[midPoint-git] [Evolveum/midpoint] b0d8b1: Make REST authorizations finer-grained

mederly noreply at github.com
Tue Feb 20 12:43:25 CET 2024


  Branch: refs/heads/support-4.8
  Home:   https://github.com/Evolveum/midpoint
  Commit: b0d8b1548dce20f00977316aa0ed9db56b52078f
      https://github.com/Evolveum/midpoint/commit/b0d8b1548dce20f00977316aa0ed9db56b52078f
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2024-02-20 (Tue, 20 Feb 2024)

  Changed paths:
    M model/authentication-impl/pom.xml
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidPointGuiAuthorizationEvaluator.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointAllowAllAuthorizationEvaluator.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/authorization/evaluator/MidpointHttpAuthorizationEvaluator.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/configuration/SecurityConfigurer.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpBasicModuleWebSecurityConfigurer.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpClusterModuleWebSecurityConfigurer.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/HttpSecurityQuestionsModuleWebSecurityConfigurer.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcResourceServerModuleWebSecurityConfigurer.java
    M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/util/EndPointsUrlMapping.java
    M model/authentication-impl/src/test/java/com/evolveum/midpoint/authentication/TestIntegrationSecurity.java
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityHelper.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ClusterRestController.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ExtensionSchemaRestController.java
    M model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java
    A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/RestAuthorizationAction.java
    A repo/security-api/src/main/java/com/evolveum/midpoint/security/api/RestHandlerMethod.java
    M repo/security-enforcer-api/src/main/java/com/evolveum/midpoint/security/enforcer/api/SecurityEnforcer.java
    M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/AbstractRestServiceInitializer.java
    M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/RestServiceInitializer.java
    M testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestAbstractRestService.java
    M testing/rest/src/test/resources/repo/json/script-modify-validTo.json
    A testing/rest/src/test/resources/repo/role-rest-limited.xml
    A testing/rest/src/test/resources/repo/user-rest-limited.xml
    M testing/rest/src/test/resources/repo/xml/script-modify-validTo.xml
    M testing/rest/src/test/resources/repo/yaml/script-modify-validTo.yml

  Log Message:
  -----------
  Make REST authorizations finer-grained

While "rest-3#all" authorization still exists, it is no longer
required to use it when only a subset of REST methods is to be
accessed by particular client. Each method has now its own
authorization.

This commit is an aggregated cherry-pick from multiple ones,
that were partially reverting and augmenting one another.
It also fixes one unrelated REST test.

(cherry picked from commit da667ef7debff76ef5e496913b85634ec2ec0650)
(cherry picked from commit c28cdabb7e608b0a2c206451b77084008c06b30a)
(cherry picked from commit 46d392e6aca4c29e5219e946d410c153ab2717ab)
(cherry picked from commit 924ccec297f6ec595e61785b666b4f2f006a5ab7)
(cherry picked from commit 2738f190cd16318e8be2720bc6ba9acf21697d99)



To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications


More information about the midPoint-svn mailing list