public MidPointPrincipal getPrincipal() throws SecurityViolationException { return securityContextManager.getPrincipal(); }
public boolean isAuthorizedToClaim(String taskId) { MidPointPrincipal principal; try { principal = securityContextManager.getPrincipal(); } catch (SecurityViolationException e) { return false; } String currentUserOid = principal.getOid(); if (currentUserOid == null) { return false; } return isAmongCandidates(principal, taskId); }
public <O extends ObjectType,R extends AbstractRoleType> ItemSecurityConstraints getAllowedRequestAssignmentItems(PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { return securityEnforcer.getAllowedRequestAssignmentItems(securityContextManager.getPrincipal(), ModelAuthorizationAction.ASSIGN.getUrl(), object, target, null, task, result); }
@Override public MidPointPrincipal dropPowerOfAttorney(Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal donorPrincipal = securityContextManager.getPrincipal(); if (donorPrincipal.getAttorney() == null) { throw new IllegalStateException("Attempt to drop attorney powers using non-donor principal "+donorPrincipal); } MidPointPrincipal previousPrincipal = donorPrincipal.getPreviousPrincipal(); if (previousPrincipal == null) { throw new IllegalStateException("Attempt to drop attorney powers, but no previous principal in "+donorPrincipal); } // TODO: audit switch // TODO: maybe refresh previous principal using userProfileService? securityContextManager.setupPreAuthenticatedSecurityContext(previousPrincipal); return previousPrincipal; }
@Override public MidPointPrincipal assumePowerOfAttorney(PrismObject<UserType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal attorneyPrincipal = securityContextManager.getPrincipal(); MidPointPrincipal donorPrincipal = securityEnforcer.createDonorPrincipal(attorneyPrincipal, ModelAuthorizationAction.ATTORNEY.getUrl(), donor, task, result); // TODO: audit switch securityContextManager.setupPreAuthenticatedSecurityContext(donorPrincipal); return donorPrincipal; }
@NotNull @Override public CompiledUserProfile getCompiledUserProfile(Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException { MidPointPrincipal principal = null; try { principal = securityContextManager.getPrincipal(); } catch (SecurityViolationException e) { LOGGER.warn("Security violation while getting principlal to get GUI config: {}", e.getMessage(), e); } if (principal == null || !(principal instanceof MidPointUserProfilePrincipal)) { // May be used for unathenticated user, error pages and so on return userProfileCompiler.getGlobalCompiledUserProfile(task, parentResult); } else { return ((MidPointUserProfilePrincipal)principal).getCompiledUserProfile(); } }
MidPointPrincipal principal = securityContextManager.getPrincipal(); if (principal == null) { return false;
final String userDescription = toShortString(securityContextManager.getPrincipal().getUser()); result.addContext("user", userDescription);
private void setInitiatorAndAttorneyFromPrincipal(AuditEventRecord record) { try { MidPointPrincipal principal = securityContextManager.getPrincipal(); record.setInitiator(principal.getUser().asPrismObject()); if (principal.getAttorney() != null) { record.setAttorney(principal.getAttorney().asPrismObject()); } } catch (SecurityViolationException e) { record.setInitiator(null); LOGGER.warn("No initiator known for auditing work item event: " + e.getMessage(), e); } } }
protected void recordDecision(String campaignOid, AccessCertificationCaseType aCase, AccessCertificationResponseType response, String comment, String reviewerOid, Task task, OperationResult result) throws CommunicationException, ObjectNotFoundException, ObjectAlreadyExistsException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException { Authentication originalAuthentication = null; String realReviewerOid; if (reviewerOid != null) { originalAuthentication = SecurityContextHolder.getContext().getAuthentication(); login(getUser(reviewerOid)); realReviewerOid = reviewerOid; } else { realReviewerOid = securityContextManager.getPrincipal().getOid(); } List<AccessCertificationWorkItemType> workItems = aCase.getWorkItem().stream() .filter(wi -> ObjectTypeUtil.containsOid(wi.getAssigneeRef(), realReviewerOid)) .filter(wi -> wi.getStageNumber() == aCase.getStageNumber()) .filter(wi -> norm(wi.getIteration()) == norm(aCase.getIteration())) .collect(Collectors.toList()); assertEquals("Wrong # of current work items for " + realReviewerOid + " in " + aCase, 1, workItems.size()); long id = aCase.asPrismContainerValue().getId(); certificationManager.recordDecision(campaignOid, id, workItems.get(0).getId(), response, comment, task, result); if (reviewerOid != null) { SecurityContextHolder.getContext().setAuthentication(originalAuthentication); } }
return; MidPointPrincipal principal = securityContextManager.getPrincipal(); if (principal != null) { UserType principalUser = principal.getUser();
@Override public <O extends ObjectType, T extends ObjectType> void failAuthorization(String operationUrl, AuthorizationPhaseType phase, AuthorizationParameters<O,T> params, OperationResult result) throws SecurityViolationException { MidPointPrincipal principal = securityContextManager.getPrincipal(); String username = getQuotedUsername(principal); String message; if (params.getTarget() == null && params.getAnyObject() == null) { message = "User '"+username+"' not authorized for operation "+ operationUrl; } else if (params.getTarget() == null) { message = "User '"+username+"' not authorized for operation "+ operationUrl + " on " + params.getAnyObject(); } else { message = "User '"+username+"' not authorized for operation "+ operationUrl + " on " + params.getAnyObject() + " with target " + params.getTarget(); } LOGGER.error("{}", message); AuthorizationException e = new AuthorizationException(message); result.recordFatalError(e.getMessage(), e); throw e; }
OperationResult result = parentResult.createMinorSubresult(SUBMIT_TASK_FROM_TEMPLATE); try { MidPointPrincipal principal = securityContextManager.getPrincipal(); if (principal == null) { throw new SecurityViolationException("No current user");
@Override public TaskType executeChangesAsynchronously(Collection<ObjectDelta<?>> deltas, ModelExecuteOptions options, String templateTaskOid, Task opTask, OperationResult result) throws SecurityViolationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException { MidPointPrincipal principal = securityContextManager.getPrincipal(); if (principal == null) { throw new SecurityViolationException("No current user");
public boolean isAuthorized(WorkItemType workItem, RequestedOperation operation, Task task, OperationResult result) throws ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException { MidPointPrincipal principal; try { principal = securityContextManager.getPrincipal(); } catch (SecurityViolationException e) { return false; } if (principal.getOid() == null) { return false; } try { if (securityEnforcer.isAuthorized(operation.actionAll.getUrl(), null, AuthorizationParameters.EMPTY, null, task, result)) { return true; } if (operation.actionOwn != null && !securityEnforcer.isAuthorized(operation.actionOwn.getUrl(), null, AuthorizationParameters.EMPTY, null, task, result)) { return false; } } catch (SchemaException e) { throw new SystemException(e.getMessage(), e); } for (ObjectReferenceType assignee : workItem.getAssigneeRef()) { if (isEqualOrDeputyOf(principal, assignee.getOid(), relationRegistry)) { return true; } } return isAmongCandidates(principal, workItem.getExternalId()); }
private void executeDeputyLimitationsTest(String TEST_NAME, List<OtherPrivilegesLimitationType> expectedLimitations, Consumer<AssignmentType> assignmentModifier) throws CommonException { TestUtil.displayTestTitle(this, TEST_NAME); // GIVEN AssignmentType assignment = new AssignmentType() .targetRef(USER_JACK_OID, UserType.COMPLEX_TYPE, SchemaConstants.ORG_DEPUTY); if (assignmentModifier != null) { assignmentModifier.accept(assignment); } UserType deputy = prismContext.createObjectable(UserType.class) .name("deputy") .oid("deputy") .assignment(assignment); // WHEN TestUtil.displayWhen(TEST_NAME); display("Logging in as", deputy); login(deputy.asPrismObject()); // THEN TestUtil.displayThen(TEST_NAME); MidPointPrincipal principal = securityContextManager.getPrincipal(); Collection<DelegatorWithOtherPrivilegesLimitations> delegators = principal.getDelegatorWithOtherPrivilegesLimitationsCollection(); display("delegators with other privileges limitations", delegators); if (expectedLimitations == null) { assertEquals("Wrong # of delegator records: " + DebugUtil.debugDump(delegators), 0, delegators.size()); } else { assertEquals("Wrong # of delegator records: " + DebugUtil.debugDump(delegators), 1, delegators.size()); DelegatorWithOtherPrivilegesLimitations record = delegators.iterator().next(); assertEquals("Unexpected limitations: " + DebugUtil.debugDump(delegators), new HashSet<>(expectedLimitations), new HashSet<>(record.getLimitations())); } }
result.addParam("workItemId", workItemId); try { MidPointPrincipal principal = securityContextManager.getPrincipal(); result.addContext("user", toShortString(principal.getUser()));
result.addParam("workItemId", workItemId); try { MidPointPrincipal principal = securityContextManager.getPrincipal(); result.addContext("user", toShortString(principal.getUser()));
ObjectReferenceType responderRef = ObjectTypeUtil.createObjectRef(securityContextManager.getPrincipal().getUser(), prismContext); XMLGregorianCalendar now = clock.currentTimeXMLGregorianCalendar(); ItemPath workItemPath = ItemPath.create(F_CASE, caseId, F_WORK_ITEM, workItemId);
newCampaign.setOwnerRef(securityContextManager.getPrincipal().toObjectReference()); newCampaign.setTenantRef(definition.getTenantRef()); newCampaign.setDefinitionRef(ObjectTypeUtil.createObjectRef(definition, prismContext));