@Override public MidPointPrincipal getPrincipal() throws SecurityViolationException { return SecurityUtil.getPrincipal(); }
public static ConnectionEnvironment create(String channel) { return new ConnectionEnvironment(channel, SecurityUtil.getCurrentConnectionInformation()); }
private int getHistoryLength() { return SecurityUtil.getCredentialHistoryLength(credentialPolicy); }
@Override protected CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, PasswordAuthenticationContext authnCtx) throws SchemaException { return SecurityUtil.getEffectivePasswordCredentialsPolicy(securityPolicy); }
private void prepareNonce() throws SchemaException { if (!QNameUtil.match(CredentialsType.F_NONCE, credentialQName)) { return; } if (securityPolicy == null) { return; } credentialPolicy = SecurityUtil.getEffectiveNonceCredentialsPolicy(securityPolicy); }
public static List<NonceCredentialsPolicyType> getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } if (creds.getDefault() == null) { return creds.getNonce(); } List<NonceCredentialsPolicyType> existingNoncePolicies = creds.getNonce(); List<NonceCredentialsPolicyType> newNoncePolicies = new ArrayList<>(existingNoncePolicies.size()); for(NonceCredentialsPolicyType noncePolicy: existingNoncePolicies) { NonceCredentialsPolicyType newNoncePolicy = noncePolicy.clone(); copyDefaults(creds.getDefault(), newNoncePolicy); newNoncePolicies.add(newNoncePolicy); } return newNoncePolicies; }
@Override protected PasswordCredentialsPolicyType determineEffectiveCredentialPolicy() { return SecurityUtil.getEffectivePasswordCredentialsPolicy(getSecurityPolicy()); }
@Override protected CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, NonceAuthenticationContext authnCtx) throws SchemaException { NonceCredentialsPolicyType policy = authnCtx.getPolicy(); if (policy == null) { policy = SecurityUtil.getEffectiveNonceCredentialsPolicy(securityPolicy); } return policy; }
public static PasswordCredentialsPolicyType getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } if (creds.getDefault() == null) { return creds.getPassword(); } PasswordCredentialsPolicyType passPolicy = creds.getPassword(); if (passPolicy == null) { passPolicy = new PasswordCredentialsPolicyType(); } else { passPolicy = passPolicy.clone(); } copyDefaults(creds.getDefault(), passPolicy); return passPolicy; }
@Override public int countOpenWorkItems(ObjectQuery baseWorkItemsQuery, boolean notDecidedOnly, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException { OperationResult result = parentResult.createSubresult(OPERATION_COUNT_OPEN_WORK_ITEMS); try { securityEnforcer.authorize(ModelAuthorizationAction.READ_OWN_CERTIFICATION_DECISIONS.getUrl(), null, AuthorizationParameters.EMPTY, null, task, result); return queryHelper.countOpenWorkItems(baseWorkItemsQuery, SecurityUtil.getPrincipal(), notDecidedOnly, options, result); } catch (RuntimeException e) { result.recordFatalError("Couldn't search for certification work items: unexpected exception: " + e.getMessage(), e); throw e; } finally { result.computeStatusIfUnknown(); } }
HttpConnectionInformation connectionInfo = SecurityUtil.getCurrentConnectionInformation(); String remoteAddress = connectionInfo.getRemoteHostAddress();
private void preparePassword() { if (valueItemPath == null) { return; } if (!valueItemPath.startsWithName(UserType.F_CREDENTIALS)) { return; } Object secondPathSegment = valueItemPath.getSegment(1); if (!ItemPath.isName(secondPathSegment)) { return; } credentialQName = ItemPath.toName(secondPathSegment); if (!QNameUtil.match(CredentialsType.F_PASSWORD, credentialQName)) { return; } if (securityPolicy == null) { return; } credentialPolicy = SecurityUtil.getEffectivePasswordCredentialsPolicy(securityPolicy); }
@Override protected NonceCredentialsPolicyType determineEffectiveCredentialPolicy() throws SchemaException { return SecurityUtil.getEffectiveNonceCredentialsPolicy(getSecurityPolicy()); }
private void addHistoryDeltas() throws SchemaException { if (!supportsHistory()) { return; } int historyLength = SecurityUtil.getCredentialHistoryLength(getCredentialPolicy()); PrismContainer<R> oldCredentialContainer = getOldCredentialContainer(); if (oldCredentialContainer == null) { return; } int addedValues = 0; // Note: historyLength=1 means that we need just compare with current password // The real number of values stored in the history is historyLength-1 if (historyLength > 1) { addedValues = createAddHistoryDelta(oldCredentialContainer); } createDeleteHistoryDeltasIfNeeded(historyLength, addedValues, oldCredentialContainer); }
public static SecurityQuestionsCredentialsPolicyType getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } if (creds.getDefault() == null) { return creds.getSecurityQuestions(); } SecurityQuestionsCredentialsPolicyType securityQuestionsPolicy = creds.getSecurityQuestions(); if (securityQuestionsPolicy == null) { securityQuestionsPolicy = new SecurityQuestionsCredentialsPolicyType(); } else { securityQuestionsPolicy = securityQuestionsPolicy.clone(); } copyDefaults(creds.getDefault(), securityQuestionsPolicy); return securityQuestionsPolicy; }
@Override public List<AccessCertificationWorkItemType> searchOpenWorkItems(ObjectQuery baseWorkItemsQuery, boolean notDecidedOnly, Collection<SelectorOptions<GetOperationOptions>> options, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, SecurityViolationException, ExpressionEvaluationException, CommunicationException, ConfigurationException { OperationResult result = parentResult.createSubresult(OPERATION_SEARCH_OPEN_WORK_ITEMS); try { securityEnforcer.authorize(ModelAuthorizationAction.READ_OWN_CERTIFICATION_DECISIONS.getUrl(), null, AuthorizationParameters.EMPTY, null, task, result); return queryHelper.searchOpenWorkItems(baseWorkItemsQuery, SecurityUtil.getPrincipal(), notDecidedOnly, options, result); } catch (RuntimeException e) { result.recordFatalError("Couldn't search for certification work items: unexpected exception: " + e.getMessage(), e); throw e; } finally { result.computeStatusIfUnknown(); } }
HttpConnectionInformation connInfo = SecurityUtil.getCurrentConnectionInformation(); if (connInfo == null && securityContextManager != null) { connInfo = securityContextManager.getStoredConnectionInformation();
PasswordCredentialsPolicyType passwordCredentialsPolicy = SecurityUtil.getEffectivePasswordCredentialsPolicy(securityPolicy);
@GET @Path("/self") @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, RestServiceUtil.APPLICATION_YAML}) public Response getSelf(@Context MessageContext mc){ LOGGER.debug("model rest service for get operation start"); Task task = RestServiceUtil.initRequest(mc); OperationResult parentResult = task.getResult().createSubresult(OPERATION_SELF); Response response; try { UserType loggedInUser = SecurityUtil.getPrincipal().getUser(); PrismObject<UserType> user = model.getObject(UserType.class, loggedInUser.getOid(), null, task, parentResult); response = RestServiceUtil.createResponse(Response.Status.OK, user, parentResult, true); // ResponseBuilder builder = Response.ok(); // builder.entity(user); // response = builder.build(); parentResult.recordSuccessIfUnknown(); } catch (SecurityViolationException | ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) { response = RestServiceUtil.handleException(parentResult, e); } finishRequest(task); return response; }
protected void checkVisibleWorkItem(ExpectedWorkItem expectedWorkItem, int count, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, CommunicationException { S_AtomicFilterExit q = QueryUtils .filterForAssignees(prismContext.queryFor(WorkItemType.class), SecurityUtil.getPrincipal(), OtherPrivilegesLimitationType.F_APPROVAL_WORK_ITEMS, relationRegistry); List<WorkItemType> currentWorkItems = modelService.searchContainers(WorkItemType.class, q.build(), null, task, result); long found = currentWorkItems.stream().filter(wi -> expectedWorkItem == null || expectedWorkItem.matches(wi)).count(); assertEquals("Wrong # of matching work items", count, found); }