Examples with Authorization com.evolveum.midpoint.security.api.Authorization used on opensource projects

Search in sources :

Example 1 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class AssignmentEvaluator method evaluateSegmentTarget.

private void evaluateSegmentTarget(AssignmentPathSegmentImpl segment, PlusMinusZero relativeMode, boolean isValid, FocusType targetType, QName relation, EvaluationContext ctx) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, PolicyViolationException {
    assertSourceNotNull(segment.source, ctx.evalAssignment);
    assert ctx.assignmentPath.last() == segment;
    segment.setTarget(targetType);
    // probably not needed
    segment.setRelation(relation);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Evaluating segment TARGET:\n{}", segment.debugDump(1));
    }
    checkRelationWithTarget(segment, targetType, relation);
    if (!LensUtil.isFocusValid(targetType, now, activationComputer)) {
        LOGGER.trace("Skipping evaluation of {} because it is not valid", targetType);
        return;
    }
    if (targetType instanceof AbstractRoleType) {
        MappingType roleCondition = ((AbstractRoleType) targetType).getCondition();
        if (roleCondition != null) {
            AssignmentPathVariables assignmentPathVariables = LensUtil.computeAssignmentPathVariables(ctx.assignmentPath);
            PrismValueDeltaSetTriple<PrismPropertyValue<Boolean>> conditionTriple = evaluateCondition(roleCondition, null, segment.source, assignmentPathVariables, ctx);
            boolean condOld = ExpressionUtil.computeConditionResult(conditionTriple.getNonPositiveValues());
            boolean condNew = ExpressionUtil.computeConditionResult(conditionTriple.getNonNegativeValues());
            PlusMinusZero modeFromCondition = ExpressionUtil.computeConditionResultMode(condOld, condNew);
            if (modeFromCondition == null) {
                // removed "|| (condMode == PlusMinusZero.ZERO && !condNew)" because it's always false
                LOGGER.trace("Skipping evaluation of {} because of condition result ({} -> {}: null)", targetType, condOld, condNew);
                return;
            }
            PlusMinusZero origMode = relativeMode;
            relativeMode = PlusMinusZero.compute(relativeMode, modeFromCondition);
            LOGGER.trace("Evaluated condition in {}: {} -> {}: {} + {} = {}", targetType, condOld, condNew, origMode, modeFromCondition, relativeMode);
        }
    }
    EvaluatedAssignmentTargetImpl evalAssignmentTarget = new EvaluatedAssignmentTargetImpl(targetType.asPrismObject(), // evaluateConstructions: exact meaning of this is to be revised
    segment.isMatchingOrder(), ctx.assignmentPath.clone(), segment.getAssignment(), isValid);
    ctx.evalAssignment.addRole(evalAssignmentTarget, relativeMode);
    if ((isNonNegative(relativeMode)) && segment.isProcessMembership()) {
        collectMembership(targetType, relation, ctx);
    }
    if (targetType instanceof AbstractRoleType) {
        for (AssignmentType roleInducement : ((AbstractRoleType) targetType).getInducement()) {
            evaluateInducement(segment, relativeMode, isValid, ctx, targetType, roleInducement);
        }
    }
    for (AssignmentType roleAssignment : targetType.getAssignment()) {
        evaluateAssignment(segment, relativeMode, isValid, ctx, targetType, relation, roleAssignment);
    }
    //boolean matchesOrder = AssignmentPathSegmentImpl.computeMatchingOrder(segment.getEvaluationOrder(), 1, Collections.emptyList());
    if (segment.isMatchingOrder() && targetType instanceof AbstractRoleType && isNonNegative(relativeMode)) {
        for (AuthorizationType authorizationType : ((AbstractRoleType) targetType).getAuthorization()) {
            Authorization authorization = createAuthorization(authorizationType, targetType.toString());
            if (!ctx.evalAssignment.getAuthorizations().contains(authorization)) {
                ctx.evalAssignment.addAuthorization(authorization);
            }
        }
        AdminGuiConfigurationType adminGuiConfiguration = ((AbstractRoleType) targetType).getAdminGuiConfiguration();
        if (adminGuiConfiguration != null && !ctx.evalAssignment.getAdminGuiConfigurations().contains(adminGuiConfiguration)) {
            ctx.evalAssignment.addAdminGuiConfiguration(adminGuiConfiguration);
        }
        PolicyConstraintsType policyConstraints = ((AbstractRoleType) targetType).getPolicyConstraints();
        if (policyConstraints != null) {
            ctx.evalAssignment.addLegacyPolicyConstraints(policyConstraints, ctx.assignmentPath.clone(), targetType);
        }
    }
    LOGGER.trace("Evaluating segment target DONE for {}", segment);
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization) PlusMinusZero(com.evolveum.midpoint.prism.delta.PlusMinusZero)

Example 2 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class AssignmentEvaluator method createAuthorization.

private Authorization createAuthorization(AuthorizationType authorizationType, String sourceDesc) {
    Authorization authorization = new Authorization(authorizationType);
    authorization.setSourceDescription(sourceDesc);
    return authorization;
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization)

Example 3 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class InitialDataImport method init.

public void init() throws SchemaException {
    LOGGER.info("Starting initial object import (if necessary).");
    OperationResult mainResult = new OperationResult(OPERATION_INITIAL_OBJECTS_IMPORT);
    Task task = taskManager.createTaskInstance(OPERATION_INITIAL_OBJECTS_IMPORT);
    task.setChannel(SchemaConstants.CHANNEL_GUI_INIT_URI);
    int count = 0;
    int errors = 0;
    File[] files = getInitialImportObjects();
    LOGGER.debug("Files to be imported: {}.", Arrays.toString(files));
    // We need to provide a fake Spring security context here.
    // We have to fake it because we do not have anything in the repository yet. And to get
    // something to the repository we need a context. Chicken and egg. So we fake the egg.
    SecurityContext securityContext = SecurityContextHolder.getContext();
    UserType userAdministrator = new UserType();
    prismContext.adopt(userAdministrator);
    userAdministrator.setName(new PolyStringType(new PolyString("initAdmin", "initAdmin")));
    MidPointPrincipal principal = new MidPointPrincipal(userAdministrator);
    AuthorizationType superAutzType = new AuthorizationType();
    prismContext.adopt(superAutzType, RoleType.class, new ItemPath(RoleType.F_AUTHORIZATION));
    superAutzType.getAction().add(AuthorizationConstants.AUTZ_ALL_URL);
    Authorization superAutz = new Authorization(superAutzType);
    Collection<Authorization> authorities = principal.getAuthorities();
    authorities.add(superAutz);
    Authentication authentication = new PreAuthenticatedAuthenticationToken(principal, null);
    securityContext.setAuthentication(authentication);
    for (File file : files) {
        try {
            LOGGER.debug("Considering initial import of file {}.", file.getName());
            PrismObject object = prismContext.parseObject(file);
            if (ReportType.class.equals(object.getCompileTimeClass())) {
                ReportTypeUtil.applyDefinition(object, prismContext);
            }
            Boolean importObject = importObject(object, file, task, mainResult);
            if (importObject == null) {
                continue;
            }
            if (importObject) {
                count++;
            } else {
                errors++;
            }
        } catch (Exception ex) {
            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't import file {}", ex, file.getName());
            mainResult.recordFatalError("Couldn't import file '" + file.getName() + "'", ex);
        }
    }
    securityContext.setAuthentication(null);
    mainResult.recomputeStatus("Couldn't import objects.");
    LOGGER.info("Initial object import finished ({} objects imported, {} errors)", count, errors);
    if (LOGGER.isTraceEnabled()) {
        LOGGER.trace("Initialization status:\n" + mainResult.debugDump());
    }
}
Also used : PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType) Task(com.evolveum.midpoint.task.api.Task) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) URISyntaxException(java.net.URISyntaxException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) IOException(java.io.IOException) Authorization(com.evolveum.midpoint.security.api.Authorization) PrismObject(com.evolveum.midpoint.prism.PrismObject) Authentication(org.springframework.security.core.Authentication) PolyString(com.evolveum.midpoint.prism.polystring.PolyString) SecurityContext(org.springframework.security.core.context.SecurityContext) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType) File(java.io.File) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 4 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class UserProfileServiceMock method initializePrincipalFromAssignments.

private void initializePrincipalFromAssignments(MidPointPrincipal principal, PrismObject<SystemConfigurationType> systemConfiguration) {
    OperationResult result = new OperationResult(UserProfileServiceMock.class.getName() + ".addAuthorizations");
    principal.setApplicableSecurityPolicy(locateSecurityPolicy(principal, systemConfiguration, result));
    if (systemConfiguration != null) {
        principal.setAdminGuiConfiguration(systemConfiguration.asObjectable().getAdminGuiConfiguration());
    }
    AuthorizationType authorizationType = new AuthorizationType();
    authorizationType.getAction().add("FAKE");
    principal.getAuthorities().add(new Authorization(authorizationType));
    ActivationType activation = principal.getUser().getActivation();
    if (activation != null) {
        activationComputer.computeEffective(principal.getUser().getLifecycleState(), activation);
    }
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType)

Example 5 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class PageResetPasswordConfirmation method init.

private void init(final PageParameters pageParameters) {
    PageParameters params = pageParameters;
    if (params == null) {
        params = getPageParameters();
    }
    OperationResult result = new OperationResult(OPERATION_FINISH_REGISTRATION);
    if (params == null) {
        LOGGER.error("Confirmation link is not valid. No credentials provided in it");
        String msg = createStringResource("PageSelfRegistration.invalid.registration.link").getString();
        getSession().error(createStringResource(msg));
        result.recordFatalError(msg);
        initLayout(result);
        return;
    }
    StringValue userNameValue = params.get(SchemaConstants.USER_ID);
    Validate.notEmpty(userNameValue.toString());
    StringValue tokenValue = params.get(SchemaConstants.TOKEN);
    Validate.notEmpty(tokenValue.toString());
    UsernamePasswordAuthenticationToken token = authenticateUser(userNameValue.toString(), tokenValue.toString(), result);
    if (token == null) {
        initLayout(result);
        return;
    } else {
        //			SecurityContextHolder.getContext().setAuthentication(token);
        MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
        Collection<Authorization> authz = principal.getAuthorities();
        if (authz != null) {
            Iterator<Authorization> authzIterator = authz.iterator();
            while (authzIterator.hasNext()) {
                Authorization authzI = authzIterator.next();
                Iterator<String> actionIterator = authzI.getAction().iterator();
                while (actionIterator.hasNext()) {
                    String action = actionIterator.next();
                    if (action.contains(AuthorizationConstants.NS_AUTHORIZATION_UI)) {
                        actionIterator.remove();
                    }
                }
            }
        }
        AuthorizationType authorizationType = new AuthorizationType();
        authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL);
        Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType);
        authz.add(selfServiceCredentialsAuthz);
        SecurityContextHolder.getContext().setAuthentication(token);
        setResponsePage(PageResetPassword.class);
    }
    initLayout(result);
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) PageParameters(org.apache.wicket.request.mapper.parameter.PageParameters) StringValue(org.apache.wicket.util.string.StringValue) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Aggregations

Authorization (com.evolveum.midpoint.security.api.Authorization)10 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)4 AuthorizationType (com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType)4 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)3 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)2 Task (com.evolveum.midpoint.task.api.Task)2 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)2 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2 ArrayList (java.util.ArrayList)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 Authentication (org.springframework.security.core.Authentication)2 SecurityContext (org.springframework.security.core.context.SecurityContext)2 EvaluatedAssignmentTarget (com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget)1 AssignmentEvaluator (com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator)1 LensContextPlaceholder (com.evolveum.midpoint.model.impl.lens.LensContextPlaceholder)1 PrismContainerDefinition (com.evolveum.midpoint.prism.PrismContainerDefinition)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PlusMinusZero (com.evolveum.midpoint.prism.delta.PlusMinusZero)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial