Examples with Authorization com.evolveum.midpoint.security.api.Authorization used on opensource projects

Search in sources :

Example 6 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class MidPointAuthWebSession method getRoles.

@Override
public Roles getRoles() {
    Roles roles = new Roles();
    //todo - used for wicket auth roles...
    MidPointPrincipal principal = SecurityUtils.getPrincipalUser();
    if (principal == null) {
        return roles;
    }
    for (Authorization authz : principal.getAuthorities()) {
        roles.addAll(authz.getAction());
    }
    return roles;
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization) Roles(org.apache.wicket.authroles.authorization.strategies.role.Roles) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 7 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class EvaluatedAssignmentImpl method debugDump.

@Override
public String debugDump(int indent) {
    StringBuilder sb = new StringBuilder();
    DebugUtil.debugDumpLabelLn(sb, "EvaluatedAssignment", indent);
    DebugUtil.debugDumpWithLabelLn(sb, "assignment old", String.valueOf(assignmentIdi.getItemOld()), indent + 1);
    DebugUtil.debugDumpWithLabelLn(sb, "assignment delta", String.valueOf(assignmentIdi.getDelta()), indent + 1);
    DebugUtil.debugDumpWithLabelLn(sb, "assignment new", String.valueOf(assignmentIdi.getItemNew()), indent + 1);
    DebugUtil.debugDumpWithLabelLn(sb, "target", String.valueOf(target), indent + 1);
    DebugUtil.debugDumpWithLabel(sb, "isValid", isValid, indent + 1);
    if (forceRecon) {
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "forceRecon", forceRecon, indent + 1);
    }
    if (!constructionTriple.isEmpty()) {
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "Constructions", constructionTriple, indent + 1);
    }
    if (!personaConstructionTriple.isEmpty()) {
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "Persona constructions", personaConstructionTriple, indent + 1);
    }
    if (!roles.isEmpty()) {
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "Roles", roles, indent + 1);
    }
    dumpRefList(indent, sb, "Orgs", orgRefVals);
    dumpRefList(indent, sb, "Membership", membershipRefVals);
    dumpRefList(indent, sb, "Delegation", delegationRefVals);
    if (!authorizations.isEmpty()) {
        sb.append("\n");
        DebugUtil.debugDumpLabel(sb, "Authorizations", indent + 1);
        for (Authorization autz : authorizations) {
            sb.append("\n");
            DebugUtil.indentDebugDump(sb, indent + 2);
            sb.append(autz.toString());
        }
    }
    if (!focusMappings.isEmpty()) {
        sb.append("\n");
        DebugUtil.debugDumpLabel(sb, "Focus Mappings", indent + 1);
        for (PrismValueDeltaSetTripleProducer<?, ?> mapping : focusMappings) {
            sb.append("\n");
            DebugUtil.indentDebugDump(sb, indent + 2);
            sb.append(mapping.toString());
        }
    }
    if (target != null) {
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "Target", target.toString(), indent + 1);
    }
    sb.append("\n");
    DebugUtil.debugDumpWithLabelLn(sb, "focusPolicyRules " + ruleCountInfo(focusPolicyRules), focusPolicyRules, indent + 1);
    DebugUtil.debugDumpWithLabelLn(sb, "thisTargetPolicyRules " + ruleCountInfo(thisTargetPolicyRules), thisTargetPolicyRules, indent + 1);
    DebugUtil.debugDumpWithLabelLn(sb, "otherTargetsPolicyRules " + ruleCountInfo(otherTargetsPolicyRules), otherTargetsPolicyRules, indent + 1);
    DebugUtil.debugDumpWithLabelLn(sb, "Present in old object", isPresentInOldObject(), indent + 1);
    DebugUtil.debugDumpWithLabel(sb, "Present in current object", isPresentInCurrentObject(), indent + 1);
    return sb.toString();
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization)

Example 8 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method assertAuthorizations.

protected void assertAuthorizations(MidPointPrincipal principal, String... expectedAuthorizations) {
    List<String> actualAuthorizations = new ArrayList<>();
    for (Authorization authorization : principal.getAuthorities()) {
        actualAuthorizations.addAll(authorization.getAction());
    }
    PrismAsserts.assertSets("Wrong authorizations in " + principal, actualAuthorizations, expectedAuthorizations);
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization) ArrayList(java.util.ArrayList) PolyString(com.evolveum.midpoint.prism.polystring.PolyString)

Example 9 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method loginSuperUser.

protected void loginSuperUser(MidPointPrincipal principal) throws SchemaException {
    AuthorizationType superAutzType = new AuthorizationType();
    prismContext.adopt(superAutzType, RoleType.class, new ItemPath(RoleType.F_AUTHORIZATION));
    superAutzType.getAction().add(AuthorizationConstants.AUTZ_ALL_URL);
    Authorization superAutz = new Authorization(superAutzType);
    Collection<Authorization> authorities = principal.getAuthorities();
    authorities.add(superAutz);
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
    securityContext.setAuthentication(authentication);
}
Also used : Authorization(com.evolveum.midpoint.security.api.Authorization) Authentication(org.springframework.security.core.Authentication) SecurityContext(org.springframework.security.core.context.SecurityContext) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 10 with Authorization

use of com.evolveum.midpoint.security.api.Authorization in project midpoint by Evolveum.

the class UserProfileServiceImpl method initializePrincipalFromAssignments.

private void initializePrincipalFromAssignments(MidPointPrincipal principal, PrismObject<SystemConfigurationType> systemConfiguration) throws SchemaException {
    UserType userType = principal.getUser();
    Collection<Authorization> authorizations = principal.getAuthorities();
    List<AdminGuiConfigurationType> adminGuiConfigurations = new ArrayList<>();
    Task task = taskManager.createTaskInstance(UserProfileServiceImpl.class.getName() + ".initializePrincipalFromAssignments");
    OperationResult result = task.getResult();
    principal.setApplicableSecurityPolicy(securityHelper.locateSecurityPolicy(userType.asPrismObject(), systemConfiguration, task, result));
    if (!userType.getAssignment().isEmpty()) {
        LensContext<UserType> lensContext = new LensContextPlaceholder<>(userType.asPrismObject(), prismContext);
        AssignmentEvaluator.Builder<UserType> builder = new AssignmentEvaluator.Builder<UserType>().repository(repositoryService).focusOdo(new ObjectDeltaObject<>(userType.asPrismObject(), null, userType.asPrismObject())).channel(null).objectResolver(objectResolver).systemObjectCache(systemObjectCache).prismContext(prismContext).mappingFactory(mappingFactory).mappingEvaluator(mappingEvaluator).activationComputer(activationComputer).now(clock.currentTimeXMLGregorianCalendar()).loginMode(true).lensContext(lensContext);
        AssignmentEvaluator<UserType> assignmentEvaluator = builder.build();
        try {
            RepositoryCache.enter();
            for (AssignmentType assignmentType : userType.getAssignment()) {
                try {
                    ItemDeltaItem<PrismContainerValue<AssignmentType>, PrismContainerDefinition<AssignmentType>> assignmentIdi = new ItemDeltaItem<>();
                    assignmentIdi.setItemOld(LensUtil.createAssignmentSingleValueContainerClone(assignmentType));
                    assignmentIdi.recompute();
                    EvaluatedAssignment<UserType> assignment = assignmentEvaluator.evaluate(assignmentIdi, PlusMinusZero.ZERO, false, userType, userType.toString(), task, result);
                    if (assignment.isValid()) {
                        authorizations.addAll(assignment.getAuthorizations());
                        adminGuiConfigurations.addAll(assignment.getAdminGuiConfigurations());
                    }
                    for (EvaluatedAssignmentTarget target : assignment.getRoles().getNonNegativeValues()) {
                        if (target.getTarget() != null && target.getTarget().asObjectable() instanceof UserType && DeputyUtils.isDelegationPath(target.getAssignmentPath())) {
                            List<OtherPrivilegesLimitationType> limitations = DeputyUtils.extractLimitations(target.getAssignmentPath());
                            principal.addDelegatorWithOtherPrivilegesLimitations(new DelegatorWithOtherPrivilegesLimitations((UserType) target.getTarget().asObjectable(), limitations));
                        }
                    }
                } catch (SchemaException e) {
                    LOGGER.error("Schema violation while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                } catch (ObjectNotFoundException e) {
                    LOGGER.error("Object not found while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                } catch (ExpressionEvaluationException e) {
                    LOGGER.error("Evaluation error while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                } catch (PolicyViolationException e) {
                    LOGGER.error("Policy violation while processing assignment of {}: {}; assignment: {}", userType, e.getMessage(), assignmentType, e);
                }
            }
        } finally {
            RepositoryCache.exit();
        }
    }
    if (userType.getAdminGuiConfiguration() != null) {
        // config from the user object should go last (to be applied as the last one)
        adminGuiConfigurations.add(userType.getAdminGuiConfiguration());
    }
    principal.setAdminGuiConfiguration(AdminGuiConfigTypeUtil.compileAdminGuiConfiguration(adminGuiConfigurations, systemConfiguration));
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) QueryBuilder(com.evolveum.midpoint.prism.query.builder.QueryBuilder) ArrayList(java.util.ArrayList) LensContextPlaceholder(com.evolveum.midpoint.model.impl.lens.LensContextPlaceholder) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Authorization(com.evolveum.midpoint.security.api.Authorization) AssignmentEvaluator(com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator) ItemDeltaItem(com.evolveum.midpoint.repo.common.expression.ItemDeltaItem) EvaluatedAssignmentTarget(com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) PrismContainerDefinition(com.evolveum.midpoint.prism.PrismContainerDefinition) DelegatorWithOtherPrivilegesLimitations(com.evolveum.midpoint.security.api.DelegatorWithOtherPrivilegesLimitations)

Aggregations

Authorization (com.evolveum.midpoint.security.api.Authorization)10 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)4 AuthorizationType (com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType)4 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)3 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)2 Task (com.evolveum.midpoint.task.api.Task)2 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)2 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2 ArrayList (java.util.ArrayList)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 Authentication (org.springframework.security.core.Authentication)2 SecurityContext (org.springframework.security.core.context.SecurityContext)2 EvaluatedAssignmentTarget (com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget)1 AssignmentEvaluator (com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator)1 LensContextPlaceholder (com.evolveum.midpoint.model.impl.lens.LensContextPlaceholder)1 PrismContainerDefinition (com.evolveum.midpoint.prism.PrismContainerDefinition)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PlusMinusZero (com.evolveum.midpoint.prism.delta.PlusMinusZero)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial