[midPoint-git] [Evolveum/midpoint] 08438e: Skip "get" autz application in obvious cases
mederly
noreply at github.com
Tue Apr 25 18:49:49 CEST 2023
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: 08438ea62d565fd5c8d22e2e439b93cefd8626c1
https://github.com/Evolveum/midpoint/commit/08438ea62d565fd5c8d22e2e439b93cefd8626c1
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/assignment/AssignmentEditorPanel.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/channel/GuiAuthenticationChannel.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/channel/ResetPasswordAuthenticationChannel.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/channel/SelfRegistrationAuthenticationChannel.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/evaluator/AuthenticationEvaluatorImpl.java
M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/evaluator/TestAbstractAuthenticationEvaluator.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/GuiProfiledPrincipal.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/ClockworkAuthorizationHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/assignments/TargetPayloadEvaluation.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/resources/security/role-prop-except-administrative-status.xml
A model/model-intest/testng-integration-security.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/formatters/DeltaFormatter.java
M model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/formatters/TextFormatter.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ItemSecurityConstraints.java
A repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectOperationConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/ObjectSecurityConstraints.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/PositiveNegativeItemPaths.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemSecurityConstraintsImpl.java
A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectOperationConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSecurityConstraintsImpl.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
Log Message:
-----------
Skip "get" autz application in obvious cases
Here we check for the opportunity to skip cloning and/or traversing
objects during application of "get" authorization.
The idea is that if the whole object is readable, we do not have to
clone it (if immutable) or traverse through all its items and check
the "get" authorization for them.
This reduces the model post-processing times for medium-sized user
object read by #all-privileged user from around 20 ms (in midPoint 4.7)
through 0.25 ms (before this commit) to less than 0.01 ms (now).
Of course, when authorizations have to be applied, the performance is
still at the level of hundreds of microseconds. This may be improved
later, if needed.
No (intentional) behavioral changes should be here. Only optimizations
and documentation.
Commit: d38c6511fa592f289053e3551176c6943c0fe313
https://github.com/Evolveum/midpoint/commit/d38c6511fa592f289053e3551176c6943c0fe313
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/perf/TestPerformance.java
Log Message:
-----------
Improve TestPerformance
1. More iterations to be able to measure short times more precisely.
2. Fixed OperationResult handling (had OOM errors with many iterations).
Commit: d945e563b757687737b148a804d08c6698d3ad23
https://github.com/Evolveum/midpoint/commit/d945e563b757687737b148a804d08c6698d3ad23
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/search/SearchableItemsDefinitions.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageRegistrationFinish.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/search/filter/ValueSearchFilterItem.java
M infra/schema/src/main/resources/xml/ns/public/common/common-case-management-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/OidcResourceServerModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/RemoteAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/RemoteModuleAuthenticationImpl.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/JwtOidcResourceServerConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OidcClientModuleWebSecurityConfiguration.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OidcResourceServerModuleWebSecurityConfiguration.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OpaqueTokenOidcResourceServerConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcResourceServerModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcAuthorizationRequestRedirectFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcLoginAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcUserTokenService.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OpaqueTokenUserDetailsIntrospector.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcClientProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcResourceServerProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2WebSsoAuthenticationFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2WebSsoAuthenticationRequestFilter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/util/RequestState.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Compare: https://github.com/Evolveum/midpoint/compare/0306b8de7a20...d945e563b757
More information about the midPoint-svn
mailing list