[midPoint-git] [Evolveum/midpoint] ce357d: Audit runAs/runPrivileged properly

mederly noreply at github.com
Sat Jul 29 23:48:27 CEST 2023 

  Branch: refs/heads/master
  Home:   https://github.com/Evolveum/midpoint
  Commit: ce357da80a1765eb64b23479470045dad53d0bef
      https://github.com/Evolveum/midpoint/commit/ce357da80a1765eb64b23479470045dad53d0bef
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-07-29 (Sat, 29 Jul 2023)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
    M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/engine/events/PendingAuditRecords.java
    M model/cases-impl/src/main/java/com/evolveum/midpoint/cases/impl/helpers/CaseMiscHelper.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuthorizationDiagEvaluation.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
    M model/model-intest/src/test/resources/run-as/role-with-service-mapping-privileged.xml
    M model/model-intest/src/test/resources/run-as/role-with-service-mapping-run-as.xml
    M model/model-intest/src/test/resources/run-as/role-with-service-mapping-standard.xml
    M model/model-intest/testng-integration-full.xml
    M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
    M repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditEventRecord.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/SecurityUtil.java
    M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
    M repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/MidPointPrincipalManagerMock.java
    M repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java

  Log Message:
  -----------
  Audit runAs/runPrivileged properly

The AuditEventRecord was extended by "effectivePrincipalRef"
and "effectivePrivilegesModified" describing the real logged-in
principal carrying out an action, as well as the information whether
its privileges were modified (e.g. by "runPrivileged" directive) or not.

(This commit also changes the creation of MidPointPrincipal objects,
plus other unrelated minor changes.)

Work in progress. The names are preliminary.
The information is not really stored in the audit log yet.

More information about the midPoint-svn mailing list