Example 96 with ObjectType
use of org.mitre.cybox.cybox_2.ObjectType in project midpoint by Evolveum.
the class TaskErrorsTabPanel method initColumnsOld.
private List<IColumn<TaskErrorSelectableBeanImplOld<ObjectType>, String>> initColumnsOld() {
List<IColumn<TaskErrorSelectableBeanImplOld<ObjectType>, String>> columns = new ArrayList<>();
columns.add(new PropertyColumn<>(createStringResource("pageTaskEdit.taskErros.objectName"), TaskErrorSelectableBeanImplOld.F_OBJECT_REF_NAME) {
@Override
public String getSortProperty() {
return "name";
}
});
columns.add(new AbstractColumn<>(createStringResource("pageTaskEdit.taskErros.timestamp"), TaskErrorSelectableBeanImplOld.F_ERROR_TIMESTAMP) {
private static final long serialVersionUID = 1L;
@Override
public void populateItem(Item<ICellPopulator<TaskErrorSelectableBeanImplOld<ObjectType>>> cellItem, String componentId, IModel<TaskErrorSelectableBeanImplOld<ObjectType>> rowModel) {
Label label = new Label(componentId, (IModel<String>) () -> WebComponentUtil.getShortDateTimeFormattedValue(rowModel.getObject().getErrorTimestamp(), getPageBase()));
cellItem.add(label);
}
});
columns.add(new EnumPropertyColumn<>(createStringResource("pageTaskEdit.taskErros.status"), TaskErrorSelectableBeanImplOld.F_STATUS));
columns.add(new PropertyColumn<>(createStringResource("pageTaskEdit.taskErros.message"), TaskErrorSelectableBeanImplOld.F_MESSAGE));
columns.add(new EnumPropertyColumn<>(createStringResource("pageTaskEdit.taskErros.recordType"), TaskErrorSelectableBeanImplOld.F_RECORD_TYPE));
columns.add(new AjaxLinkColumn<>(createStringResource("pageTaskEdit.taskErros.realOwner"), TaskErrorSelectableBeanImplOld.F_REAL_OWNER_DESCRIPTION) {
@Override
public void onClick(AjaxRequestTarget target, IModel<TaskErrorSelectableBeanImplOld<ObjectType>> rowModel) {
TaskErrorSelectableBeanImplOld<ObjectType> object = rowModel.getObject();
PrismObject<ObjectType> realOwner = object.getRealOwner();
WebComponentUtil.dispatchToObjectDetailsPage(realOwner.getCompileTimeClass(), realOwner.getOid(), TaskErrorsTabPanel.this, false);
}
});
return columns;
}
Also used :
IModel(org.apache.wicket.model.IModel)
ArrayList(java.util.ArrayList)
Label(org.apache.wicket.markup.html.basic.Label)
ICellPopulator(org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator)
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
IColumn(org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn)
TaskErrorSelectableBeanImplOld(com.evolveum.midpoint.web.page.admin.server.dto.TaskErrorSelectableBeanImplOld)
Example 97 with ObjectType
use of org.mitre.cybox.cybox_2.ObjectType in project midpoint by Evolveum.
the class PageAccount method savePerformed.
private void savePerformed(AjaxRequestTarget target) {
LOGGER.debug("Saving account changes.");
OperationResult result = new OperationResult(OPERATION_SAVE_ACCOUNT);
try {
WebComponentUtil.revive(accountModel, getPrismContext());
PrismObjectWrapper<ShadowType> wrapper = accountModel.getObject();
ObjectDelta<ShadowType> delta = wrapper.getObjectDelta();
if (delta == null) {
return;
}
if (delta.getPrismContext() == null) {
getPrismContext().adopt(delta);
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Account delta computed from form:\n{}", delta.debugDump(3));
}
if (delta.isEmpty()) {
return;
}
WebComponentUtil.encryptCredentials(delta, true, getMidpointApplication());
Task task = createSimpleTask(OPERATION_SAVE_ACCOUNT);
Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<>();
deltas.add(delta);
getModelService().executeChanges(deltas, null, task, result);
result.recomputeStatus();
} catch (Exception ex) {
result.recordFatalError(getString("PageAccount.message.savePerformed.fatalError"), ex);
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't save account", ex);
}
if (!result.isSuccess()) {
showResult(result);
target.add(getFeedbackPanel());
} else {
showResult(result);
redirectBack();
}
}
Also used :
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
Task(com.evolveum.midpoint.task.api.Task)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ArrayList(java.util.ArrayList)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
RestartResponseException(org.apache.wicket.RestartResponseException)
Example 98 with ObjectType
use of org.mitre.cybox.cybox_2.ObjectType in project midpoint by Evolveum.
the class ClockworkAuthorizationHelper method authorizeAssignmentRequest.
private <F extends ObjectType, O extends ObjectType> void authorizeAssignmentRequest(LensContext<F> context, String operationUrl, String assignActionUrl, ItemName assignmentElementQName, PrismObject<O> object, OwnerResolver ownerResolver, ObjectSecurityConstraints securityConstraints, PlusMinusZero plusMinusZero, boolean prohibitPolicies, Task task, OperationResult result) throws SecurityViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException {
// This is *request* authorization. Therefore we care only about primary delta.
ObjectDelta<F> focusPrimaryDelta = context.getFocusContext().getPrimaryDelta();
if (focusPrimaryDelta == null) {
return;
}
ContainerDelta<AssignmentType> focusAssignmentDelta = focusPrimaryDelta.findContainerDelta(assignmentElementQName);
if (focusAssignmentDelta == null) {
return;
}
String operationDesc = assignActionUrl.substring(assignActionUrl.lastIndexOf('#') + 1);
Collection<PrismContainerValue<AssignmentType>> changedAssignmentValues = determineChangedAssignmentValues(context.getFocusContext(), assignmentElementQName, focusAssignmentDelta, plusMinusZero);
for (PrismContainerValue<AssignmentType> changedAssignmentValue : changedAssignmentValues) {
AssignmentType changedAssignment = changedAssignmentValue.getRealValue();
ObjectReferenceType targetRef = changedAssignment.getTargetRef();
if (targetRef == null || targetRef.getOid() == null) {
// This may still be allowed by #add and #modify authorizations. We have already checked these, but there may be combinations of
// assignments, one of the assignments allowed by #assign, other allowed by #modify (e.g. MID-4517).
// Therefore check the items again. This is not very efficient to check it twice. But this is not a common case
// so there should not be any big harm in suffering this inefficiency.
AccessDecision subitemDecision = securityEnforcer.determineSubitemDecision(securityConstraints, changedAssignmentValue, operationUrl, getRequestAuthorizationPhase(context), null, plusMinusZero, operationDesc);
if (subitemDecision == AccessDecision.ALLOW) {
LOGGER.debug("{} of policy {} to {} allowed with {} authorization", operationDesc, assignmentElementQName.getLocalPart(), object, operationUrl);
continue;
} else {
LOGGER.debug("{} of non-target {} not allowed", operationDesc, assignmentElementQName.getLocalPart());
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Denied request for object {}: {} of non-target {} not allowed", object, operationDesc, assignmentElementQName.getLocalPart());
}
securityEnforcer.failAuthorization(operationDesc, getRequestAuthorizationPhase(context), AuthorizationParameters.Builder.buildObject(object), result);
}
}
PrismObject<ObjectType> target;
try {
// We do not worry about performance here too much. The target was already evaluated. This will be retrieved from repo cache anyway.
target = objectResolver.resolve(targetRef.asReferenceValue(), "resolving " + assignmentElementQName.getLocalPart() + " target", task, result);
} catch (ObjectNotFoundException e) {
LOGGER.warn("Object {} referenced as {} target in {} was not found", targetRef.asReferenceValue().getOid(), assignmentElementQName.getLocalPart(), object);
target = null;
}
ObjectDelta<O> assignmentObjectDelta = object.createModifyDelta();
ContainerDelta<AssignmentType> assignmentDelta = assignmentObjectDelta.createContainerModification(assignmentElementQName);
// We do not care if this is add or delete. All that matters for authorization is that it is in a delta.
assignmentDelta.addValuesToAdd(changedAssignment.asPrismContainerValue().clone());
QName relation = targetRef.getRelation();
if (relation == null) {
relation = prismContext.getDefaultRelation();
}
List<OrderConstraintsType> orderConstraints = determineOrderConstraints(assignmentElementQName, changedAssignment);
AuthorizationParameters<O, ObjectType> autzParams = new AuthorizationParameters.Builder<O, ObjectType>().oldObject(object).delta(assignmentObjectDelta).target(target).relation(relation).orderConstraints(orderConstraints).build();
if (prohibitPolicies) {
if (changedAssignment.getPolicyRule() != null || !changedAssignment.getPolicyException().isEmpty() || !changedAssignment.getPolicySituation().isEmpty() || !changedAssignment.getTriggeredPolicyRule().isEmpty()) {
// This may still be allowed by #add and #modify authorizations. We have already checked these, but there may be combinations of
// assignments, one of the assignments allowed by #assign, other allowed by #modify (e.g. MID-4517).
// Therefore check the items again. This is not very efficient to check it twice. But this is not a common case
// so there should not be any big harm in suffering this inefficiency.
AccessDecision subitemDecision = securityEnforcer.determineSubitemDecision(securityConstraints, changedAssignmentValue, operationUrl, getRequestAuthorizationPhase(context), null, plusMinusZero, operationDesc);
if (subitemDecision == AccessDecision.ALLOW) {
LOGGER.debug("{} of policy assignment to {} allowed with {} authorization", operationDesc, object, operationUrl);
continue;
} else {
securityEnforcer.failAuthorization("with assignment because of policies in the assignment", getRequestAuthorizationPhase(context), autzParams, result);
}
}
}
if (securityEnforcer.isAuthorized(assignActionUrl, getRequestAuthorizationPhase(context), autzParams, ownerResolver, task, result)) {
LOGGER.debug("{} of target {} to {} allowed with {} authorization", operationDesc, target, object, assignActionUrl);
continue;
}
if (relationRegistry.isDelegation(relation)) {
if (securityEnforcer.isAuthorized(ModelAuthorizationAction.DELEGATE.getUrl(), getRequestAuthorizationPhase(context), autzParams, ownerResolver, task, result)) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("{} of target {} to {} allowed with {} authorization", operationDesc, target, object, ModelAuthorizationAction.DELEGATE.getUrl());
}
continue;
}
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("{} of target {} to {} denied", operationDesc, target, object);
}
securityEnforcer.failAuthorization("with " + assignmentElementQName.getLocalPart(), getRequestAuthorizationPhase(context), autzParams, result);
}
}
Also used :
PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue)
QName(javax.xml.namespace.QName)
OrderConstraintsType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrderConstraintsType)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
ObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)
AssignmentType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType)
AccessDecision(com.evolveum.midpoint.schema.AccessDecision)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
Example 99 with ObjectType
use of org.mitre.cybox.cybox_2.ObjectType in project midpoint by Evolveum.
the class SearchEvaluator method evaluate.
public <T extends ObjectType> PipelineData evaluate(SearchExpressionType searchExpression, PipelineData input, ExecutionContext context, OperationResult globalResult) throws ScriptExecutionException, SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ExpressionEvaluationException {
Validate.notNull(searchExpression.getType());
ExpressionProfile expressionProfile = MiscSchemaUtil.getExpressionProfile();
List<PipelineItem> data = input.getData();
if (data.isEmpty()) {
// TODO fix this brutal hack (with dummyValue)
PrismContainerValue<?> dummyValue = prismContext.itemFactory().createContainerValue();
PipelineItem dummyItem = new PipelineItem(dummyValue, PipelineData.newOperationResult(), context.getInitialVariables());
data = Collections.singletonList(dummyItem);
}
final PipelineData outputData = PipelineData.createEmpty();
final MutableBoolean atLeastOne = new MutableBoolean(false);
for (PipelineItem item : data) {
// TODO variables from current item
// TODO operation result handling (global vs local)
boolean noFetch = expressionHelper.getArgumentAsBoolean(searchExpression.getParameter(), PARAM_NO_FETCH, input, context, false, "search", globalResult);
Class<T> objectClass = ObjectTypes.getObjectTypeFromTypeQName(searchExpression.getType()).getClassDefinition();
ObjectQuery unresolvedObjectQuery = null;
if (searchExpression.getQuery() != null) {
try {
unresolvedObjectQuery = context.getQueryConverter().createObjectQuery(objectClass, searchExpression.getQuery());
} catch (SchemaException e) {
throw new ScriptExecutionException("Couldn't parse object query. Reason: " + e.getMessage(), e);
}
} else if (searchExpression.getSearchFilter() != null) {
unresolvedObjectQuery = prismContext.queryFactory().createQuery();
try {
ObjectFilter filter = prismContext.getQueryConverter().parseFilter(searchExpression.getSearchFilter(), objectClass);
unresolvedObjectQuery.setFilter(filter);
} catch (SchemaException e) {
throw new ScriptExecutionException("Couldn't parse object query. Reason: " + e.getMessage(), e);
}
}
ObjectQuery objectQuery;
if (unresolvedObjectQuery != null) {
VariablesMap variables = new VariablesMap();
// noinspection unchecked
item.getVariables().forEach((name, value) -> variables.put(name, cloneIfNecessary(name, value)));
try {
objectQuery = ExpressionUtil.evaluateQueryExpressions(unresolvedObjectQuery, variables, expressionProfile, expressionFactory, prismContext, "bulk action query", context.getTask(), globalResult);
} catch (SchemaException | ObjectNotFoundException | ExpressionEvaluationException | CommunicationException | ConfigurationException | SecurityViolationException e) {
// TODO continue on any error?
throw new ScriptExecutionException("Couldn't evaluate expressions in object query: " + e.getMessage(), e);
}
} else {
objectQuery = null;
}
final String variableName = searchExpression.getVariable();
ResultHandler<T> handler = (object, parentResult) -> {
context.checkTaskStop();
atLeastOne.setValue(true);
if (searchExpression.getScriptingExpression() != null) {
if (variableName != null) {
// TODO
}
JAXBElement<?> childExpression = searchExpression.getScriptingExpression();
try {
PipelineData expressionResult = scriptingExpressionEvaluator.evaluateExpression((ScriptingExpressionType) childExpression.getValue(), PipelineData.create(object.getValue(), item.getVariables()), context, globalResult);
if (!BooleanUtils.isFalse(searchExpression.isAggregateOutput())) {
outputData.addAllFrom(expressionResult);
}
globalResult.setSummarizeSuccesses(true);
globalResult.summarize();
} catch (ScriptExecutionException | SchemaException | ConfigurationException | ObjectNotFoundException | CommunicationException | SecurityViolationException | ExpressionEvaluationException e) {
// todo think about this
if (context.isContinueOnAnyError()) {
LoggingUtils.logUnexpectedException(LOGGER, "Exception when evaluating item from search result list.", e);
} else {
throw new SystemException(e);
}
}
} else {
outputData.addValue(object.getValue(), item.getVariables());
}
return true;
};
try {
Collection<SelectorOptions<GetOperationOptions>> options = operationsHelper.createGetOptions(searchExpression.getOptions(), noFetch);
modelService.searchObjectsIterative(objectClass, objectQuery, handler, options, context.getTask(), globalResult);
} catch (SchemaException | ObjectNotFoundException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
// TODO continue on any error?
throw new ScriptExecutionException("Couldn't execute searchObjects operation: " + e.getMessage(), e);
}
}
if (atLeastOne.isFalse()) {
// temporary hack, this will be configurable
context.println("Warning: no matching object found");
}
return outputData;
}
Also used :
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
OperationsHelper(com.evolveum.midpoint.model.impl.scripting.helpers.OperationsHelper)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
Autowired(org.springframework.beans.factory.annotation.Autowired)
BooleanUtils(org.apache.commons.lang3.BooleanUtils)
Trace(com.evolveum.midpoint.util.logging.Trace)
com.evolveum.midpoint.util.exception(com.evolveum.midpoint.util.exception)
ExpressionHelper(com.evolveum.midpoint.model.impl.scripting.helpers.ExpressionHelper)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
MiscSchemaUtil(com.evolveum.midpoint.schema.util.MiscSchemaUtil)
PipelineItem(com.evolveum.midpoint.model.api.PipelineItem)
VariablesMap(com.evolveum.midpoint.schema.expression.VariablesMap)
ResultHandler(com.evolveum.midpoint.schema.ResultHandler)
SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions)
Collection(java.util.Collection)
JAXBElement(javax.xml.bind.JAXBElement)
ExecutionContext(com.evolveum.midpoint.model.impl.scripting.ExecutionContext)
LoggingUtils(com.evolveum.midpoint.util.logging.LoggingUtils)
PipelineData(com.evolveum.midpoint.model.impl.scripting.PipelineData)
List(java.util.List)
Component(org.springframework.stereotype.Component)
ExpressionFactory(com.evolveum.midpoint.repo.common.expression.ExpressionFactory)
PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue)
ScriptingExpressionType(com.evolveum.midpoint.xml.ns._public.model.scripting_3.ScriptingExpressionType)
MutableBoolean(org.apache.commons.lang.mutable.MutableBoolean)
ExpressionUtil(com.evolveum.midpoint.repo.common.expression.ExpressionUtil)
GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions)
ExpressionProfile(com.evolveum.midpoint.schema.expression.ExpressionProfile)
ObjectTypes(com.evolveum.midpoint.schema.constants.ObjectTypes)
VariablesUtil.cloneIfNecessary(com.evolveum.midpoint.model.impl.scripting.VariablesUtil.cloneIfNecessary)
ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)
SearchExpressionType(com.evolveum.midpoint.xml.ns._public.model.scripting_3.SearchExpressionType)
Collections(java.util.Collections)
Validate(org.apache.commons.lang.Validate)
TraceManager(com.evolveum.midpoint.util.logging.TraceManager)
PipelineData(com.evolveum.midpoint.model.impl.scripting.PipelineData)
ScriptingExpressionType(com.evolveum.midpoint.xml.ns._public.model.scripting_3.ScriptingExpressionType)
VariablesMap(com.evolveum.midpoint.schema.expression.VariablesMap)
MutableBoolean(org.apache.commons.lang.mutable.MutableBoolean)
ExpressionProfile(com.evolveum.midpoint.schema.expression.ExpressionProfile)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
JAXBElement(javax.xml.bind.JAXBElement)
ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)
PipelineItem(com.evolveum.midpoint.model.api.PipelineItem)
SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions)
Example 100 with ObjectType
use of org.mitre.cybox.cybox_2.ObjectType in project midpoint by Evolveum.
the class SearchBasedMockActivityRun method provideSomeMockStatistics.
private void provideSomeMockStatistics(ItemProcessingRequest<ObjectType> request, RunningTask workerTask) {
ObjectType object = request.getItem();
workerTask.onSynchronizationStart(request.getIdentifier(), object.getOid(), SynchronizationSituationType.UNLINKED);
workerTask.onSynchronizationSituationChange(request.getIdentifier(), object.getOid(), SynchronizationSituationType.LINKED);
workerTask.recordObjectActionExecuted(object.asPrismObject(), ChangeType.MODIFY, null);
workerTask.recordObjectActionExecuted(object.asPrismObject(), ChangeType.MODIFY, null);
}
Also used :
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
Aggregations
ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)243
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)126
Test (org.testng.annotations.Test)97
Task (com.evolveum.midpoint.task.api.Task)82
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)79
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)78
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)68
OperationResultType (com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType)55
ArrayList (java.util.ArrayList)51
Holder (javax.xml.ws.Holder)48
QName (javax.xml.namespace.QName)32
ObjectReferenceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)30
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)29
AbstractModelIntegrationTest (com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)28
ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)26
PrismObject (com.evolveum.midpoint.prism.PrismObject)25
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)25
SelectorQualifiedGetOptionsType (com.evolveum.midpoint.xml.ns._public.common.common_3.SelectorQualifiedGetOptionsType)24
SystemConfigurationType (com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType)23
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)22
