Examples with SecurityViolationException com.evolveum.midpoint.util.exception.SecurityViolationException used on opensource projects

Example 21 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class DiscoverConnectorsExecutor method rebindResources.

private void rebindResources(Map<String, String> rebindMap, ExecutionContext context, OperationResult result) throws ScriptExecutionException {
    List<PrismObject<ResourceType>> resources;
    try {
        resources = modelService.searchObjects(ResourceType.class, null, null, null, result);
    } catch (SchemaException | ConfigurationException | ObjectNotFoundException | CommunicationException | SecurityViolationException | ExpressionEvaluationException e) {
        throw new ScriptExecutionException("Couldn't list resources: " + e.getMessage(), e);
    }
    for (PrismObject<ResourceType> resource : resources) {
        if (resource.asObjectable().getConnectorRef() != null) {
            String connectorOid = resource.asObjectable().getConnectorRef().getOid();
            String newOid = rebindMap.get(connectorOid);
            if (newOid != null) {
                String msg = "resource " + resource + " from connector " + connectorOid + " to new one: " + newOid;
                LOGGER.info("Rebinding " + msg);
                ReferenceDelta refDelta = ReferenceDelta.createModificationReplace(ResourceType.F_CONNECTOR_REF, resource.getDefinition(), newOid);
                ObjectDelta<ResourceType> objDelta = ObjectDelta.createModifyDelta(resource.getOid(), refDelta, ResourceType.class, prismContext);
                operationsHelper.applyDelta(objDelta, context, result);
                context.println("Rebound " + msg);
            }
        }
    }
}

Example 22 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ModelObjectResolver method getObject.

public <T extends ObjectType> T getObject(Class<T> clazz, String oid, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    T objectType = null;
    try {
        PrismObject<T> object = null;
        ObjectTypes.ObjectManager manager = ObjectTypes.getObjectManagerForClass(clazz);
        final GetOperationOptions rootOptions = SelectorOptions.findRootOptions(options);
        switch(manager) {
            case PROVISIONING:
                object = provisioning.getObject(clazz, oid, options, task, result);
                if (object == null) {
                    throw new SystemException("Got null result from provisioning.getObject while looking for " + clazz.getSimpleName() + " with OID " + oid + "; using provisioning implementation " + provisioning.getClass().getName());
                }
                break;
            case TASK_MANAGER:
                object = taskManager.getObject(clazz, oid, options, result);
                if (object == null) {
                    throw new SystemException("Got null result from taskManager.getObject while looking for " + clazz.getSimpleName() + " with OID " + oid + "; using task manager implementation " + taskManager.getClass().getName());
                }
                if (workflowManager != null && TaskType.class.isAssignableFrom(clazz) && !GetOperationOptions.isRaw(rootOptions) && !GetOperationOptions.isNoFetch(rootOptions)) {
                    workflowManager.augmentTaskObject(object, options, task, result);
                }
                break;
            default:
                object = cacheRepositoryService.getObject(clazz, oid, options, result);
                if (object == null) {
                    throw new SystemException("Got null result from repository.getObject while looking for " + clazz.getSimpleName() + " with OID " + oid + "; using repository implementation " + cacheRepositoryService.getClass().getName());
                }
        }
        objectType = object.asObjectable();
        if (!clazz.isInstance(objectType)) {
            throw new ObjectNotFoundException("Bad object type returned for referenced oid '" + oid + "'. Expected '" + clazz + "', but was '" + (objectType == null ? "null" : objectType.getClass()) + "'.");
        }
        if (hookRegistry != null) {
            for (ReadHook hook : hookRegistry.getAllReadHooks()) {
                hook.invoke(object, options, task, result);
            }
        }
    } catch (SystemException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (RuntimeException | Error ex) {
        LoggingUtils.logException(LOGGER, "Error resolving object with oid {}, expected type was {}.", ex, oid, clazz);
        throw new SystemException("Error resolving object with oid '" + oid + "': " + ex.getMessage(), ex);
    } finally {
        result.computeStatus();
    }
    return objectType;
}

Example 23 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ModelCrudService method modifyObject.

/**
	 * <p>
	 * Modifies object using relative change description.
	 * </p>
	 * <p>
	 * Must fail if user with provided OID does not exists. Must fail if any of
	 * the described changes cannot be applied. Should be atomic.
	 * </p>
	 * <p>
	 * If two or more modify operations are executed in parallel, the operations
	 * should be merged. In case that the operations are in conflict (e.g. one
	 * operation adding a value and the other removing the same value), the
	 * result is not deterministic.
	 * </p>
	 * <p>
	 * The operation may fail if the modified object does not conform to the
	 * underlying schema of the storage system or the schema enforced by the
	 * implementation.
	 * </p>
	 * 
	 * @param parentResult
	 *            parent OperationResult (in/out)
	 * @throws ObjectNotFoundException
	 *             specified object does not exist
	 * @throws SchemaException
	 *             resulting object would violate the schema
	 * @throws ExpressionEvaluationException
	 * 				evaluation of expression associated with the object has failed
	 * @throws CommunicationException 
	 * @throws ObjectAlreadyExistsException
	 * 				If the account or another "secondary" object already exists and cannot be created
	 * @throws PolicyViolationException 
	 * 				Policy violation was detected during processing of the object
	 * @throws IllegalArgumentException
	 *             wrong OID format, described change is not applicable
	 * @throws SystemException
	 *             unknown error from underlying layers or other unexpected
	 *             state
	 */
public <T extends ObjectType> void modifyObject(Class<T> type, String oid, Collection<? extends ItemDelta> modifications, ModelExecuteOptions options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, PolicyViolationException, SecurityViolationException {
    Validate.notNull(modifications, "Object modification must not be null.");
    Validate.notEmpty(oid, "Change oid must not be null or empty.");
    Validate.notNull(parentResult, "Result type must not be null.");
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Modifying object with oid {}", oid);
        LOGGER.trace(DebugUtil.debugDump(modifications));
    }
    if (modifications.isEmpty()) {
        LOGGER.warn("Calling modifyObject with empty modificaiton set");
        return;
    }
    ItemDelta.checkConsistence(modifications, ConsistencyCheckScope.THOROUGH);
    // TODO: check definitions, but tolerate missing definitions in <attributes>
    OperationResult result = parentResult.createSubresult(MODIFY_OBJECT);
    result.addCollectionOfSerializablesAsParam("modifications", modifications);
    RepositoryCache.enter();
    try {
        ObjectDelta<T> objectDelta = (ObjectDelta<T>) ObjectDelta.createModifyDelta(oid, modifications, type, prismContext);
        Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(objectDelta);
        modelService.executeChanges(deltas, options, task, result);
        result.computeStatus();
    } catch (ExpressionEvaluationException ex) {
        LOGGER.error("model.modifyObject failed: {}", ex.getMessage(), ex);
        result.recordFatalError(ex);
        throw ex;
    } catch (ObjectNotFoundException ex) {
        LOGGER.error("model.modifyObject failed: {}", ex.getMessage(), ex);
        result.recordFatalError(ex);
        throw ex;
    } catch (SchemaException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } catch (ConfigurationException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } catch (SecurityViolationException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } catch (RuntimeException ex) {
        ModelUtils.recordFatalError(result, ex);
        throw ex;
    } finally {
        RepositoryCache.exit();
    }
}

Example 24 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class OrgMemberPanel method deleteManagerConfirmPerformed.

private void deleteManagerConfirmPerformed(FocusType manager, AjaxRequestTarget target) {
    getPageBase().hideMainPopup(target);
    OperationResult parentResult = new OperationResult("Remove manager");
    Task task = getPageBase().createSimpleTask("Remove manager");
    try {
        ObjectDelta delta = ObjectDelta.createDeleteDelta(manager.asPrismObject().getCompileTimeClass(), manager.getOid(), getPageBase().getPrismContext());
        getPageBase().getModelService().executeChanges(WebComponentUtil.createDeltaCollection(delta), null, task, parentResult);
        parentResult.computeStatus();
    } catch (SchemaException | ObjectAlreadyExistsException | ObjectNotFoundException | ExpressionEvaluationException | CommunicationException | ConfigurationException | PolicyViolationException | SecurityViolationException e) {
        parentResult.recordFatalError("Failed to remove manager " + e.getMessage(), e);
        LoggingUtils.logUnexpectedException(LOGGER, "Failed to remove manager", e);
        getPageBase().showResult(parentResult);
    }
    target.add(getPageBase().getFeedbackPanel());
}

Example 25 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class DeleteTaskHandler method runInternal.

public <O extends ObjectType> TaskRunResult runInternal(Task task) {
    LOGGER.trace("Delete task run starting ({})", task);
    long startTimestamp = System.currentTimeMillis();
    OperationResult opResult = new OperationResult("DeleteTask.run");
    opResult.setStatus(OperationResultStatus.IN_PROGRESS);
    TaskRunResult runResult = new TaskRunResult();
    runResult.setOperationResult(opResult);
    opResult.setSummarizeErrors(true);
    opResult.setSummarizePartialErrors(true);
    opResult.setSummarizeSuccesses(true);
    QueryType queryType;
    PrismProperty<QueryType> objectQueryPrismProperty = task.getExtensionProperty(SchemaConstants.MODEL_EXTENSION_OBJECT_QUERY);
    if (objectQueryPrismProperty != null && objectQueryPrismProperty.getRealValue() != null) {
        queryType = objectQueryPrismProperty.getRealValue();
    } else {
        // For "foolproofness" reasons we really require a query. Even if it is "ALL" query.
        LOGGER.error("No query parameter in {}", task);
        opResult.recordFatalError("No query parameter in " + task);
        runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
        return runResult;
    }
    Class<O> objectType;
    QName objectTypeName;
    PrismProperty<QName> objectTypePrismProperty = task.getExtensionProperty(SchemaConstants.MODEL_EXTENSION_OBJECT_TYPE);
    if (objectTypePrismProperty != null && objectTypePrismProperty.getRealValue() != null) {
        objectTypeName = objectTypePrismProperty.getRealValue();
        objectType = (Class<O>) ObjectTypes.getObjectTypeFromTypeQName(objectTypeName).getClassDefinition();
    } else {
        LOGGER.error("No object type parameter in {}", task);
        opResult.recordFatalError("No object type parameter in " + task);
        runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
        return runResult;
    }
    ObjectQuery query;
    try {
        query = QueryJaxbConvertor.createObjectQuery(objectType, queryType, prismContext);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Using object query from the task: {}", query.debugDump());
        }
    } catch (SchemaException ex) {
        LOGGER.error("Schema error while creating a search filter: {}", new Object[] { ex.getMessage(), ex });
        opResult.recordFatalError("Schema error while creating a search filter: " + ex.getMessage(), ex);
        runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
        return runResult;
    }
    boolean optionRaw = true;
    PrismProperty<Boolean> optionRawPrismProperty = task.getExtensionProperty(SchemaConstants.MODEL_EXTENSION_OPTION_RAW);
    if (optionRawPrismProperty != null && optionRawPrismProperty.getRealValue() != null && !optionRawPrismProperty.getRealValue()) {
        optionRaw = false;
    }
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Deleting {}, raw={} using query:\n{}", new Object[] { objectType.getSimpleName(), optionRaw, query.debugDump() });
    }
    // TODO
    boolean countObjectsOnStart = true;
    long progress = 0;
    Integer maxSize = 100;
    ObjectPaging paging = ObjectPaging.createPaging(0, maxSize);
    query.setPaging(paging);
    query.setAllowPartialResults(true);
    Collection<SelectorOptions<GetOperationOptions>> searchOptions = null;
    ModelExecuteOptions execOptions = null;
    if (optionRaw) {
        searchOptions = SelectorOptions.createCollection(GetOperationOptions.createRaw());
        execOptions = ModelExecuteOptions.createRaw();
    }
    try {
        // counting objects can be within try-catch block, because the handling is similar to handling errors within searchIterative
        Long expectedTotal = null;
        if (countObjectsOnStart) {
            Integer expectedTotalInt = modelService.countObjects(objectType, query, searchOptions, task, opResult);
            LOGGER.trace("Expecting {} objects to be deleted", expectedTotal);
            if (expectedTotalInt != null) {
                // conversion would fail on null
                expectedTotal = (long) expectedTotalInt;
            }
        }
        runResult.setProgress(progress);
        task.setProgress(progress);
        if (expectedTotal != null) {
            task.setExpectedTotal(expectedTotal);
        }
        try {
            task.savePendingModifications(opResult);
        } catch (ObjectAlreadyExistsException e) {
            // other exceptions are handled in the outer try block
            throw new IllegalStateException("Unexpected ObjectAlreadyExistsException when updating task progress/expectedTotal", e);
        }
        long progressLastUpdated = 0;
        SearchResultList<PrismObject<O>> objects;
        while (true) {
            objects = modelService.searchObjects(objectType, query, searchOptions, task, opResult);
            if (objects.isEmpty()) {
                break;
            }
            int skipped = 0;
            for (PrismObject<O> object : objects) {
                if (!optionRaw && ShadowType.class.isAssignableFrom(objectType) && Boolean.TRUE == ((ShadowType) (object.asObjectable())).isProtectedObject()) {
                    LOGGER.debug("Skipping delete of protected object {}", object);
                    skipped++;
                    continue;
                }
                ObjectDelta<?> delta = ObjectDelta.createDeleteDelta(objectType, object.getOid(), prismContext);
                String objectName = PolyString.getOrig(object.getName());
                String objectDisplayName = StatisticsUtil.getDisplayName(object);
                String objectOid = object.getOid();
                task.recordIterativeOperationStart(objectName, objectDisplayName, objectTypeName, objectOid);
                long objectDeletionStarted = System.currentTimeMillis();
                try {
                    modelService.executeChanges(MiscSchemaUtil.createCollection(delta), execOptions, task, opResult);
                    task.recordIterativeOperationEnd(objectName, objectDisplayName, objectTypeName, objectOid, objectDeletionStarted, null);
                } catch (Throwable t) {
                    task.recordIterativeOperationEnd(objectName, objectDisplayName, objectTypeName, objectOid, objectDeletionStarted, t);
                    // TODO we don't want to continue processing if an error occurs?
                    throw t;
                }
                progress++;
                task.setProgressTransient(progress);
                if (System.currentTimeMillis() - progressLastUpdated > PROGRESS_UPDATE_INTERVAL) {
                    task.setProgress(progress);
                    updateState(task);
                    progressLastUpdated = System.currentTimeMillis();
                }
            }
            opResult.summarize();
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Search returned {} objects, {} skipped, progress: {}, result:\n{}", new Object[] { objects.size(), skipped, progress, opResult.debugDump() });
            }
            if (objects.size() == skipped) {
                break;
            }
        }
    } catch (ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException | ExpressionEvaluationException | ConfigurationException | PolicyViolationException | SecurityViolationException e) {
        LOGGER.error("{}", new Object[] { e.getMessage(), e });
        opResult.recordFatalError("Object not found " + e.getMessage(), e);
        runResult.setRunResultStatus(TaskRunResultStatus.PERMANENT_ERROR);
        runResult.setProgress(progress);
        return runResult;
    } catch (CommunicationException e) {
        LOGGER.error("{}", new Object[] { e.getMessage(), e });
        opResult.recordFatalError("Object not found " + e.getMessage(), e);
        runResult.setRunResultStatus(TaskRunResultStatus.TEMPORARY_ERROR);
        runResult.setProgress(progress);
        return runResult;
    }
    runResult.setProgress(progress);
    runResult.setRunResultStatus(TaskRunResultStatus.FINISHED);
    opResult.summarize();
    opResult.recordSuccess();
    long wallTime = System.currentTimeMillis() - startTimestamp;
    String finishMessage = "Finished delete (" + task + "). ";
    String statistics = "Processed " + progress + " objects in " + wallTime / 1000 + " seconds.";
    if (progress > 0) {
        statistics += " Wall clock time average: " + ((float) wallTime / (float) progress) + " milliseconds";
    }
    opResult.createSubresult(DeleteTaskHandler.class.getName() + ".statistics").recordStatus(OperationResultStatus.SUCCESS, statistics);
    LOGGER.info(finishMessage + statistics);
    LOGGER.trace("Run finished (task {}, run result {})", new Object[] { task, runResult });
    return runResult;
}