[midPoint-git] [Evolveum/midpoint] 46d392: Improve fine-grained REST authorizations

mederly noreply at github.com
Tue Feb 20 11:55:51 CET 2024 

  Branch: refs/heads/tmp/detailed-rest-autz
  Home:   https://github.com/Evolveum/midpoint
  Commit: 46d392e6aca4c29e5219e946d410c153ab2717ab
      https://github.com/Evolveum/midpoint/commit/46d392e6aca4c29e5219e946d410c153ab2717ab
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2024-02-20 (Tue, 20 Feb 2024)

  Changed paths:
    M model/authentication-impl/pom.xml
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/util/EndPointsUrlMapping.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ClusterRestController.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ExtensionSchemaRestController.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyAuditService.java
    A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/RestAuthorizationAction.java
    A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/RestHandlerMethod.java
    R repo/security-api/src/main/java/com/evolveum/midpoint/security/api/RestMethod.java
    M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestAbstractRestService.java
    M testing/rest/src/test/resources/repo/user-rest-limited.xml

  Log Message:
  -----------
  Improve fine-grained REST authorizations

This is an improvement of da667ef7debff76ef5e496913b85634ec2ec0650:
Instead of checking REST action authorization in the method body
(which was wrong), we determine the respective method, with the
corresponding action URI right in MidPointGuiAuthorizationEvaluator.
So the full REST-method-level authorization can be done there.

This is the correct solution. So, the hacks introduced previously
are rolled-back in this commit.



To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications

More information about the midPoint-svn mailing list