Search in sources :

Example 6 with DelegatedAdministrationException

use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.

the class AbstractPullResultHandler method delete.

protected List<ProvisioningReport> delete(final SyncDelta delta, final List<String> anyKeys, final Provision provision) throws JobExecutionException {
    if (!profile.getTask().isPerformDelete()) {
        LOG.debug("PullTask not configured for delete");
        finalize(ResourceOperation.DELETE.name().toLowerCase(), Result.SUCCESS, null, null, delta);
        return Collections.<ProvisioningReport>emptyList();
    }
    LOG.debug("About to delete {}", anyKeys);
    List<ProvisioningReport> results = new ArrayList<>();
    for (String key : anyKeys) {
        Object output;
        Result resultStatus = Result.FAILURE;
        ProvisioningReport result = new ProvisioningReport();
        try {
            AnyTO before = getAnyTO(key);
            result.setKey(key);
            result.setName(getName(before));
            result.setOperation(ResourceOperation.DELETE);
            result.setAnyType(provision.getAnyType().getKey());
            result.setStatus(ProvisioningReport.Status.SUCCESS);
            if (!profile.isDryRun()) {
                for (PullActions action : profile.getActions()) {
                    action.beforeDelete(profile, delta, before);
                }
                try {
                    doDelete(provision.getAnyType().getKind(), key);
                    output = null;
                    resultStatus = Result.SUCCESS;
                    for (PullActions action : profile.getActions()) {
                        action.after(profile, delta, before, result);
                    }
                } catch (Exception e) {
                    throwIgnoreProvisionException(delta, e);
                    result.setStatus(ProvisioningReport.Status.FAILURE);
                    result.setMessage(ExceptionUtils.getRootCauseMessage(e));
                    LOG.error("Could not delete {} {}", provision.getAnyType().getKey(), key, e);
                    output = e;
                    if (profile.getTask().isRemediation()) {
                        Remediation entity = entityFactory.newEntity(Remediation.class);
                        entity.setAnyType(provision.getAnyType());
                        entity.setOperation(ResourceOperation.DELETE);
                        entity.setPayload(key);
                        entity.setError(result.getMessage());
                        entity.setInstant(new Date());
                        entity.setRemoteName(delta.getObject().getName().getNameValue());
                        entity.setPullTask(profile.getTask());
                        remediationDAO.save(entity);
                    }
                }
                finalize(ResourceOperation.DELETE.name().toLowerCase(), resultStatus, before, output, delta);
            }
            results.add(result);
        } catch (NotFoundException e) {
            LOG.error("Could not find {} {}", provision.getAnyType().getKey(), key, e);
        } catch (DelegatedAdministrationException e) {
            LOG.error("Not allowed to read {} {}", provision.getAnyType().getKey(), key, e);
        } catch (Exception e) {
            LOG.error("Could not delete {} {}", provision.getAnyType().getKey(), key, e);
        }
    }
    return results;
}
Also used : AnyTO(org.apache.syncope.common.lib.to.AnyTO) PullActions(org.apache.syncope.core.provisioning.api.pushpull.PullActions) ArrayList(java.util.ArrayList) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) ProvisioningReport(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport) DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) IgnoreProvisionException(org.apache.syncope.core.provisioning.api.pushpull.IgnoreProvisionException) PropagationException(org.apache.syncope.core.provisioning.api.propagation.PropagationException) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) JobExecutionException(org.quartz.JobExecutionException) Date(java.util.Date) Result(org.apache.syncope.common.lib.types.AuditElements.Result) Remediation(org.apache.syncope.core.persistence.api.entity.Remediation)

Example 7 with DelegatedAdministrationException

use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.

the class JPAConnInstanceDAO method authFind.

@Override
public ConnInstance authFind(final String key) {
    ConnInstance connInstance = find(key);
    if (connInstance == null) {
        return null;
    }
    Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.CONNECTOR_READ);
    if (authRealms == null || authRealms.isEmpty() || !authRealms.stream().anyMatch(realm -> connInstance.getAdminRealm().getFullPath().startsWith(realm))) {
        throw new DelegatedAdministrationException(connInstance.getAdminRealm().getFullPath(), ConnInstance.class.getSimpleName(), connInstance.getKey());
    }
    return connInstance;
}
Also used : DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance) JPAConnInstance(org.apache.syncope.core.persistence.jpa.entity.JPAConnInstance)

Example 8 with DelegatedAdministrationException

use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.

the class JPAExternalResourceDAO method authFind.

@Override
public ExternalResource authFind(final String key) {
    ExternalResource resource = find(key);
    if (resource == null) {
        return null;
    }
    Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_READ);
    if (authRealms == null || authRealms.isEmpty() || !authRealms.stream().anyMatch(realm -> resource.getConnector() != null && resource.getConnector().getAdminRealm().getFullPath().startsWith(realm))) {
        throw new DelegatedAdministrationException(resource.getConnector().getAdminRealm().getFullPath(), ExternalResource.class.getSimpleName(), resource.getKey());
    }
    return resource;
}
Also used : DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) JPAExternalResource(org.apache.syncope.core.persistence.jpa.entity.resource.JPAExternalResource) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)

Example 9 with DelegatedAdministrationException

use of org.apache.syncope.core.spring.security.DelegatedAdministrationException in project syncope by apache.

the class ResourceTest method findById.

@Test
public void findById() {
    ExternalResource resource = resourceDAO.find("ws-target-resource-1");
    assertNotNull(resource);
    ConnInstance connector = resource.getConnector();
    assertNotNull(connector);
    assertEquals("net.tirasa.connid.bundles.soap.WebServiceConnector", connector.getConnectorName());
    assertEquals("net.tirasa.connid.bundles.soap", connector.getBundleName());
    Mapping mapping = resource.getProvision(anyTypeDAO.findUser()).get().getMapping();
    assertFalse(mapping.getItems().isEmpty());
    assertTrue(mapping.getItems().stream().anyMatch(item -> "7f55b09c-b573-41dc-a9eb-ccd80bd3ea7a".equals(item.getKey())));
    try {
        resourceDAO.authFind("ws-target-resource-1");
        fail("This should not happen");
    } catch (DelegatedAdministrationException e) {
        assertNotNull(e);
    }
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) Autowired(org.springframework.beans.factory.annotation.Autowired) SyncopeGrantedAuthority(org.apache.syncope.core.spring.security.SyncopeGrantedAuthority) DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) EntityViolationType(org.apache.syncope.common.lib.types.EntityViolationType) SyncopeConstants(org.apache.syncope.common.lib.SyncopeConstants) Mapping(org.apache.syncope.core.persistence.api.entity.resource.Mapping) SyncopeAuthenticationDetails(org.apache.syncope.core.spring.security.SyncopeAuthenticationDetails) Collectors(java.util.stream.Collectors) AnyTypeDAO(org.apache.syncope.core.persistence.api.dao.AnyTypeDAO) ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance) MappingItem(org.apache.syncope.core.persistence.api.entity.resource.MappingItem) InvalidEntityException(org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Test(org.junit.jupiter.api.Test) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) List(java.util.List) Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision) MappingPurpose(org.apache.syncope.common.lib.types.MappingPurpose) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) AbstractTest(org.apache.syncope.core.persistence.jpa.AbstractTest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO) Transactional(org.springframework.transaction.annotation.Transactional) Mapping(org.apache.syncope.core.persistence.api.entity.resource.Mapping) DelegatedAdministrationException(org.apache.syncope.core.spring.security.DelegatedAdministrationException) ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource) ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance) Test(org.junit.jupiter.api.Test) AbstractTest(org.apache.syncope.core.persistence.jpa.AbstractTest)

Aggregations

DelegatedAdministrationException (org.apache.syncope.core.spring.security.DelegatedAdministrationException)9 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)3 NotFoundException (org.apache.syncope.core.persistence.api.dao.NotFoundException)3 ConnInstance (org.apache.syncope.core.persistence.api.entity.ConnInstance)3 ArrayList (java.util.ArrayList)2 ValidationException (javax.validation.ValidationException)2 ResponseBuilder (javax.ws.rs.core.Response.ResponseBuilder)2 AnyTO (org.apache.syncope.common.lib.to.AnyTO)2 Result (org.apache.syncope.common.lib.types.AuditElements.Result)2 ParsingValidationException (org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException)2 DuplicateException (org.apache.syncope.core.persistence.api.dao.DuplicateException)2 ExternalResource (org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)2 AbstractTest (org.apache.syncope.core.persistence.jpa.AbstractTest)2 PropagationException (org.apache.syncope.core.provisioning.api.propagation.PropagationException)2 IgnoreProvisionException (org.apache.syncope.core.provisioning.api.pushpull.IgnoreProvisionException)2 ProvisioningReport (org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport)2 PullActions (org.apache.syncope.core.provisioning.api.pushpull.PullActions)2 JobExecutionException (org.quartz.JobExecutionException)2 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2