private <O extends ObjectType> AccessDecision determineObjectDecision(PrismContainer<O> object, ItemDecisionFunction itemDecitionFunction) { AccessDecision containerDecision = determineContainerDecision(object.getValue(), itemDecitionFunction, false, "object"); if (containerDecision == null && object.isEmpty()) { // There are no items in the object. Therefore there is no item that is allowed. Therefore decision is DEFAULT. // But also there is no item that is denied or not allowed. // This is a corner case. But this approach is often used by GUI to determine if // a specific class of object is allowed, e.g. if it is allowed to create (some) roles. This is used to // determine whether to display a particular menu item. // Therefore we should allow such cases. return AccessDecision.ALLOW; } return containerDecision; }
public void processEntitlementsAdd(ProvisioningContext ctx, PrismObject<ShadowType> shadow) throws SchemaException, ConfigurationException, ObjectNotFoundException, CommunicationException, ExpressionEvaluationException { PrismContainer<ShadowAssociationType> associationContainer = shadow.findContainer(ShadowType.F_ASSOCIATION); if (associationContainer == null || associationContainer.isEmpty()) { return; } Map<QName, PropertyModificationOperation> operationMap = new HashMap<>(); collectEntitlementToAttrsDelta(ctx, operationMap, associationContainer.getValues(), ModificationType.ADD); for (PropertyModificationOperation operation : operationMap.values()) { operation.getPropertyDelta().applyTo(shadow); } }
public <T> PrismObject<ShadowType> collectEntitlementsAsObjectOperationInShadowAdd(ProvisioningContext ctx, Map<ResourceObjectDiscriminator, ResourceObjectOperations> roMap, PrismObject<ShadowType> shadow, OperationResult result) throws SchemaException, ObjectNotFoundException, CommunicationException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException { PrismContainer<ShadowAssociationType> associationContainer = shadow.findContainer(ShadowType.F_ASSOCIATION); if (associationContainer == null || associationContainer.isEmpty()) { return shadow; } return collectEntitlementsAsObjectOperation(ctx, roMap, associationContainer.getValues(), null, shadow, ModificationType.ADD, result); }
public static <T> List<T> getAttributeValues(PrismObject<? extends ShadowType> shadow, QName attrName) { PrismContainer<?> attributesContainer = shadow.findContainer(ShadowType.F_ATTRIBUTES); if (attributesContainer == null || attributesContainer.isEmpty()) { return null; } PrismProperty<T> attr = attributesContainer.findProperty(ItemName.fromQName(attrName)); if (attr == null) { return null; } List<T> values = new ArrayList<>(); for (PrismPropertyValue<T> pval : attr.getValues()) { values.add(pval.getValue()); } if (values.isEmpty()) { return null; } return values; }
private List<PasswordHistoryEntryType> getSortedHistoryList(PrismContainer<PasswordHistoryEntryType> historyEntries, boolean ascending) { if (historyEntries == null || historyEntries.isEmpty()) { return new ArrayList<>(); } List<PasswordHistoryEntryType> historyEntryValues = (List<PasswordHistoryEntryType>) historyEntries.getRealValues(); historyEntryValues.sort((o1, o2) -> { XMLGregorianCalendar changeTimestampFirst = o1.getChangeTimestamp(); XMLGregorianCalendar changeTimestampSecond = o2.getChangeTimestamp(); if (ascending) { return changeTimestampFirst.compare(changeTimestampSecond); } else { return changeTimestampSecond.compare(changeTimestampFirst); } }); return historyEntryValues; }
details.append("; sync situation = ").append(shadow.asObjectable().getSynchronizationSituation()).append("\n"); PrismContainer<ShadowAttributesType> attributesContainer = shadow.findContainer(ShadowType.F_ATTRIBUTES); if (attributesContainer != null && !attributesContainer.isEmpty()) { for (Item item : attributesContainer.getValue().getItems()) { details.append(" - ").append(item.getElementName().getLocalPart()).append(" = ");
public static boolean limitationsAllow(List<OtherPrivilegesLimitationType> limitations, QName itemName) { for (OtherPrivilegesLimitationType limitation : limitations) { @SuppressWarnings({ "unchecked", "raw" }) PrismContainer<WorkItemSelectorType> selector = limitation.asPrismContainerValue().findContainer(itemName); if (selector == null || selector.isEmpty() || !selector.getRealValue().isAll()) { return false; } } return true; }
protected void assertNoAttribute(PrismObject<ResourceType> resource, ShadowType shadow, ItemName attrQname) { PrismContainer<?> attributesContainer = shadow.asPrismObject().findContainer(ShadowType.F_ATTRIBUTES); if (attributesContainer == null || attributesContainer.isEmpty()) { return; } PrismProperty attribute = attributesContainer.findProperty(attrQname); assertNull("Unexpected attribute "+attrQname+" in "+shadow+": "+attribute, attribute); }
private static void mergeExtensionContainers(Item<PrismContainerValue<AssignmentType>,PrismContainerDefinition<AssignmentType>> dstItem, PrismContainer<Containerable> srcExtension) throws SchemaException { if (dstItem == null) { return; } PrismContainer<AssignmentType> dstContainer = (PrismContainer<AssignmentType>) dstItem; if (srcExtension != null && !srcExtension.isEmpty()) { PrismContainer<?> dstExtensionContainer = dstContainer.findOrCreateContainer(AssignmentType.F_EXTENSION); PrismContainerValue<?> dstExtensionContainerValue = dstExtensionContainer.getValues().isEmpty() ? dstExtensionContainer.createNewValue() : dstExtensionContainer.getValue(); ObjectTypeUtil.mergeExtension(dstExtensionContainerValue, srcExtension.getValue()); } }
protected void assertNoAttribute(PrismObject<ResourceType> resource, ShadowType shadow, QName attrQname) { PrismContainer<?> attributesContainer = shadow.asPrismObject().findContainer(ShadowType.F_ATTRIBUTES); if (attributesContainer == null || attributesContainer.isEmpty()) { return; } PrismProperty attribute = attributesContainer.findProperty(ItemName.fromQName(attrQname)); assertNull("Unexpected attribute "+attrQname+" in "+shadow+": "+attribute, attribute); }
if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()){ requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build()); return null;
protected String getIcfUid(PrismObject<ShadowType> shadow) { PrismContainer<Containerable> attributesContainer = shadow.findContainer(ShadowType.F_ATTRIBUTES); assertNotNull("Null attributes in "+shadow, attributesContainer); assertFalse("Empty attributes in "+shadow, attributesContainer.isEmpty()); PrismProperty<String> icfUidProp = attributesContainer.findProperty(new ItemName(SchemaConstants.NS_ICF_SCHEMA, "uid")); assertNotNull("No ICF name attribute in "+shadow, icfUidProp); return icfUidProp.getRealValue(); }
private ObjectDelta createDelta(ResourceType resourceType) throws ScriptExecutionException { PrismContainer<XmlSchemaType> schemaContainer = resourceType.asPrismObject().findContainer(ResourceType.F_SCHEMA); if (schemaContainer == null || schemaContainer.isEmpty()) { return null; } return prismContext.deltaFactory().object().createModificationDeleteContainer( ResourceType.class, resourceType.getOid(), ResourceType.F_SCHEMA, schemaContainer.getValue().clone()); } }
private void preprocessEntitlement(ProvisioningContext ctx, PrismContainerValue<ShadowAssociationType> association, String desc, OperationResult result) throws SchemaException, ObjectNotFoundException, ConfigurationException, CommunicationException, ExpressionEvaluationException { PrismContainer<Containerable> identifiersContainer = association .findContainer(ShadowAssociationType.F_IDENTIFIERS); if (identifiersContainer != null && !identifiersContainer.isEmpty()) { // We already have identifiers here return; } ShadowAssociationType associationType = association.asContainerable(); if (associationType.getShadowRef() == null || StringUtils.isEmpty(associationType.getShadowRef().getOid())) { throw new SchemaException( "No identifiers and no OID specified in entitlements association " + association); } PrismObject<ShadowType> repoShadow; try { repoShadow = repositoryService.getObject(ShadowType.class, associationType.getShadowRef().getOid(), null, result); } catch (ObjectNotFoundException e) { throw new ObjectNotFoundException(e.getMessage() + " while resolving entitlement association OID in " + association + " in " + desc, e); } shadowCaretaker.applyAttributesDefinition(ctx, repoShadow); transplantIdentifiers(association, repoShadow); }
/** * Creates and starts task with proper handler, also adds necessary information to task * (like ReportType reference and so on). * * @param object * @param task * @param parentResult describes report which has to be created */ @Override public void runReport(PrismObject<ReportType> object, PrismContainer<ReportParameterType> paramContainer, Task task, OperationResult parentResult) { task.setHandlerUri(ReportCreateTaskHandler.REPORT_CREATE_TASK_URI); task.setObjectRef(object.getOid(), ReportType.COMPLEX_TYPE); try { if (paramContainer != null && !paramContainer.isEmpty()){ task.setExtensionContainer(paramContainer); } } catch (SchemaException e) { throw new SystemException(e); } task.setThreadStopAction(ThreadStopActionType.CLOSE); task.makeSingle(); taskManager.switchToBackground(task, parentResult); parentResult.setBackgroundTaskOid(task.getOid()); } /**
PrismContainer<?> attrs = shadowType.asPrismObject().findContainer(ShadowType.F_ATTRIBUTES); assertNotNull("no attributes",attrs); assertFalse("empty attributes",attrs.isEmpty());
if (associationContainer == null || associationContainer.isEmpty()){ LOGGER.trace("No shadow association container in old shadow. Skipping processing entitlements change for {}.", subjectItemPath); continue;
if (!associationContainer.isEmpty()) { resourceObject.add(associationContainer);
public void testGetResourceBrokenSchema(BreakMode breakMode, String testName) throws Exception { TestUtil.displayTestTitle(testName); // GIVEN OperationResult result = new OperationResult(TestDummyNegative.class.getName() + "."+testName); // precondition PrismObject<ResourceType> repoResource = repositoryService.getObject(ResourceType.class, RESOURCE_DUMMY_OID, null, result); display("Repo resource (before)", repoResource); PrismContainer<Containerable> schema = repoResource.findContainer(ResourceType.F_SCHEMA); assertTrue("Schema found in resource before the test (precondition)", schema == null || schema.isEmpty()); dummyResource.setSchemaBreakMode(breakMode); try { // WHEN PrismObject<ResourceType> resource = provisioningService.getObject(ResourceType.class, RESOURCE_DUMMY_OID, null, null, result); // THEN display("Resource with broken schema", resource); OperationResultType fetchResult = resource.asObjectable().getFetchResult(); result.computeStatus(); display("getObject result", result); assertEquals("Unexpected result of getObject operation", OperationResultStatus.PARTIAL_ERROR, result.getStatus()); assertNotNull("No fetch result", fetchResult); display("fetchResult", fetchResult); assertEquals("Unexpected result of fetchResult", OperationResultStatusType.PARTIAL_ERROR, fetchResult.getStatus()); } finally { dummyResource.setSchemaBreakMode(BreakMode.NONE); } }
private void assertResource(PrismObject<ResourceType> resource, boolean expectSchema) { display("Resource", resource); display("Resource def", resource.getDefinition()); PrismContainer<ConnectorConfigurationType> configurationContainer = resource.findContainer(ResourceType.F_CONNECTOR_CONFIGURATION); assertNotNull("No Resource connector configuration def", configurationContainer); PrismContainerDefinition<ConnectorConfigurationType> configurationContainerDefinition = configurationContainer.getDefinition(); display("Resource connector configuration def", configurationContainerDefinition); display("Resource connector configuration def complex type def", configurationContainerDefinition.getComplexTypeDefinition()); assertNotNull("Empty Resource connector configuration def", configurationContainer.isEmpty()); assertEquals("Wrong compile-time class in Resource connector configuration in "+resource, ConnectorConfigurationType.class, configurationContainer.getCompileTimeClass()); assertEquals("configurationContainer maxOccurs", 1, configurationContainerDefinition.getMaxOccurs()); resource.checkConsistence(true, true); Element schema = ResourceTypeUtil.getResourceXsdSchema(resource); if (expectSchema) { assertNotNull("no schema in "+resource, schema); } else { assertNull("Unexpected schema in "+resource+": "+schema, schema); } }