Examples with SecurityViolationException com.evolveum.midpoint.util.exception.SecurityViolationException used on opensource projects

Example 26 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ModelInteractionServiceImpl method previewChanges.

@Override
public <F extends ObjectType> ModelContext<F> previewChanges(Collection<ObjectDelta<? extends ObjectType>> deltas, ModelExecuteOptions options, Task task, Collection<ProgressListener> listeners, OperationResult parentResult) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException {
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("Preview changes input:\n{}", DebugUtil.debugDump(deltas));
    }
    int size = 0;
    if (deltas != null) {
        size = deltas.size();
    }
    Collection<ObjectDelta<? extends ObjectType>> clonedDeltas = new ArrayList<>(size);
    if (deltas != null) {
        for (ObjectDelta delta : deltas) {
            clonedDeltas.add(delta.clone());
        }
    }
    OperationResult result = parentResult.createSubresult(PREVIEW_CHANGES);
    LensContext<F> context;
    try {
        RepositoryCache.enter();
        //used cloned deltas instead of origin deltas, because some of the values should be lost later..
        context = contextFactory.createContext(clonedDeltas, options, task, result);
        //			context.setOptions(options);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.trace("Preview changes context:\n{}", context.debugDump());
        }
        context.setProgressListeners(listeners);
        projector.projectAllWaves(context, "preview", task, result);
        context.distributeResource();
    } catch (ConfigurationException | SecurityViolationException | ObjectNotFoundException | SchemaException | CommunicationException | PolicyViolationException | RuntimeException | ObjectAlreadyExistsException | ExpressionEvaluationException e) {
        ModelUtils.recordFatalError(result, e);
        throw e;
    } finally {
        RepositoryCache.exit();
    }
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("Preview changes output:\n{}", context.debugDump());
    }
    result.computeStatus();
    result.cleanupResult();
    return context;
}

Example 27 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ModelInteractionServiceImpl method getEditObjectDefinition.

@Override
public <O extends ObjectType> PrismObjectDefinition<O> getEditObjectDefinition(PrismObject<O> object, AuthorizationPhaseType phase, Task task, OperationResult parentResult) throws SchemaException, ConfigurationException, ObjectNotFoundException {
    OperationResult result = parentResult.createMinorSubresult(GET_EDIT_OBJECT_DEFINITION);
    PrismObjectDefinition<O> objectDefinition = object.getDefinition().deepClone(true);
    PrismObject<O> baseObject = object;
    if (object.getOid() != null) {
        // Re-read the object from the repository to make sure we have all the properties.
        // the object from method parameters may be already processed by the security code
        // and properties needed to evaluate authorizations may not be there
        // MID-3126, see also MID-3435
        baseObject = cacheRepositoryService.getObject(object.getCompileTimeClass(), object.getOid(), null, result);
    }
    // TODO: maybe we need to expose owner resolver in the interface?
    ObjectSecurityConstraints securityConstraints = securityEnforcer.compileSecurityConstraints(baseObject, null);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Security constrains for {}:\n{}", object, securityConstraints == null ? "null" : securityConstraints.debugDump());
    }
    if (securityConstraints == null) {
        // Nothing allowed => everything denied
        result.setStatus(OperationResultStatus.NOT_APPLICABLE);
        return null;
    }
    ObjectTemplateType objectTemplateType;
    try {
        objectTemplateType = schemaTransformer.determineObjectTemplate(object, phase, result);
    } catch (ConfigurationException | ObjectNotFoundException e) {
        result.recordFatalError(e);
        throw e;
    }
    schemaTransformer.applyObjectTemplateToDefinition(objectDefinition, objectTemplateType, result);
    schemaTransformer.applySecurityConstraints(objectDefinition, securityConstraints, phase);
    if (object.canRepresent(ShadowType.class)) {
        PrismObject<ShadowType> shadow = (PrismObject<ShadowType>) object;
        String resourceOid = ShadowUtil.getResourceOid(shadow);
        if (resourceOid != null) {
            Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createReadOnly());
            PrismObject<ResourceType> resource;
            try {
                resource = provisioning.getObject(ResourceType.class, resourceOid, options, task, result);
            } catch (CommunicationException | SecurityViolationException | ExpressionEvaluationException e) {
                throw new ConfigurationException(e.getMessage(), e);
            }
            RefinedObjectClassDefinition refinedObjectClassDefinition = getEditObjectClassDefinition(shadow, resource, phase);
            if (refinedObjectClassDefinition != null) {
                ((ComplexTypeDefinitionImpl) objectDefinition.getComplexTypeDefinition()).replaceDefinition(ShadowType.F_ATTRIBUTES, refinedObjectClassDefinition.toResourceAttributeContainerDefinition());
            }
        }
    }
    result.computeStatus();
    return objectDefinition;
}

Example 28 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class AbstractSearchExpressionEvaluator method executeSearchAttempt.

private <O extends ObjectType> List<V> executeSearchAttempt(final List<PrismObject> rawResult, Class<O> targetTypeClass, final QName targetTypeQName, ObjectQuery query, boolean searchOnResource, boolean tryAlsoRepository, final List<ItemDelta<V, D>> additionalAttributeDeltas, final ExpressionEvaluationContext params, String contextDescription, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
    final List<V> list = new ArrayList<V>();
    Collection<SelectorOptions<GetOperationOptions>> options = new ArrayList<>();
    if (!searchOnResource) {
        options.add(SelectorOptions.create(GetOperationOptions.createNoFetch()));
    }
    extendOptions(options, searchOnResource);
    ResultHandler<O> handler = new ResultHandler<O>() {

        @Override
        public boolean handle(PrismObject<O> object, OperationResult parentResult) {
            if (rawResult != null) {
                rawResult.add(object);
            }
            list.add(createPrismValue(object.getOid(), targetTypeQName, additionalAttributeDeltas, params));
            return true;
        }
    };
    try {
        objectResolver.searchIterative(targetTypeClass, query, options, handler, task, result);
    } catch (IllegalStateException e) {
        // this comes from checkConsistence methods
        throw new IllegalStateException(e.getMessage() + " in " + contextDescription, e);
    } catch (SchemaException e) {
        throw new SchemaException(e.getMessage() + " in " + contextDescription, e);
    } catch (SystemException e) {
        throw new SystemException(e.getMessage() + " in " + contextDescription, e);
    } catch (CommunicationException | ConfigurationException | SecurityViolationException e) {
        if (searchOnResource && tryAlsoRepository) {
            options = SelectorOptions.createCollection(GetOperationOptions.createNoFetch());
            try {
                objectResolver.searchIterative(targetTypeClass, query, options, handler, task, result);
            } catch (SchemaException e1) {
                throw new SchemaException(e1.getMessage() + " in " + contextDescription, e1);
            } catch (CommunicationException | ConfigurationException | SecurityViolationException e1) {
                // shadow for group doesn't exist? (MID-2107)
                throw new ExpressionEvaluationException("Unexpected expression exception " + e + ": " + e.getMessage(), e);
            }
        } else {
            throw new ExpressionEvaluationException("Unexpected expression exception " + e + ": " + e.getMessage(), e);
        }
    } catch (ObjectNotFoundException e) {
        throw e;
    }
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Assignment expression resulted in {} objects, using query:\n{}", list.size(), query.debugDump());
    }
    return list;
}

Example 29 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class SampleFormFocusTabPanel method initLayout.

private void initLayout(final LoadableModel<ObjectWrapper<F>> focusModel, LoadableModel<List<AssignmentEditorDto>> assignmentsModel, PageBase pageBase) {
    add(new Label(ID_HEADER, "Object details"));
    WebMarkupContainer body = new WebMarkupContainer("body");
    add(body);
    addPrismPropertyPanel(body, ID_PROP_NAME, FocusType.F_NAME);
    addPrismPropertyPanel(body, ID_PROP_FULL_NAME, UserType.F_FULL_NAME);
    // TODO: create proxy for these operations
    Task task = pageBase.createSimpleTask(OPERATION_SEARCH_ROLES);
    List<PrismObject<RoleType>> availableRoles;
    try {
        availableRoles = pageBase.getModelService().searchObjects(RoleType.class, null, null, task, task.getResult());
    } catch (SchemaException | ObjectNotFoundException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
        task.getResult().recordFatalError(e);
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load roles", e);
        availableRoles = new ArrayList<>();
    // TODO: better errror reporting
    }
    add(new SimpleRoleSelector<F, RoleType>(ID_ROLES, assignmentsModel, availableRoles));
}

Example 30 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class DefaultGuiProgressListener method getResourceName.

private String getResourceName(@NotNull String oid) {
    String name = nameCache.get(oid);
    if (name != null) {
        return name;
    }
    Task task = parentPage.createSimpleTask("getResourceName");
    OperationResult result = new OperationResult("getResourceName");
    // todo what about security?
    Collection<SelectorOptions<GetOperationOptions>> raw = SelectorOptions.createCollection(GetOperationOptions.createRaw());
    try {
        PrismObject<ResourceType> object = parentPage.getModelService().getObject(ResourceType.class, oid, raw, task, result);
        name = PolyString.getOrig(object.asObjectable().getName());
    } catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't determine the name of resource {}", e, oid);
        name = "(" + oid + ")";
    }
    nameCache.put(oid, name);
    return name;
}