Examples with MidPointPrincipal com.evolveum.midpoint.security.api.MidPointPrincipal used on opensource projects

Search in sources :

Example 61 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class TestValidityRecomputeTask method test134BarbossaEnableAssignmentJudge.

@Test
public void test134BarbossaEnableAssignmentJudge() throws Exception {
    final String TEST_NAME = "test134BarbossaEnableAssignmentJudge";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = createTask(TestValidityRecomputeTask.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    AssignmentType assignment = getUserAssignment(USER_BARBOSSA_OID, ROLE_JUDGE_OID);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    modifyAssignmentAdministrativeStatus(USER_BARBOSSA_OID, assignment.getId(), ActivationStatusType.ENABLED, task, result);
    // THEN
    TestUtil.displayThen(TEST_NAME);
    assertDummyAccount(null, USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, true);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertDummyAccount(null, USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, true);
    assertDummyAccountAttribute(null, USER_BARBOSSA_USERNAME, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME, ROLE_JUDGE_TITLE);
    assertDummyAccountAttribute(null, USER_BARBOSSA_USERNAME, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_DRINK_NAME, RESOURCE_DUMMY_DRINK, ROLE_JUDGE_DRINK);
    PrismObject<UserType> user = getUser(USER_BARBOSSA_OID);
    display("User after", user);
    assertLinks(user, 1);
    MidPointPrincipal principal = userProfileService.getPrincipal(user);
    assertAuthorized(principal, AUTZ_PUNISH_URL);
}
Also used : TestTriggerTask(com.evolveum.midpoint.model.intest.TestTriggerTask) Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) Test(org.testng.annotations.Test) AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)

Example 62 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class AbstractModelWebService method setTaskOwner.

protected void setTaskOwner(Task task) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        throw new SystemException("Failed to get authentication object");
    }
    UserType userType = ((MidPointPrincipal) (SecurityContextHolder.getContext().getAuthentication().getPrincipal())).getUser();
    if (userType == null) {
        throw new SystemException("Failed to get user from authentication object");
    }
    task.setOwner(userType.asPrismObject());
}
Also used : SystemException(com.evolveum.midpoint.util.exception.SystemException) Authentication(org.springframework.security.core.Authentication) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 63 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class UserProfileServiceImpl method createPrincipal.

private MidPointPrincipal createPrincipal(PrismObject<UserType> user, OperationResult result) throws SchemaException {
    if (user == null) {
        return null;
    }
    PrismObject<SystemConfigurationType> systemConfiguration = null;
    try {
        systemConfiguration = repositoryService.getObject(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null, result);
    } catch (ObjectNotFoundException | SchemaException e) {
        LOGGER.warn("No system configuration: {}", e.getMessage(), e);
    }
    userComputer.recompute(user);
    MidPointPrincipal principal = new MidPointPrincipal(user.asObjectable());
    initializePrincipalFromAssignments(principal, systemConfiguration);
    return principal;
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 64 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class MidpointRestAuthenticator method handleRequest.

public void handleRequest(AuthorizationPolicy policy, Message m, ContainerRequestContext requestCtx) {
    if (policy == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    T authenticationContext = createAuthenticationContext(policy, requestCtx);
    if (authenticationContext == null) {
        return;
    }
    String enteredUsername = authenticationContext.getUsername();
    if (enteredUsername == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    LOGGER.trace("Authenticating username '{}' to REST service", enteredUsername);
    // We need to create task before attempting authentication. Task ID is also a session ID.
    Task task = taskManager.createTaskInstance(ModelRestService.OPERATION_REST_SERVICE);
    task.setChannel(SchemaConstants.CHANNEL_REST_URI);
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
    connEnv.setSessionIdOverride(task.getTaskIdentifier());
    UsernamePasswordAuthenticationToken token;
    try {
        token = getAuthenticationEvaluator().authenticate(connEnv, authenticationContext);
    } catch (UsernameNotFoundException | BadCredentialsException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic authentication failed. Cannot authenticate user.").build());
        return;
    } catch (DisabledException | LockedException | CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException | AuthenticationServiceException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.FORBIDDEN).build());
        return;
    }
    UserType user = ((MidPointPrincipal) token.getPrincipal()).getUser();
    task.setOwner(user.asPrismObject());
    //  m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    if (!authorizeUser(user, null, enteredUsername, connEnv, requestCtx)) {
        return;
    }
    String oid = requestCtx.getHeaderString("Switch-To-Principal");
    OperationResult result = task.getResult();
    if (StringUtils.isNotBlank(oid)) {
        try {
            PrismObject<UserType> authorizedUser = model.getObject(UserType.class, oid, null, task, result);
            task.setOwner(authorizedUser);
            if (!authorizeUser(AuthorizationConstants.AUTZ_REST_PROXY_URL, user, authorizedUser, enteredUsername, connEnv, requestCtx)) {
                return;
            }
            if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)) {
                return;
            }
        } catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
            LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Proxy Authentication failed. Cannot authenticate user.").build());
            return;
        }
    }
    m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    LOGGER.trace("Authorized to use REST service ({})", user);
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) Task(com.evolveum.midpoint.task.api.Task) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) DisabledException(org.springframework.security.authentication.DisabledException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) LockedException(org.springframework.security.authentication.LockedException) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)

Example 65 with MidPointPrincipal

use of com.evolveum.midpoint.security.api.MidPointPrincipal in project midpoint by Evolveum.

the class TestValidityRecomputeTask method test144BarbossaEnableAssignmentRedJudge.

@Test
public void test144BarbossaEnableAssignmentRedJudge() throws Exception {
    final String TEST_NAME = "test144BarbossaEnableAssignmentRedJudge";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = createTask(TestValidityRecomputeTask.class.getName() + "." + TEST_NAME);
    OperationResult result = task.getResult();
    AssignmentType assignment = getUserAssignment(USER_BARBOSSA_OID, ROLE_RED_JUDGE_OID);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    modifyAssignmentAdministrativeStatus(USER_BARBOSSA_OID, assignment.getId(), ActivationStatusType.ENABLED, task, result);
    // THEN
    TestUtil.displayThen(TEST_NAME);
    assertDummyAccount(RESOURCE_DUMMY_RED_NAME, USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, true);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertDummyAccount(RESOURCE_DUMMY_RED_NAME, USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, true);
    assertDummyAccountAttribute(RESOURCE_DUMMY_RED_NAME, USER_BARBOSSA_USERNAME, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_TITLE_NAME, ROLE_JUDGE_TITLE);
    assertDummyAccountAttribute(RESOURCE_DUMMY_RED_NAME, USER_BARBOSSA_USERNAME, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_DRINK_NAME, ROLE_JUDGE_DRINK);
    PrismObject<UserType> user = getUser(USER_BARBOSSA_OID);
    display("User after", user);
    assertLinks(user, 1);
    MidPointPrincipal principal = userProfileService.getPrincipal(user);
    assertAuthorized(principal, AUTZ_PUNISH_URL);
}
Also used : TestTriggerTask(com.evolveum.midpoint.model.intest.TestTriggerTask) Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) Test(org.testng.annotations.Test) AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)

Aggregations

MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)75 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)35 Task (com.evolveum.midpoint.task.api.Task)35 Test (org.testng.annotations.Test)30 AbstractInitializedModelIntegrationTest (com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)18 TestTriggerTask (com.evolveum.midpoint.model.intest.TestTriggerTask)18 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)11 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)10 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)10 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)9 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)8 IdItemPathSegment (com.evolveum.midpoint.prism.path.IdItemPathSegment)6 NameItemPathSegment (com.evolveum.midpoint.prism.path.NameItemPathSegment)6 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)6 Authentication (org.springframework.security.core.Authentication)6 TestRbac (com.evolveum.midpoint.model.intest.rbac.TestRbac)5 SystemException (com.evolveum.midpoint.util.exception.SystemException)5 Authorization (com.evolveum.midpoint.security.api.Authorization)3 ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)3 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial