Example 1 with HttpConnectionInformation
use of com.evolveum.midpoint.security.api.HttpConnectionInformation in project midpoint by Evolveum.
the class AuditServiceProxy method completeRecord.
/**
* Complete the record with data that can be computed or discovered from the
* environment
*/
private void completeRecord(AuditEventRecord record, Task task, OperationResult result) {
LightweightIdentifier id = null;
if (record.getEventIdentifier() == null) {
id = lightweightIdentifierGenerator.generate();
record.setEventIdentifier(id.toString());
}
if (record.getTimestamp() == null) {
if (id == null) {
record.setTimestamp(System.currentTimeMillis());
} else {
// To be consistent with the ID
record.setTimestamp(id.getTimestamp());
}
}
if (record.getTaskIdentifier() == null && task != null) {
record.setTaskIdentifier(task.getTaskIdentifier());
}
if (record.getTaskOid() == null && task != null) {
if (task instanceof RunningTask) {
record.setTaskOid(((RunningTask) task).getRootTaskOid());
} else {
record.setTaskOid(task.getOid());
}
}
if (record.getChannel() == null && task != null) {
record.setChannel(task.getChannel());
}
if (record.getInitiatorRef() == null && task != null) {
PrismObject<? extends FocusType> taskOwner = task.getOwner(result);
record.setInitiator(taskOwner);
}
if (record.getNodeIdentifier() == null && taskManager != null) {
record.setNodeIdentifier(taskManager.getNodeId());
}
HttpConnectionInformation connInfo = SecurityUtil.getCurrentConnectionInformation();
if (connInfo == null && securityContextManager != null) {
connInfo = securityContextManager.getStoredConnectionInformation();
}
if (connInfo != null) {
if (record.getSessionIdentifier() == null) {
record.setSessionIdentifier(connInfo.getSessionId());
}
if (record.getRemoteHostAddress() == null) {
record.setRemoteHostAddress(connInfo.getRemoteHostAddress());
}
if (record.getHostIdentifier() == null) {
record.setHostIdentifier(connInfo.getLocalHostName());
}
}
if (record.getSessionIdentifier() == null && task != null) {
record.setSessionIdentifier(task.getTaskIdentifier());
}
for (ObjectDeltaOperation<? extends ObjectType> objectDeltaOperation : record.getDeltas()) {
ObjectDelta<? extends ObjectType> delta = objectDeltaOperation.getObjectDelta();
// currently this does not work as expected (retrieves all default items)
Collection<SelectorOptions<GetOperationOptions>> nameOnlyOptions = schemaService.getOperationOptionsBuilder().item(ObjectType.F_NAME).retrieve().build();
ObjectDeltaSchemaLevelUtil.NameResolver nameResolver = (objectClass, oid) -> {
if (record.getNonExistingReferencedObjects().contains(oid)) {
// save a useless getObject call plus associated warning (MID-5378)
return null;
}
if (repositoryService == null) {
LOGGER.warn("No repository, no OID resolution (for {})", oid);
return null;
}
LOGGER.warn("Unresolved object reference in delta being audited (for {}: {}) -- this might indicate " + "a performance problem, as these references are normally resolved using repository cache", objectClass.getSimpleName(), oid);
PrismObject<? extends ObjectType> object = repositoryService.getObject(objectClass, oid, nameOnlyOptions, new OperationResult(AuditServiceProxy.class.getName() + ".completeRecord.resolveName"));
return object.getName();
};
resolveNames(delta, nameResolver, prismContext);
}
}
Also used :
com.evolveum.midpoint.schema(com.evolveum.midpoint.schema)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
SecurityContextManager(com.evolveum.midpoint.security.api.SecurityContextManager)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
Autowired(org.springframework.beans.factory.annotation.Autowired)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
Trace(com.evolveum.midpoint.util.logging.Trace)
ObjectDeltaSchemaLevelUtil.resolveNames(com.evolveum.midpoint.schema.util.ObjectDeltaSchemaLevelUtil.resolveNames)
ArrayList(java.util.ArrayList)
AuditEventRecordType(com.evolveum.midpoint.xml.ns._public.common.audit_3.AuditEventRecordType)
AuditServiceRegistry(com.evolveum.midpoint.audit.spi.AuditServiceRegistry)
SystemConfigurationAuditType(com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationAuditType)
PrismContext(com.evolveum.midpoint.prism.PrismContext)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
RepositoryService(com.evolveum.midpoint.repo.api.RepositoryService)
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
AuditService(com.evolveum.midpoint.audit.api.AuditService)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
Collection(java.util.Collection)
ObjectDeltaSchemaLevelUtil(com.evolveum.midpoint.schema.util.ObjectDeltaSchemaLevelUtil)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
AuditResultHandler(com.evolveum.midpoint.audit.api.AuditResultHandler)
CleanupPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CleanupPolicyType)
Nullable(org.jetbrains.annotations.Nullable)
List(java.util.List)
HttpConnectionInformation(com.evolveum.midpoint.security.api.HttpConnectionInformation)
SecurityUtil(com.evolveum.midpoint.security.api.SecurityUtil)
FocusType(com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType)
com.evolveum.midpoint.task.api(com.evolveum.midpoint.task.api)
ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery)
NotNull(org.jetbrains.annotations.NotNull)
Validate(org.apache.commons.lang.Validate)
TraceManager(com.evolveum.midpoint.util.logging.TraceManager)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
HttpConnectionInformation(com.evolveum.midpoint.security.api.HttpConnectionInformation)
ObjectDeltaSchemaLevelUtil(com.evolveum.midpoint.schema.util.ObjectDeltaSchemaLevelUtil)
Example 2 with HttpConnectionInformation
use of com.evolveum.midpoint.security.api.HttpConnectionInformation in project midpoint by Evolveum.
the class ProgressReporter method executeChangesAsync.
private void executeChangesAsync(final Collection<ObjectDelta<? extends ObjectType>> deltas, final boolean previewOnly, final ModelExecuteOptions options, final Task task, final OperationResult result, AjaxRequestTarget target, final ModelService modelService, final ModelInteractionService modelInteractionService) {
final SecurityEnforcer enforcer = parentPage.getSecurityEnforcer();
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
asyncOperationResult = null;
clearProgressPanel();
startRefreshingProgressPanel(target);
showProgressPanel();
progressPanel.setTask(task);
progressListener = new DefaultGuiProgressListener(parentPage, progressPanel.getModelObject());
final HttpConnectionInformation connInfo = SecurityUtil.getCurrentConnectionInformation();
Runnable execution = () -> {
try {
enforcer.storeConnectionInformation(connInfo);
enforcer.setupPreAuthenticatedSecurityContext(authentication);
progressPanel.recordExecutionStart();
if (previewOnly) {
previewResult = modelInteractionService.previewChanges(deltas, options, task, Collections.singleton(progressListener), result);
} else {
modelService.executeChanges(deltas, options, task, Collections.singleton(progressListener), result);
}
} catch (CommunicationException | ObjectAlreadyExistsException | ExpressionEvaluationException | PolicyViolationException | SchemaException | SecurityViolationException | ConfigurationException | ObjectNotFoundException | RuntimeException e) {
LoggingUtils.logUnexpectedException(LOGGER, "Error executing changes", e);
if (!result.isFatalError()) {
// just to be sure the exception is recorded into the result
result.recordFatalError(e.getMessage(), e);
}
}
progressPanel.recordExecutionStop();
// signals that the operation has finished
asyncOperationResult = result;
};
if (abortEnabled) {
showAbortButton(target);
}
showBackButton(target);
// to disable showing not-final results (why does it work? and why is the result shown otherwise?)
result.recordInProgress();
asyncExecutionThread = new Thread(execution);
asyncExecutionThread.start();
}
Also used :
HttpConnectionInformation(com.evolveum.midpoint.security.api.HttpConnectionInformation)
Authentication(org.springframework.security.core.Authentication)
DefaultGuiProgressListener(com.evolveum.midpoint.web.page.admin.users.DefaultGuiProgressListener)
SecurityEnforcer(com.evolveum.midpoint.security.api.SecurityEnforcer)
Example 3 with HttpConnectionInformation
use of com.evolveum.midpoint.security.api.HttpConnectionInformation in project midpoint by Evolveum.
the class AuditServiceProxy method completeRecord.
/**
* Complete the record with data that can be computed or discovered from the
* environment
*/
private void completeRecord(AuditEventRecord record, Task task) {
LightweightIdentifier id = null;
if (record.getEventIdentifier() == null) {
id = lightweightIdentifierGenerator.generate();
record.setEventIdentifier(id.toString());
}
if (record.getTimestamp() == null) {
if (id == null) {
record.setTimestamp(System.currentTimeMillis());
} else {
// To be consistent with the ID
record.setTimestamp(id.getTimestamp());
}
}
if (record.getTaskIdentifier() == null && task != null) {
record.setTaskIdentifier(task.getTaskIdentifier());
}
if (record.getTaskOID() == null && task != null) {
record.setTaskOID(task.getOid());
}
if (record.getChannel() == null && task != null) {
record.setChannel(task.getChannel());
}
if (record.getInitiator() == null && task != null) {
record.setInitiator(task.getOwner());
}
if (record.getNodeIdentifier() == null && taskManager != null) {
record.setNodeIdentifier(taskManager.getNodeId());
}
HttpConnectionInformation connInfo = SecurityUtil.getCurrentConnectionInformation();
if (connInfo == null && securityEnforcer != null) {
connInfo = securityEnforcer.getStoredConnectionInformation();
}
if (connInfo != null) {
if (record.getSessionIdentifier() == null) {
record.setSessionIdentifier(connInfo.getSessionId());
}
if (record.getRemoteHostAddress() == null) {
record.setRemoteHostAddress(connInfo.getRemoteHostAddress());
}
if (record.getHostIdentifier() == null) {
record.setHostIdentifier(connInfo.getLocalHostName());
}
}
if (record.getSessionIdentifier() == null && task != null) {
record.setSessionIdentifier(task.getTaskIdentifier());
}
if (record.getDeltas() != null) {
for (ObjectDeltaOperation<? extends ObjectType> objectDeltaOperation : record.getDeltas()) {
ObjectDelta<? extends ObjectType> delta = objectDeltaOperation.getObjectDelta();
final Map<String, PolyString> resolvedOids = new HashMap<>();
Visitor namesResolver = new Visitor() {
@Override
public void visit(Visitable visitable) {
if (visitable instanceof PrismReferenceValue) {
PrismReferenceValue refVal = ((PrismReferenceValue) visitable);
String oid = refVal.getOid();
if (oid == null) {
// happen
return;
}
if (refVal.getTargetName() != null) {
resolvedOids.put(oid, refVal.getTargetName());
return;
}
if (resolvedOids.containsKey(oid)) {
// may
PolyString resolvedName = resolvedOids.get(oid);
// be
// null
refVal.setTargetName(resolvedName);
return;
}
if (refVal.getObject() != null) {
PolyString name = refVal.getObject().getName();
refVal.setTargetName(name);
resolvedOids.put(oid, name);
return;
}
if (repositoryService == null) {
LOGGER.warn("No repository, no OID resolution (for {})", oid);
return;
}
PrismObjectDefinition<? extends ObjectType> objectDefinition = null;
if (refVal.getTargetType() != null) {
objectDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByType(refVal.getTargetType());
}
Class<? extends ObjectType> objectClass = null;
if (objectDefinition != null) {
objectClass = objectDefinition.getCompileTimeClass();
}
if (objectClass == null) {
// the default
objectClass = ObjectType.class;
// (shouldn't be
// needed)
}
SelectorOptions<GetOperationOptions> getNameOnly = SelectorOptions.create(new ItemPath(ObjectType.F_NAME), GetOperationOptions.createRetrieve(RetrieveOption.INCLUDE));
try {
PrismObject<? extends ObjectType> object = repositoryService.getObject(objectClass, oid, Arrays.asList(getNameOnly), new OperationResult("dummy"));
PolyString name = object.getName();
refVal.setTargetName(name);
resolvedOids.put(oid, name);
LOGGER.trace("Resolved {}: {} to {}", objectClass, oid, name);
} catch (ObjectNotFoundException e) {
LOGGER.trace("Couldn't determine the name for {}: {} as it does not exist", objectClass, oid, e);
resolvedOids.put(oid, null);
} catch (SchemaException | RuntimeException e) {
LOGGER.trace("Couldn't determine the name for {}: {} because of unexpected exception", objectClass, oid, e);
resolvedOids.put(oid, null);
}
}
}
};
delta.accept(namesResolver);
}
}
}
Also used :
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
Visitor(com.evolveum.midpoint.prism.Visitor)
HashMap(java.util.HashMap)
Visitable(com.evolveum.midpoint.prism.Visitable)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions)
HttpConnectionInformation(com.evolveum.midpoint.security.api.HttpConnectionInformation)
PrismReferenceValue(com.evolveum.midpoint.prism.PrismReferenceValue)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
LightweightIdentifier(com.evolveum.midpoint.task.api.LightweightIdentifier)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 4 with HttpConnectionInformation
use of com.evolveum.midpoint.security.api.HttpConnectionInformation in project midpoint by Evolveum.
the class ProgressAwareChangesExecutorImpl method executeChangesAsync.
private void executeChangesAsync(ProgressPanel progressPanel, Collection<ObjectDelta<? extends ObjectType>> deltas, boolean previewOnly, ModelExecuteOptions options, Task task, OperationResult result) {
MidPointApplication application = MidPointApplication.get();
final ModelInteractionService modelInteraction = application.getModelInteractionService();
final ModelService model = application.getModel();
final SecurityContextManager secManager = application.getSecurityContextManager();
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
final HttpConnectionInformation connInfo = SecurityUtil.getCurrentConnectionInformation();
AsyncWebProcessModel<ProgressReporter> reporterModel = progressPanel.getReporterModel();
Callable<Void> execution = new SecurityContextAwareCallable<>(secManager, auth, connInfo) {
@Override
public Void callWithContextPrepared() {
ProgressReporter reporter = reporterModel.getProcessData();
try {
LOGGER.debug("Execution start");
reporter.recordExecutionStart();
if (previewOnly) {
ModelContext previewResult = modelInteraction.previewChanges(deltas, options, task, Collections.singleton(reporter), result);
reporter.setPreviewResult(previewResult);
} else if (deltas != null && deltas.size() > 0) {
Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas = model.executeChanges(deltas, options, task, Collections.singleton(reporter), result);
reporter.setObjectDeltaOperation(executedDeltas);
}
} catch (CommonException | RuntimeException e) {
LoggingUtils.logUnexpectedException(LOGGER, "Error executing changes", e);
if (!result.isFatalError()) {
// just to be sure the exception is recorded into the result
result.recordFatalError(e.getMessage(), e);
}
} finally {
LOGGER.debug("Execution finish {}", result);
}
reporter.recordExecutionStop();
// signals that the operation has finished
reporter.setAsyncOperationResult(result);
return null;
}
};
// to disable showing not-final results (why does it work? and why is the result shown otherwise?)
result.setInProgress();
AsyncWebProcessManager manager = application.getAsyncWebProcessManager();
manager.submit(reporterModel.getId(), execution);
}
Also used :
ModelInteractionService(com.evolveum.midpoint.model.api.ModelInteractionService)
SecurityContextAwareCallable(com.evolveum.midpoint.web.component.SecurityContextAwareCallable)
ProgressReporter(com.evolveum.midpoint.web.component.progress.ProgressReporter)
ModelService(com.evolveum.midpoint.model.api.ModelService)
ModelContext(com.evolveum.midpoint.model.api.context.ModelContext)
MidPointApplication(com.evolveum.midpoint.web.security.MidPointApplication)
HttpConnectionInformation(com.evolveum.midpoint.security.api.HttpConnectionInformation)
Authentication(org.springframework.security.core.Authentication)
Collection(java.util.Collection)
AsyncWebProcessManager(com.evolveum.midpoint.web.application.AsyncWebProcessManager)
CommonException(com.evolveum.midpoint.util.exception.CommonException)
SecurityContextManager(com.evolveum.midpoint.security.api.SecurityContextManager)
Example 5 with HttpConnectionInformation
use of com.evolveum.midpoint.security.api.HttpConnectionInformation in project midpoint by Evolveum.
the class ProgressPanel method executeChangesAsync.
private void executeChangesAsync(ProgressReporter reporter, Collection<ObjectDelta<? extends ObjectType>> deltas, boolean previewOnly, ModelExecuteOptions options, Task task, OperationResult result) {
MidPointApplication application = MidPointApplication.get();
final ModelInteractionService modelInteraction = application.getModelInteractionService();
final ModelService model = application.getModel();
final SecurityContextManager secManager = application.getSecurityContextManager();
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
final HttpConnectionInformation connInfo = SecurityUtil.getCurrentConnectionInformation();
Callable<Void> execution = new SecurityContextAwareCallable<Void>(secManager, auth, connInfo) {
@Override
public Void callWithContextPrepared() throws Exception {
try {
LOGGER.debug("Execution start");
reporter.recordExecutionStart();
if (previewOnly) {
ModelContext previewResult = modelInteraction.previewChanges(deltas, options, task, Collections.singleton(reporter), result);
reporter.setPreviewResult(previewResult);
} else if (deltas != null && deltas.size() > 0) {
Collection<ObjectDeltaOperation<? extends ObjectType>> executedDeltas = model.executeChanges(deltas, options, task, Collections.singleton(reporter), result);
reporter.setObjectDeltaOperation(executedDeltas);
}
} catch (CommonException | RuntimeException e) {
LoggingUtils.logUnexpectedException(LOGGER, "Error executing changes", e);
if (!result.isFatalError()) {
// just to be sure the exception is recorded into the result
result.recordFatalError(e.getMessage(), e);
}
} finally {
LOGGER.debug("Execution finish {}", result);
}
reporter.recordExecutionStop();
// signals that the operation has finished
reporter.setAsyncOperationResult(result);
return null;
}
};
// to disable showing not-final results (why does it work? and why is the result shown otherwise?)
result.setInProgress();
AsyncWebProcessManager manager = application.getAsyncWebProcessManager();
manager.submit(reporterModel.getId(), execution);
}
Also used :
ModelInteractionService(com.evolveum.midpoint.model.api.ModelInteractionService)
SecurityContextAwareCallable(com.evolveum.midpoint.web.component.SecurityContextAwareCallable)
ModelService(com.evolveum.midpoint.model.api.ModelService)
ModelContext(com.evolveum.midpoint.model.api.context.ModelContext)
MidPointApplication(com.evolveum.midpoint.web.security.MidPointApplication)
HttpConnectionInformation(com.evolveum.midpoint.security.api.HttpConnectionInformation)
Authentication(org.springframework.security.core.Authentication)
Collection(java.util.Collection)
AsyncWebProcessManager(com.evolveum.midpoint.web.application.AsyncWebProcessManager)
CommonException(com.evolveum.midpoint.util.exception.CommonException)
SecurityContextManager(com.evolveum.midpoint.security.api.SecurityContextManager)
Aggregations
HttpConnectionInformation (com.evolveum.midpoint.security.api.HttpConnectionInformation)7
SecurityContextManager (com.evolveum.midpoint.security.api.SecurityContextManager)3
Collection (java.util.Collection)3
Authentication (org.springframework.security.core.Authentication)3
ModelInteractionService (com.evolveum.midpoint.model.api.ModelInteractionService)2
ModelService (com.evolveum.midpoint.model.api.ModelService)2
ModelContext (com.evolveum.midpoint.model.api.context.ModelContext)2
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)2
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)2
CommonException (com.evolveum.midpoint.util.exception.CommonException)2
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2
AsyncWebProcessManager (com.evolveum.midpoint.web.application.AsyncWebProcessManager)2
SecurityContextAwareCallable (com.evolveum.midpoint.web.component.SecurityContextAwareCallable)2
MidPointApplication (com.evolveum.midpoint.web.security.MidPointApplication)2
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)1
AuditResultHandler (com.evolveum.midpoint.audit.api.AuditResultHandler)1
AuditService (com.evolveum.midpoint.audit.api.AuditService)1
AuditServiceRegistry (com.evolveum.midpoint.audit.spi.AuditServiceRegistry)1
PrismContext (com.evolveum.midpoint.prism.PrismContext)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
