@Override public void setupPreAuthenticatedSecurityContext(PrismObject<UserType> user) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException { MidPointPrincipal principal; if (userProfileService == null) { LOGGER.warn("No user profile service set up in SecurityEnforcer. " + "This is OK in low-level tests but it is a serious problem in running system"); principal = new MidPointPrincipal(user.asObjectable()); } else { principal = userProfileService.getPrincipal(user); } setupPreAuthenticatedSecurityContext(principal); }
@Override public MidPointPrincipal createDonorPrincipal(MidPointPrincipal attorneyPrincipal, String attorneyAuthorizationAction, PrismObject<UserType> donor, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException { if (attorneyPrincipal.getAttorney() != null) { throw new UnsupportedOperationException("Transitive attorney is not supported yet"); } AuthorizationLimitationsCollector limitationsCollector = new AuthorizationLimitationsCollector(); AuthorizationParameters<UserType, ObjectType> autzParams = AuthorizationParameters.Builder.buildObject(donor); AccessDecision decision = isAuthorizedInternal(attorneyPrincipal, attorneyAuthorizationAction, null, autzParams, null, limitationsCollector, task, result); if (!decision.equals(AccessDecision.ALLOW)) { failAuthorization(attorneyAuthorizationAction, null, autzParams, result); } MidPointPrincipal donorPrincipal = securityContextManager.getUserProfileService().getPrincipal(donor, limitationsCollector, result); donorPrincipal.setAttorney(attorneyPrincipal.getUser()); // chain principals so we can easily drop the power of attorney and return back to original identity donorPrincipal.setPreviousPrincipal(attorneyPrincipal); return donorPrincipal; }