public MidPointPrincipal getPrincipal() throws SecurityViolationException { return securityContextManager.getPrincipal(); }
/** * Convenience method to deal with producers that can throw CommonException. */ default <T> T runAsChecked(CheckedProducer<T> producer, PrismObject<UserType> user) throws CommonException { return MiscUtil.runChecked((p) -> runAs(p, user), producer); }
protected <T> T runPrivileged(Producer<T> producer) { return securityContextManager.runPrivileged(producer); }
@Override public MidPointPrincipal assumePowerOfAttorney(PrismObject<UserType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal attorneyPrincipal = securityContextManager.getPrincipal(); MidPointPrincipal donorPrincipal = securityEnforcer.createDonorPrincipal(attorneyPrincipal, ModelAuthorizationAction.ATTORNEY.getUrl(), donor, task, result); // TODO: audit switch securityContextManager.setupPreAuthenticatedSecurityContext(donorPrincipal); return donorPrincipal; }
try { if (securityContextManager != null) { if (!securityContextManager.isAuthenticated()) { return; MidPointPrincipal principal = securityContextManager.getPrincipal(); if (principal != null) { UserType principalUser = principal.getUser();
@Override public void refreshPrincipal(String oid) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException { try { MidPointPrincipal principal = userProfileService.getPrincipalByOid(oid); securityContextManager.setupPreAuthenticatedSecurityContext(principal); } catch (Throwable e) { LOGGER.error("Cannot refresh authentication for user identified with" + oid); throw e; } }
connInfo = securityContextManager.getStoredConnectionInformation();
@Override public MidPointPrincipal dropPowerOfAttorney(Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal donorPrincipal = securityContextManager.getPrincipal(); if (donorPrincipal.getAttorney() == null) { throw new IllegalStateException("Attempt to drop attorney powers using non-donor principal "+donorPrincipal); } MidPointPrincipal previousPrincipal = donorPrincipal.getPreviousPrincipal(); if (previousPrincipal == null) { throw new IllegalStateException("Attempt to drop attorney powers, but no previous principal in "+donorPrincipal); } // TODO: audit switch // TODO: maybe refresh previous principal using userProfileService? securityContextManager.setupPreAuthenticatedSecurityContext(previousPrincipal); return previousPrincipal; }
private void authenticateUser(PrismObject<UserType> user, String enteredUsername, ConnectionEnvironment connEnv, ContainerRequestContext requestCtx) { try { securityContextManager.setupPreAuthenticatedSecurityContext(user); } catch (SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { securityHelper.auditLoginFailure(enteredUsername, user.asObjectable(), connEnv, "Schema error: "+e.getMessage()); requestCtx.abortWith(Response.status(Status.BAD_REQUEST).build()); // return false; } LOGGER.trace("Authenticated to REST service as {}", user); }
public boolean isAuthorizedToClaim(String taskId) { MidPointPrincipal principal; try { principal = securityContextManager.getPrincipal(); } catch (SecurityViolationException e) { return false; } String currentUserOid = principal.getOid(); if (currentUserOid == null) { return false; } return isAmongCandidates(principal, taskId); }
PrismObject<UserType> administrator = repositoryService .getObject(UserType.class, SystemObjectsType.USER_ADMINISTRATOR.value(), null, result); securityContextManager.runAs(() -> { for (String definitionOid : definitionOids) { startAdHocCertification(focus, definitionOid, task, result);
securityContextManager.setupPreAuthenticatedSecurityContext(task.getOwner()); } catch (SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { LoggingUtils.logUnexpectedException(LOGGER, "Couldn't set up task security context {}", e, task);
private SearchResultList<PrismObject<UserType>> searchUser(String userName) { return getSecurityContextManager().runPrivileged(new Producer<SearchResultList<PrismObject<UserType>>>() { @Override public SearchResultList<PrismObject<UserType>> run() { Task task = getTaskManager().createTaskInstance("Search user by name"); OperationResult result = task.getResult(); SearchResultList<PrismObject<UserType>> users; try { users = getModel().searchObjects(UserType.class, ObjectQueryUtil.createNameQuery(userName, prismContext), null, task, result); } catch (SchemaException | ObjectNotFoundException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) { return null; } finally { SecurityContextHolder.getContext().setAuthentication(null); } return users; } }); }
public <O extends ObjectType,R extends AbstractRoleType> ItemSecurityConstraints getAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { return securityEnforcer.getAllowedRequestAssignmentItems(securityContextManager.getPrincipal(), ModelAuthorizationAction.ASSIGN.getUrl(), object, target, null, task, result); }
outputTriple = securityContextManager.runAs(() -> { try { return evaluateExpressionEvaluators(contextWithProcessedVariables);
try { taskManagerImpl.getSecurityContextManager().setupPreAuthenticatedSecurityContext((Authentication) null); taskManagerImpl.getSecurityContextManager().setupPreAuthenticatedSecurityContext(taskOwner); } catch (SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { LoggingUtils.logUnexpectedException(LOGGER, "Task with OID {} cannot be executed: error setting security context", e, oid); } finally { taskManagerImpl.getSecurityContextManager().setupPreAuthenticatedSecurityContext((Authentication) null);
private List<SecurityQuestionDefinitionType> getQuestions(PrismObject<UserType> user) { return getSecurityContextManager().runPrivileged(new Producer<List<SecurityQuestionDefinitionType>>() { @Override public List<SecurityQuestionDefinitionType> run() { Task task = getTaskManager().createTaskInstance("Search user by name"); OperationResult result = task.getResult(); SecurityPolicyType securityPolicyType = null; try { SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("rest_sec_q_auth", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))); securityPolicyType = modelInteractionService.getSecurityPolicy(user, task, result); } catch (ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { return null; } finally { SecurityContextHolder.getContext().setAuthentication(null); } if (securityPolicyType.getCredentials() != null && securityPolicyType.getCredentials().getSecurityQuestions() != null){ return securityPolicyType.getCredentials().getSecurityQuestions().getQuestion(); } return null; } }); }
@NotNull @Override public CompiledUserProfile getCompiledUserProfile(Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException { MidPointPrincipal principal = null; try { principal = securityContextManager.getPrincipal(); } catch (SecurityViolationException e) { LOGGER.warn("Security violation while getting principlal to get GUI config: {}", e.getMessage(), e); } if (principal == null || !(principal instanceof MidPointUserProfilePrincipal)) { // May be used for unathenticated user, error pages and so on return userProfileCompiler.getGlobalCompiledUserProfile(task, parentResult); } else { return ((MidPointUserProfilePrincipal)principal).getCompiledUserProfile(); } }
MidPointPrincipal principal = securityContextManager.getPrincipal(); if (principal == null) { return false;
final String userDescription = toShortString(securityContextManager.getPrincipal().getUser()); result.addContext("user", userDescription);