Example 1 with PasswordDeletionFailedException
use of cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException in project perun by CESNET.
the class GroupsManagerBlImpl method deleteAnyGroup.
/**
* If forceDelete is false, delete only group which has no subgroup and no member.
* If forceDelete is true, delete group with all subgroups and members.
*
* @param sess
* @param group
* @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
* @throws InternalErrorException
* @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
* @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
*/
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
Vo vo = this.getVo(sess, group);
if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
if (!forceDelete)
throw new RelationExistsException("Group group=" + group + " contains subgroups");
// get subgroups of this group
List<Group> subGroups = getSubGroups(sess, group);
for (Group subGroup : subGroups) {
deleteAnyGroup(sess, subGroup, true);
}
}
if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
throw new RelationExistsException("Group group=" + group + " contains members");
}
List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
try {
for (AssignedResource assignedResource : assignedResources) {
if (assignedResource.getSourceGroupId() == null) {
getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
} else {
getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
}
}
// remove group's attributes
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
} catch (GroupNotDefinedOnResourceException ex) {
throw new ConsistencyErrorException(ex);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
}
// delete all Groups reserved logins from KDC
List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
for (Integer appId : list) {
// for each application
for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
// for all reserved logins - delete them in ext. system (e.g. KDC)
try {
// left = namespace / right = login
getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
} catch (LoginNotExistsException ex) {
log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
} catch (InvalidLoginException e) {
throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
} catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
}
}
}
// delete all Groups reserved logins from DB
getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
// remove all assigned ExtSources to this group
List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
for (ExtSource source : assignedSources) {
try {
getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
} catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
// Just log this, because if method can't remove it, it is probably not assigned now
log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
}
}
// 1. remove all relations with group g as an operand group.
// this removes all relations that depend on this group
List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
for (Integer groupId : relations) {
removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
}
// 2. remove all relations with group as a result group
// We can remove relations without recalculation (@see removeRelationMembers)
// because all dependencies of group were deleted in step 1.
groupsManagerImpl.removeResultGroupRelations(sess, group);
// Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
// delete all member-group attributes
for (Member member : membersFromDeletedGroup) {
try {
perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
} catch (MemberGroupMismatchException e) {
throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
}
}
// remove admin roles of group
List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
for (Facility facility : facilitiesWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
for (Group group1 : groupsWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
for (Resource resource : resourcesWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
try {
perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
}
}
List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
for (Vo vo1 : vosWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// remove admins of this group
List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// Deletes also all direct and indirect members of the group
getGroupsManagerImpl().deleteGroup(sess, vo, group);
logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}
Also used :
ExtSourceAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.ExtSourceAlreadyRemovedException)
EnrichedGroup(cz.metacentrum.perun.core.api.EnrichedGroup)
IndirectMemberRemovedFromGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.IndirectMemberRemovedFromGroup)
CandidateGroup(cz.metacentrum.perun.core.api.CandidateGroup)
RichGroup(cz.metacentrum.perun.core.api.RichGroup)
MemberExpiredInGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.MemberExpiredInGroup)
MemberValidatedInGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.MemberValidatedInGroup)
DirectMemberRemovedFromGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.DirectMemberRemovedFromGroup)
Group(cz.metacentrum.perun.core.api.Group)
DirectMemberAddedToGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.DirectMemberAddedToGroup)
IndirectMemberAddedToGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.IndirectMemberAddedToGroup)
MemberGroupMismatchException(cz.metacentrum.perun.core.api.exceptions.MemberGroupMismatchException)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
AttributeValueException(cz.metacentrum.perun.core.api.exceptions.AttributeValueException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
GroupNotDefinedOnResourceException(cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException)
Vo(cz.metacentrum.perun.core.api.Vo)
GroupCreatedInVo(cz.metacentrum.perun.audit.events.GroupManagerEvents.GroupCreatedInVo)
GroupDeleted(cz.metacentrum.perun.audit.events.GroupManagerEvents.GroupDeleted)
ExtSourceNotAssignedException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotAssignedException)
RichMember(cz.metacentrum.perun.core.api.RichMember)
Member(cz.metacentrum.perun.core.api.Member)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
AssignedResource(cz.metacentrum.perun.core.api.AssignedResource)
Resource(cz.metacentrum.perun.core.api.Resource)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
SecurityTeam(cz.metacentrum.perun.core.api.SecurityTeam)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
AssignedResource(cz.metacentrum.perun.core.api.AssignedResource)
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
RichUserExtSource(cz.metacentrum.perun.core.api.RichUserExtSource)
ExtSource(cz.metacentrum.perun.core.api.ExtSource)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
Facility(cz.metacentrum.perun.core.api.Facility)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
Example 2 with PasswordDeletionFailedException
use of cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException in project perun by CESNET.
the class MembersManagerImpl method rejectAllMemberOpenApplications.
@Override
public void rejectAllMemberOpenApplications(PerunSession sess, Member member) {
try {
List<Integer> ids = jdbc.query("select id from application " + "where user_id=? and vo_id=? and state not in (?, ?)", new SingleColumnRowMapper<>(Integer.class), member.getUserId(), member.getVoId(), rejected, approved);
if (ids.isEmpty()) {
return;
}
MapSqlParameterSource parameters = new MapSqlParameterSource();
parameters.addValue("ids", ids);
parameters.addValue("userId", sess.getPerunPrincipal().getUserId());
parameters.addValue("state", rejected);
namedParameterJdbcTemplate.update("update application set state=:state, modified_at=" + Compatibility.getSysdate() + ", modified_by_uid=:userId " + "where id in (:ids)", parameters);
// get all reserved logins
List<Pair<String, String>> logins = namedParameterJdbcTemplate.query("select namespace,login from application_reserved_logins " + "where app_id in (:ids)", parameters, (resultSet, arg1) -> new Pair<>(resultSet.getString("namespace"), resultSet.getString("login")));
// delete passwords for reserved logins
for (Pair<String, String> login : logins) {
try {
// left = namespace / right = login
((PerunBl) sess.getPerun()).getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
} catch (LoginNotExistsException ex) {
log.error("Login: {} not exists while deleting passwords in rejected applications for member: {}", login.getLeft(), member);
} catch (PasswordOperationTimeoutException | InvalidLoginException | PasswordDeletionFailedException e) {
throw new InternalErrorException("Unable to delete password for Login: " + login.getLeft() + " in rejected applications for member: " + member + ".", e);
}
}
// free any login from reservation when application is rejected
namedParameterJdbcTemplate.update("delete from application_reserved_logins " + "where app_id in (:ids)", parameters);
} catch (RuntimeException e) {
throw new InternalErrorException(e);
}
}
Also used :
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
MapSqlParameterSource(org.springframework.jdbc.core.namedparam.MapSqlParameterSource)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
Pair(cz.metacentrum.perun.core.api.Pair)
Example 3 with PasswordDeletionFailedException
use of cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException in project perun by CESNET.
the class UsersManagerBlImpl method deletePassword.
@Override
public void deletePassword(PerunSession sess, String userLogin, String loginNamespace) throws LoginNotExistsException, PasswordDeletionFailedException, PasswordOperationTimeoutException, InvalidLoginException {
log.info("Deleting password for {} in login-namespace {}.", userLogin, loginNamespace);
// Delete the password
PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
try {
module.deletePassword(sess, userLogin);
} catch (PasswordDeletionFailedRuntimeException e) {
throw new PasswordDeletionFailedException(e);
} catch (LoginNotExistsRuntimeException e) {
throw new LoginNotExistsException(e);
} catch (PasswordOperationTimeoutRuntimeException e) {
throw new PasswordOperationTimeoutException(e);
} catch (InvalidLoginException e) {
throw e;
} catch (Exception ex) {
// fallback for exception compatibility
throw new PasswordDeletionFailedException("Password deletion failed for " + loginNamespace + ":" + userLogin + ".", ex);
}
}
Also used :
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
PasswordManagerModule(cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule)
GenericPasswordManagerModule(cz.metacentrum.perun.core.impl.modules.pwdmgr.GenericPasswordManagerModule)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException)
LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException)
PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
MemberAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.MemberAlreadyRemovedException)
PasswordCreationFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordCreationFailedException)
UserExtSourceAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceAlreadyRemovedException)
ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
PasswordDoesntMatchRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException)
WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)
LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException)
PasswordStrengthFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthFailedException)
PasswordCreationFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException)
SpecificUserAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException)
AlreadyReservedLoginException(cz.metacentrum.perun.core.api.exceptions.AlreadyReservedLoginException)
SpecificUserOwnerAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.SpecificUserOwnerAlreadyRemovedException)
IllegalArgumentException(cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)
UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException)
AlreadyAdminException(cz.metacentrum.perun.core.api.exceptions.AlreadyAdminException)
PasswordChangeFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordChangeFailedException)
PasswordResetLinkExpiredException(cz.metacentrum.perun.core.api.exceptions.PasswordResetLinkExpiredException)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
MemberNotExistsException(cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException)
PasswordChangeFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
PasswordStrengthFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordStrengthFailedRuntimeException)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
PasswordStrengthException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthException)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
UserAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserAlreadyRemovedException)
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
RelationNotExistsException(cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException)
PasswordDoesntMatchException(cz.metacentrum.perun.core.api.exceptions.PasswordDoesntMatchException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)
PasswordResetLinkNotValidException(cz.metacentrum.perun.core.api.exceptions.PasswordResetLinkNotValidException)
UserNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserNotExistsException)
PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException)
AnonymizationNotSupportedException(cz.metacentrum.perun.core.api.exceptions.AnonymizationNotSupportedException)
Example 4 with PasswordDeletionFailedException
use of cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException in project perun by CESNET.
the class UsersManagerBlImpl method deletePassword.
@Override
public void deletePassword(PerunSession sess, User user, String loginNamespace) throws LoginNotExistsException, PasswordDeletionFailedException, PasswordOperationTimeoutException, InvalidLoginException {
log.info("Deleting password for {} in login-namespace {}.", user, loginNamespace);
// Delete the password
PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
try {
Attribute attr = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + AttributesManager.LOGIN_NAMESPACE + ":" + loginNamespace);
if (attr.getValue() == null) {
throw new LoginNotExistsException("Attribute containing login has empty value. Namespace: " + loginNamespace);
}
module.deletePassword(sess, attr.valueAsString());
} catch (PasswordDeletionFailedRuntimeException e) {
throw new PasswordDeletionFailedException(e);
} catch (LoginNotExistsRuntimeException e) {
throw new LoginNotExistsException(e);
} catch (PasswordOperationTimeoutRuntimeException e) {
throw new PasswordOperationTimeoutException(e);
} catch (Exception ex) {
// fallback for exception compatibility
throw new PasswordDeletionFailedException("Password deletion failed for " + loginNamespace + ": " + user + ".", ex);
}
}
Also used :
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
PasswordManagerModule(cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule)
GenericPasswordManagerModule(cz.metacentrum.perun.core.impl.modules.pwdmgr.GenericPasswordManagerModule)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException)
LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException)
PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
MemberAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.MemberAlreadyRemovedException)
PasswordCreationFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordCreationFailedException)
UserExtSourceAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceAlreadyRemovedException)
ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
PasswordDoesntMatchRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException)
WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)
LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException)
PasswordStrengthFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthFailedException)
PasswordCreationFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException)
SpecificUserAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException)
AlreadyReservedLoginException(cz.metacentrum.perun.core.api.exceptions.AlreadyReservedLoginException)
SpecificUserOwnerAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.SpecificUserOwnerAlreadyRemovedException)
IllegalArgumentException(cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)
UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException)
AlreadyAdminException(cz.metacentrum.perun.core.api.exceptions.AlreadyAdminException)
PasswordChangeFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordChangeFailedException)
PasswordResetLinkExpiredException(cz.metacentrum.perun.core.api.exceptions.PasswordResetLinkExpiredException)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
MemberNotExistsException(cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException)
PasswordChangeFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
PasswordStrengthFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordStrengthFailedRuntimeException)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
PasswordStrengthException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthException)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
UserAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserAlreadyRemovedException)
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
RelationNotExistsException(cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException)
PasswordDoesntMatchException(cz.metacentrum.perun.core.api.exceptions.PasswordDoesntMatchException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)
PasswordResetLinkNotValidException(cz.metacentrum.perun.core.api.exceptions.PasswordResetLinkNotValidException)
UserNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserNotExistsException)
PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException)
AnonymizationNotSupportedException(cz.metacentrum.perun.core.api.exceptions.AnonymizationNotSupportedException)
Example 5 with PasswordDeletionFailedException
use of cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException in project perun by CESNET.
the class UsersManagerBlImpl method deleteUser.
private void deleteUser(PerunSession sess, User user, boolean forceDelete, boolean anonymizeInstead) throws RelationExistsException, MemberAlreadyRemovedException, UserAlreadyRemovedException, SpecificUserAlreadyRemovedException, AnonymizationNotSupportedException {
List<Member> members = getPerunBl().getMembersManagerBl().getMembersByUser(sess, user);
if (members != null && (members.size() > 0)) {
if (forceDelete) {
for (Member member : members) {
getPerunBl().getMembersManagerBl().deleteMember(sess, member);
}
} else {
throw new RelationExistsException("Members exist");
}
}
if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && forceDelete) {
getPerunBl().getSecurityTeamsManagerBl().removeUserFromAllBlacklists(sess, user);
} else if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && !forceDelete) {
throw new RelationExistsException("User is blacklisted by some security team. Deletion would cause loss of this information.");
}
// First delete all associated external sources to the user
removeAllUserExtSources(sess, user);
getPerunBl().getAuditer().log(sess, new AllUserExtSourcesDeletedForUser(user));
// delete all authorships of users publications
getUsersManagerImpl().removeAllAuthorships(sess, user);
// delete all mailchange request related to user
getUsersManagerImpl().removeAllPreferredEmailChangeRequests(sess, user);
// delete all pwdreset request related to user
getUsersManagerImpl().removeAllPasswordResetRequests(sess, user);
// get all reserved logins of user
List<Pair<String, String>> logins = getUsersManagerImpl().getUsersReservedLogins(user);
// delete them from KDC
for (Pair<String, String> login : logins) {
try {
// !! left = namespace / right = login
this.deletePassword(sess, login.getRight(), login.getLeft());
} catch (LoginNotExistsException e) {
// OK - User hasn't assigned any password with this login
} catch (InvalidLoginException e) {
throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
} catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
if (forceDelete) {
log.error("Error during deletion of an account at {} for user {} with login {}.", login.getLeft(), user, login.getRight());
} else {
throw new RelationExistsException("Error during deletion of an account at " + login.getLeft() + " for user " + user + " with login " + login.getRight() + ".");
}
}
}
// delete them from DB
getUsersManagerImpl().deleteUsersReservedLogins(user);
// Remove all possible passwords associated with logins (stored in attributes)
for (Attribute loginAttribute : getPerunBl().getAttributesManagerBl().getLogins(sess, user)) {
try {
this.deletePassword(sess, (String) loginAttribute.getValue(), loginAttribute.getFriendlyNameParameter());
} catch (LoginNotExistsException e) {
// OK - User hasn't assigned any password with this login
} catch (InvalidLoginException e) {
throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
} catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
if (forceDelete) {
log.error("Error during deletion of the account at {} for user {} with login {}.", loginAttribute.getFriendlyNameParameter(), user, loginAttribute.getValue());
} else {
throw new RelationExistsException("Error during deletion of the account at " + loginAttribute.getFriendlyNameParameter() + " for user " + user + " with login " + loginAttribute.getValue() + ".");
}
}
}
// Delete, keep or anonymize assigned attributes
try {
// User-Facilities one
getPerunBl().getAttributesManagerBl().removeAllUserFacilityAttributes(sess, user);
// Users one
if (anonymizeInstead) {
List<String> attributesToAnonymize = BeansUtils.getCoreConfig().getAttributesToAnonymize();
List<String> attributesToKeep = BeansUtils.getCoreConfig().getAttributesToKeep();
List<Attribute> userAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, user);
for (Attribute attribute : userAttributes) {
// Skip core and virtual attributes
if (getPerunBl().getAttributesManagerBl().isCoreAttribute(sess, attribute) || getPerunBl().getAttributesManagerBl().isVirtAttribute(sess, attribute)) {
continue;
}
// Skip attributes configured to keep untouched
if (attributesToKeep.contains(attribute.getName()) || // Attributes like 'login-namespace:mu' are configured as 'login-namespace:*'
(!attribute.getFriendlyNameParameter().isEmpty() && attributesToKeep.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
continue;
}
// Anonymize configured attributes
if (attributesToAnonymize.contains(attribute.getName()) || (!attribute.getFriendlyNameParameter().isEmpty() && attributesToAnonymize.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
Attribute anonymized = getPerunBl().getAttributesManagerBl().getAnonymizedValue(sess, user, attribute);
getPerunBl().getAttributesManagerBl().setAttribute(sess, user, anonymized);
} else {
// Delete remaining attributes
getPerunBl().getAttributesManagerBl().removeAttribute(sess, user, attribute);
}
}
} else {
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, user);
}
} catch (WrongAttributeValueException | WrongReferenceAttributeValueException | WrongAttributeAssignmentException ex) {
// All members are deleted => there are no required attributes => all attributes can be removed
throw new ConsistencyErrorException(ex);
}
// Remove user authz
AuthzResolverBlImpl.removeAllUserAuthz(sess, user);
// delete even inactive links
usersManagerImpl.deleteSponsorLinks(sess, user);
// Remove all users bans
List<BanOnFacility> bansOnFacility = getPerunBl().getFacilitiesManagerBl().getBansForUser(sess, user.getId());
for (BanOnFacility banOnFacility : bansOnFacility) {
try {
getPerunBl().getFacilitiesManagerBl().removeBan(sess, banOnFacility.getId());
} catch (BanNotExistsException ex) {
// it is ok, we just want to remove it anyway
}
}
// Remove all sponsored user authz of his owners
if (user.isSponsoredUser())
AuthzResolverBlImpl.removeAllSponsoredUserAuthz(sess, user);
if (anonymizeInstead) {
getUsersManagerImpl().anonymizeUser(sess, user);
// delete all users applications and submitted data, this is needed only when 'anonymizeInstead'
// because applications are deleted on cascade when user's row is deleted in DB
getUsersManagerImpl().deleteUsersApplications(user);
} else {
// Finally delete the user
getUsersManagerImpl().deleteUser(sess, user);
getPerunBl().getAuditer().log(sess, new UserDeleted(user));
}
}
Also used :
Attribute(cz.metacentrum.perun.core.api.Attribute)
WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
Member(cz.metacentrum.perun.core.api.Member)
Pair(cz.metacentrum.perun.core.api.Pair)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
AllUserExtSourcesDeletedForUser(cz.metacentrum.perun.audit.events.UserManagerEvents.AllUserExtSourcesDeletedForUser)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
UserDeleted(cz.metacentrum.perun.audit.events.UserManagerEvents.UserDeleted)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)
Aggregations
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)6
InvalidLoginException (cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)6
LoginNotExistsException (cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)6
PasswordDeletionFailedException (cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)6
PasswordOperationTimeoutException (cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)6
ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)5
RelationExistsException (cz.metacentrum.perun.core.api.exceptions.RelationExistsException)5
WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)5
WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)5
BanNotExistsException (cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)4
UserNotAdminException (cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)4
WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)4
Attribute (cz.metacentrum.perun.core.api.Attribute)3
AlreadyAdminException (cz.metacentrum.perun.core.api.exceptions.AlreadyAdminException)3
AlreadyReservedLoginException (cz.metacentrum.perun.core.api.exceptions.AlreadyReservedLoginException)3
AnonymizationNotSupportedException (cz.metacentrum.perun.core.api.exceptions.AnonymizationNotSupportedException)3
AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)3
ExtSourceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)3
IllegalArgumentException (cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)3
MemberAlreadyRemovedException (cz.metacentrum.perun.core.api.exceptions.MemberAlreadyRemovedException)3
