[midPoint-git] [Evolveum/midpoint] 8a9a03: Draw layers of security enforcer processing

mederly noreply at github.com
Tue May 9 18:41:09 CEST 2023 

  Branch: refs/heads/feature/autz-improvements
  Home:   https://github.com/Evolveum/midpoint
  Commit: 8a9a03b246c4ef024a2d460cfc972029a9be6ead
      https://github.com/Evolveum/midpoint/commit/8a9a03b246c4ef024a2d460cfc972029a9be6ead
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-05-09 (Tue, 09 May 2023)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/WorkItemDetailsPanel.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/FilterGizmoAssignableRoles.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
    M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/RepositoryService.java
    M repo/repo-api/src/main/java/com/evolveum/midpoint/repo/api/query/ObjectFilterExpressionEvaluator.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
    R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationApplicabilityChecker.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationEvaluation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationFilterEvaluation.java
    R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationProcessor.java
    R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AuthorizationSecurityFilterBuilder.java
    R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/AutzContext.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerDecisionOperation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerFilterOperation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/EnforcerOperation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/FilterGizmoObjectFilterImpl.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ItemDecisionOperation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorEvaluation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/ObjectSelectorFilterEvaluation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/OtherEnforcerOperation.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/QueryAutzItemPaths.java
    M repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityEnforcerImpl.java
    R repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/SecurityFilterBuilder.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/TracingUtil.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/AbstractSelectorClauseEvaluation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ArchetypeRef.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Assignee.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseEvaluationContext.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/ClauseFilterEvaluationContext.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Delegator.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Filter.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRef.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/OrgRelation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Owner.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RelatedObject.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Requester.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/RoleRelation.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Special.java
    A repo/security-enforcer-impl/src/main/java/com/evolveum/midpoint/security/enforcer/impl/clauses/Tenant.java

  Log Message:
  -----------
  Draw layers of security enforcer processing

1. This commit divides the processing within SecurityEnforcerImpl
into four distinct layers: enforcer operation, [single] authorization
evaluation, object selector evaluation, and object selector clause
evaluation.

2. Object selector clauses (that currently contain the core of the
autz processing) are now implemented by separate classes, bringing
"is applicable" and "apply filter" algorithms together for better
understandability and maintainability.

Work in progress.

More information about the midPoint-svn mailing list