex);
        } catch (ObjectNotFoundException ex) {
            LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", ex, user.getElementName());
            throw new ObjectNotFoundException("Couldn't confirm user " + user.getElementName(), ex);
        } catch (SchemaException ex) {
            LoggingUtils.logException(LOGGER, "Couldn't confirm user {}", ex, user.getElementName());
            throw new SchemaException("Couldn't confirm user " + user.getElementName(), ex);
        }
    }
    LOGGER.debug("SYNCHRONIZATION: CONFIRMATION: expression for {} matched {} users.", new Object[] { currentShadow, list.size() });
    return list;
}

Example 55 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class ScriptExecutionTaskHandler method run.

@Override
public TaskRunResult run(Task task) {
    OperationResult result = task.getResult().createSubresult(DOT_CLASS + "run");
    TaskRunResult runResult = new TaskRunResult();
    PrismProperty<ExecuteScriptType> executeScriptProperty = task.getExtensionProperty(SchemaConstants.SE_EXECUTE_SCRIPT);
    if (executeScriptProperty == null || executeScriptProperty.getValue().getValue() == null || executeScriptProperty.getValue().getValue().getScriptingExpression() == null) {
        throw new IllegalStateException("There's no script to be run in task " + task + " (property " + SchemaConstants.SE_EXECUTE_SCRIPT + ")");
    }
    try {
        task.startCollectingOperationStatsFromZero(true, false, true);
        task.setProgress(0);
        ScriptExecutionResult executionResult = scriptingService.evaluateExpression(executeScriptProperty.getRealValue(), task, result);
        LOGGER.debug("Execution output: {} item(s)", executionResult.getDataOutput().size());
        LOGGER.debug("Execution result:\n", executionResult.getConsoleOutput());
        result.computeStatus();
        runResult.setRunResultStatus(TaskRunResult.TaskRunResultStatus.FINISHED);
    } catch (ScriptExecutionException | SecurityViolationException | SchemaException e) {
        result.recordFatalError("Couldn't execute script: " + e.getMessage(), e);
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't execute script", e);
        runResult.setRunResultStatus(TaskRunResult.TaskRunResultStatus.PERMANENT_ERROR);
    } finally {
        task.storeOperationStats();
    }
    task.getResult().computeStatus();
    runResult.setOperationResult(task.getResult());
    // incremented directly in actions implementations
    runResult.setProgress(task.getProgress());
    return runResult;
}