[midPoint-git] [Evolveum/midpoint] 58096e: Add #use authorization for task templates
mederly
noreply at github.com
Wed Aug 23 17:48:31 CEST 2023
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: 58096e01e18084b577ef459b7ef4faddf4d6421b
https://github.com/Evolveum/midpoint/commit/58096e01e18084b577ef459b7ef4faddf4d6421b
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-23 (Wed, 23 Aug 2023)
Changed paths:
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/AbstractCertificationTest.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCertificationBasic.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestCriticalRolesCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestEscalation.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestRoleInducementCertification.java
M model/certification-impl/src/test/java/com/evolveum/midpoint/certification/test/TestSoDCertification.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ActivityCustomization.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/expr/MidpointFunctions.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java
M model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/misc/ShadowAttributeIdSyncStoreReadTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestActivation.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestDeputy.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestIteration.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestLinkedObjects.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestMemberRecompute.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestStrangeCases.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestTriggerTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestVolatility.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/async/TestAsyncUpdateTaskMechanics.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractDirectManualResourceTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractGroupingManualResourceTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/mapping/TestMapping.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/mapping/TestMappingAutoInbound.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/mapping/TestMappingInbound.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/misc/TestMigration.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/multi/TestMultiAccount.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/scripting/AbstractBasicScriptingTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityAdvanced.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestImportRecon.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestParallelDiscovery.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestParallelSynchronization.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestRecomputeTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestUuid.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestValidityRecomputeTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestLiveSyncTask.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestProgressReporting.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/tasks/TestTaskReporting.java
A model/model-intest/src/test/resources/security/role-use-task-templates.xml
A model/model-intest/src/test/resources/security/task-template-dummy.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M model/workflow-impl/src/test/java/com/evolveum/midpoint/wf/impl/other/TestEscalation.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TaskFinishChecker.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestReport.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/TestTask.java
M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/AuthorizationParameters.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapSynchronizationTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java
M testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/opendj/AbstractOpenDjNoiseTest.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestGenericSynchronization.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdap.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdapComplex.java
M testing/longtest/src/test/java/com/evolveum/midpoint/testing/longtest/TestLdapUniversity.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestDelayedEnable.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestImportGroups.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestInboundOutboundAssociation.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestLiveSyncMadness.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestOrgSync.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestResourceInMaintenance.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestScience.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestServiceAccounts.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestServiceAccountsClassifier.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestShadowsPerformance.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestStrings.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestUniversity.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestUnix.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestVillage.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/buckets/TestBucketsPerformance.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/consistency/TestConsistencyMechanism.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/grouper/TestGrouperLargeGroupImport.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/grouper/TestGrouperLargeGroupReconciliation.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/ldap/TestLdapAssociationPerformance.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/ldap/TestLdapReconPerformance.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/ldap/TestLdapSyncMassive.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/sysperf/TestSystemPerformance.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/uuid/AbstractUuidTest.java
M testing/story/src/test/resources/trusted-bulk-actions/role-unprivileged.xml
M testing/story/src/test/resources/trusted-bulk-actions/role-with-scripting-action.xml
Log Message:
-----------
Add #use authorization for task templates
The new #use authorization is checked when submitTaskFromTemplate method
is called (in ModelInteractionService or MidpointFunctions). The "read"
authorization is no longer required there.
Other changes:
- Legacy extension-based variants of submitTaskFromTemplate are now
deprecated. These were not changed to use the new authorization.
- (Long time) unused "checkSubresults" parameter in tests is removed.
Commit: cfff770710190571c5f52d7b4383295734a8bd56
https://github.com/Evolveum/midpoint/commit/cfff770710190571c5f52d7b4383295734a8bd56
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-23 (Wed, 23 Aug 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/resource/component/wizard/basic/CreateResourceTemplatePanel.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageDuoSelect.html
A gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageDuoSelect.java
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/util/AuthUtil.java
M model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/util/AuthenticationModuleNameConstants.java
M model/authentication-impl/pom.xml
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/DuoModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/LdapModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/Saml2ModuleFactory.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/RemoteAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/RemoteModuleAuthorizationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/configurers/RemoteModuleConfigurer.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoAuthorizationRequestRedirectFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/duo/DuoFilterConfigurer.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/ldap/AuditedAuthenticationException.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/ldap/LdapDirContextAdapter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/ldap/MidpointPrincipalContextMapper.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcAuthorizationRequestRedirectFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcBearerTokenAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcClientLogoutSuccessHandler.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcLoginAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcLoginConfigurer.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcUserTokenService.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OpaqueTokenUserDetailsIntrospector.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointAssertingPartyMetadataConverter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointMetadataRelyingPartyRegistrationResolver.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointSaml2LoginConfigurer.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointSaml2LogoutRequestResolver.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointSaml2LogoutRequestSuccessHandler.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointSaml2WebSsoAuthenticationFilter.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/saml/MidpointSaml2WebSsoAuthenticationRequestFilter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/ldap/AuditedAuthenticationException.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/ldap/LdapDirContextAdapter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/ldap/MidpointPrincipalContextMapper.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/DuoModuleAuthentication.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/token/DuoRequestToken.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/DuoModuleWebSecurityConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OpaqueTokenOidcResourceServerConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/SamlModuleWebSecurityConfiguration.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/DuoModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcClientModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcResourceServerModuleWebSecurityConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/SamlModuleWebSecurityConfigurer.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcAuthorizationRequestRedirectFilter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcBearerTokenAuthenticationFilter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcClientLogoutSuccessHandler.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcLoginAuthenticationFilter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcLoginConfigurer.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OidcUserTokenService.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/oidc/OpaqueTokenUserDetailsIntrospector.java
A model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/DuoProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/MidPointLdapAuthenticationProvider.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/provider/OidcClientProvider.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointAssertingPartyMetadataConverter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointMetadataRelyingPartyRegistrationResolver.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2LoginConfigurer.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2LogoutRequestResolver.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2LogoutRequestSuccessHandler.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2WebSsoAuthenticationFilter.java
R model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/saml/MidpointSaml2WebSsoAuthenticationRequestFilter.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Compare: https://github.com/Evolveum/midpoint/compare/63bebc3838ec...cfff77071019
More information about the midPoint-svn
mailing list