use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.
the class SecurityUtils method isPageAuthorized.
public static boolean isPageAuthorized(Class<?> page) {
if (page == null) {
return false;
}
PageDescriptor descriptor = page.getAnnotation(PageDescriptor.class);
if (descriptor == null) {
return false;
}
AuthorizationAction[] actions = descriptor.action();
List<String> list = new ArrayList<>();
for (AuthorizationAction action : actions) {
list.add(action.actionUri());
}
return WebComponentUtil.isAuthorized(list.toArray(new String[0]));
}
use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.
the class SecurityUtils method getPageAuthorizations.
public static List<String> getPageAuthorizations(Class<?> page) {
List<String> list = new ArrayList<>();
if (page == null) {
return list;
}
PageDescriptor descriptor = page.getAnnotation(PageDescriptor.class);
if (descriptor == null) {
return list;
}
AuthorizationAction[] actions = descriptor.action();
for (AuthorizationAction action : actions) {
list.add(action.actionUri());
}
return list;
}
use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.
the class WebComponentUtil method isAuthorized.
public static boolean isAuthorized(Class<? extends ObjectType> clazz) {
Class<? extends PageBase> detailsPage = getObjectDetailsPage(clazz);
if (detailsPage == null) {
return false;
}
PageDescriptor descriptor = detailsPage.getAnnotation(PageDescriptor.class);
AuthorizationAction[] actions = descriptor.action();
List<String> actionUris = new ArrayList<>();
for (AuthorizationAction action : actions) {
actionUris.add(action.actionUri());
}
return isAuthorized(actionUris);
}
use of com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction in project midpoint by Evolveum.
the class DescriptorLoaderImpl method loadActions.
private void loadActions(PageDescriptor descriptor) {
if (descriptor.loginPage()) {
foreachUrl(descriptor, loginPages::add);
}
if (StringUtils.isNotEmpty(descriptor.authModule())) {
List<String> urls = new ArrayList<>();
foreachUrl(descriptor, urls::add);
mapForAuthPages.put(descriptor.authModule(), urls);
}
if (descriptor.permitAll()) {
foreachUrl(descriptor, permitAllUrls::add);
return;
}
List<AuthorizationActionValue> actions = new ArrayList<>();
// avoid of setting guiAll authz for "public" pages (e.g. login page)
if (descriptor.action() == null || descriptor.action().length == 0) {
return;
}
boolean canAccess = true;
for (AuthorizationAction action : descriptor.action()) {
actions.add(new AuthorizationActionValue(action.actionUri(), action.label(), action.description()));
if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(action.actionUri())) {
canAccess = false;
break;
}
}
// add http://.../..#guiAll authorization only for displayable pages, not for pages used for development..
if (canAccess) {
actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL, AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
}
foreachUrl(descriptor, url -> DescriptorLoaderImpl.actions.put(url, actions.toArray(new AuthorizationActionValue[0])));
}
Aggregations