Examples with ForbiddenEntityException eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException used on opensource projects

Search in sources :

Example 6 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class SelfIdentityRoleEvaluatorTest method testGreenLineDelete.

@Test
public void testGreenLineDelete() {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmRoleDto role = getHelper().createRole();
    IdmIdentityRoleDto identityRole = getHelper().createIdentityRole(identity, role);
    // try get identity role
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(null, IdmBasePermission.READ).getContent();
        assertTrue(identityRoles.isEmpty());
    } finally {
        logout();
    }
    // create authorization policy - assign to role
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.IDENTITYROLE, IdmIdentityRole.class, SelfIdentityRoleEvaluator.class, IdmBasePermission.READ);
    // get identity role after add authorization policy
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        try {
            identityRoleService.delete(identityRole, IdmBasePermission.DELETE);
            fail();
        } catch (ForbiddenEntityException e) {
        // correct exception
        } catch (Exception e) {
            fail();
        }
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Example 7 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class SelfIdentityRoleEvaluatorTest method testGreenLineCheckAnotherIdentityRole.

@Test
public void testGreenLineCheckAnotherIdentityRole() {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmIdentityDto identityTwo = getHelper().createIdentity();
    IdmRoleDto role = getHelper().createRole();
    IdmIdentityRoleDto identityRole = getHelper().createIdentityRole(identity, role);
    IdmIdentityRoleDto identityRoleTwo = getHelper().createIdentityRole(identityTwo, role);
    // try get identity role
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(null, IdmBasePermission.READ).getContent();
        assertTrue(identityRoles.isEmpty());
    } finally {
        logout();
    }
    // create authorization policy - assign to role
    getHelper().createAuthorizationPolicy(role.getId(), CoreGroupPermission.IDENTITYROLE, IdmIdentityRole.class, SelfIdentityRoleEvaluator.class, IdmBasePermission.READ);
    // get identity role after add authorization policy
    try {
        getHelper().login(identity.getUsername(), identity.getPassword());
        List<IdmIdentityRoleDto> identityRoles = identityRoleService.find(null, IdmBasePermission.READ).getContent();
        assertFalse(identityRoles.isEmpty());
        assertEquals(1, identityRoles.size());
        IdmIdentityRoleDto foundedIdentityRoleDto = identityRoles.get(0);
        assertEquals(identityRole.getId(), foundedIdentityRoleDto.getId());
        try {
            identityRoleService.get(identityRoleTwo.getId(), IdmBasePermission.READ);
            fail();
        } catch (ForbiddenEntityException e) {
        // correct exception
        } catch (Exception e) {
            fail();
        }
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) Test(org.junit.Test) AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)

Example 8 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class IdentityRoleByIdentityDeduplicationBulkAction method processDto.

@Override
protected OperationResult processDto(IdmIdentityDto identity) {
    UUID identityId = identity.getId();
    // Result will be list of concepts.
    List<IdmConceptRoleRequestDto> concepts = new ArrayList<>();
    List<IdmIdentityContractDto> contracts = identityContractService.findAllValidForDate(identityId, LocalDate.now(), null);
    for (IdmIdentityContractDto contract : contracts) {
        // Check access for contract.
        try {
            identityContractService.checkAccess(contract, PermissionUtils.toPermissions(getAuthoritiesForIdentityContract()).toArray(new BasePermission[] {}));
        } catch (ForbiddenEntityException e) {
            continue;
        }
        // Process deduplication per identity contract.
        concepts.addAll(processDuplicitiesForContract(contract));
    }
    // If result is empty for identity will be removed any roles.
    if (concepts.isEmpty()) {
        return new OperationResult.Builder(OperationState.EXECUTED).build();
    }
    IdmRoleRequestDto roleRequest = new IdmRoleRequestDto();
    roleRequest.setApplicant(identityId);
    roleRequest.setRequestedByType(RoleRequestedByType.MANUALLY);
    roleRequest.setLog("Request was created by bulk action (deduplication).");
    // if set approve, dont execute immediately
    roleRequest.setExecuteImmediately(!isApprove());
    roleRequest = roleRequestService.save(roleRequest, IdmBasePermission.CREATE);
    for (IdmConceptRoleRequestDto concept : concepts) {
        concept.setRoleRequest(roleRequest.getId());
        concept = conceptRoleRequestService.save(concept, IdmBasePermission.CREATE);
    }
    Map<String, Serializable> properties = new HashMap<>();
    properties.put(RoleRequestApprovalProcessor.CHECK_RIGHT_PROPERTY, Boolean.TRUE);
    RoleRequestEvent event = new RoleRequestEvent(RoleRequestEventType.EXCECUTE, roleRequest, properties);
    event.setPriority(PriorityType.HIGH);
    IdmRoleRequestDto request = roleRequestService.startRequestInternal(event);
    // 
    if (request.getState() == RoleRequestState.EXECUTED) {
        return new OperationResult.Builder(OperationState.EXECUTED).build();
    } else {
        return new OperationResult.Builder(OperationState.CREATED).build();
    }
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) RoleRequestEvent(eu.bcvsolutions.idm.core.model.event.RoleRequestEvent) BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) UUID(java.util.UUID) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)

Example 9 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class IdentityChangeContractGuaranteeBulkAction method processDto.

@Override
protected OperationResult processDto(IdmIdentityDto identity) {
    UUID newGuarantee = getSelectedGuaranteeUuid(PROPERTY_NEW_GUARANTEE);
    UUID oldGuarantee = getSelectedGuaranteeUuid(PROPERTY_OLD_GUARANTEE);
    if (ObjectUtils.equals(newGuarantee, oldGuarantee)) {
        return new OperationResult.Builder(OperationState.EXECUTED).build();
    }
    Map<UUID, List<IdmContractGuaranteeDto>> currentGuaranteesByContract = getIdentityGuaranteesOrderedByContract(identity.getId());
    // iterate over all contract UUIDs ~ keys and contractGuarantees in List ~ values
    currentGuaranteesByContract.forEach((contractId, contractGuarantees) -> {
        List<IdmContractGuaranteeDto> toUpdate = contractGuarantees.stream().filter(dto -> dto.getGuarantee().equals(oldGuarantee)).collect(Collectors.toList());
        if (toUpdate.isEmpty()) {
            // there is no guarantee who to replace for this contract, start new iteration
            return;
        }
        for (IdmContractGuaranteeDto guarantee : toUpdate) {
            // if same guarantee added multiple-times update all occurrences
            try {
                guarantee.setGuarantee(newGuarantee);
                contractGuaranteeService.save(guarantee, IdmBasePermission.UPDATE);
                logItemProcessed(guarantee, new OperationResult.Builder(OperationState.EXECUTED).build());
            } catch (ForbiddenEntityException ex) {
                LOG.warn("Not authorized to remove the contract guarantee [{}] from contract [{}]  .", guarantee, contractId, ex);
                logContractGuaranteePermissionError(guarantee, guarantee.getGuarantee(), contractId, IdmBasePermission.UPDATE, ex);
                // start the new iteration for another contract, this guarantee wasn't removed here
                return;
            } catch (ResultCodeException ex) {
                logResultCodeException(guarantee, ex);
                // start the new iteration for another contract, this guarantee wasn't removed here
                return;
            }
        }
    });
    return new OperationResult.Builder(OperationState.EXECUTED).build();
}
Also used : ResultModels(eu.bcvsolutions.idm.core.api.dto.ResultModels) IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) IdmIdentityFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityFilter) CoreModuleDescriptor(eu.bcvsolutions.idm.core.CoreModuleDescriptor) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) Description(org.springframework.context.annotation.Description) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) ObjectUtils(org.apache.commons.lang.ObjectUtils) Lists(com.beust.jcommander.internal.Lists) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) List(java.util.List) Component(org.springframework.stereotype.Component) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) FilterSizeExceededException(eu.bcvsolutions.idm.core.api.exception.FilterSizeExceededException) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) List(java.util.List) UUID(java.util.UUID) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)

Example 10 with ForbiddenEntityException

use of eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException in project CzechIdMng by bcvsolutions.

the class IdentityRemoveContractGuaranteeBulkAction method processDto.

@Override
protected OperationResult processDto(IdmIdentityDto identity) {
    Set<UUID> selectedGuarantees = getSelectedGuaranteeUuids(PROPERTY_OLD_GUARANTEE);
    Map<UUID, List<IdmContractGuaranteeDto>> currentGuarantees = getIdentityGuaranteesOrderedByContract(identity.getId());
    currentGuarantees.forEach((contractId, contractGuarantees) -> {
        // create list of guarantee dtos to delete
        List<IdmContractGuaranteeDto> toDelete = contractGuarantees.stream().filter(guarantee -> selectedGuarantees.contains(guarantee.getGuarantee())).collect(Collectors.toList());
        // delete guarantees
        for (IdmContractGuaranteeDto guarantee : toDelete) {
            try {
                contractGuaranteeService.delete(guarantee, IdmBasePermission.DELETE);
                logItemProcessed(guarantee, new OperationResult.Builder(OperationState.EXECUTED).build());
            } catch (ForbiddenEntityException ex) {
                LOG.warn("Not authorized to remove contract guarantee [{}] of contract [{}].", guarantee.getGuarantee(), contractId, ex);
                logContractGuaranteePermissionError(guarantee, guarantee.getGuarantee(), contractId, IdmBasePermission.DELETE, ex);
            } catch (ResultCodeException ex) {
                logResultCodeException(guarantee, ex);
            }
        }
    });
    return new OperationResult.Builder(OperationState.EXECUTED).build();
}
Also used : ResultModels(eu.bcvsolutions.idm.core.api.dto.ResultModels) IdmFormAttributeDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission) IdmIdentityFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityFilter) CoreModuleDescriptor(eu.bcvsolutions.idm.core.CoreModuleDescriptor) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) Description(org.springframework.context.annotation.Description) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) Set(java.util.Set) OperationState(eu.bcvsolutions.idm.core.api.domain.OperationState) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) Lists(com.beust.jcommander.internal.Lists) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) List(java.util.List) Component(org.springframework.stereotype.Component) IdmBulkActionDto(eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) DefaultResultModel(eu.bcvsolutions.idm.core.api.dto.DefaultResultModel) FilterSizeExceededException(eu.bcvsolutions.idm.core.api.exception.FilterSizeExceededException) IdmContractGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) List(java.util.List) OperationResult(eu.bcvsolutions.idm.core.api.entity.OperationResult) UUID(java.util.UUID) ForbiddenEntityException(eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)

Aggregations

ForbiddenEntityException (eu.bcvsolutions.idm.core.api.exception.ForbiddenEntityException)21 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)12 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)9 Test (org.junit.Test)8 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)7 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)7 UUID (java.util.UUID)7 OperationResult (eu.bcvsolutions.idm.core.api.entity.OperationResult)5 IdmBasePermission (eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)5 AbstractEvaluatorIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)5 IdmBulkActionDto (eu.bcvsolutions.idm.core.api.bulk.action.dto.IdmBulkActionDto)4 IdmConceptRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto)4 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)4 DefaultResultModel (eu.bcvsolutions.idm.core.api.dto.DefaultResultModel)3 IdmContractGuaranteeDto (eu.bcvsolutions.idm.core.api.dto.IdmContractGuaranteeDto)3 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)3 IdmIdentityProjectionDto (eu.bcvsolutions.idm.core.api.dto.projection.IdmIdentityProjectionDto)3 IdmFormAttributeDto (eu.bcvsolutions.idm.core.eav.api.dto.IdmFormAttributeDto)3 BasePermission (eu.bcvsolutions.idm.core.security.api.domain.BasePermission)3 ArrayList (java.util.ArrayList)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial