<F extends ObjectType> void processPasswordPolicy(
LensProjectionContext projectionContext,
LensContext<F> context,
Task task,
OperationResult result)
throws SchemaException, PolicyViolationException {
ObjectDelta accountDelta = projectionContext.getDelta();
if (accountDelta == null) {
LOGGER.trace("Skipping processing password policies. Shadow delta not specified.");
return;
}
if (ChangeType.DELETE == accountDelta.getChangeType()) {
return;
}
PrismObject<ShadowType> accountShadow = null;
PrismProperty<PasswordType> password = null;
if (ChangeType.ADD == accountDelta.getChangeType()) {
accountShadow = accountDelta.getObjectToAdd();
if (accountShadow != null) {
password = accountShadow.findProperty(SchemaConstants.PATH_PASSWORD_VALUE);
}
}
if (ChangeType.MODIFY == accountDelta.getChangeType() || password == null) {
PropertyDelta<PasswordType> passwordValueDelta = null;
if (accountDelta != null) {
passwordValueDelta = accountDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
// Modification sanity check
if (accountDelta.getChangeType() == ChangeType.MODIFY
&& passwordValueDelta != null
&& (passwordValueDelta.isAdd() || passwordValueDelta.isDelete())) {
throw new SchemaException(
"Shadow password value cannot be added or deleted, it can only be replaced");
}
if (passwordValueDelta == null) {
LOGGER.trace(
"Skipping processing password policies. Shadow delta does not contain password change.");
return;
}
password = (PrismProperty<PasswordType>) passwordValueDelta.getItemNewMatchingPath(null);
}
}
// PrismProperty<PasswordType> password = getPassword(projectionContext);
ValuePolicyType passwordPolicy = null;
if (isCheckOrgPolicy(context)) {
passwordPolicy = determineValuePolicy(context.getFocusContext().getObjectAny(), task, result);
context.getFocusContext().setOrgPasswordPolicy(passwordPolicy);
} else {
passwordPolicy = projectionContext.getEffectivePasswordPolicy();
}
processPasswordPolicy(passwordPolicy, password, result);
}
