private ValuePolicyType determineValuePolicy(
ObjectDelta<UserType> userDelta, Task task, OperationResult result) throws SchemaException {
ReferenceDelta orgDelta = userDelta.findReferenceModification(UserType.F_PARENT_ORG_REF);
ValuePolicyType passwordPolicy = null;
LOGGER.trace("Determining password policy from org delta.");
if (orgDelta != null) {
PrismReferenceValue orgRefValue = orgDelta.getAnyValue();
try {
PrismObject<OrgType> org =
resolver.resolve(orgRefValue, "resolving parent org ref", null, null, result);
OrgType orgType = org.asObjectable();
ObjectReferenceType ref = orgType.getPasswordPolicyRef();
if (ref != null) {
LOGGER.trace("Org {} has specified password policy.", orgType);
passwordPolicy =
resolver.resolve(
ref,
ValuePolicyType.class,
null,
"resolving password policy for organization",
task,
result);
LOGGER.trace("Resolved password policy {}", passwordPolicy);
}
if (passwordPolicy == null) {
passwordPolicy = determineValuePolicy(org, task, result);
}
} catch (ObjectNotFoundException e) {
throw new IllegalStateException(e);
}
}
return passwordPolicy;
}
// TODO: refactor - this method is also in SchemaHandlerImpl
private ResourceType resolveResource(ShadowType shadow, OperationResult result)
throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException {
if (shadow.getResource() != null) {
return shadow.getResource();
}
ObjectReferenceType ref = shadow.getResourceRef();
if (ref == null) {
throw new ExpressionEvaluationException(
"Resource shadow object " + shadow + " doesn't have defined resource.");
}
if (ref.getOid() == null) {
throw new ExpressionEvaluationException(
"Resource shadow object " + shadow + " defines null resource OID.");
}
return modelObjectResolver.getObjectSimple(
ResourceType.class, ref.getOid(), null, null, result);
}
private ValuePolicyType determineValuePolicy(
PrismObject object, Task task, OperationResult result) throws SchemaException {
LOGGER.trace("Determining password policies from object", object);
PrismReference orgRef = object.findReference(ObjectType.F_PARENT_ORG_REF);
if (orgRef == null) {
return null;
}
List<PrismReferenceValue> values = orgRef.getValues();
ValuePolicyType valuePolicy = null;
List<PrismObject<OrgType>> orgs = new ArrayList<PrismObject<OrgType>>();
try {
for (PrismReferenceValue orgRefValue : values) {
if (orgRefValue != null) {
if (valuePolicy != null) {
throw new IllegalStateException(
"Found more than one policy while trying to validate user's password. Please check your configuration");
}
PrismObject<OrgType> org =
resolver.resolve(orgRefValue, "resolving parent org ref", null, null, result);
orgs.add(org);
valuePolicy = resolvePolicy(org, task, result);
}
}
} catch (ObjectNotFoundException ex) {
throw new IllegalStateException(ex);
}
// go deeper
if (valuePolicy == null) {
for (PrismObject<OrgType> orgType : orgs) {
valuePolicy = determineValuePolicy(orgType, task, result);
if (valuePolicy != null) {
return valuePolicy;
}
}
}
return valuePolicy;
}
private ValuePolicyType resolvePolicy(PrismObject<OrgType> org, Task task, OperationResult result)
throws SchemaException {
try {
OrgType orgType = org.asObjectable();
ObjectReferenceType ref = orgType.getPasswordPolicyRef();
if (ref == null) {
return null;
}
return resolver.resolve(
ref,
ValuePolicyType.class,
null,
"resolving password policy for organization",
task,
result);
} catch (ObjectNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw new IllegalStateException(e);
}
}