[midPoint-git] [Evolveum/midpoint] ce357d: Audit runAs/runPrivileged properly
mederly
noreply at github.com
Sat Jul 29 23:48:27 CEST 2023
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: ce357da80a1765eb64b23479470045dad53d0bef
https://github.com/Evolveum/midpoint/commit/ce357da80a1765eb64b23479470045dad53d0bef
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-07-29 (Sat, 29 Jul 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/engine/events/PendingAuditRecords.java
M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/helpers/CaseMiscHelper.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuthorizationDiagEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
M model/model-intest/src/test/resources/run-as/role-with-service-mapping-privileged.xml
M model/model-intest/src/test/resources/run-as/role-with-service-mapping-run-as.xml
M model/model-intest/src/test/resources/run-as/role-with-service-mapping-standard.xml
M model/model-intest/testng-integration-full.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditEventRecord.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
M repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java
Log Message:
-----------
Audit runAs/runPrivileged properly
The AuditEventRecord was extended by "effectivePrincipalRef"
and "effectivePrivilegesModified" describing the real logged-in
principal carrying out an action, as well as the information whether
its privileges were modified (e.g. by "runPrivileged" directive) or not.
(This commit also changes the creation of MidPointPrincipal objects,
plus other unrelated minor changes.)
Work in progress. The names are preliminary.
The information is not really stored in the audit log yet.
More information about the midPoint-svn
mailing list