@Override public MidPointPrincipal dropPowerOfAttorney(Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal donorPrincipal = securityContextManager.getPrincipal(); if (donorPrincipal.getAttorney() == null) { throw new IllegalStateException("Attempt to drop attorney powers using non-donor principal "+donorPrincipal); } MidPointPrincipal previousPrincipal = donorPrincipal.getPreviousPrincipal(); if (previousPrincipal == null) { throw new IllegalStateException("Attempt to drop attorney powers, but no previous principal in "+donorPrincipal); } // TODO: audit switch // TODO: maybe refresh previous principal using userProfileService? securityContextManager.setupPreAuthenticatedSecurityContext(previousPrincipal); return previousPrincipal; }
protected void assertPrincipalAttorneyOid(MidPointPrincipal principal, String attotrneyOid) { UserType attorney = principal.getAttorney(); if (attorney == null) { if (attotrneyOid == null) { return; } else { AssertJUnit.fail("Expected attorney "+attotrneyOid+" in principal "+principal+" but there was none"); } } assertEquals("Wrong attroney OID in principal", attotrneyOid, attorney.getOid()); }
private void setInitiatorAndAttorneyFromPrincipal(AuditEventRecord record) { try { MidPointPrincipal principal = securityContextManager.getPrincipal(); record.setInitiator(principal.getUser().asPrismObject()); if (principal.getAttorney() != null) { record.setAttorney(principal.getAttorney().asPrismObject()); } } catch (SecurityViolationException e) { record.setInitiator(null); LOGGER.warn("No initiator known for auditing work item event: " + e.getMessage(), e); } } }
@Override public MidPointPrincipal createDonorPrincipal(MidPointPrincipal attorneyPrincipal, String attorneyAuthorizationAction, PrismObject<UserType> donor, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException { if (attorneyPrincipal.getAttorney() != null) { throw new UnsupportedOperationException("Transitive attorney is not supported yet"); } AuthorizationLimitationsCollector limitationsCollector = new AuthorizationLimitationsCollector(); AuthorizationParameters<UserType, ObjectType> autzParams = AuthorizationParameters.Builder.buildObject(donor); AccessDecision decision = isAuthorizedInternal(attorneyPrincipal, attorneyAuthorizationAction, null, autzParams, null, limitationsCollector, task, result); if (!decision.equals(AccessDecision.ALLOW)) { failAuthorization(attorneyAuthorizationAction, null, autzParams, result); } MidPointPrincipal donorPrincipal = securityContextManager.getUserProfileService().getPrincipal(donor, limitationsCollector, result); donorPrincipal.setAttorney(attorneyPrincipal.getUser()); // chain principals so we can easily drop the power of attorney and return back to original identity donorPrincipal.setPreviousPrincipal(attorneyPrincipal); return donorPrincipal; }
public static void fillInWorkItemEvent(WorkItemEventType event, MidPointPrincipal currentUser, String workItemId, Map<String, Object> variables, PrismContext prismContext) { if (currentUser != null) { event.setInitiatorRef(ObjectTypeUtil.createObjectRef(currentUser.getUser(), prismContext)); event.setAttorneyRef(ObjectTypeUtil.createObjectRef(currentUser.getAttorney(), prismContext)); } event.setTimestamp(XmlTypeConverter.createXMLGregorianCalendar(new Date())); event.setExternalWorkItemId(workItemId); String originalAssigneeString = ActivitiUtil.getVariable(variables, VARIABLE_ORIGINAL_ASSIGNEE, String.class, prismContext); if (originalAssigneeString != null) { event.setOriginalAssigneeRef(MiscDataUtil.stringToRef(originalAssigneeString)); } event.setStageNumber(ActivitiUtil.getRequiredVariable(variables, VARIABLE_STAGE_NUMBER, Integer.class, prismContext)); event.setEscalationLevel(WfContextUtil.createEscalationLevel(ActivitiUtil.getEscalationLevelNumber(variables), ActivitiUtil.getVariable(variables, VARIABLE_ESCALATION_LEVEL_NAME, String.class, prismContext), ActivitiUtil.getVariable(variables, VARIABLE_ESCALATION_LEVEL_DISPLAY_NAME, String.class, prismContext))); }
result.addContext("user", toShortString(principal.getUser())); ObjectReferenceType initiator = ObjectTypeUtil.createObjectRef(principal.getUser(), prismContext); ObjectReferenceType attorney = ObjectTypeUtil.createObjectRef(principal.getAttorney(), prismContext);
result.addContext("user", toShortString(principal.getUser())); ObjectReferenceType initiator = ObjectTypeUtil.createObjectRef(principal.getUser(), prismContext); ObjectReferenceType attorney = ObjectTypeUtil.createObjectRef(principal.getAttorney(), prismContext);