Search in sources :

Example 1 with AuthorizationAction

use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.

the class SecurityUtils method isPageAuthorized.

public static boolean isPageAuthorized(Class<?> page) {
    if (page == null) {
        return false;
    }
    PageDescriptor descriptor = page.getAnnotation(PageDescriptor.class);
    if (descriptor == null) {
        return false;
    }
    AuthorizationAction[] actions = descriptor.action();
    List<String> list = new ArrayList<>();
    for (AuthorizationAction action : actions) {
        list.add(action.actionUri());
    }
    return WebComponentUtil.isAuthorized(list.toArray(new String[0]));
}
Also used : PageDescriptor(com.evolveum.midpoint.authentication.api.authorization.PageDescriptor) AuthorizationAction(com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction)

Example 2 with AuthorizationAction

use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.

the class SecurityUtils method getPageAuthorizations.

public static List<String> getPageAuthorizations(Class<?> page) {
    List<String> list = new ArrayList<>();
    if (page == null) {
        return list;
    }
    PageDescriptor descriptor = page.getAnnotation(PageDescriptor.class);
    if (descriptor == null) {
        return list;
    }
    AuthorizationAction[] actions = descriptor.action();
    for (AuthorizationAction action : actions) {
        list.add(action.actionUri());
    }
    return list;
}
Also used : PageDescriptor(com.evolveum.midpoint.authentication.api.authorization.PageDescriptor) AuthorizationAction(com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction)

Example 3 with AuthorizationAction

use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.

the class WebComponentUtil method isAuthorized.

public static boolean isAuthorized(Class<? extends ObjectType> clazz) {
    Class<? extends PageBase> detailsPage = getObjectDetailsPage(clazz);
    if (detailsPage == null) {
        return false;
    }
    PageDescriptor descriptor = detailsPage.getAnnotation(PageDescriptor.class);
    AuthorizationAction[] actions = descriptor.action();
    List<String> actionUris = new ArrayList<>();
    for (AuthorizationAction action : actions) {
        actionUris.add(action.actionUri());
    }
    return isAuthorized(actionUris);
}
Also used : PageDescriptor(com.evolveum.midpoint.authentication.api.authorization.PageDescriptor) AuthorizationAction(com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction) PolyString(com.evolveum.midpoint.prism.polystring.PolyString)

Example 4 with AuthorizationAction

use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.

the class DescriptorLoaderImpl method loadActions.

private void loadActions(PageDescriptor descriptor) {
    if (descriptor.loginPage()) {
        foreachUrl(descriptor, loginPages::add);
    }
    if (StringUtils.isNotEmpty(descriptor.authModule())) {
        List<String> urls = new ArrayList<>();
        foreachUrl(descriptor, urls::add);
        mapForAuthPages.put(descriptor.authModule(), urls);
    }
    if (descriptor.permitAll()) {
        foreachUrl(descriptor, permitAllUrls::add);
        return;
    }
    List<AuthorizationActionValue> actions = new ArrayList<>();
    // avoid of setting guiAll authz for "public" pages (e.g. login page)
    if (descriptor.action() == null || descriptor.action().length == 0) {
        return;
    }
    boolean canAccess = true;
    for (AuthorizationAction action : descriptor.action()) {
        actions.add(new AuthorizationActionValue(action.actionUri(), action.label(), action.description()));
        if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(action.actionUri())) {
            canAccess = false;
            break;
        }
    }
    // add http://.../..#guiAll authorization only for displayable pages, not for pages used for development..
    if (canAccess) {
        actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL, AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
    }
    foreachUrl(descriptor, url -> DescriptorLoaderImpl.actions.put(url, actions.toArray(new AuthorizationActionValue[0])));
}
Also used : AuthorizationAction(com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction)

Aggregations

AuthorizationAction (com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction)4 PageDescriptor (com.evolveum.midpoint.authentication.api.authorization.PageDescriptor)3 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)1