Examples with ExtSource cz.metacentrum.perun.core.api.ExtSource used on opensource projects

Example 71 with ExtSource

use of cz.metacentrum.perun.core.api.ExtSource in project perun by CESNET.

the class urn_perun_group_attribute_def_def_groupExtSource method checkAttributeValue.

@Override
public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
    //prepare groupName value variable
    String extSourceName = null;
    if (attribute.getValue() != null)
        extSourceName = (String) attribute.getValue();
    if (extSourceName == null) {
        //attribute can be removed
        return;
    } else {
        try {
            Vo groupVo = sess.getPerunBl().getVosManagerBl().getVoById(sess, group.getVoId());
            List<ExtSource> allowedExtSources = sess.getPerunBl().getExtSourcesManagerBl().getVoExtSources(sess, groupVo);
            for (ExtSource es : allowedExtSources) {
                if (extSourceName.equals(es.getName()))
                    return;
            }
            throw new WrongAttributeValueException(attribute, group, "ExtSourceName " + extSourceName + " is not valid, because VO " + groupVo + " of this group has no such extSource assigned.");
        } catch (VoNotExistsException ex) {
            throw new ConsistencyErrorException("Vo of this group " + group + " not exists!");
        }
    }
}

Example 72 with ExtSource

use of cz.metacentrum.perun.core.api.ExtSource in project perun by CESNET.

the class ExtSourcesManagerBlImpl method getCandidate.

@Override
public Candidate getCandidate(PerunSession sess, ExtSource source, String login) throws InternalErrorException, ExtSourceNotExistsException, CandidateNotExistsException, ExtSourceUnsupportedOperationException {
    // New Canddate
    Candidate candidate = new Candidate();
    // Prepare userExtSource object
    UserExtSource userExtSource = new UserExtSource();
    userExtSource.setExtSource(source);
    userExtSource.setLogin(login);
    // Set the userExtSource
    candidate.setUserExtSource(userExtSource);
    // Get the subject from the extSource
    Map<String, String> subject = null;
    try {
        subject = ((ExtSourceSimpleApi) source).getSubjectByLogin(login);
    } catch (SubjectNotExistsException e) {
        throw new CandidateNotExistsException(login);
    }
    if (subject == null) {
        throw new CandidateNotExistsException("Candidate with login [" + login + "] not exists");
    }
    //If first name of candidate is not in format of name, set null instead
    candidate.setFirstName(subject.get("firstName"));
    if (candidate.getFirstName() != null) {
        Matcher name = namePattern.matcher(candidate.getFirstName());
        if (!name.matches())
            candidate.setFirstName(null);
    }
    //If last name of candidate is not in format of name, set null instead
    candidate.setLastName(subject.get("lastName"));
    if (candidate.getLastName() != null) {
        Matcher name = namePattern.matcher(candidate.getLastName());
        if (!name.matches())
            candidate.setLastName(null);
    }
    candidate.setMiddleName(subject.get("middleName"));
    candidate.setTitleAfter(subject.get("titleAfter"));
    candidate.setTitleBefore(subject.get("titleBefore"));
    //Set service user
    if (subject.get("isServiceUser") == null) {
        candidate.setServiceUser(false);
    } else {
        String isServiceUser = subject.get("isServiceUser");
        if (isServiceUser.equals("true")) {
            candidate.setServiceUser(true);
        } else {
            candidate.setServiceUser(false);
        }
    }
    //Set sponsored user
    if (subject.get("isSponsoredUser") == null) {
        candidate.setSponsoredUser(false);
    } else {
        String isSponsoredUser = subject.get("isSponsoredUser");
        if (isSponsoredUser.equals("true")) {
            candidate.setSponsoredUser(true);
        } else {
            candidate.setSponsoredUser(false);
        }
    }
    // Additional userExtSources
    List<UserExtSource> additionalUserExtSources = new ArrayList<UserExtSource>();
    // Filter attributes
    Map<String, String> attributes = new HashMap<String, String>();
    for (String attrName : subject.keySet()) {
        // FIXME volat metody z attributesManagera nez kontrolovat na zacatek jmena
        if (attrName.startsWith(AttributesManager.NS_MEMBER_ATTR) || attrName.startsWith(AttributesManager.NS_USER_ATTR)) {
            attributes.put(attrName, subject.get(attrName));
        } else if (attrName.startsWith(ExtSourcesManagerImpl.USEREXTSOURCEMAPPING)) {
            //skip null additional ext sources
            if (subject.get(attrName) == null)
                continue;
            // Add additionalUserExtSources
            // Entry contains extSourceName|extSourceType|extLogin[|LoA]
            String[] userExtSourceRaw = subject.get(attrName).split("\\|");
            log.debug("Processing additionalUserExtSource {}", subject.get(attrName));
            //Check if the array has at least 3 parts, this is protection against outOfBoundException
            if (userExtSourceRaw.length < 3) {
                throw new InternalErrorException("There is missing some mandatory part of additional user extSource value when processing it - '" + attrName + "'");
            }
            String additionalExtSourceName = userExtSourceRaw[0];
            String additionalExtSourceType = userExtSourceRaw[1];
            String additionalExtLogin = userExtSourceRaw[2];
            int additionalExtLoa = 0;
            //Loa is not mandatory argument
            if (userExtSourceRaw.length > 3 && userExtSourceRaw[3] != null) {
                try {
                    additionalExtLoa = Integer.parseInt(userExtSourceRaw[3]);
                } catch (NumberFormatException e) {
                    throw new ParserException("Candidate with login [" + login + "] has wrong LoA '" + userExtSourceRaw[3] + "'.", e, "LoA");
                }
            }
            ExtSource additionalExtSource;
            if (additionalExtSourceName == null || additionalExtSourceName.isEmpty() || additionalExtSourceType == null || additionalExtSourceType.isEmpty() || additionalExtLogin == null || additionalExtLogin.isEmpty()) {
                log.error("User with login {} has invalid additional userExtSource defined {}.", login, userExtSourceRaw);
            } else {
                try {
                    // Try to get extSource, with full extSource object (containg ID)
                    additionalExtSource = getPerunBl().getExtSourcesManagerBl().getExtSourceByName(sess, additionalExtSourceName);
                } catch (ExtSourceNotExistsException e) {
                    try {
                        // Create new one if not exists
                        additionalExtSource = new ExtSource(additionalExtSourceName, additionalExtSourceType);
                        additionalExtSource = getPerunBl().getExtSourcesManagerBl().createExtSource(sess, additionalExtSource, null);
                    } catch (ExtSourceExistsException e1) {
                        throw new ConsistencyErrorException("Creating existin extSource: " + additionalExtSourceName);
                    }
                }
                //add additional user extSource
                additionalUserExtSources.add(new UserExtSource(additionalExtSource, additionalExtLoa, additionalExtLogin));
            }
        }
    }
    candidate.setAdditionalUserExtSources(additionalUserExtSources);
    candidate.setAttributes(attributes);
    return candidate;
}

Example 73 with ExtSource

use of cz.metacentrum.perun.core.api.ExtSource in project perun by CESNET.

the class urn_perun_user_attribute_def_def_login_namespace_elixir_persistent_shadow method changedAttributeHook.

/**
	 * ChangedAttributeHook() sets UserExtSource with following properties:
	 *  - extSourceType is IdP
	 *  - extSourceName is https://engine.elixir-idp.ics.muni.cz/authentication/idp/metadata
	 *  - user's extSource login is the same as his elixir-persistent attribute
	 *
	 * @param session PerunSession
	 * @param user User to set UserExtSource for
	 * @param attribute Attribute containing elixirID
	 * @throws cz.metacentrum.perun.core.api.exceptions.InternalErrorException
	 * @throws cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException
	 */
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
    try {
        String userNamespace = attribute.getFriendlyNameParameter();
        if (userNamespace.equals("elixir-persistent-shadow") && attribute.getValue() != null) {
            ExtSource extSource = session.getPerunBl().getExtSourcesManagerBl().getExtSourceByName(session, extSourceNameElixir);
            UserExtSource userExtSource = new UserExtSource(extSource, 0, attribute.getValue().toString());
            session.getPerunBl().getUsersManagerBl().addUserExtSource(session, user, userExtSource);
        }
    } catch (UserExtSourceExistsException ex) {
        log.warn("Elixir IdP external source already exists for the user.", ex);
    } catch (ExtSourceNotExistsException ex) {
        throw new InternalErrorException("IdP external source for elixir doesn't exist.", ex);
    }
}

Example 74 with ExtSource

use of cz.metacentrum.perun.core.api.ExtSource in project perun by CESNET.

the class GroupsManagerBlImpl method deleteAnyGroup.

/**
 * If forceDelete is false, delete only group which has no subgroup and no member.
 * If forceDelete is true, delete group with all subgroups and members.
 *
 * @param sess
 * @param group
 * @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
 * @throws InternalErrorException
 * @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
 * @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
 */
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
    Vo vo = this.getVo(sess, group);
    if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
        if (!forceDelete)
            throw new RelationExistsException("Group group=" + group + " contains subgroups");
        // get subgroups of this group
        List<Group> subGroups = getSubGroups(sess, group);
        for (Group subGroup : subGroups) {
            deleteAnyGroup(sess, subGroup, true);
        }
    }
    if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
        throw new RelationExistsException("Group group=" + group + " contains members");
    }
    List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
    try {
        for (AssignedResource assignedResource : assignedResources) {
            if (assignedResource.getSourceGroupId() == null) {
                getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
            } else {
                getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
            }
        }
        // remove group's attributes
        getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
    } catch (GroupNotDefinedOnResourceException ex) {
        throw new ConsistencyErrorException(ex);
    } catch (AttributeValueException ex) {
        throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
    }
    // delete all Groups reserved logins from KDC
    List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
    for (Integer appId : list) {
        // for each application
        for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
            // for all reserved logins - delete them in ext. system (e.g. KDC)
            try {
                // left = namespace / right = login
                getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
            } catch (LoginNotExistsException ex) {
                log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
            } catch (InvalidLoginException e) {
                throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
            } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
                throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
            }
        }
    }
    // delete all Groups reserved logins from DB
    getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
    // remove all assigned ExtSources to this group
    List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
    for (ExtSource source : assignedSources) {
        try {
            getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
        } catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
            // Just log this, because if method can't remove it, it is probably not assigned now
            log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
        }
    }
    // 1. remove all relations with group g as an operand group.
    // this removes all relations that depend on this group
    List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
    for (Integer groupId : relations) {
        removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
    }
    // 2. remove all relations with group as a result group
    // We can remove relations without recalculation (@see removeRelationMembers)
    // because all dependencies of group were deleted in step 1.
    groupsManagerImpl.removeResultGroupRelations(sess, group);
    // Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
    List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
    // delete all member-group attributes
    for (Member member : membersFromDeletedGroup) {
        try {
            perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
        } catch (AttributeValueException ex) {
            throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
        } catch (MemberGroupMismatchException e) {
            throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
        }
    }
    // remove admin roles of group
    List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
    for (Facility facility : facilitiesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
    for (Group group1 : groupsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
    for (Resource resource : resourcesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
    for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
        try {
            perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        }
    }
    List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
    for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
    for (Vo vo1 : vosWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // remove admins of this group
    List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
    for (Group adminGroup : adminGroups) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
    for (User adminUser : adminUsers) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
        } catch (UserNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // Deletes also all direct and indirect members of the group
    getGroupsManagerImpl().deleteGroup(sess, vo, group);
    logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
    getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}

Example 75 with ExtSource

use of cz.metacentrum.perun.core.api.ExtSource in project perun by CESNET.

the class ExtSourcesManagerBlImpl method generateCandidateGroup.

@Override
public CandidateGroup generateCandidateGroup(PerunSession perunSession, Map<String, String> groupSubjectData, ExtSource source, String loginPrefix) {
    if (groupSubjectData == null)
        throw new InternalErrorException("Group subject data cannot be null.");
    if (groupSubjectData.isEmpty())
        throw new InternalErrorException("Group subject data cannot be empty, at least group name has to exists.");
    if (source == null)
        throw new InternalErrorException("ExtSource cannot be null while generating CandidateGroup");
    CandidateGroup candidateGroup = new CandidateGroup();
    candidateGroup.setExtSource(source);
    candidateGroup.asGroup().setName(groupSubjectData.get(GroupsManagerBlImpl.GROUP_NAME));
    candidateGroup.setLogin(loginPrefix + groupSubjectData.get(GroupsManagerBlImpl.GROUP_LOGIN));
    if (candidateGroup.getLogin() == null || candidateGroup.getLogin().isEmpty()) {
        throw new InternalErrorException("Group subject data has to contain valid group login!");
    }
    // Check if the group name is not null and if it is in valid format.
    if (candidateGroup.asGroup().getName() != null) {
        try {
            Utils.validateGroupName(candidateGroup.asGroup().getName());
        } catch (IllegalArgumentException e) {
            throw new InternalErrorException("Group subject data has to contain valid group name!", e);
        }
    } else {
        throw new InternalErrorException("group name cannot be null in Group subject data!");
    }
    if (groupSubjectData.get(GroupsManagerBlImpl.PARENT_GROUP_LOGIN) != null) {
        candidateGroup.setParentGroupLogin(loginPrefix + groupSubjectData.get(GroupsManagerBlImpl.PARENT_GROUP_LOGIN));
    }
    candidateGroup.asGroup().setDescription(groupSubjectData.get(GroupsManagerBlImpl.GROUP_DESCRIPTION));
    groupSubjectData.entrySet().stream().filter(entry -> !GROUP_SYNC_DEFAULT_DATA.contains(entry.getKey())).forEach(entry -> candidateGroup.addAdditionalAttribute(entry.getKey(), entry.getValue()));
    return candidateGroup;
}