Example 6 with S_FilterEntryOrEmpty
use of com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty in project midpoint by Evolveum.
the class SqaleRepoBaseTest method searchObjectTest.
protected <T extends ObjectType> SearchResultList<T> searchObjectTest(String description, Class<T> type, Function<S_FilterEntryOrEmpty, S_FilterExit> filter, String... expectedOids) throws SchemaException {
String typeName = type.getSimpleName().replaceAll("Type$", "").toLowerCase();
when("searching for " + typeName + "(s) " + description);
OperationResult operationResult = createOperationResult();
SearchResultList<T> result = searchObjects(type, filter.apply(prismContext.queryFor(type)).build(), operationResult);
then(typeName + "(s) " + description + " are returned");
assertThatOperationResult(operationResult).isSuccess();
assertThat(result).extracting(o -> o.getOid()).containsExactlyInAnyOrder(expectedOids);
return result;
}
Also used :
FlexibleRelationalPathBase(com.evolveum.midpoint.repo.sqlbase.querydsl.FlexibleRelationalPathBase)
com.evolveum.midpoint.schema(com.evolveum.midpoint.schema)
java.util(java.util)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
SqaleAuditService(com.evolveum.midpoint.repo.sqale.audit.SqaleAuditService)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
JdbcSession(com.evolveum.midpoint.repo.sqlbase.JdbcSession)
SchemaConstants(com.evolveum.midpoint.schema.constants.SchemaConstants)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
Autowired(org.springframework.beans.factory.annotation.Autowired)
OperationPerformanceInformation(com.evolveum.midpoint.repo.api.perf.OperationPerformanceInformation)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
Function(java.util.function.Function)
ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter)
QNameUtil(com.evolveum.midpoint.util.QNameUtil)
SqlRecorder(com.evolveum.midpoint.repo.sqlbase.querydsl.SqlRecorder)
QUri(com.evolveum.midpoint.repo.sqale.qmodel.common.QUri)
MExtItem(com.evolveum.midpoint.repo.sqale.qmodel.ext.MExtItem)
QExtItem(com.evolveum.midpoint.repo.sqale.qmodel.ext.QExtItem)
ShadowAttributesType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowAttributesType)
MReference(com.evolveum.midpoint.repo.sqale.qmodel.ref.MReference)
MExtItemHolderType(com.evolveum.midpoint.repo.sqale.qmodel.ext.MExtItemHolderType)
MObjectType(com.evolveum.midpoint.repo.sqale.qmodel.object.MObjectType)
SQLQuery(com.querydsl.sql.SQLQuery)
com.evolveum.midpoint.prism(com.evolveum.midpoint.prism)
QueryType(com.evolveum.prism.xml.ns._public.query_3.QueryType)
AuditService(com.evolveum.midpoint.audit.api.AuditService)
QObject(com.evolveum.midpoint.repo.sqale.qmodel.object.QObject)
AbstractSpringTest(com.evolveum.midpoint.test.util.AbstractSpringTest)
BeforeClass(org.testng.annotations.BeforeClass)
SqlPerformanceMonitorImpl(com.evolveum.midpoint.repo.sqlbase.perfmon.SqlPerformanceMonitorImpl)
StandardCharsets(java.nio.charset.StandardCharsets)
InfraTestMixin(com.evolveum.midpoint.test.util.InfraTestMixin)
Nullable(org.jetbrains.annotations.Nullable)
Stream(java.util.stream.Stream)
ItemName(com.evolveum.midpoint.prism.path.ItemName)
ContextConfiguration(org.springframework.test.context.ContextConfiguration)
MObject(com.evolveum.midpoint.repo.sqale.qmodel.object.MObject)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
QName(javax.xml.namespace.QName)
ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)
S_FilterExit(com.evolveum.midpoint.prism.query.builder.S_FilterExit)
Predicate(com.querydsl.core.types.Predicate)
NotNull(org.jetbrains.annotations.NotNull)
S_FilterEntryOrEmpty(com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
Example 7 with S_FilterEntryOrEmpty
use of com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty in project midpoint by Evolveum.
the class SecurityEnforcerImpl method computeSecurityFilterPhase.
/**
* @return additional security filter. This filter is supposed to be added (operation "AND") to the original filter.
*
* See also {@link com.evolveum.midpoint.repo.common.query.SelectorToFilterTranslator} (should be merged eventually?)
*/
private <T extends ObjectType, O extends ObjectType, F> F computeSecurityFilterPhase(MidPointPrincipal principal, String[] operationUrls, AuthorizationPhaseType phase, boolean includeNullPhase, Class<T> objectType, PrismObject<O> object, boolean includeSpecial, ObjectFilter origFilter, String limitAuthorizationAction, List<OrderConstraintsType> paramOrderConstraints, FilterGizmo<F> gizmo, String desc, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
Collection<Authorization> authorities = getAuthorities(principal);
F securityFilterAllow = null;
F securityFilterDeny = null;
QueryAutzItemPaths queryItemsSpec = new QueryAutzItemPaths();
// MID-3916
queryItemsSpec.addRequiredItems(origFilter);
LOGGER.trace(" phase={}, initial query items spec {}", phase, queryItemsSpec.shortDumpLazily());
if (authorities != null) {
for (GrantedAuthority authority : authorities) {
if (authority instanceof Authorization) {
Authorization autz = (Authorization) authority;
String autzHumanReadableDesc = autz.getHumanReadableDesc();
LOGGER.trace(" Evaluating {}", autzHumanReadableDesc);
// action
if (!isApplicableForActions(autz, operationUrls)) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" Authorization not applicable for operation {}", prettyActionUrl(operationUrls));
}
continue;
}
// phase
if (autz.getPhase() == phase || (includeNullPhase && autz.getPhase() == null)) {
LOGGER.trace(" Authorization is applicable for phases {} (continuing evaluation)", phase);
} else {
LOGGER.trace(" Authorization is not applicable for phase {} (includeNullPhase={})", phase, includeNullPhase);
continue;
}
if (!isApplicableLimitations(autz, limitAuthorizationAction)) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" Authorization is limited to other action, not applicable for operation {}", prettyActionUrl(operationUrls));
}
continue;
}
// orderConstraints
if (!isApplicableOrderConstraints(autz, paramOrderConstraints)) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" Authorization not applicable for orderConstraints {}", SchemaDebugUtil.shortDumpOrderConstraintsList(paramOrderConstraints));
}
continue;
}
// object or target
String objectTargetSpec;
ObjectFilter autzObjSecurityFilter = null;
List<OwnedObjectSelectorType> objectSpecTypes;
if (object == null) {
// object not present. Therefore we are looking for object here
objectSpecTypes = autz.getObject();
objectTargetSpec = "object";
} else {
// object present. Therefore we are looking for target
objectSpecTypes = autz.getTarget();
objectTargetSpec = "target";
// .. but we need to decide whether this authorization is applicable to the object
if (isApplicable(autz.getObject(), object, principal, null, "object", autzHumanReadableDesc, task, result)) {
LOGGER.trace(" Authorization is applicable for object {}", object);
} else {
LOGGER.trace(" Authorization is not applicable for object {}", object);
continue;
}
}
boolean applicable = true;
if (objectSpecTypes == null || objectSpecTypes.isEmpty()) {
LOGGER.trace(" No {} specification in authorization (authorization is universally applicable)", objectTargetSpec);
autzObjSecurityFilter = FilterCreationUtil.createAll(prismContext);
} else {
applicable = false;
for (OwnedObjectSelectorType objectSpecType : objectSpecTypes) {
ObjectFilter objSpecSecurityFilter = null;
TypeFilter objSpecTypeFilter = null;
SearchFilterType specFilterType = objectSpecType.getFilter();
ObjectReferenceType specOrgRef = objectSpecType.getOrgRef();
List<ObjectReferenceType> archetypeRefs = objectSpecType.getArchetypeRef();
OrgRelationObjectSpecificationType specOrgRelation = objectSpecType.getOrgRelation();
RoleRelationObjectSpecificationType specRoleRelation = objectSpecType.getRoleRelation();
TenantSelectorType specTenant = objectSpecType.getTenant();
QName specTypeQName = objectSpecType.getType();
PrismObjectDefinition<T> objectDefinition = null;
// Type
if (specTypeQName != null) {
specTypeQName = prismContext.getSchemaRegistry().qualifyTypeName(specTypeQName);
PrismObjectDefinition<?> specObjectDef = prismContext.getSchemaRegistry().findObjectDefinitionByType(specTypeQName);
if (specObjectDef == null) {
throw new SchemaException("Unknown object type " + specTypeQName + " in " + autzHumanReadableDesc);
}
Class<?> specObjectClass = specObjectDef.getCompileTimeClass();
if (objectType.equals(specObjectClass)) {
traceClassMatch("Authorization is applicable for object because of type exact match", specObjectClass, objectType);
} else if (!objectType.isAssignableFrom(specObjectClass)) {
traceClassMatch("Authorization not applicable for object because of type mismatch", specObjectClass, objectType);
continue;
} else {
traceClassMatch("Authorization is applicable for object because of type match, adding more specific type filter", specObjectClass, objectType);
// The spec type is a subclass of requested type. So it might be returned from the search.
// We need to use type filter.
objSpecTypeFilter = prismContext.queryFactory().createType(specTypeQName, null);
// and now we have a more specific object definition to use later in filter processing
objectDefinition = (PrismObjectDefinition<T>) specObjectDef;
}
}
// Owner
if (objectSpecType.getOwner() != null) {
if (objectDefinition == null) {
objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(objectType);
}
// TODO what if owner is specified not as "self" ?
if (TaskType.class.isAssignableFrom(objectType)) {
objSpecSecurityFilter = applyOwnerFilterOwnerRef(TaskType.F_OWNER_REF, objSpecSecurityFilter, principal, objectDefinition);
} else {
LOGGER.trace(" Authorization not applicable for object because it has owner specification (this is not applicable for search)");
continue;
}
}
// Requestor
if (objectSpecType.getRequester() != null) {
if (CaseType.class.isAssignableFrom(objectType)) {
objSpecSecurityFilter = applyRequestorFilter(objSpecSecurityFilter, principal);
} else {
LOGGER.trace(" Authorization not applicable for object because it has requester specification (this is not applicable for search for objects other than CaseType)");
continue;
}
}
// Related object
if (objectSpecType.getRelatedObject() != null) {
if (CaseType.class.isAssignableFrom(objectType) || TaskType.class.isAssignableFrom(objectType)) {
objSpecSecurityFilter = applyRelatedObjectFilter(objectType, objSpecSecurityFilter, principal);
} else {
LOGGER.trace(" Authorization not applicable for object because it has related object specification (this is not applicable for search for objects other than CaseType and TaskType)");
continue;
}
}
// Assignee
if (objectSpecType.getAssignee() != null) {
if (CaseType.class.isAssignableFrom(objectType)) {
objSpecSecurityFilter = applyAssigneeFilter(objSpecSecurityFilter, principal);
} else {
LOGGER.trace(" Authorization not applicable for object because it has assignee specification (this is not applicable for search for objects other than CaseType)");
continue;
}
}
// Delegator
if (objectSpecType.getDelegator() != null) {
// TODO: MID-3899
LOGGER.trace(" Authorization not applicable for object because it has delegator specification (this is not applicable for search)");
continue;
}
applicable = true;
// Special
List<SpecialObjectSpecificationType> specSpecial = objectSpecType.getSpecial();
if (specSpecial != null && !specSpecial.isEmpty()) {
if (!includeSpecial) {
LOGGER.trace(" Skipping authorization, because specials are present: {}", specSpecial);
applicable = false;
}
if (specFilterType != null || specOrgRef != null || specOrgRelation != null || specRoleRelation != null || specTenant != null || !archetypeRefs.isEmpty()) {
throw new SchemaException("Both filter/org/role/archetype/tenant and special object specification specified in authorization");
}
ObjectFilter specialFilter = null;
for (SpecialObjectSpecificationType special : specSpecial) {
if (special == SpecialObjectSpecificationType.SELF) {
String principalOid = principal.getOid();
specialFilter = ObjectQueryUtil.filterOr(specialFilter, prismContext.queryFactory().createInOid(principalOid), prismContext);
} else {
throw new SchemaException("Unsupported special object specification specified in authorization: " + special);
}
}
objSpecSecurityFilter = specTypeQName != null ? prismContext.queryFactory().createType(specTypeQName, specialFilter) : specialFilter;
} else {
LOGGER.trace(" specials empty: {}", specSpecial);
}
// Filter
if (specFilterType != null) {
if (objectDefinition == null) {
objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(objectType);
}
ObjectFilter specFilter = parseAndEvaluateFilter(principal, objectDefinition, specFilterType, objectTargetSpec, autzHumanReadableDesc, task, result);
if (specFilter != null) {
ObjectQueryUtil.assertNotRaw(specFilter, "Filter in authorization object has undefined items. Maybe a 'type' specification is missing in the authorization?");
ObjectQueryUtil.assertPropertyOnly(specFilter, "Filter in authorization object is not property-only filter");
}
LOGGER.trace(" applying property filter {}", specFilter);
objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, specFilter, prismContext);
} else {
LOGGER.trace(" filter empty (assuming \"all\")");
if (objSpecSecurityFilter == null) {
objSpecSecurityFilter = prismContext.queryFactory().createAll();
}
}
// Archetypes
if (!archetypeRefs.isEmpty()) {
ObjectFilter archsFilter = null;
for (ObjectReferenceType archetypeRef : archetypeRefs) {
ObjectFilter archFilter = prismContext.queryFor(AssignmentHolderType.class).item(AssignmentHolderType.F_ARCHETYPE_REF).ref(archetypeRef.getOid()).buildFilter();
archsFilter = ObjectQueryUtil.filterOr(archsFilter, archFilter, prismContext);
}
objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, archsFilter, prismContext);
LOGGER.trace(" applying archetype filter {}", archsFilter);
} else {
LOGGER.trace(" archetype empty");
}
// Org
if (specOrgRef != null) {
ObjectFilter orgFilter = prismContext.queryFor(ObjectType.class).isChildOf(specOrgRef.getOid()).buildFilter();
objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, orgFilter, prismContext);
LOGGER.trace(" applying org filter {}", orgFilter);
} else {
LOGGER.trace(" org empty");
}
// orgRelation
if (specOrgRelation != null) {
ObjectFilter objSpecOrgRelationFilter = null;
QName subjectRelation = specOrgRelation.getSubjectRelation();
for (ObjectReferenceType subjectParentOrgRef : principal.getFocus().getParentOrgRef()) {
if (prismContext.relationMatches(subjectRelation, subjectParentOrgRef.getRelation())) {
S_FilterEntryOrEmpty q = prismContext.queryFor(ObjectType.class);
S_AtomicFilterExit q2;
if (specOrgRelation.getScope() == null || specOrgRelation.getScope() == OrgScopeType.ALL_DESCENDANTS) {
q2 = q.isChildOf(subjectParentOrgRef.getOid());
} else if (specOrgRelation.getScope() == OrgScopeType.DIRECT_DESCENDANTS) {
q2 = q.isDirectChildOf(subjectParentOrgRef.getOid());
} else if (specOrgRelation.getScope() == OrgScopeType.ALL_ANCESTORS) {
q2 = q.isParentOf(subjectParentOrgRef.getOid());
} else {
throw new UnsupportedOperationException("Unknown orgRelation scope " + specOrgRelation.getScope());
}
if (BooleanUtils.isTrue(specOrgRelation.isIncludeReferenceOrg())) {
q2 = q2.or().id(subjectParentOrgRef.getOid());
}
objSpecOrgRelationFilter = ObjectQueryUtil.filterOr(objSpecOrgRelationFilter, q2.buildFilter(), prismContext);
}
}
if (objSpecOrgRelationFilter == null) {
objSpecOrgRelationFilter = FilterCreationUtil.createNone(prismContext);
}
objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, objSpecOrgRelationFilter, prismContext);
LOGGER.trace(" applying orgRelation filter {}", objSpecOrgRelationFilter);
} else {
LOGGER.trace(" orgRelation empty");
}
// roleRelation
if (specRoleRelation != null) {
ObjectFilter objSpecRoleRelationFilter = processRoleRelationFilter(principal, autz, specRoleRelation, queryItemsSpec, origFilter);
if (objSpecRoleRelationFilter == null) {
if (autz.maySkipOnSearch()) {
LOGGER.trace(" not applying roleRelation filter {} because it is not efficient and maySkipOnSearch is set", objSpecRoleRelationFilter);
applicable = false;
} else {
objSpecRoleRelationFilter = FilterCreationUtil.createNone(prismContext);
}
}
if (objSpecRoleRelationFilter != null) {
objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, objSpecRoleRelationFilter, prismContext);
LOGGER.trace(" applying roleRelation filter {}", objSpecRoleRelationFilter);
}
} else {
LOGGER.trace(" roleRelation empty");
}
// tenant
if (specTenant != null) {
ObjectFilter objSpecTenantFilter = processTenantFilter(principal, autz, specTenant, queryItemsSpec, origFilter);
if (objSpecTenantFilter == null) {
if (autz.maySkipOnSearch()) {
LOGGER.trace(" not applying tenant filter {} because it is not efficient and maySkipOnSearch is set", objSpecTenantFilter);
applicable = false;
} else {
objSpecTenantFilter = FilterCreationUtil.createNone(prismContext);
}
}
if (objSpecTenantFilter != null) {
objSpecSecurityFilter = ObjectQueryUtil.filterAnd(objSpecSecurityFilter, objSpecTenantFilter, prismContext);
LOGGER.trace(" applying tenant filter {}", objSpecTenantFilter);
}
} else {
LOGGER.trace(" tenant empty");
}
if (objSpecTypeFilter != null) {
objSpecTypeFilter.setFilter(objSpecSecurityFilter);
objSpecSecurityFilter = objSpecTypeFilter;
}
traceFilter("objSpecSecurityFilter", objectSpecType, objSpecSecurityFilter);
autzObjSecurityFilter = ObjectQueryUtil.filterOr(autzObjSecurityFilter, objSpecSecurityFilter, prismContext);
}
}
traceFilter("autzObjSecurityFilter", autz, autzObjSecurityFilter);
if (applicable) {
autzObjSecurityFilter = ObjectQueryUtil.simplify(autzObjSecurityFilter, prismContext);
F autzObjSecurityF = gizmo.adopt(autzObjSecurityFilter, autz);
// authority is applicable to this situation. now we can process the decision.
AuthorizationDecisionType decision = autz.getDecision();
if (decision == null || decision == AuthorizationDecisionType.ALLOW) {
// allow
securityFilterAllow = gizmo.or(securityFilterAllow, autzObjSecurityF);
traceFilter("securityFilterAllow", autz, securityFilterAllow, gizmo);
if (!gizmo.isNone(autzObjSecurityF)) {
queryItemsSpec.collectItems(autz);
}
} else {
// deny
if (autz.hasItemSpecification()) {
// This is a tricky situation. We have deny authorization, but it only denies access to
// some items. Therefore we need to find the objects and then filter out the items.
// Therefore do not add this authorization into the filter.
} else {
if (gizmo.isAll(autzObjSecurityF)) {
// There is no point in continuing the evaluation.
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: deny all", phase, getUsername(principal), prettyActionUrl(operationUrls), desc);
}
F secFilter = gizmo.createDenyAll();
traceFilter("secFilter", null, secFilter, gizmo);
return secFilter;
}
securityFilterDeny = gizmo.or(securityFilterDeny, autzObjSecurityF);
}
}
}
traceFilter("securityFilterAllow", autz, securityFilterAllow, gizmo);
traceFilter("securityFilterDeny", autz, securityFilterDeny, gizmo);
} else {
LOGGER.warn(" Unknown authority type {} in user {}", authority.getClass(), getUsername(principal));
}
}
}
traceFilter("securityFilterAllow", null, securityFilterAllow, gizmo);
traceFilter("securityFilterDeny", null, securityFilterDeny, gizmo);
LOGGER.trace(" final items: {}", queryItemsSpec.shortDumpLazily());
List<ItemPath> unsatisfiedItems = queryItemsSpec.evaluateUnsatisfiedItems();
if (!unsatisfiedItems.isEmpty()) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: deny because items {} are not allowed", phase, getUsername(principal), prettyActionUrl(operationUrls), desc, unsatisfiedItems);
}
F secFilter = gizmo.createDenyAll();
traceFilter("secFilter", null, secFilter, gizmo);
return secFilter;
}
securityFilterAllow = gizmo.simplify(securityFilterAllow);
if (securityFilterAllow == null) {
// Nothing has been allowed. This means default deny.
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: default deny", phase, getUsername(principal), prettyActionUrl(operationUrls), desc);
}
F secFilter = gizmo.createDenyAll();
traceFilter("secFilter", null, secFilter, gizmo);
return secFilter;
}
if (securityFilterDeny == null) {
// Nothing has been denied. We have "allow" filter only.
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: allow\n Filter:\n{}", phase, getUsername(principal), prettyActionUrl(operationUrls), desc, securityFilterAllow == null ? "null" : gizmo.debugDumpFilter(securityFilterAllow, 2));
}
traceFilter("securityFilterAllow", null, securityFilterAllow, gizmo);
return securityFilterAllow;
} else {
// Both "allow" and "deny" filters
F secFilter = gizmo.and(securityFilterAllow, gizmo.not(securityFilterDeny));
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(" phase={} done: principal={}, operation={}, {}: allow (with deny clauses)\n Filter:\n{}", phase, getUsername(principal), prettyActionUrl(operationUrls), desc, secFilter == null ? "null" : gizmo.debugDumpFilter(secFilter, 2));
}
traceFilter("secFilter", null, secFilter, gizmo);
return secFilter;
}
}
Also used :
S_FilterEntryOrEmpty(com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty)
S_AtomicFilterExit(com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
SearchFilterType(com.evolveum.prism.xml.ns._public.query_3.SearchFilterType)
QName(javax.xml.namespace.QName)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Aggregations
S_FilterEntryOrEmpty (com.evolveum.midpoint.prism.query.builder.S_FilterEntryOrEmpty)7
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)3
QName (javax.xml.namespace.QName)3
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2
ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)2
S_AtomicFilterExit (com.evolveum.midpoint.prism.query.builder.S_AtomicFilterExit)2
SearchFilterType (com.evolveum.prism.xml.ns._public.query_3.SearchFilterType)2
AuditService (com.evolveum.midpoint.audit.api.AuditService)1
com.evolveum.midpoint.prism (com.evolveum.midpoint.prism)1
ItemName (com.evolveum.midpoint.prism.path.ItemName)1
ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)1
S_FilterExit (com.evolveum.midpoint.prism.query.builder.S_FilterExit)1
OperationPerformanceInformation (com.evolveum.midpoint.repo.api.perf.OperationPerformanceInformation)1
SqaleAuditService (com.evolveum.midpoint.repo.sqale.audit.SqaleAuditService)1
QUri (com.evolveum.midpoint.repo.sqale.qmodel.common.QUri)1
MExtItem (com.evolveum.midpoint.repo.sqale.qmodel.ext.MExtItem)1
MExtItemHolderType (com.evolveum.midpoint.repo.sqale.qmodel.ext.MExtItemHolderType)1
QExtItem (com.evolveum.midpoint.repo.sqale.qmodel.ext.QExtItem)1
MObject (com.evolveum.midpoint.repo.sqale.qmodel.object.MObject)1
MObjectType (com.evolveum.midpoint.repo.sqale.qmodel.object.MObjectType)1
