Example 1 with DelegatedAdministrationException
use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.
the class AbstractAnyLogic method afterUpdate.
protected ProvisioningResult<TO> afterUpdate(final TO input, final List<PropagationStatus> statuses, final List<LogicActions> actions, final boolean authDynRealms, final Set<String> dynRealmsBefore) {
Set<String> dynRealmsAfter = new HashSet<>(input.getDynRealms());
if (authDynRealms && !dynRealmsBefore.equals(dynRealmsAfter)) {
throw new DelegatedAdministrationException(this instanceof UserLogic ? AnyTypeKind.USER : this instanceof GroupLogic ? AnyTypeKind.GROUP : AnyTypeKind.ANY_OBJECT, input.getKey());
}
TO any = input;
for (LogicActions action : actions) {
any = action.afterUpdate(any);
}
ProvisioningResult<TO> result = new ProvisioningResult<>();
result.setEntity(any);
result.getPropagationStatuses().addAll(statuses);
return result;
}
Also used :
ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult)
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
AnyTO(org.apache.syncope.common.lib.to.AnyTO)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
UserTO(org.apache.syncope.common.lib.to.UserTO)
LogicActions(org.apache.syncope.core.provisioning.api.LogicActions)
HashSet(java.util.HashSet)
Example 2 with DelegatedAdministrationException
use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.
the class RestServiceExceptionMapper method toResponse.
@Override
public Response toResponse(final Exception ex) {
LOG.error("Exception thrown", ex);
ResponseBuilder builder;
if (ex instanceof AccessDeniedException) {
// leaves the default exception processing to Spring Security
builder = null;
} else if (ex instanceof SyncopeClientException) {
SyncopeClientException sce = (SyncopeClientException) ex;
builder = sce.isComposite() ? getSyncopeClientCompositeExceptionResponse(sce.asComposite()) : getSyncopeClientExceptionResponse(sce);
} else if (ex instanceof DelegatedAdministrationException || ExceptionUtils.getRootCause(ex) instanceof DelegatedAdministrationException) {
builder = builder(ClientExceptionType.DelegatedAdministration, ExceptionUtils.getRootCauseMessage(ex));
} else if (ex instanceof EntityExistsException || ex instanceof DuplicateException || ex instanceof PersistenceException && ex.getCause() instanceof EntityExistsException) {
builder = builder(ClientExceptionType.EntityExists, getJPAMessage(ex instanceof PersistenceException ? ex.getCause() : ex));
} else if (ex instanceof DataIntegrityViolationException || ex instanceof JpaSystemException) {
builder = builder(ClientExceptionType.DataIntegrityViolation, getJPAMessage(ex));
} else if (ex instanceof ConnectorException) {
builder = builder(ClientExceptionType.ConnectorException, ExceptionUtils.getRootCauseMessage(ex));
} else if (ex instanceof NotFoundException) {
builder = builder(ClientExceptionType.NotFound, ExceptionUtils.getRootCauseMessage(ex));
} else {
builder = processInvalidEntityExceptions(ex);
if (builder == null) {
builder = processBadRequestExceptions(ex);
}
// process JAX-RS validation errors
if (builder == null && ex instanceof ValidationException) {
builder = builder(validationEM.toResponse((ValidationException) ex)).header(RESTHeaders.ERROR_CODE, ClientExceptionType.RESTValidation.name()).header(RESTHeaders.ERROR_INFO, ClientExceptionType.RESTValidation.getInfoHeaderValue(ExceptionUtils.getRootCauseMessage(ex)));
ErrorTO error = new ErrorTO();
error.setStatus(ClientExceptionType.RESTValidation.getResponseStatus().getStatusCode());
error.setType(ClientExceptionType.RESTValidation);
error.getElements().add(ExceptionUtils.getRootCauseMessage(ex));
builder.entity(error);
}
// ...or just report as InternalServerError
if (builder == null) {
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR).header(RESTHeaders.ERROR_INFO, ClientExceptionType.Unknown.getInfoHeaderValue(ExceptionUtils.getRootCauseMessage(ex)));
ErrorTO error = new ErrorTO();
error.setStatus(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
error.setType(ClientExceptionType.Unknown);
error.getElements().add(ExceptionUtils.getRootCauseMessage(ex));
builder.entity(error);
}
}
return builder == null ? null : builder.build();
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ValidationException(javax.validation.ValidationException)
ParsingValidationException(org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException)
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
EntityExistsException(javax.persistence.EntityExistsException)
DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)
JpaSystemException(org.springframework.orm.jpa.JpaSystemException)
ErrorTO(org.apache.syncope.common.lib.to.ErrorTO)
DuplicateException(org.apache.syncope.core.persistence.api.dao.DuplicateException)
ConnectorException(org.identityconnectors.framework.common.exceptions.ConnectorException)
PersistenceException(javax.persistence.PersistenceException)
ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder)
Example 3 with DelegatedAdministrationException
use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.
the class ConnInstanceTest method findById.
@Test
public void findById() {
ConnInstance connInstance = connInstanceDAO.find("88a7a819-dab5-46b4-9b90-0b9769eabdb8");
assertNotNull(connInstance);
assertEquals("net.tirasa.connid.bundles.soap.WebServiceConnector", connInstance.getConnectorName());
assertEquals("net.tirasa.connid.bundles.soap", connInstance.getBundleName());
try {
connInstanceDAO.authFind("88a7a819-dab5-46b4-9b90-0b9769eabdb8");
fail("This should not happen");
} catch (DelegatedAdministrationException e) {
assertNotNull(e);
}
}
Also used :
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance)
Test(org.junit.jupiter.api.Test)
AbstractTest(org.apache.syncope.core.persistence.jpa.AbstractTest)
Example 4 with DelegatedAdministrationException
use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.
the class SCIMExceptionMapper method toResponse.
@Override
public Response toResponse(final Exception ex) {
LOG.error("Exception thrown", ex);
ResponseBuilder builder;
if (ex instanceof AccessDeniedException || ex instanceof ForbiddenException || ex instanceof NotAuthorizedException) {
// leaves the default exception processing
builder = null;
} else if (ex instanceof NotFoundException) {
return Response.status(Response.Status.NOT_FOUND).entity(new SCIMError(null, Response.Status.NOT_FOUND.getStatusCode(), ExceptionUtils.getRootCauseMessage(ex))).build();
} else if (ex instanceof SyncopeClientException) {
SyncopeClientException sce = (SyncopeClientException) ex;
builder = builder(sce.getType(), ExceptionUtils.getRootCauseMessage(ex));
} else if (ex instanceof DelegatedAdministrationException || ExceptionUtils.getRootCause(ex) instanceof DelegatedAdministrationException) {
builder = builder(ClientExceptionType.DelegatedAdministration, ExceptionUtils.getRootCauseMessage(ex));
} else if (ENTITYEXISTS_EXCLASS.isAssignableFrom(ex.getClass()) || ex instanceof DuplicateException || PERSISTENCE_EXCLASS.isAssignableFrom(ex.getClass()) && ENTITYEXISTS_EXCLASS.isAssignableFrom(ex.getCause().getClass())) {
builder = builder(ClientExceptionType.EntityExists, ExceptionUtils.getRootCauseMessage(ex));
} else if (ex instanceof DataIntegrityViolationException || JPASYSTEM_EXCLASS.isAssignableFrom(ex.getClass())) {
builder = builder(ClientExceptionType.DataIntegrityViolation, ExceptionUtils.getRootCauseMessage(ex));
} else if (CONNECTOR_EXCLASS.isAssignableFrom(ex.getClass())) {
builder = builder(ClientExceptionType.ConnectorException, ExceptionUtils.getRootCauseMessage(ex));
} else {
builder = processInvalidEntityExceptions(ex);
if (builder == null) {
builder = processBadRequestExceptions(ex);
}
// process JAX-RS validation errors
if (builder == null && ex instanceof ValidationException) {
builder = builder(ClientExceptionType.RESTValidation, ExceptionUtils.getRootCauseMessage(ex));
}
// ...or just report as InternalServerError
if (builder == null) {
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(ExceptionUtils.getRootCauseMessage(ex));
}
}
return builder == null ? null : builder.build();
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ForbiddenException(javax.ws.rs.ForbiddenException)
ValidationException(javax.validation.ValidationException)
ParsingValidationException(org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException)
DuplicateException(org.apache.syncope.core.persistence.api.dao.DuplicateException)
SCIMError(org.apache.syncope.ext.scimv2.api.data.SCIMError)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException)
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder)
DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)
Example 5 with DelegatedAdministrationException
use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.
the class DefaultRealmPullResultHandler method delete.
private List<ProvisioningReport> delete(final SyncDelta delta, final List<String> keys) throws JobExecutionException {
if (!profile.getTask().isPerformDelete()) {
LOG.debug("PullTask not configured for delete");
finalize(ResourceOperation.DELETE.name().toLowerCase(), Result.SUCCESS, null, null, delta);
return Collections.<ProvisioningReport>emptyList();
}
LOG.debug("About to delete {}", keys);
List<ProvisioningReport> results = new ArrayList<>();
for (String key : keys) {
Object output;
Result resultStatus = Result.FAILURE;
ProvisioningReport result = new ProvisioningReport();
try {
result.setKey(key);
result.setOperation(ResourceOperation.DELETE);
result.setAnyType(REALM_TYPE);
result.setStatus(ProvisioningReport.Status.SUCCESS);
Realm realm = realmDAO.find(key);
RealmTO before = binder.getRealmTO(realm, true);
if (before == null) {
result.setStatus(ProvisioningReport.Status.FAILURE);
result.setMessage(String.format("Realm '%s' not found", key));
} else {
result.setName(before.getFullPath());
}
if (!profile.isDryRun()) {
for (PullActions action : profile.getActions()) {
action.beforeDelete(profile, delta, before);
}
try {
if (!realmDAO.findChildren(realm).isEmpty()) {
throw SyncopeClientException.build(ClientExceptionType.HasChildren);
}
Set<String> adminRealms = Collections.singleton(realm.getFullPath());
AnyCond keyCond = new AnyCond(AttributeCond.Type.ISNOTNULL);
keyCond.setSchema("key");
SearchCond allMatchingCond = SearchCond.getLeafCond(keyCond);
int users = searchDAO.count(adminRealms, allMatchingCond, AnyTypeKind.USER);
int groups = searchDAO.count(adminRealms, allMatchingCond, AnyTypeKind.GROUP);
int anyObjects = searchDAO.count(adminRealms, allMatchingCond, AnyTypeKind.ANY_OBJECT);
if (users + groups + anyObjects > 0) {
SyncopeClientException containedAnys = SyncopeClientException.build(ClientExceptionType.AssociatedAnys);
containedAnys.getElements().add(users + " user(s)");
containedAnys.getElements().add(groups + " group(s)");
containedAnys.getElements().add(anyObjects + " anyObject(s)");
throw containedAnys;
}
PropagationByResource propByRes = new PropagationByResource();
for (String resource : realm.getResourceKeys()) {
propByRes.add(ResourceOperation.DELETE, resource);
}
List<PropagationTaskTO> tasks = propagationManager.createTasks(realm, propByRes, null);
taskExecutor.execute(tasks, false);
realmDAO.delete(realm);
output = null;
resultStatus = Result.SUCCESS;
for (PullActions action : profile.getActions()) {
action.after(profile, delta, before, result);
}
} catch (Exception e) {
throwIgnoreProvisionException(delta, e);
result.setStatus(ProvisioningReport.Status.FAILURE);
result.setMessage(ExceptionUtils.getRootCauseMessage(e));
LOG.error("Could not delete {}", realm, e);
output = e;
}
finalize(ResourceOperation.DELETE.name().toLowerCase(), resultStatus, before, output, delta);
}
results.add(result);
} catch (DelegatedAdministrationException e) {
LOG.error("Not allowed to read Realm {}", key, e);
} catch (Exception e) {
LOG.error("Could not delete Realm {}", key, e);
}
}
return results;
}
Also used :
PropagationTaskTO(org.apache.syncope.common.lib.to.PropagationTaskTO)
PullActions(org.apache.syncope.core.provisioning.api.pushpull.PullActions)
ArrayList(java.util.ArrayList)
RealmTO(org.apache.syncope.common.lib.to.RealmTO)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
PropagationByResource(org.apache.syncope.core.provisioning.api.PropagationByResource)
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
ProvisioningReport(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException)
IgnoreProvisionException(org.apache.syncope.core.provisioning.api.pushpull.IgnoreProvisionException)
PropagationException(org.apache.syncope.core.provisioning.api.propagation.PropagationException)
JobExecutionException(org.quartz.JobExecutionException)
Result(org.apache.syncope.common.lib.types.AuditElements.Result)
SearchCond(org.apache.syncope.core.persistence.api.dao.search.SearchCond)
Realm(org.apache.syncope.core.persistence.api.entity.Realm)
AnyCond(org.apache.syncope.core.persistence.api.dao.search.AnyCond)
Aggregations
DelegatedAdministrationException (org.apache.syncope.core.spring.security.DelegatedAdministrationException)9
SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)3
NotFoundException (org.apache.syncope.core.persistence.api.dao.NotFoundException)3
ConnInstance (org.apache.syncope.core.persistence.api.entity.ConnInstance)3
ArrayList (java.util.ArrayList)2
ValidationException (javax.validation.ValidationException)2
ResponseBuilder (javax.ws.rs.core.Response.ResponseBuilder)2
AnyTO (org.apache.syncope.common.lib.to.AnyTO)2
Result (org.apache.syncope.common.lib.types.AuditElements.Result)2
ParsingValidationException (org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException)2
DuplicateException (org.apache.syncope.core.persistence.api.dao.DuplicateException)2
ExternalResource (org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)2
AbstractTest (org.apache.syncope.core.persistence.jpa.AbstractTest)2
PropagationException (org.apache.syncope.core.provisioning.api.propagation.PropagationException)2
IgnoreProvisionException (org.apache.syncope.core.provisioning.api.pushpull.IgnoreProvisionException)2
ProvisioningReport (org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport)2
PullActions (org.apache.syncope.core.provisioning.api.pushpull.PullActions)2
JobExecutionException (org.quartz.JobExecutionException)2
DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)2
AccessDeniedException (org.springframework.security.access.AccessDeniedException)2
