Examples with SchemaException com.evolveum.midpoint.util.exception.SchemaException used on opensource projects

Search in sources :

Example 61 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class SpringAuthenticationInjectorInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage message) throws Fault {
    //Note: in constructor we have specified that we will be called after we have been successfully authenticated the user through WS-Security
    //Now we will only set the Spring Authentication object based on the user found in the header
    LOGGER.trace("Intercepted message: {}", message);
    SOAPMessage saajSoapMessage = securityHelper.getSOAPMessage(message);
    if (saajSoapMessage == null) {
        LOGGER.error("No soap message in handler");
        throw createFault(WSSecurityException.ErrorCode.FAILURE);
    }
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
    String username = null;
    try {
        username = securityHelper.getUsernameFromMessage(saajSoapMessage);
        LOGGER.trace("Attempt to authenticate user '{}'", username);
        if (StringUtils.isBlank(username)) {
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, null, connEnv, "Empty username");
            throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        MidPointPrincipal principal;
        try {
            principal = userDetailsService.getPrincipal(username);
        } catch (SchemaException e) {
            LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, null, connEnv, "Schema error: " + e.getMessage());
            throw new Fault(e);
        }
        LOGGER.trace("Principal: {}", principal);
        if (principal == null) {
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, null, connEnv, "No user");
            throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        // Account validity and credentials and all this stuff should be already checked
        // in the password callback
        Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        String operationName;
        try {
            operationName = DOMUtil.getFirstChildElement(saajSoapMessage.getSOAPBody()).getLocalName();
        } catch (SOAPException e) {
            LOGGER.debug("Access to web service denied for user '{}': SOAP error: {}", username, e.getMessage(), e);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "SOAP error: " + e.getMessage());
            throw new Fault(e);
        }
        // AUTHORIZATION
        boolean isAuthorized;
        try {
            isAuthorized = securityEnforcer.isAuthorized(AuthorizationConstants.AUTZ_WS_ALL_URL, AuthorizationPhaseType.REQUEST, null, null, null, null);
            LOGGER.trace("Determined authorization for web service access (action: {}): {}", AuthorizationConstants.AUTZ_WS_ALL_URL, isAuthorized);
        } catch (SchemaException e) {
            LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
            throw createFault(WSSecurityException.ErrorCode.FAILURE);
        }
        if (!isAuthorized) {
            String action = QNameUtil.qNameToUri(new QName(AuthorizationConstants.NS_AUTHORIZATION_WS, operationName));
            try {
                isAuthorized = securityEnforcer.isAuthorized(action, AuthorizationPhaseType.REQUEST, null, null, null, null);
                LOGGER.trace("Determined authorization for web service operation {} (action: {}): {}", operationName, action, isAuthorized);
            } catch (SchemaException e) {
                LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
                message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
                securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
                throw createFault(WSSecurityException.ErrorCode.FAILURE);
            }
        }
        if (!isAuthorized) {
            LOGGER.debug("Access to web service denied for user '{}': not authorized", username);
            message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
            securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Not authorized");
            throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    } catch (WSSecurityException e) {
        LOGGER.debug("Access to web service denied for user '{}': security exception: {}", username, e.getMessage(), e);
        message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
        securityHelper.auditLoginFailure(username, null, connEnv, "Security exception: " + e.getMessage());
        throw new Fault(e, e.getFaultCode());
    } catch (ObjectNotFoundException e) {
        LOGGER.debug("Access to web service denied for user '{}': object not found: {}", username, e.getMessage(), e);
        message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
        securityHelper.auditLoginFailure(username, null, connEnv, "No user");
        throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
    }
    // Avoid auditing login attempt again if the operation fails on internal authorization
    message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
    LOGGER.debug("Access to web service allowed for user '{}'", username);
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) QName(javax.xml.namespace.QName) Fault(org.apache.cxf.interceptor.Fault) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPMessage(javax.xml.soap.SOAPMessage) ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment) Authentication(org.springframework.security.core.Authentication) SOAPException(javax.xml.soap.SOAPException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 62 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class UserProfileServiceImpl method getPrincipal.

@Override
public MidPointPrincipal getPrincipal(String username) throws ObjectNotFoundException, SchemaException {
    OperationResult result = new OperationResult(OPERATION_GET_PRINCIPAL);
    PrismObject<UserType> user;
    try {
        user = findByUsername(username, result);
    } catch (ObjectNotFoundException ex) {
        LOGGER.trace("Couldn't find user with name '{}', reason: {}.", username, ex.getMessage(), ex);
        throw ex;
    } catch (Exception ex) {
        LOGGER.warn("Error getting user with name '{}', reason: {}.", username, ex.getMessage(), ex);
        throw new SystemException(ex.getMessage(), ex);
    }
    return createPrincipal(user, result);
}
Also used : SystemException(com.evolveum.midpoint.util.exception.SystemException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException) SystemException(com.evolveum.midpoint.util.exception.SystemException) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)

Example 63 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class MidpointAbstractProvider method readFrom.

@Override
public T readFrom(Class<T> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, String> httpHeaders, InputStream entityStream) throws IOException, WebApplicationException {
    if (entityStream == null) {
        return null;
    }
    PrismParser parser = getParser(entityStream);
    T object;
    try {
        LOGGER.info("type of request: {}", type);
        if (PrismObject.class.isAssignableFrom(type)) {
            object = (T) parser.parse();
        } else {
            // TODO consider prescribing type here (if no convertor is specified)
            object = parser.parseRealValue();
        }
        if (object != null && !type.isAssignableFrom(object.getClass())) {
            // TODO treat multivalues here
            Optional<Annotation> convertorAnnotation = Arrays.stream(annotations).filter(a -> a instanceof Convertor).findFirst();
            if (convertorAnnotation.isPresent()) {
                Class<? extends ConvertorInterface> convertorClass = ((Convertor) convertorAnnotation.get()).value();
                ConvertorInterface convertor;
                try {
                    convertor = convertorClass.newInstance();
                } catch (InstantiationException | IllegalAccessException e) {
                    throw new SystemException("Couldn't instantiate convertor class " + convertorClass, e);
                }
                object = (T) convertor.convert(object);
            }
        }
        return object;
    } catch (SchemaException ex) {
        throw new WebApplicationException(ex);
    }
}
Also used : Arrays(java.util.Arrays) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Autowired(org.springframework.beans.factory.annotation.Autowired) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) MessageBodyWriter(javax.ws.rs.ext.MessageBodyWriter) Trace(com.evolveum.midpoint.util.logging.Trace) AbstractConfigurableProvider(org.apache.cxf.jaxrs.provider.AbstractConfigurableProvider) OperationResultType(com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType) MediaType(javax.ws.rs.core.MediaType) com.evolveum.midpoint.prism(com.evolveum.midpoint.prism) OutputStream(java.io.OutputStream) IOException(java.io.IOException) LoggingUtils(com.evolveum.midpoint.util.logging.LoggingUtils) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) List(java.util.List) Type(java.lang.reflect.Type) SystemException(com.evolveum.midpoint.util.exception.SystemException) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) WebApplicationException(javax.ws.rs.WebApplicationException) ClassResourceInfo(org.apache.cxf.jaxrs.model.ClassResourceInfo) QName(javax.xml.namespace.QName) TraceManager(com.evolveum.midpoint.util.logging.TraceManager) InputStream(java.io.InputStream) MessageBodyReader(javax.ws.rs.ext.MessageBodyReader) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) WebApplicationException(javax.ws.rs.WebApplicationException) Annotation(java.lang.annotation.Annotation) SystemException(com.evolveum.midpoint.util.exception.SystemException)

Example 64 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class MidpointAbstractProvider method writeTo.

@Override
public void writeTo(T object, Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, Object> httpHeaders, OutputStream entityStream) throws IOException, WebApplicationException {
    // TODO implement in the standard serializer; also change root name
    QName fakeQName = new QName(PrismConstants.NS_TYPES, "object");
    String xml;
    PrismSerializer<String> serializer = getSerializer().options(SerializationOptions.createSerializeReferenceNames());
    try {
        if (object instanceof PrismObject) {
            xml = serializer.serialize((PrismObject<?>) object);
        } else if (object instanceof OperationResult) {
            OperationResultType operationResultType = ((OperationResult) object).createOperationResultType();
            xml = serializer.serializeAnyData(operationResultType, fakeQName);
        } else {
            xml = serializer.serializeAnyData(object, fakeQName);
        }
        entityStream.write(xml.getBytes("utf-8"));
    } catch (SchemaException | RuntimeException e) {
        LoggingUtils.logException(LOGGER, "Couldn't marshal element to string: {}", e, object);
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) QName(javax.xml.namespace.QName) OperationResultType(com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult)

Example 65 with SchemaException

use of com.evolveum.midpoint.util.exception.SchemaException in project midpoint by Evolveum.

the class SimpleParametricRoleSelector method getParamValue.

private String getParamValue(AssignmentEditorDto assignmentDto) {
    PrismContainerValue newValue;
    try {
        newValue = assignmentDto.getNewValue(getPageBase().getPrismContext());
    } catch (SchemaException e) {
        throw new SystemException(e.getMessage(), e);
    }
    if (newValue != null) {
        PrismProperty<String> paramProp = newValue.findProperty(parameterPath);
        if (paramProp != null) {
            return paramProp.getRealValue();
        }
    }
    PrismContainerValue oldValue = assignmentDto.getOldValue();
    if (oldValue != null) {
        PrismProperty<String> paramProp = oldValue.findProperty(parameterPath);
        if (paramProp != null) {
            return paramProp.getRealValue();
        }
    }
    return null;
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) SystemException(com.evolveum.midpoint.util.exception.SystemException)

Aggregations

SchemaException (com.evolveum.midpoint.util.exception.SchemaException)576 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)235 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)214 QName (javax.xml.namespace.QName)132 SystemException (com.evolveum.midpoint.util.exception.SystemException)113 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)100 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)100 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)92 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)89 Task (com.evolveum.midpoint.task.api.Task)87 PrismObject (com.evolveum.midpoint.prism.PrismObject)86 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)69 ObjectAlreadyExistsException (com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)68 ArrayList (java.util.ArrayList)67 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)59 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)49 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)47 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)46 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)34 Test (org.testng.annotations.Test)34
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial