Examples with ItemSecurityDecisions com.evolveum.midpoint.security.api.ItemSecurityDecisions used on opensource projects

Search in sources :

Example 1 with ItemSecurityDecisions

use of com.evolveum.midpoint.security.api.ItemSecurityDecisions in project midpoint by Evolveum.

the class AssignmentEditorPanel method isItemAllowed.

private boolean isItemAllowed(ItemPath itemPath) {
    ItemSecurityDecisions decisions = decisionsModel.getObject();
    if (itemPath == null || decisions == null || decisions.getItemDecisionMap() == null || decisions.getItemDecisionMap().size() == 0) {
        return true;
    }
    Map<ItemPath, AuthorizationDecisionType> decisionsMap = decisions.getItemDecisionMap();
    boolean isAllowed = false;
    for (ItemPath path : decisionsMap.keySet()) {
        if (path.equivalent(itemPath) && AuthorizationDecisionType.ALLOW.value().equals(decisionsMap.get(path).value())) {
            return true;
        }
    }
    return isAllowed;
}
Also used : ItemSecurityDecisions(com.evolveum.midpoint.security.api.ItemSecurityDecisions) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 2 with ItemSecurityDecisions

use of com.evolveum.midpoint.security.api.ItemSecurityDecisions in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method assertAllowRequestItems.

protected void assertAllowRequestItems(String userOid, String targetRoleOid, AuthorizationDecisionType expectedDefaultDecision, QName... expectedAllowedItemQNames) throws SchemaException, SecurityViolationException, CommunicationException, ObjectNotFoundException, ConfigurationException, ExpressionEvaluationException {
    PrismObject<UserType> user = getUser(userOid);
    PrismObject<RoleType> target = getRole(targetRoleOid);
    ItemSecurityDecisions decisions = modelInteractionService.getAllowedRequestAssignmentItems(user, target);
    display("Request decisions for " + target, decisions);
    assertEquals("Wrong assign default decision", expectedDefaultDecision, decisions.getDefaultDecision());
    assertEquals("Unexpected number of allowed items", expectedAllowedItemQNames.length, decisions.getItemDecisionMap().size());
    decisions.getItemDecisionMap().forEach((path, decision) -> {
        assertEquals("wrong item " + path + " decision", AuthorizationDecisionType.ALLOW, decision);
        QName lastPathName = path.lastNamed().getName();
        if (!Arrays.stream(expectedAllowedItemQNames).anyMatch(qname -> QNameUtil.match(qname, lastPathName))) {
            AssertJUnit.fail("Unexpected path " + path);
        }
    });
}
Also used : StringUtils(org.apache.commons.lang.StringUtils) AuditReferenceValue(com.evolveum.midpoint.audit.api.AuditReferenceValue) Autowired(org.springframework.beans.factory.annotation.Autowired) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) Entry(org.opends.server.types.Entry) Map(java.util.Map) UserProfileService(com.evolveum.midpoint.security.api.UserProfileService) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) ObjectQueryUtil(com.evolveum.midpoint.schema.util.ObjectQueryUtil) AssignmentType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) PrismProperty(com.evolveum.midpoint.prism.PrismProperty) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException) RepositoryDiag(com.evolveum.midpoint.schema.RepositoryDiag) ShadowKindType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType) ModelService(com.evolveum.midpoint.model.api.ModelService) PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType) FilterInvocation(org.springframework.security.web.FilterInvocation) SystemObjectCache(com.evolveum.midpoint.model.common.SystemObjectCache) PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Clock(com.evolveum.midpoint.common.Clock) FocusTypeUtil(com.evolveum.midpoint.schema.util.FocusTypeUtil) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) ResourceAttributeContainer(com.evolveum.midpoint.schema.processor.ResourceAttributeContainer) ItemDefinition(com.evolveum.midpoint.prism.ItemDefinition) PrismObjectDefinition(com.evolveum.midpoint.prism.PrismObjectDefinition) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) HookRegistry(com.evolveum.midpoint.model.api.hooks.HookRegistry) TestUtil(com.evolveum.midpoint.test.util.TestUtil) ConnectException(java.net.ConnectException) PrismContainerDefinition(com.evolveum.midpoint.prism.PrismContainerDefinition) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType) AbstractRoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType) AfterClass(org.testng.annotations.AfterClass) PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) IOException(java.io.IOException) RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) ModelElementContext(com.evolveum.midpoint.model.api.context.ModelElementContext) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) SearchResultList(com.evolveum.midpoint.schema.SearchResultList) SystemObjectsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType) ObjectTypes(com.evolveum.midpoint.schema.constants.ObjectTypes) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery) ObjectDeltaOperation(com.evolveum.midpoint.schema.ObjectDeltaOperation) PrismValue(com.evolveum.midpoint.prism.PrismValue) NotificationManager(com.evolveum.midpoint.notifications.api.NotificationManager) ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType) Date(java.util.Date) AuthorizationConstants(com.evolveum.midpoint.security.api.AuthorizationConstants) ConstructionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ConstructionType) DisplayableValue(com.evolveum.midpoint.util.DisplayableValue) RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType) ResourceAttribute(com.evolveum.midpoint.schema.processor.ResourceAttribute) SystemConfigurationType(com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType) ConflictException(com.evolveum.icf.dummy.resource.ConflictException) DummyAccount(com.evolveum.icf.dummy.resource.DummyAccount) SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions) PrismAsserts(com.evolveum.midpoint.prism.util.PrismAsserts) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) Collection(java.util.Collection) AssignmentSelectorType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentSelectorType) MiscUtil(com.evolveum.midpoint.util.MiscUtil) Collectors(java.util.stream.Collectors) JAXBException(javax.xml.bind.JAXBException) MetadataType(com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType) SecurityContext(org.springframework.security.core.context.SecurityContext) NameItemPathSegment(com.evolveum.midpoint.prism.path.NameItemPathSegment) ObjectSynchronizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectSynchronizationType) FocusType(com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType) ProvisioningService(com.evolveum.midpoint.provisioning.api.ProvisioningService) SecurityConfig(org.springframework.security.access.SecurityConfig) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) Checker(com.evolveum.midpoint.test.Checker) ObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType) AssertJUnit(org.testng.AssertJUnit) AbstractIntegrationTest(com.evolveum.midpoint.test.AbstractIntegrationTest) AdminGuiConfigurationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AdminGuiConfigurationType) OrgType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType) PasswordType(com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType) PrismContainer(com.evolveum.midpoint.prism.PrismContainer) SchemaTestConstants(com.evolveum.midpoint.schema.util.SchemaTestConstants) DummyAuditService(com.evolveum.midpoint.test.DummyAuditService) OrgFilter(com.evolveum.midpoint.prism.query.OrgFilter) DebugUtil(com.evolveum.midpoint.util.DebugUtil) DummyResourceContoller(com.evolveum.midpoint.test.DummyResourceContoller) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) HashSet(java.util.HashSet) ModelContext(com.evolveum.midpoint.model.api.context.ModelContext) ObjectTypeUtil(com.evolveum.midpoint.schema.util.ObjectTypeUtil) IntegrationTestTools(com.evolveum.midpoint.test.IntegrationTestTools) ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions) RefinedAttributeDefinition(com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition) AuthorizationPhaseType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType) FileInputStream(java.io.FileInputStream) IdItemPathSegment(com.evolveum.midpoint.prism.path.IdItemPathSegment) TunnelException(com.evolveum.midpoint.util.exception.TunnelException) ItemPath(com.evolveum.midpoint.prism.path.ItemPath) Consumer(java.util.function.Consumer) ItemSecurityDecisions(com.evolveum.midpoint.security.api.ItemSecurityDecisions) MatchingRule(com.evolveum.midpoint.prism.match.MatchingRule) PrismReference(com.evolveum.midpoint.prism.PrismReference) ReferenceDelta(com.evolveum.midpoint.prism.delta.ReferenceDelta) Arrays(java.util.Arrays) ChangeType(com.evolveum.midpoint.prism.delta.ChangeType) AssertJUnit.assertTrue(org.testng.AssertJUnit.assertTrue) PrismTestUtil(com.evolveum.midpoint.prism.util.PrismTestUtil) AssertJUnit.assertNull(org.testng.AssertJUnit.assertNull) MidpointFunctions(com.evolveum.midpoint.model.api.expr.MidpointFunctions) CredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType) ModelProjectionContext(com.evolveum.midpoint.model.api.context.ModelProjectionContext) DummyGroup(com.evolveum.icf.dummy.resource.DummyGroup) ResultHandler(com.evolveum.midpoint.schema.ResultHandler) Holder(com.evolveum.midpoint.util.Holder) Set(java.util.Set) Task(com.evolveum.midpoint.task.api.Task) TriggerType(com.evolveum.midpoint.xml.ns._public.common.common_3.TriggerType) SystemException(com.evolveum.midpoint.util.exception.SystemException) QName(javax.xml.namespace.QName) ObjectPolicyConfigurationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectPolicyConfigurationType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) PrismReferenceValue(com.evolveum.midpoint.prism.PrismReferenceValue) Authorization(com.evolveum.midpoint.security.api.Authorization) SchemaViolationException(com.evolveum.icf.dummy.resource.SchemaViolationException) Trace(com.evolveum.midpoint.util.logging.Trace) AuditEventStage(com.evolveum.midpoint.audit.api.AuditEventStage) ArrayList(java.util.ArrayList) RefinedResourceSchema(com.evolveum.midpoint.common.refinery.RefinedResourceSchema) RefinedResourceSchemaImpl(com.evolveum.midpoint.common.refinery.RefinedResourceSchemaImpl) PrismContext(com.evolveum.midpoint.prism.PrismContext) SynchronizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizationType) ContainerDelta(com.evolveum.midpoint.prism.delta.ContainerDelta) AssertJUnit.assertFalse(org.testng.AssertJUnit.assertFalse) PrismObject(com.evolveum.midpoint.prism.PrismObject) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) File(java.io.File) ModelDiagnosticService(com.evolveum.midpoint.model.api.ModelDiagnosticService) CommonException(com.evolveum.midpoint.util.exception.CommonException) AuditEventType(com.evolveum.midpoint.audit.api.AuditEventType) PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) ShadowUtil(com.evolveum.midpoint.schema.util.ShadowUtil) ResourceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType) MidPointAsserts(com.evolveum.midpoint.test.util.MidPointAsserts) AssertJUnit.assertNotNull(org.testng.AssertJUnit.assertNotNull) AssertJUnit.assertEquals(org.testng.AssertJUnit.assertEquals) ModelAuditService(com.evolveum.midpoint.model.api.ModelAuditService) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) TraceManager(com.evolveum.midpoint.util.logging.TraceManager) ResourceAttributeDefinition(com.evolveum.midpoint.schema.processor.ResourceAttributeDefinition) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) TaskExecutionStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.TaskExecutionStatusType) InternalsConfig(com.evolveum.midpoint.schema.internals.InternalsConfig) QNameUtil(com.evolveum.midpoint.util.QNameUtil) MiscSchemaUtil(com.evolveum.midpoint.schema.util.MiscSchemaUtil) DirectoryException(org.opends.server.types.DirectoryException) AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord) ConfigAttribute(org.springframework.security.access.ConfigAttribute) XmlTypeConverter(com.evolveum.midpoint.prism.xml.XmlTypeConverter) ModelInteractionService(com.evolveum.midpoint.model.api.ModelInteractionService) ResourceTypeUtil(com.evolveum.midpoint.schema.util.ResourceTypeUtil) FileNotFoundException(java.io.FileNotFoundException) TaskType(com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType) List(java.util.List) Optional(java.util.Optional) Authentication(org.springframework.security.core.Authentication) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) Item(com.evolveum.midpoint.prism.Item) SchemaConstants(com.evolveum.midpoint.schema.constants.SchemaConstants) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) SecurityEnforcer(com.evolveum.midpoint.security.api.SecurityEnforcer) HashMap(java.util.HashMap) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) ModelPortType(com.evolveum.midpoint.xml.ns._public.model.model_3.ModelPortType) AuthorizationDecisionType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType) RepositoryService(com.evolveum.midpoint.repo.api.RepositoryService) Containerable(com.evolveum.midpoint.prism.Containerable) PolyString(com.evolveum.midpoint.prism.polystring.PolyString) ActivationStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType) DeltaBuilder(com.evolveum.midpoint.prism.delta.builder.DeltaBuilder) DummyResource(com.evolveum.icf.dummy.resource.DummyResource) TaskExecutionStatus(com.evolveum.midpoint.task.api.TaskExecutionStatus) IntegrationTestTools.display(com.evolveum.midpoint.test.IntegrationTestTools.display) Message(com.evolveum.midpoint.notifications.api.transports.Message) QueryBuilder(com.evolveum.midpoint.prism.query.builder.QueryBuilder) FailableProcessor(com.evolveum.midpoint.util.FailableProcessor) SynchronizationSituationType(com.evolveum.midpoint.xml.ns._public.common.common_3.SynchronizationSituationType) GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Collections(java.util.Collections) AbstractRoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType) RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType) QName(javax.xml.namespace.QName) ItemSecurityDecisions(com.evolveum.midpoint.security.api.ItemSecurityDecisions) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)

Example 3 with ItemSecurityDecisions

use of com.evolveum.midpoint.security.api.ItemSecurityDecisions in project midpoint by Evolveum.

the class AssignmentEditorPanel method loadSecurityDecisions.

private ItemSecurityDecisions loadSecurityDecisions() {
    if (pageBase == null || getModelObject().getTargetRef() == null) {
        return null;
    }
    PrismObject<UserType> user = null;
    List<PrismObject<UserType>> targetUserList = pageBase.getSessionStorage().getRoleCatalog().getTargetUserList();
    if (targetUserList == null || targetUserList.size() == 0) {
        user = pageBase.loadUserSelf(pageBase);
    } else {
        user = targetUserList.get(0);
    }
    String targetObjectOid = getModelObject().getTargetRef().getOid();
    Task task = pageBase.createSimpleTask(OPERATION_LOAD_TARGET_OBJECT);
    OperationResult result = new OperationResult(OPERATION_LOAD_TARGET_OBJECT);
    PrismObject<AbstractRoleType> targetRefObject = WebModelServiceUtils.loadObject(AbstractRoleType.class, targetObjectOid, pageBase, task, result);
    ItemSecurityDecisions decisions = null;
    try {
        decisions = pageBase.getModelInteractionService().getAllowedRequestAssignmentItems(user, targetRefObject);
    } catch (SchemaException | SecurityViolationException ex) {
        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load security decisions for assignment items.", ex);
    }
    return decisions;
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) Task(com.evolveum.midpoint.task.api.Task) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) ItemSecurityDecisions(com.evolveum.midpoint.security.api.ItemSecurityDecisions) OperationResult(com.evolveum.midpoint.schema.result.OperationResult)

Aggregations

ItemSecurityDecisions (com.evolveum.midpoint.security.api.ItemSecurityDecisions)3 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2 ConflictException (com.evolveum.icf.dummy.resource.ConflictException)1 DummyAccount (com.evolveum.icf.dummy.resource.DummyAccount)1 DummyGroup (com.evolveum.icf.dummy.resource.DummyGroup)1 DummyResource (com.evolveum.icf.dummy.resource.DummyResource)1 SchemaViolationException (com.evolveum.icf.dummy.resource.SchemaViolationException)1 AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)1 AuditEventStage (com.evolveum.midpoint.audit.api.AuditEventStage)1 AuditEventType (com.evolveum.midpoint.audit.api.AuditEventType)1 AuditReferenceValue (com.evolveum.midpoint.audit.api.AuditReferenceValue)1 Clock (com.evolveum.midpoint.common.Clock)1 RefinedAttributeDefinition (com.evolveum.midpoint.common.refinery.RefinedAttributeDefinition)1 RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)1 RefinedResourceSchema (com.evolveum.midpoint.common.refinery.RefinedResourceSchema)1 RefinedResourceSchemaImpl (com.evolveum.midpoint.common.refinery.RefinedResourceSchemaImpl)1 ModelAuditService (com.evolveum.midpoint.model.api.ModelAuditService)1 ModelDiagnosticService (com.evolveum.midpoint.model.api.ModelDiagnosticService)1 ModelExecuteOptions (com.evolveum.midpoint.model.api.ModelExecuteOptions)1 ModelInteractionService (com.evolveum.midpoint.model.api.ModelInteractionService)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial