Examples with SecurityViolationException com.evolveum.midpoint.util.exception.SecurityViolationException used on opensource projects

Example 31 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class TaskCurrentStateDtoModel method refresh.

public void refresh(PageBase page) {
    object = null;
    if (taskModel == null || taskModel.getObject() == null) {
        LOGGER.warn("Null or empty taskModel");
        return;
    }
    TaskManager taskManager = page.getTaskManager();
    OperationResult result = new OperationResult("refresh");
    Task operationTask = taskManager.createTaskInstance("refresh");
    String oid = taskModel.getObject().getOid();
    try {
        LOGGER.debug("Refreshing task {}", taskModel.getObject());
        Collection<SelectorOptions<GetOperationOptions>> options = GetOperationOptions.createRetrieveAttributesOptions(TaskType.F_SUBTASK, TaskType.F_NODE_AS_OBSERVED);
        PrismObject<TaskType> task = page.getModelService().getObject(TaskType.class, oid, options, operationTask, result);
        TaskDto taskDto = new TaskDto(task.asObjectable(), page.getModelService(), page.getTaskService(), page.getModelInteractionService(), taskManager, page.getWorkflowManager(), TaskDtoProviderOptions.fullOptions(), operationTask, result, page);
        taskModel.setObject(taskDto);
    } catch (CommunicationException | ObjectNotFoundException | SchemaException | SecurityViolationException | ConfigurationException | ExpressionEvaluationException | RuntimeException e) {
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't refresh task {}", e, taskModel.getObject());
    }
}

Example 32 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class AccessCertificationCloseStageTriggerHandler method handle.

@Override
public <O extends ObjectType> void handle(PrismObject<O> prismObject, TriggerType trigger, Task task, OperationResult result) {
    try {
        ObjectType object = prismObject.asObjectable();
        if (!(object instanceof AccessCertificationCampaignType)) {
            LOGGER.error("Trigger of this type is supported only on {} objects, not on {}", AccessCertificationCampaignType.class.getSimpleName(), object.getClass().getName());
            return;
        }
        AccessCertificationCampaignType campaign = (AccessCertificationCampaignType) object;
        LOGGER.info("Automatically closing current stage of {}", ObjectTypeUtil.toShortString(campaign));
        if (campaign.getState() != IN_REVIEW_STAGE) {
            LOGGER.warn("Campaign {} is not in a review stage; this 'close stage' trigger will be ignored.", ObjectTypeUtil.toShortString(campaign));
            return;
        }
        int currentStageNumber = campaign.getStageNumber();
        certificationManager.closeCurrentStage(campaign.getOid(), currentStageNumber, task, result);
        if (currentStageNumber < CertCampaignTypeUtil.getNumberOfStages(campaign)) {
            LOGGER.info("Automatically opening next stage of {}", ObjectTypeUtil.toShortString(campaign));
            certificationManager.openNextStage(campaign.getOid(), currentStageNumber + 1, task, result);
        } else {
            LOGGER.info("Automatically starting remediation for {}", ObjectTypeUtil.toShortString(campaign));
            certificationManager.startRemediation(campaign.getOid(), task, result);
        }
    } catch (SchemaException | ObjectNotFoundException | ObjectAlreadyExistsException | SecurityViolationException | RuntimeException e) {
        LoggingUtils.logException(LOGGER, "Couldn't close current campaign and possibly advance to the next one", e);
    }
}

Example 33 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class AccCertUpdateHelper method addObject.

//endregion
//region ================================ Model and repository operations ================================
void addObject(ObjectType objectType, Task task, OperationResult result) throws ObjectAlreadyExistsException, SchemaException, ObjectNotFoundException {
    ObjectDelta<? extends ObjectType> objectDelta = ObjectDelta.createAddDelta(objectType.asPrismObject());
    Collection<ObjectDeltaOperation<? extends ObjectType>> ops;
    try {
        ops = modelService.executeChanges(Collections.singleton(objectDelta), ModelExecuteOptions.createRaw().setPreAuthorized(), task, result);
    } catch (ExpressionEvaluationException | CommunicationException | ConfigurationException | PolicyViolationException | SecurityViolationException e) {
        throw new SystemException("Unexpected exception when adding object: " + e.getMessage(), e);
    }
    ObjectDeltaOperation odo = ops.iterator().next();
    objectType.setOid(odo.getObjectDelta().getOid());
/* ALTERNATIVELY, we can go directly into the repository. (No audit there.)
        String oid = repositoryService.addObject(objectType.asPrismObject(), null, result);
        objectType.setOid(oid);
         */
}

Example 34 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class AssignmentProcessor method processAssignmentsProjections.

/**
     * Processing all the assignments to determine which projections should be added, deleted or kept as they are.
     * Generic method for all projection types (theoretically). 
     */
@SuppressWarnings("unchecked")
public <O extends ObjectType> void processAssignmentsProjections(LensContext<O> context, XMLGregorianCalendar now, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
    LensFocusContext<O> focusContext = context.getFocusContext();
    if (focusContext == null) {
        return;
    }
    if (!FocusType.class.isAssignableFrom(focusContext.getObjectTypeClass())) {
        // We can do this only for FocusType.
        return;
    }
    //    	if (ModelExecuteOptions.isLimitPropagation(context.getOptions()) && SchemaConstants.CHANGE_CHANNEL_DISCOVERY.equals(QNameUtil.uriToQName(context.getChannel()))){
    //    		//do not execute assignment if the execution was triggered by compensation mechanism and limitPropagation is set
    //    		return;
    //    	}
    OperationResult result = parentResult.createSubresult(AssignmentProcessor.class.getName() + ".processAssignmentsProjections");
    try {
        processAssignmentsProjectionsWithFocus((LensContext<? extends FocusType>) context, now, task, result);
    } catch (SchemaException | ObjectNotFoundException | ExpressionEvaluationException | PolicyViolationException | CommunicationException | ConfigurationException | SecurityViolationException | RuntimeException | Error e) {
        result.recordFatalError(e);
        throw e;
    }
    OperationResultStatus finalStatus = OperationResultStatus.SUCCESS;
    String message = null;
    int errors = 0;
    for (OperationResult subresult : result.getSubresults()) {
        if (subresult.isError()) {
            errors++;
            if (message == null) {
                message = subresult.getMessage();
            } else {
                message = errors + " errors";
            }
            finalStatus = OperationResultStatus.PARTIAL_ERROR;
        }
    }
    result.setStatus(finalStatus);
    result.setMessage(message);
    result.cleanupResult();
}

Example 35 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class Projector method projectInternal.

private <F extends ObjectType> void projectInternal(LensContext<F> context, String activityDescription, boolean fromStart, boolean allWaves, Task task, OperationResult parentResult) throws SchemaException, PolicyViolationException, ExpressionEvaluationException, ObjectNotFoundException, ObjectAlreadyExistsException, CommunicationException, ConfigurationException, SecurityViolationException {
    context.checkAbortRequested();
    if (context.getDebugListener() != null) {
        context.getDebugListener().beforeProjection(context);
    }
    // Read the time at the beginning so all processors have the same notion of "now"
    // this provides nicer unified timestamp that can be used in equality checks in tests and also for
    // troubleshooting
    XMLGregorianCalendar now = clock.currentTimeXMLGregorianCalendar();
    String traceTitle = fromStart ? "projector start" : "projector resume";
    LensUtil.traceContext(LOGGER, activityDescription, traceTitle, false, context, false);
    if (consistencyChecks)
        context.checkConsistence();
    if (fromStart) {
        context.normalize();
        context.resetProjectionWave();
    }
    OperationResult result = parentResult.createSubresult(Projector.class.getName() + ".project");
    result.addParam("fromStart", fromStart);
    result.addContext("projectionWave", context.getProjectionWave());
    result.addContext("executionWave", context.getExecutionWave());
    PartialProcessingOptionsType partialProcessingOptions = context.getPartialProcessingOptions();
    try {
        context.reportProgress(new ProgressInformation(PROJECTOR, ENTERING));
        if (fromStart) {
            LensUtil.partialExecute("load", () -> {
                contextLoader.load(context, activityDescription, task, result);
                // Set the "fresh" mark now so following consistency check will be stricter
                context.setFresh(true);
                if (consistencyChecks)
                    context.checkConsistence();
            }, partialProcessingOptions::getLoad, result);
        }
        // For now let's pretend to do just one wave. The maxWaves number will be corrected in the
        // first wave when dependencies are sorted out for the first time.
        int maxWaves = context.getExecutionWave() + 1;
        // Start the waves ....
        LOGGER.trace("WAVE: Starting the waves.");
        boolean firstWave = true;
        while ((allWaves && context.getProjectionWave() < maxWaves) || (!allWaves && context.getProjectionWave() <= context.getExecutionWave())) {
            boolean inFirstWave = firstWave;
            // in order to not forget to reset it ;)
            firstWave = false;
            context.checkAbortRequested();
            LOGGER.trace("WAVE {} (maxWaves={}, executionWave={})", context.getProjectionWave(), maxWaves, context.getExecutionWave());
            //just make sure everything is loaded and set as needed
            dependencyProcessor.preprocessDependencies(context);
            // Process the focus-related aspects of the context. That means inbound, focus activation,
            // object template and assignments.
            LensUtil.partialExecute("focus", () -> {
                focusProcessor.processFocus(context, activityDescription, now, task, result);
                context.recomputeFocus();
                if (consistencyChecks)
                    context.checkConsistence();
            }, partialProcessingOptions::getFocus, result);
            LensUtil.traceContext(LOGGER, activityDescription, "focus processing", false, context, false);
            LensUtil.checkContextSanity(context, "focus processing", result);
            // a projection is provisioned or deprovisioned only after the activation is processed.
            if (fromStart && inFirstWave) {
                LOGGER.trace("Processing activation for all contexts");
                for (LensProjectionContext projectionContext : context.getProjectionContexts()) {
                    if (projectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.BROKEN || projectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.IGNORE) {
                        continue;
                    }
                    activationProcessor.processActivation(context, projectionContext, now, task, result);
                    projectionContext.recompute();
                }
                // TODO move implementation of this method elsewhere; but it has to be invoked here, as activationProcessor sets the IGNORE flag
                assignmentProcessor.removeIgnoredContexts(context);
            }
            LensUtil.traceContext(LOGGER, activityDescription, "projection activation of all resources", true, context, true);
            if (consistencyChecks)
                context.checkConsistence();
            dependencyProcessor.sortProjectionsToWaves(context);
            maxWaves = dependencyProcessor.computeMaxWaves(context);
            LOGGER.trace("Continuing wave {}, maxWaves={}", context.getProjectionWave(), maxWaves);
            for (LensProjectionContext projectionContext : context.getProjectionContexts()) {
                LensUtil.partialExecute("projection " + projectionContext.getHumanReadableName(), () -> projectProjection(context, projectionContext, partialProcessingOptions, now, activityDescription, task, result), partialProcessingOptions::getProjection);
            // TODO: make this condition more complex in the future. We may want the ability
            // to select only some projections to process
            }
            // if there exists some conflicting projection contexts, add them to the context so they will be recomputed in the next wave..
            addConflictingContexts(context);
            if (consistencyChecks)
                context.checkConsistence();
            context.incrementProjectionWave();
        }
        LOGGER.trace("WAVE: Stopping the waves. There was {} waves", context.getProjectionWave());
        // We can do this only when computation of all the waves is finished. Before that we do not know
        // activation of every account and therefore cannot decide what is OK and what is not
        dependencyProcessor.checkDependenciesFinal(context, result);
        if (consistencyChecks)
            context.checkConsistence();
        computeResultStatus(now, result);
    } catch (SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException e) {
        recordFatalError(e, now, result);
        throw e;
    } catch (RuntimeException e) {
        recordFatalError(e, now, result);
        // This should not normally happen unless there is something really bad or there is a bug.
        // Make sure that it is logged.
        LOGGER.error("Runtime error in projector: {}", e.getMessage(), e);
        throw e;
    } finally {
        if (context.getDebugListener() != null) {
            context.getDebugListener().afterProjection(context);
        }
        context.reportProgress(new ProgressInformation(PROJECTOR, result));
    }
}