use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.
the class Projector method projectProjection.
private <F extends ObjectType> void projectProjection(LensContext<F> context, LensProjectionContext projectionContext, PartialProcessingOptionsType partialProcessingOptions, XMLGregorianCalendar now, String activityDescription, Task task, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, PolicyViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException {
if (projectionContext.getWave() != context.getProjectionWave()) {
// Let's skip accounts that do not belong into this wave.
return;
}
String projectionDesc = getProjectionDesc(projectionContext);
OperationResult result = parentResult.createMinorSubresult(OPERATION_PROJECT_PROJECTION);
result.addParam(OperationResult.PARAM_PROJECTION, projectionDesc);
try {
context.checkAbortRequested();
if (projectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.BROKEN || projectionContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.IGNORE) {
result.recordStatus(OperationResultStatus.NOT_APPLICABLE, "Skipping projection because it is " + projectionContext.getSynchronizationPolicyDecision());
return;
}
if (projectionContext.isThombstone()) {
result.recordStatus(OperationResultStatus.NOT_APPLICABLE, "Skipping projection because it is a thombstone");
return;
}
LOGGER.trace("WAVE {} PROJECTION {}", context.getProjectionWave(), projectionDesc);
// Some projections may not be loaded at this point, e.g. high-order dependency projections
contextLoader.makeSureProjectionIsLoaded(context, projectionContext, task, result);
if (consistencyChecks)
context.checkConsistence();
if (!dependencyProcessor.checkDependencies(context, projectionContext, result)) {
result.recordStatus(OperationResultStatus.NOT_APPLICABLE, "Skipping projection because it has unsatisfied dependencies");
return;
}
// TODO: decide if we need to continue
LensUtil.partialExecute("projectionValues", () -> {
// This is a "composite" processor. it contains several more processor invocations inside
projectionValuesProcessor.process(context, projectionContext, activityDescription, task, result);
if (consistencyChecks)
context.checkConsistence();
projectionContext.recompute();
if (consistencyChecks)
context.checkConsistence();
}, partialProcessingOptions::getProjectionValues);
LensUtil.partialExecute("projectionCredentials", () -> {
projectionCredentialsProcessor.processProjectionCredentials(context, projectionContext, now, task, result);
if (consistencyChecks)
context.checkConsistence();
projectionContext.recompute();
LensUtil.traceContext(LOGGER, activityDescription, "projection values and credentials of " + projectionDesc, false, context, true);
if (consistencyChecks)
context.checkConsistence();
}, partialProcessingOptions::getProjectionCredentials);
LensUtil.partialExecute("projectionReconciliation", () -> {
reconciliationProcessor.processReconciliation(context, projectionContext, task, result);
projectionContext.recompute();
LensUtil.traceContext(LOGGER, activityDescription, "projection reconciliation of " + projectionDesc, false, context, false);
if (consistencyChecks)
context.checkConsistence();
}, partialProcessingOptions::getProjectionReconciliation);
LensUtil.partialExecute("projectionLifecycle", () -> {
activationProcessor.processLifecycle(context, projectionContext, now, task, result);
if (consistencyChecks)
context.checkConsistence();
projectionContext.recompute();
// LensUtil.traceContext(LOGGER, activityDescription, "projection lifecycle of "+projectionDesc, false, context, false);
if (consistencyChecks)
context.checkConsistence();
}, partialProcessingOptions::getProjectionLifecycle);
result.recordSuccess();
} catch (ObjectNotFoundException | CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | PolicyViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | RuntimeException | Error e) {
result.recordFatalError(e);
ResourceType resourceType = projectionContext.getResource();
if (resourceType == null) {
throw e;
} else {
ErrorSelectorType errorSelector = null;
if (resourceType.getConsistency() != null) {
errorSelector = resourceType.getConsistency().getConnectorErrorCriticality();
}
if (errorSelector == null) {
if (e instanceof CommunicationException) {
// Just continue evaluation. The error is recorded in the result.
// The consistency mechanism has (most likely) already done the best.
// We cannot do any better.
} else {
throw e;
}
} else {
if (ExceptionUtil.isSelected(errorSelector, e)) {
throw e;
} else {
// Just continue evaluation. The error is recorded in the result.
}
}
}
}
}
use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.
the class ContextLoader method finishLoadOfProjectionContext.
/**
* Check reconcile flag in account sync context and set accountOld
* variable if it's not set (from provisioning), load resource (if not set already), etc.
*/
private <F extends ObjectType> void finishLoadOfProjectionContext(LensContext<F> context, LensProjectionContext projContext, Task task, OperationResult result) throws ObjectNotFoundException, CommunicationException, SchemaException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
String projectionHumanReadableName = projContext.getHumanReadableName();
if (projContext.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.BROKEN) {
return;
}
// MID-2436 (volatile objects) - as a quick but effective hack, we set reconciliation:=TRUE for volatile accounts
ResourceObjectTypeDefinitionType objectDefinition = projContext.getResourceObjectTypeDefinitionType();
if (objectDefinition != null && objectDefinition.getVolatility() == ResourceObjectVolatilityType.UNPREDICTABLE && !projContext.isDoReconciliation()) {
LOGGER.trace("Resource object volatility is UNPREDICTABLE => setting doReconciliation to TRUE for {}", projContext.getResourceShadowDiscriminator());
projContext.setDoReconciliation(true);
}
// Remember OID before the object could be wiped
String projectionObjectOid = projContext.getOid();
if (projContext.isDoReconciliation() && !projContext.isFullShadow()) {
// The current object is useless here. So lets just wipe it so it will get loaded
projContext.setObjectCurrent(null);
}
// Load current object
boolean thombstone = false;
PrismObject<ShadowType> projectionObject = projContext.getObjectCurrent();
if (projContext.getObjectCurrent() == null || needToReload(context, projContext)) {
if (projContext.isAdd()) {
// No need to load old object, there is none
projContext.setExists(false);
projContext.recompute();
projectionObject = projContext.getObjectNew();
} else {
if (projectionObjectOid == null) {
projContext.setExists(false);
if (projContext.getResourceShadowDiscriminator() == null || projContext.getResourceShadowDiscriminator().getResourceOid() == null) {
throw new SystemException("Projection " + projectionHumanReadableName + " with null OID, no representation and no resource OID in account sync context " + projContext);
}
} else {
projContext.setExists(true);
GetOperationOptions rootOptions = GetOperationOptions.createPointInTimeType(PointInTimeType.FUTURE);
if (projContext.isDoReconciliation()) {
if (SchemaConstants.CHANGE_CHANNEL_DISCOVERY_URI.equals(context.getChannel())) {
// Avoid discovery loops
rootOptions.setDoNotDiscovery(true);
}
} else {
rootOptions.setNoFetch(true);
}
rootOptions.setAllowNotFound(true);
Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(rootOptions);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Loading shadow {} for projection {}, options={}", projectionObjectOid, projectionHumanReadableName, options);
}
try {
PrismObject<ShadowType> objectOld = provisioningService.getObject(projContext.getObjectTypeClass(), projectionObjectOid, options, task, result);
if (LOGGER.isTraceEnabled()) {
if (!GetOperationOptions.isNoFetch(rootOptions) && !GetOperationOptions.isRaw(rootOptions)) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Full shadow loaded for {}:\n{}", projectionHumanReadableName, objectOld.debugDump(1));
}
}
}
Validate.notNull(objectOld.getOid());
if (InternalsConfig.consistencyChecks) {
String resourceOid = projContext.getResourceOid();
if (resourceOid != null && !resourceOid.equals(objectOld.asObjectable().getResourceRef().getOid())) {
throw new IllegalStateException("Loaded shadow with wrong resourceRef. Loading shadow " + projectionObjectOid + ", got " + objectOld.getOid() + ", expected resourceRef " + resourceOid + ", but was " + objectOld.asObjectable().getResourceRef().getOid() + " for context " + projectionHumanReadableName);
}
}
projContext.setLoadedObject(objectOld);
ShadowType oldShadow = objectOld.asObjectable();
if (projContext.isDoReconciliation()) {
projContext.determineFullShadowFlag(oldShadow.getFetchResult());
} else {
projContext.setFullShadow(false);
}
projectionObject = objectOld;
} catch (ObjectNotFoundException ex) {
// This does not mean BROKEN. The projection was there, but it gone now. What we really want here
// is a thombstone projection.
thombstone = true;
projContext.setFullShadow(false);
LOGGER.warn("Could not find object with oid {}. The projection context {} is marked as thombstone.", projectionObjectOid, projectionHumanReadableName);
} catch (CommunicationException | SchemaException | ConfigurationException | SecurityViolationException | RuntimeException | Error e) {
LOGGER.warn("Problem while getting object with oid {}. Projection context {} is marked as broken: {}: {}", projectionObjectOid, projectionHumanReadableName, e.getClass().getSimpleName(), e.getMessage());
projContext.setSynchronizationPolicyDecision(SynchronizationPolicyDecision.BROKEN);
ResourceType resourceType = projContext.getResource();
if (resourceType == null) {
throw e;
} else {
ErrorSelectorType errorSelector = null;
if (resourceType.getConsistency() != null) {
errorSelector = resourceType.getConsistency().getConnectorErrorCriticality();
}
if (errorSelector == null) {
if (e instanceof SchemaException) {
// We cannot do any better.
return;
} else {
throw e;
}
} else {
if (ExceptionUtil.isSelected(errorSelector, e)) {
throw e;
} else {
return;
}
}
}
}
}
projContext.setFresh(true);
}
} else {
projectionObject = projContext.getObjectCurrent();
if (projectionObjectOid != null) {
projContext.setExists(true);
}
}
// Determine Resource
ResourceType resourceType = projContext.getResource();
String resourceOid = null;
if (resourceType == null) {
if (projectionObject != null) {
ShadowType shadowType = projectionObject.asObjectable();
resourceOid = ShadowUtil.getResourceOid(shadowType);
} else if (projContext.getResourceShadowDiscriminator() != null) {
resourceOid = projContext.getResourceShadowDiscriminator().getResourceOid();
} else if (!thombstone) {
throw new IllegalStateException("No shadow, no discriminator and not thombstone? That won't do. Projection " + projectionHumanReadableName);
}
} else {
resourceOid = resourceType.getOid();
}
// Determine discriminator
ResourceShadowDiscriminator discr = projContext.getResourceShadowDiscriminator();
if (discr == null) {
if (projectionObject != null) {
ShadowType accountShadowType = projectionObject.asObjectable();
String intent = ShadowUtil.getIntent(accountShadowType);
ShadowKindType kind = ShadowUtil.getKind(accountShadowType);
discr = new ResourceShadowDiscriminator(resourceOid, kind, intent, thombstone);
} else {
discr = new ResourceShadowDiscriminator(null, null, null, thombstone);
}
projContext.setResourceShadowDiscriminator(discr);
} else {
if (thombstone) {
// We do not want to reset thombstone flag if it was set before
discr.setThombstone(thombstone);
}
}
// Load resource
if (resourceType == null && resourceOid != null) {
resourceType = LensUtil.getResourceReadOnly(context, resourceOid, provisioningService, task, result);
projContext.setResource(resourceType);
}
//Determine refined schema and password policies for account type
RefinedObjectClassDefinition structuralObjectClassDef = projContext.getStructuralObjectClassDefinition();
if (structuralObjectClassDef != null) {
ObjectReferenceType passwordPolicyRef = structuralObjectClassDef.getPasswordPolicy();
if (passwordPolicyRef != null && passwordPolicyRef.getOid() != null) {
PrismObject<ValuePolicyType> passwordPolicy = cacheRepositoryService.getObject(ValuePolicyType.class, passwordPolicyRef.getOid(), null, result);
if (passwordPolicy != null) {
projContext.setAccountPasswordPolicy(passwordPolicy.asObjectable());
}
}
}
//set limitation, e.g. if this projection context should be recomputed and processed by projector
if (ModelExecuteOptions.isLimitPropagation(context.getOptions())) {
if (context.getTriggeredResourceOid() != null) {
if (!context.getTriggeredResourceOid().equals(resourceOid)) {
projContext.setCanProject(false);
}
}
}
setPrimaryDeltaOldValue(projContext);
}
use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method fetchObject.
@Override
public <T extends ShadowType> PrismObject<T> fetchObject(Class<T> type, ResourceObjectIdentification resourceObjectIdentification, AttributesToReturn attributesToReturn, StateReporter reporter, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, GenericFrameworkException, SchemaException, SecurityViolationException, ConfigurationException {
Validate.notNull(resourceObjectIdentification, "Null primary identifiers");
ObjectClassComplexTypeDefinition objectClassDefinition = resourceObjectIdentification.getObjectClassDefinition();
// Result type for this operation
OperationResult result = parentResult.createMinorSubresult(ConnectorInstance.class.getName() + ".fetchObject");
result.addParam("resourceObjectDefinition", objectClassDefinition);
result.addParam("identification", resourceObjectIdentification);
result.addContext("connector", connectorType);
if (connIdConnectorFacade == null) {
result.recordFatalError("Attempt to use unconfigured connector");
throw new IllegalStateException("Attempt to use unconfigured connector " + ObjectTypeUtil.toShortString(connectorType) + " " + description);
}
// Get UID from the set of identifiers
Uid uid;
try {
uid = getUid(resourceObjectIdentification);
} catch (SchemaException e) {
result.recordFatalError(e);
throw e;
}
if (uid == null) {
result.recordFatalError("Required attribute UID not found in identification set while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
throw new IllegalArgumentException("Required attribute UID not found in identification set while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
}
ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(objectClassDefinition, getSchemaNamespace(), connectorType, legacySchema);
if (icfObjectClass == null) {
result.recordFatalError("Unable to determine object class from QName " + objectClassDefinition.getTypeName() + " while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
throw new IllegalArgumentException("Unable to determine object class from QName " + objectClassDefinition.getTypeName() + " while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
}
OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
convertToIcfAttrsToGet(objectClassDefinition, attributesToReturn, optionsBuilder);
optionsBuilder.setAllowPartialResults(true);
OperationOptions options = optionsBuilder.build();
ConnectorObject co = null;
try {
// Invoke the ICF connector
co = fetchConnectorObject(reporter, objectClassDefinition, icfObjectClass, uid, options, result);
} catch (CommunicationException ex) {
result.recordFatalError(ex);
// exception.
throw ex;
} catch (GenericFrameworkException ex) {
result.recordFatalError(ex);
// exception.
throw ex;
} catch (ConfigurationException ex) {
result.recordFatalError(ex);
throw ex;
} catch (SecurityViolationException ex) {
result.recordFatalError(ex);
throw ex;
} catch (ObjectNotFoundException ex) {
result.recordFatalError("Object not found");
throw new ObjectNotFoundException("Object identified by " + resourceObjectIdentification + " (ConnId UID " + uid + "), objectClass " + objectClassDefinition.getTypeName() + " was not found in " + description);
} catch (SchemaException ex) {
result.recordFatalError(ex);
throw ex;
} catch (RuntimeException ex) {
result.recordFatalError(ex);
throw ex;
}
if (co == null) {
result.recordFatalError("Object not found");
throw new ObjectNotFoundException("Object identified by " + resourceObjectIdentification + " (ConnId UID " + uid + "), objectClass " + objectClassDefinition.getTypeName() + " was not in " + description);
}
PrismObjectDefinition<T> shadowDefinition = toShadowDefinition(objectClassDefinition);
PrismObject<T> shadow = connIdConvertor.convertToResourceObject(co, shadowDefinition, false, caseIgnoreAttributeNames, legacySchema);
result.recordSuccess();
return shadow;
}
use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method search.
@Override
public <T extends ShadowType> SearchResultMetadata search(final ObjectClassComplexTypeDefinition objectClassDefinition, final ObjectQuery query, final ResultHandler<T> handler, AttributesToReturn attributesToReturn, PagedSearchCapabilityType pagedSearchCapabilityType, SearchHierarchyConstraints searchHierarchyConstraints, final StateReporter reporter, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SecurityViolationException, SchemaException, ObjectNotFoundException {
// Result type for this operation
final OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".search");
result.addParam("objectClass", objectClassDefinition);
result.addContext("connector", connectorType);
if (objectClassDefinition == null) {
result.recordFatalError("Object class not defined");
throw new IllegalArgumentException("objectClass not defined");
}
ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(objectClassDefinition, getSchemaNamespace(), connectorType, legacySchema);
if (icfObjectClass == null) {
IllegalArgumentException ex = new IllegalArgumentException("Unable to determine object class from QName " + objectClassDefinition + " while attempting to search objects by " + ObjectTypeUtil.toShortString(connectorType));
result.recordFatalError("Unable to determine object class", ex);
throw ex;
}
final PrismObjectDefinition<T> objectDefinition = toShadowDefinition(objectClassDefinition);
if (pagedSearchCapabilityType == null) {
pagedSearchCapabilityType = getCapability(PagedSearchCapabilityType.class);
}
final boolean useConnectorPaging = pagedSearchCapabilityType != null;
if (!useConnectorPaging && query != null && query.getPaging() != null && (query.getPaging().getOffset() != null || query.getPaging().getMaxSize() != null)) {
InternalMonitor.recordConnectorSimulatedPagingSearchCount();
}
final Holder<Integer> countHolder = new Holder<>(0);
ResultsHandler icfHandler = new ResultsHandler() {
@Override
public boolean handle(ConnectorObject connectorObject) {
// Convert ICF-specific connector object to a generic
// ResourceObject
recordIcfOperationSuspend(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
int count = countHolder.getValue();
countHolder.setValue(count + 1);
if (!useConnectorPaging) {
if (query != null && query.getPaging() != null && query.getPaging().getOffset() != null && query.getPaging().getMaxSize() != null) {
if (count < query.getPaging().getOffset()) {
recordResume();
return true;
}
if (count == (query.getPaging().getOffset() + query.getPaging().getMaxSize())) {
recordResume();
return false;
}
}
}
PrismObject<T> resourceObject;
try {
resourceObject = connIdConvertor.convertToResourceObject(connectorObject, objectDefinition, false, caseIgnoreAttributeNames, legacySchema);
} catch (SchemaException e) {
recordResume();
throw new IntermediateException(e);
}
// .. and pass it to the handler
boolean cont = handler.handle(resourceObject);
if (!cont) {
result.recordWarning("Stopped on request from the handler");
}
recordResume();
return cont;
}
private void recordResume() {
recordIcfOperationResume(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
}
};
OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
try {
convertToIcfAttrsToGet(objectClassDefinition, attributesToReturn, optionsBuilder);
if (query != null && query.isAllowPartialResults()) {
optionsBuilder.setAllowPartialResults(query.isAllowPartialResults());
}
// preparing paging-related options
if (useConnectorPaging && query != null && query.getPaging() != null) {
ObjectPaging paging = query.getPaging();
if (paging.getOffset() != null) {
// ConnId API says the numbering starts at 1
optionsBuilder.setPagedResultsOffset(paging.getOffset() + 1);
}
if (paging.getMaxSize() != null) {
optionsBuilder.setPageSize(paging.getMaxSize());
}
QName orderByAttributeName;
boolean isAscending;
ItemPath orderByPath = paging.getOrderBy();
String desc;
if (orderByPath != null && !orderByPath.isEmpty()) {
orderByAttributeName = ShadowUtil.getAttributeName(orderByPath, "OrderBy path");
if (SchemaConstants.C_NAME.equals(orderByAttributeName)) {
orderByAttributeName = SchemaConstants.ICFS_NAME;
}
isAscending = paging.getDirection() != OrderDirection.DESCENDING;
desc = "(explicitly specified orderBy attribute)";
} else {
orderByAttributeName = pagedSearchCapabilityType.getDefaultSortField();
isAscending = pagedSearchCapabilityType.getDefaultSortDirection() != OrderDirectionType.DESCENDING;
desc = "(default orderBy attribute from capability definition)";
}
if (orderByAttributeName != null) {
String orderByIcfName = connIdNameMapper.convertAttributeNameToIcf(orderByAttributeName, objectClassDefinition, desc);
optionsBuilder.setSortKeys(new SortKey(orderByIcfName, isAscending));
}
}
if (searchHierarchyConstraints != null) {
ResourceObjectIdentification baseContextIdentification = searchHierarchyConstraints.getBaseContext();
// Only LDAP connector really supports base context. And this one will work better with
// DN. And DN is secondary identifier (__NAME__). This is ugly, but practical. It works around ConnId problems.
ResourceAttribute<?> secondaryIdentifier = baseContextIdentification.getSecondaryIdentifier();
if (secondaryIdentifier == null) {
SchemaException e = new SchemaException("No secondary identifier in base context identification " + baseContextIdentification);
result.recordFatalError(e);
throw e;
}
String secondaryIdentifierValue = secondaryIdentifier.getRealValue(String.class);
ObjectClass baseContextIcfObjectClass = connIdNameMapper.objectClassToIcf(baseContextIdentification.getObjectClassDefinition(), getSchemaNamespace(), connectorType, legacySchema);
QualifiedUid containerQualifiedUid = new QualifiedUid(baseContextIcfObjectClass, new Uid(secondaryIdentifierValue));
optionsBuilder.setContainer(containerQualifiedUid);
}
} catch (SchemaException e) {
result.recordFatalError(e);
throw e;
}
// Relax completeness requirements. This is a search, not get. So it is OK to
// return incomplete member lists and similar attributes.
optionsBuilder.setAllowPartialAttributeValues(true);
OperationOptions options = optionsBuilder.build();
Filter filter;
try {
filter = convertFilterToIcf(query, objectClassDefinition);
} catch (SchemaException | RuntimeException e) {
result.recordFatalError(e);
throw e;
}
// Connector operation cannot create result for itself, so we need to
// create result for it
OperationResult icfResult = result.createSubresult(ConnectorFacade.class.getName() + ".search");
icfResult.addArbitraryObjectAsParam("objectClass", icfObjectClass);
icfResult.addContext("connector", connIdConnectorFacade.getClass());
SearchResult icfSearchResult;
try {
InternalMonitor.recordConnectorOperation("search");
recordIcfOperationStart(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
icfSearchResult = connIdConnectorFacade.search(icfObjectClass, filter, icfHandler, options);
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
icfResult.recordSuccess();
} catch (IntermediateException inex) {
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition, inex);
SchemaException ex = (SchemaException) inex.getCause();
icfResult.recordFatalError(ex);
result.recordFatalError(ex);
throw ex;
} catch (Throwable ex) {
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition, ex);
Throwable midpointEx = processIcfException(ex, this, icfResult);
result.computeStatus();
// exception
if (midpointEx instanceof CommunicationException) {
throw (CommunicationException) midpointEx;
} else if (midpointEx instanceof ObjectNotFoundException) {
throw (ObjectNotFoundException) midpointEx;
} else if (midpointEx instanceof GenericFrameworkException) {
throw (GenericFrameworkException) midpointEx;
} else if (midpointEx instanceof SchemaException) {
throw (SchemaException) midpointEx;
} else if (midpointEx instanceof SecurityViolationException) {
throw (SecurityViolationException) midpointEx;
} else if (midpointEx instanceof RuntimeException) {
throw (RuntimeException) midpointEx;
} else if (midpointEx instanceof Error) {
throw (Error) midpointEx;
} else {
throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
SearchResultMetadata metadata = null;
if (icfSearchResult != null) {
metadata = new SearchResultMetadata();
metadata.setPagingCookie(icfSearchResult.getPagedResultsCookie());
if (icfSearchResult.getRemainingPagedResults() >= 0) {
metadata.setApproxNumberOfAllResults(icfSearchResult.getRemainingPagedResults());
}
if (!icfSearchResult.isAllResultsReturned()) {
metadata.setPartialResults(true);
}
}
if (result.isUnknown()) {
result.recordSuccess();
}
return metadata;
}
use of com.evolveum.midpoint.util.exception.SecurityViolationException in project midpoint by Evolveum.
the class TestRetirement method reconcileAllOrgs.
private void reconcileAllOrgs() throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
final Task task = createTask("reconcileAllOrgs");
OperationResult result = task.getResult();
ResultHandler<OrgType> handler = new ResultHandler<OrgType>() {
@Override
public boolean handle(PrismObject<OrgType> object, OperationResult parentResult) {
try {
display("reconciling " + object);
reconcileOrg(object.getOid(), task, parentResult);
} catch (SchemaException | PolicyViolationException | ExpressionEvaluationException | ObjectNotFoundException | ObjectAlreadyExistsException | CommunicationException | ConfigurationException | SecurityViolationException e) {
throw new SystemException(e.getMessage(), e);
}
return true;
}
};
display("Reconciling all orgs");
modelService.searchObjectsIterative(OrgType.class, null, handler, null, task, result);
}
Aggregations