Search in sources :

Example 36 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class Projector method projectProjection.

private <F extends ObjectType> void projectProjection(LensContext<F> context, LensProjectionContext projectionContext, PartialProcessingOptionsType partialProcessingOptions, XMLGregorianCalendar now, String activityDescription, Task task, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException {
    if (projectionContext.getWave() != context.getProjectionWave()) {
        // Let's skip accounts that do not belong into this wave.
        return;
    }
    String projectionDesc = getProjectionDesc(projectionContext);
    OperationResult result = parentResult.createMinorSubresult(OPERATION_PROJECT_PROJECTION);
    result.addParam(OperationResult.PARAM_PROJECTION, projectionDesc);
    try {
        context.checkAbortRequested();
        if (projectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.BROKEN || projectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.IGNORE) {
            result.recordStatus(OperationResultStatus.NOT_APPLICABLE, "Skipping projection because it is " + projectionContext.getSynchronizationPolicyDecision());
            return;
        }
        if (projectionContext.isThombstone()) {
            result.recordStatus(OperationResultStatus.NOT_APPLICABLE, "Skipping projection because it is a thombstone");
            return;
        }
        LOGGER.trace("WAVE {} PROJECTION {}", context.getProjectionWave(), projectionDesc);
        // Some projections may not be loaded at this point, e.g. high-order dependency projections
        contextLoader.makeSureProjectionIsLoaded(context, projectionContext, task, result);
        if (consistencyChecks)
            context.checkConsistence();
        if (!dependencyProcessor.checkDependencies(context, projectionContext, result)) {
            result.recordStatus(OperationResultStatus.NOT_APPLICABLE, "Skipping projection because it has unsatisfied dependencies");
            return;
        }
        // TODO: decide if we need to continue
        LensUtil.partialExecute("projectionValues", () -> {
            // This is a "composite" processor. it contains several more processor invocations inside
            projectionValuesProcessor.process(context, projectionContext, activityDescription, task, result);
            if (consistencyChecks)
                context.checkConsistence();
            projectionContext.recompute();
            if (consistencyChecks)
                context.checkConsistence();
        }, partialProcessingOptions::getProjectionValues);
        LensUtil.partialExecute("projectionCredentials", () -> {
            projectionCredentialsProcessor.processProjectionCredentials(context, projectionContext, now, task, result);
            if (consistencyChecks)
                context.checkConsistence();
            projectionContext.recompute();
            LensUtil.traceContext(LOGGER, activityDescription, "projection values and credentials of " + projectionDesc, false, context, true);
            if (consistencyChecks)
                context.checkConsistence();
        }, partialProcessingOptions::getProjectionCredentials);
        LensUtil.partialExecute("projectionReconciliation", () -> {
            reconciliationProcessor.processReconciliation(context, projectionContext, task, result);
            projectionContext.recompute();
            LensUtil.traceContext(LOGGER, activityDescription, "projection reconciliation of " + projectionDesc, false, context, false);
            if (consistencyChecks)
                context.checkConsistence();
        }, partialProcessingOptions::getProjectionReconciliation);
        LensUtil.partialExecute("projectionLifecycle", () -> {
            activationProcessor.processLifecycle(context, projectionContext, now, task, result);
            if (consistencyChecks)
                context.checkConsistence();
            projectionContext.recompute();
            //				    	LensUtil.traceContext(LOGGER, activityDescription, "projection lifecycle of "+projectionDesc, false, context, false);
            if (consistencyChecks)
                context.checkConsistence();
        }, partialProcessingOptions::getProjectionLifecycle);
        result.recordSuccess();
    } catch (ObjectNotFoundException | CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | PolicyViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | RuntimeException | Error e) {
        result.recordFatalError(e);
        ResourceType resourceType = projectionContext.getResource();
        if (resourceType == null) {
            throw e;
        } else {
            ErrorSelectorType errorSelector = null;
            if (resourceType.getConsistency() != null) {
                errorSelector = resourceType.getConsistency().getConnectorErrorCriticality();
            }
            if (errorSelector == null) {
                if (e instanceof CommunicationException) {
                // Just continue evaluation. The error is recorded in the result.
                // The consistency mechanism has (most likely) already done the best.
                // We cannot do any better.
                } else {
                    throw e;
                }
            } else {
                if (ExceptionUtil.isSelected(errorSelector, e)) {
                    throw e;
                } else {
                // Just continue evaluation. The error is recorded in the result.
                }
            }
        }
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) ErrorSelectorType(com.evolveum.midpoint.xml.ns._public.common.common_3.ErrorSelectorType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ResourceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)

Example 37 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ContextLoader method finishLoadOfProjectionContext.

/**
	 * Check reconcile flag in account sync context and set accountOld
     * variable if it's not set (from provisioning), load resource (if not set already), etc.
	 */
private <F extends ObjectType> void finishLoadOfProjectionContext(LensContext<F> context, LensProjectionContext projContext, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    String projectionHumanReadableName = projContext.getHumanReadableName();
    if (projContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.BROKEN) {
        return;
    }
    // MID-2436 (volatile objects) - as a quick but effective hack, we set reconciliation:=TRUE for volatile accounts
    ResourceObjectTypeDefinitionType objectDefinition = projContext.getResourceObjectTypeDefinitionType();
    if (objectDefinition != null && objectDefinition.getVolatility() == ResourceObjectVolatilityType.UNPREDICTABLE && !projContext.isDoReconciliation()) {
        LOGGER.trace("Resource object volatility is UNPREDICTABLE => setting doReconciliation to TRUE for {}", projContext.getResourceShadowDiscriminator());
        projContext.setDoReconciliation(true);
    }
    // Remember OID before the object could be wiped
    String projectionObjectOid = projContext.getOid();
    if (projContext.isDoReconciliation() && !projContext.isFullShadow()) {
        // The current object is useless here. So lets just wipe it so it will get loaded
        projContext.setObjectCurrent(null);
    }
    // Load current object
    boolean thombstone = false;
    PrismObject<ShadowType> projectionObject = projContext.getObjectCurrent();
    if (projContext.getObjectCurrent() == null || needToReload(context, projContext)) {
        if (projContext.isAdd()) {
            // No need to load old object, there is none
            projContext.setExists(false);
            projContext.recompute();
            projectionObject = projContext.getObjectNew();
        } else {
            if (projectionObjectOid == null) {
                projContext.setExists(false);
                if (projContext.getResourceShadowDiscriminator() == null || projContext.getResourceShadowDiscriminator().getResourceOid() == null) {
                    throw new SystemException("Projection " + projectionHumanReadableName + " with null OID, no representation and no resource OID in account sync context " + projContext);
                }
            } else {
                projContext.setExists(true);
                GetOperationOptions rootOptions = GetOperationOptions.createPointInTimeType(PointInTimeType.FUTURE);
                if (projContext.isDoReconciliation()) {
                    if (SchemaConstants.CHANGE_CHANNEL_DISCOVERY_URI.equals(context.getChannel())) {
                        // Avoid discovery loops
                        rootOptions.setDoNotDiscovery(true);
                    }
                } else {
                    rootOptions.setNoFetch(true);
                }
                rootOptions.setAllowNotFound(true);
                Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(rootOptions);
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Loading shadow {} for projection {}, options={}", projectionObjectOid, projectionHumanReadableName, options);
                }
                try {
                    PrismObject<ShadowType> objectOld = provisioningService.getObject(projContext.getObjectTypeClass(), projectionObjectOid, options, task, result);
                    if (LOGGER.isTraceEnabled()) {
                        if (!GetOperationOptions.isNoFetch(rootOptions) && !GetOperationOptions.isRaw(rootOptions)) {
                            if (LOGGER.isTraceEnabled()) {
                                LOGGER.trace("Full shadow loaded for {}:\n{}", projectionHumanReadableName, objectOld.debugDump(1));
                            }
                        }
                    }
                    Validate.notNull(objectOld.getOid());
                    if (InternalsConfig.consistencyChecks) {
                        String resourceOid = projContext.getResourceOid();
                        if (resourceOid != null && !resourceOid.equals(objectOld.asObjectable().getResourceRef().getOid())) {
                            throw new IllegalStateException("Loaded shadow with wrong resourceRef. Loading shadow " + projectionObjectOid + ", got " + objectOld.getOid() + ", expected resourceRef " + resourceOid + ", but was " + objectOld.asObjectable().getResourceRef().getOid() + " for context " + projectionHumanReadableName);
                        }
                    }
                    projContext.setLoadedObject(objectOld);
                    ShadowType oldShadow = objectOld.asObjectable();
                    if (projContext.isDoReconciliation()) {
                        projContext.determineFullShadowFlag(oldShadow.getFetchResult());
                    } else {
                        projContext.setFullShadow(false);
                    }
                    projectionObject = objectOld;
                } catch (ObjectNotFoundException ex) {
                    // This does not mean BROKEN. The projection was there, but it gone now. What we really want here
                    // is a thombstone projection.
                    thombstone = true;
                    projContext.setFullShadow(false);
                    LOGGER.warn("Could not find object with oid {}. The projection context {} is marked as thombstone.", projectionObjectOid, projectionHumanReadableName);
                } catch (CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | RuntimeException | Error e) {
                    LOGGER.warn("Problem while getting object with oid {}. Projection context {} is marked as broken: {}: {}", projectionObjectOid, projectionHumanReadableName, e.getClass().getSimpleName(), e.getMessage());
                    projContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.BROKEN);
                    ResourceType resourceType = projContext.getResource();
                    if (resourceType == null) {
                        throw e;
                    } else {
                        ErrorSelectorType errorSelector = null;
                        if (resourceType.getConsistency() != null) {
                            errorSelector = resourceType.getConsistency().getConnectorErrorCriticality();
                        }
                        if (errorSelector == null) {
                            if (e instanceof SchemaException) {
                                // We cannot do any better.
                                return;
                            } else {
                                throw e;
                            }
                        } else {
                            if (ExceptionUtil.isSelected(errorSelector, e)) {
                                throw e;
                            } else {
                                return;
                            }
                        }
                    }
                }
            }
            projContext.setFresh(true);
        }
    } else {
        projectionObject = projContext.getObjectCurrent();
        if (projectionObjectOid != null) {
            projContext.setExists(true);
        }
    }
    // Determine Resource
    ResourceType resourceType = projContext.getResource();
    String resourceOid = null;
    if (resourceType == null) {
        if (projectionObject != null) {
            ShadowType shadowType = projectionObject.asObjectable();
            resourceOid = ShadowUtil.getResourceOid(shadowType);
        } else if (projContext.getResourceShadowDiscriminator() != null) {
            resourceOid = projContext.getResourceShadowDiscriminator().getResourceOid();
        } else if (!thombstone) {
            throw new IllegalStateException("No shadow, no discriminator and not thombstone? That won't do. Projection " + projectionHumanReadableName);
        }
    } else {
        resourceOid = resourceType.getOid();
    }
    // Determine discriminator
    ResourceShadowDiscriminator discr = projContext.getResourceShadowDiscriminator();
    if (discr == null) {
        if (projectionObject != null) {
            ShadowType accountShadowType = projectionObject.asObjectable();
            String intent = ShadowUtil.getIntent(accountShadowType);
            ShadowKindType kind = ShadowUtil.getKind(accountShadowType);
            discr = new ResourceShadowDiscriminator(resourceOid, kind, intent, thombstone);
        } else {
            discr = new ResourceShadowDiscriminator(null, null, null, thombstone);
        }
        projContext.setResourceShadowDiscriminator(discr);
    } else {
        if (thombstone) {
            // We do not want to reset thombstone flag if it was set before
            discr.setThombstone(thombstone);
        }
    }
    // Load resource
    if (resourceType == null && resourceOid != null) {
        resourceType = LensUtil.getResourceReadOnly(context, resourceOid, provisioningService, task, result);
        projContext.setResource(resourceType);
    }
    //Determine refined schema and password policies for account type
    RefinedObjectClassDefinition structuralObjectClassDef = projContext.getStructuralObjectClassDefinition();
    if (structuralObjectClassDef != null) {
        ObjectReferenceType passwordPolicyRef = structuralObjectClassDef.getPasswordPolicy();
        if (passwordPolicyRef != null && passwordPolicyRef.getOid() != null) {
            PrismObject<ValuePolicyType> passwordPolicy = cacheRepositoryService.getObject(ValuePolicyType.class, passwordPolicyRef.getOid(), null, result);
            if (passwordPolicy != null) {
                projContext.setAccountPasswordPolicy(passwordPolicy.asObjectable());
            }
        }
    }
    //set limitation, e.g. if this projection context should be recomputed and processed by projector
    if (ModelExecuteOptions.isLimitPropagation(context.getOptions())) {
        if (context.getTriggeredResourceOid() != null) {
            if (!context.getTriggeredResourceOid().equals(resourceOid)) {
                projContext.setCanProject(false);
            }
        }
    }
    setPrimaryDeltaOldValue(projContext);
}
Also used : SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions) SystemException(com.evolveum.midpoint.util.exception.SystemException) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ResourceShadowDiscriminator(com.evolveum.midpoint.schema.ResourceShadowDiscriminator)

Example 38 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method fetchObject.

@Override
public <T extends ShadowType> PrismObject<T> fetchObject(Class<T> type, ResourceObjectIdentification resourceObjectIdentification, AttributesToReturn attributesToReturn, StateReporter reporter, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, GenericFrameworkException, SchemaException, SecurityViolationException, ConfigurationException {
    Validate.notNull(resourceObjectIdentification, "Null primary identifiers");
    ObjectClassComplexTypeDefinition objectClassDefinition = resourceObjectIdentification.getObjectClassDefinition();
    // Result type for this operation
    OperationResult result = parentResult.createMinorSubresult(ConnectorInstance.class.getName() + ".fetchObject");
    result.addParam("resourceObjectDefinition", objectClassDefinition);
    result.addParam("identification", resourceObjectIdentification);
    result.addContext("connector", connectorType);
    if (connIdConnectorFacade == null) {
        result.recordFatalError("Attempt to use unconfigured connector");
        throw new IllegalStateException("Attempt to use unconfigured connector " + ObjectTypeUtil.toShortString(connectorType) + " " + description);
    }
    // Get UID from the set of identifiers
    Uid uid;
    try {
        uid = getUid(resourceObjectIdentification);
    } catch (SchemaException e) {
        result.recordFatalError(e);
        throw e;
    }
    if (uid == null) {
        result.recordFatalError("Required attribute UID not found in identification set while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
        throw new IllegalArgumentException("Required attribute UID not found in identification set while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
    }
    ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(objectClassDefinition, getSchemaNamespace(), connectorType, legacySchema);
    if (icfObjectClass == null) {
        result.recordFatalError("Unable to determine object class from QName " + objectClassDefinition.getTypeName() + " while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
        throw new IllegalArgumentException("Unable to determine object class from QName " + objectClassDefinition.getTypeName() + " while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
    }
    OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
    convertToIcfAttrsToGet(objectClassDefinition, attributesToReturn, optionsBuilder);
    optionsBuilder.setAllowPartialResults(true);
    OperationOptions options = optionsBuilder.build();
    ConnectorObject co = null;
    try {
        // Invoke the ICF connector
        co = fetchConnectorObject(reporter, objectClassDefinition, icfObjectClass, uid, options, result);
    } catch (CommunicationException ex) {
        result.recordFatalError(ex);
        // exception.
        throw ex;
    } catch (GenericFrameworkException ex) {
        result.recordFatalError(ex);
        // exception.
        throw ex;
    } catch (ConfigurationException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (SecurityViolationException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (ObjectNotFoundException ex) {
        result.recordFatalError("Object not found");
        throw new ObjectNotFoundException("Object identified by " + resourceObjectIdentification + " (ConnId UID " + uid + "), objectClass " + objectClassDefinition.getTypeName() + "  was not found in " + description);
    } catch (SchemaException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (RuntimeException ex) {
        result.recordFatalError(ex);
        throw ex;
    }
    if (co == null) {
        result.recordFatalError("Object not found");
        throw new ObjectNotFoundException("Object identified by " + resourceObjectIdentification + " (ConnId UID " + uid + "), objectClass " + objectClassDefinition.getTypeName() + " was not in " + description);
    }
    PrismObjectDefinition<T> shadowDefinition = toShadowDefinition(objectClassDefinition);
    PrismObject<T> shadow = connIdConvertor.convertToResourceObject(co, shadowDefinition, false, caseIgnoreAttributeNames, legacySchema);
    result.recordSuccess();
    return shadow;
}
Also used : OperationOptions(org.identityconnectors.framework.common.objects.OperationOptions) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) GenericFrameworkException(com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) AsynchronousOperationResult(com.evolveum.midpoint.schema.result.AsynchronousOperationResult) OperationOptionsBuilder(org.identityconnectors.framework.common.objects.OperationOptionsBuilder) Uid(org.identityconnectors.framework.common.objects.Uid) QualifiedUid(org.identityconnectors.framework.common.objects.QualifiedUid) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)

Example 39 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method search.

@Override
public <T extends ShadowType> SearchResultMetadata search(final ObjectClassComplexTypeDefinition objectClassDefinition, final ObjectQuery query, final ResultHandler<T> handler, AttributesToReturn attributesToReturn, PagedSearchCapabilityType pagedSearchCapabilityType, SearchHierarchyConstraints searchHierarchyConstraints, final StateReporter reporter, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SecurityViolationException, SchemaException, ObjectNotFoundException {
    // Result type for this operation
    final OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".search");
    result.addParam("objectClass", objectClassDefinition);
    result.addContext("connector", connectorType);
    if (objectClassDefinition == null) {
        result.recordFatalError("Object class not defined");
        throw new IllegalArgumentException("objectClass not defined");
    }
    ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(objectClassDefinition, getSchemaNamespace(), connectorType, legacySchema);
    if (icfObjectClass == null) {
        IllegalArgumentException ex = new IllegalArgumentException("Unable to determine object class from QName " + objectClassDefinition + " while attempting to search objects by " + ObjectTypeUtil.toShortString(connectorType));
        result.recordFatalError("Unable to determine object class", ex);
        throw ex;
    }
    final PrismObjectDefinition<T> objectDefinition = toShadowDefinition(objectClassDefinition);
    if (pagedSearchCapabilityType == null) {
        pagedSearchCapabilityType = getCapability(PagedSearchCapabilityType.class);
    }
    final boolean useConnectorPaging = pagedSearchCapabilityType != null;
    if (!useConnectorPaging && query != null && query.getPaging() != null && (query.getPaging().getOffset() != null || query.getPaging().getMaxSize() != null)) {
        InternalMonitor.recordConnectorSimulatedPagingSearchCount();
    }
    final Holder<Integer> countHolder = new Holder<>(0);
    ResultsHandler icfHandler = new ResultsHandler() {

        @Override
        public boolean handle(ConnectorObject connectorObject) {
            // Convert ICF-specific connector object to a generic
            // ResourceObject
            recordIcfOperationSuspend(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
            int count = countHolder.getValue();
            countHolder.setValue(count + 1);
            if (!useConnectorPaging) {
                if (query != null && query.getPaging() != null && query.getPaging().getOffset() != null && query.getPaging().getMaxSize() != null) {
                    if (count < query.getPaging().getOffset()) {
                        recordResume();
                        return true;
                    }
                    if (count == (query.getPaging().getOffset() + query.getPaging().getMaxSize())) {
                        recordResume();
                        return false;
                    }
                }
            }
            PrismObject<T> resourceObject;
            try {
                resourceObject = connIdConvertor.convertToResourceObject(connectorObject, objectDefinition, false, caseIgnoreAttributeNames, legacySchema);
            } catch (SchemaException e) {
                recordResume();
                throw new IntermediateException(e);
            }
            // .. and pass it to the handler
            boolean cont = handler.handle(resourceObject);
            if (!cont) {
                result.recordWarning("Stopped on request from the handler");
            }
            recordResume();
            return cont;
        }

        private void recordResume() {
            recordIcfOperationResume(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
        }
    };
    OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
    try {
        convertToIcfAttrsToGet(objectClassDefinition, attributesToReturn, optionsBuilder);
        if (query != null && query.isAllowPartialResults()) {
            optionsBuilder.setAllowPartialResults(query.isAllowPartialResults());
        }
        // preparing paging-related options
        if (useConnectorPaging && query != null && query.getPaging() != null) {
            ObjectPaging paging = query.getPaging();
            if (paging.getOffset() != null) {
                // ConnId API says the numbering starts at 1
                optionsBuilder.setPagedResultsOffset(paging.getOffset() + 1);
            }
            if (paging.getMaxSize() != null) {
                optionsBuilder.setPageSize(paging.getMaxSize());
            }
            QName orderByAttributeName;
            boolean isAscending;
            ItemPath orderByPath = paging.getOrderBy();
            String desc;
            if (orderByPath != null && !orderByPath.isEmpty()) {
                orderByAttributeName = ShadowUtil.getAttributeName(orderByPath, "OrderBy path");
                if (SchemaConstants.C_NAME.equals(orderByAttributeName)) {
                    orderByAttributeName = SchemaConstants.ICFS_NAME;
                }
                isAscending = paging.getDirection() != OrderDirection.DESCENDING;
                desc = "(explicitly specified orderBy attribute)";
            } else {
                orderByAttributeName = pagedSearchCapabilityType.getDefaultSortField();
                isAscending = pagedSearchCapabilityType.getDefaultSortDirection() != OrderDirectionType.DESCENDING;
                desc = "(default orderBy attribute from capability definition)";
            }
            if (orderByAttributeName != null) {
                String orderByIcfName = connIdNameMapper.convertAttributeNameToIcf(orderByAttributeName, objectClassDefinition, desc);
                optionsBuilder.setSortKeys(new SortKey(orderByIcfName, isAscending));
            }
        }
        if (searchHierarchyConstraints != null) {
            ResourceObjectIdentification baseContextIdentification = searchHierarchyConstraints.getBaseContext();
            // Only LDAP connector really supports base context. And this one will work better with
            // DN. And DN is secondary identifier (__NAME__). This is ugly, but practical. It works around ConnId problems.
            ResourceAttribute<?> secondaryIdentifier = baseContextIdentification.getSecondaryIdentifier();
            if (secondaryIdentifier == null) {
                SchemaException e = new SchemaException("No secondary identifier in base context identification " + baseContextIdentification);
                result.recordFatalError(e);
                throw e;
            }
            String secondaryIdentifierValue = secondaryIdentifier.getRealValue(String.class);
            ObjectClass baseContextIcfObjectClass = connIdNameMapper.objectClassToIcf(baseContextIdentification.getObjectClassDefinition(), getSchemaNamespace(), connectorType, legacySchema);
            QualifiedUid containerQualifiedUid = new QualifiedUid(baseContextIcfObjectClass, new Uid(secondaryIdentifierValue));
            optionsBuilder.setContainer(containerQualifiedUid);
        }
    } catch (SchemaException e) {
        result.recordFatalError(e);
        throw e;
    }
    // Relax completeness requirements. This is a search, not get. So it is OK to
    // return incomplete member lists and similar attributes.
    optionsBuilder.setAllowPartialAttributeValues(true);
    OperationOptions options = optionsBuilder.build();
    Filter filter;
    try {
        filter = convertFilterToIcf(query, objectClassDefinition);
    } catch (SchemaException | RuntimeException e) {
        result.recordFatalError(e);
        throw e;
    }
    // Connector operation cannot create result for itself, so we need to
    // create result for it
    OperationResult icfResult = result.createSubresult(ConnectorFacade.class.getName() + ".search");
    icfResult.addArbitraryObjectAsParam("objectClass", icfObjectClass);
    icfResult.addContext("connector", connIdConnectorFacade.getClass());
    SearchResult icfSearchResult;
    try {
        InternalMonitor.recordConnectorOperation("search");
        recordIcfOperationStart(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
        icfSearchResult = connIdConnectorFacade.search(icfObjectClass, filter, icfHandler, options);
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
        icfResult.recordSuccess();
    } catch (IntermediateException inex) {
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition, inex);
        SchemaException ex = (SchemaException) inex.getCause();
        icfResult.recordFatalError(ex);
        result.recordFatalError(ex);
        throw ex;
    } catch (Throwable ex) {
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition, ex);
        Throwable midpointEx = processIcfException(ex, this, icfResult);
        result.computeStatus();
        // exception
        if (midpointEx instanceof CommunicationException) {
            throw (CommunicationException) midpointEx;
        } else if (midpointEx instanceof ObjectNotFoundException) {
            throw (ObjectNotFoundException) midpointEx;
        } else if (midpointEx instanceof GenericFrameworkException) {
            throw (GenericFrameworkException) midpointEx;
        } else if (midpointEx instanceof SchemaException) {
            throw (SchemaException) midpointEx;
        } else if (midpointEx instanceof SecurityViolationException) {
            throw (SecurityViolationException) midpointEx;
        } else if (midpointEx instanceof RuntimeException) {
            throw (RuntimeException) midpointEx;
        } else if (midpointEx instanceof Error) {
            throw (Error) midpointEx;
        } else {
            throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
        }
    }
    SearchResultMetadata metadata = null;
    if (icfSearchResult != null) {
        metadata = new SearchResultMetadata();
        metadata.setPagingCookie(icfSearchResult.getPagedResultsCookie());
        if (icfSearchResult.getRemainingPagedResults() >= 0) {
            metadata.setApproxNumberOfAllResults(icfSearchResult.getRemainingPagedResults());
        }
        if (!icfSearchResult.isAllResultsReturned()) {
            metadata.setPartialResults(true);
        }
    }
    if (result.isUnknown()) {
        result.recordSuccess();
    }
    return metadata;
}
Also used : OperationOptions(org.identityconnectors.framework.common.objects.OperationOptions) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) AsynchronousOperationResult(com.evolveum.midpoint.schema.result.AsynchronousOperationResult) SortKey(org.identityconnectors.framework.common.objects.SortKey) GuardedString(org.identityconnectors.common.security.GuardedString) OperationOptionsBuilder(org.identityconnectors.framework.common.objects.OperationOptionsBuilder) PagedSearchCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.PagedSearchCapabilityType) SystemException(com.evolveum.midpoint.util.exception.SystemException) QualifiedUid(org.identityconnectors.framework.common.objects.QualifiedUid) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) GenericFrameworkException(com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException) QName(javax.xml.namespace.QName) Holder(com.evolveum.midpoint.util.Holder) ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject) SearchResultMetadata(com.evolveum.midpoint.schema.SearchResultMetadata) SearchResult(org.identityconnectors.framework.common.objects.SearchResult) SyncResultsHandler(org.identityconnectors.framework.common.objects.SyncResultsHandler) ResultsHandler(org.identityconnectors.framework.common.objects.ResultsHandler) Uid(org.identityconnectors.framework.common.objects.Uid) QualifiedUid(org.identityconnectors.framework.common.objects.QualifiedUid) ObjectPaging(com.evolveum.midpoint.prism.query.ObjectPaging) Filter(org.identityconnectors.framework.common.objects.filter.Filter) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 40 with SecurityViolationException

use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.

the class TestRetirement method reconcileAllOrgs.

private void reconcileAllOrgs() throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    final Task task = createTask("reconcileAllOrgs");
    OperationResult result = task.getResult();
    ResultHandler<OrgType> handler = new ResultHandler<OrgType>() {

        @Override
        public boolean handle(PrismObject<OrgType> object, OperationResult parentResult) {
            try {
                display("reconciling " + object);
                reconcileOrg(object.getOid(), task, parentResult);
            } catch (SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectNotFoundException | ObjectAlreadyExistsException | CommunicationException | ConfigurationException | SecurityViolationException e) {
                throw new SystemException(e.getMessage(), e);
            }
            return true;
        }
    };
    display("Reconciling all orgs");
    modelService.searchObjectsIterative(OrgType.class, null, handler, null, task, result);
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) Task(com.evolveum.midpoint.task.api.Task) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ResultHandler(com.evolveum.midpoint.schema.ResultHandler) PrismObject(com.evolveum.midpoint.prism.PrismObject) SystemException(com.evolveum.midpoint.util.exception.SystemException) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) OrgType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)

Aggregations

SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)131 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)109 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)93 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)84 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)66 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)64 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)57 Task (com.evolveum.midpoint.task.api.Task)53 ObjectAlreadyExistsException (com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)35 SystemException (com.evolveum.midpoint.util.exception.SystemException)29 PrismObject (com.evolveum.midpoint.prism.PrismObject)24 PolicyViolationException (com.evolveum.midpoint.util.exception.PolicyViolationException)24 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)19 ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)17 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)17 ArrayList (java.util.ArrayList)17 GenericFrameworkException (com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException)15 QName (javax.xml.namespace.QName)13 Test (org.testng.annotations.Test)12 ResultHandler (com.evolveum.midpoint.schema.ResultHandler)11