[midPoint-git] [Evolveum/midpoint] a55cbe: Fix change of immutable object caused by preview

Viliam Repan noreply at github.com
Wed Jan 8 18:09:40 CET 2025


  Branch: refs/heads/feature/mid-10276-dependencies-upgrade
  Home:   https://github.com/Evolveum/midpoint
  Commit: a55cbe43936a67ff4fa2f49559e2dcfd96f19f87
      https://github.com/Evolveum/midpoint/commit/a55cbe43936a67ff4fa2f49559e2dcfd96f19f87
  Author: Andrej Zan <andrej.zan at evolveum.com>
  Date:   2025-01-07 (Tue, 07 Jan 2025)

  Changed paths:
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
    A model/model-intest/src/test/resources/security/role-user-add-read-some.xml

  Log Message:
  -----------
  Fix change of immutable object caused by preview

**What**

Fix an error caused by change of immutable object (in this case
immutable delta), which happens during preview of "create role" changes.
But it could potentially happen during any "create" operation.

**Notes**

This error could be fixed in various ways. Some of considered solutions:
- Add `modifyEachObject` and `modifyEachDelta` methods to `ElementState`
  and to `LensElementContext`. These methods would allow to modify
  internal deltas/objects by internally cloning them if they are
  immutable.
- Cloning whole `LensContext` before passing it to the
  `SchemaTransformer` for application of security constraints.
- Cloning `LensFocusContext` and `LensProjectionContext` before passing
  them to the `DataAccessProcessor`.

It's important to say, that **none** from mentioned solutions is very
good. So I simply chose the one which I see as a lesser evil, the third
one. Here are my arguments:

**Add `modifyEach*` methods**

This solution seemed to me as the most compelling. However, during more
research I have understood, that deltas and objects in the
`ElementState` should not be changed "just like that" without a big
amount of care. Changes of already immutable objects/deltas could cause
that whole `ElementState` would be invalid. It could be a problem
especially, if it was changed before or during clockwork execution. Even
though there already are methods, which allows to modify
primary/secondary deltas, they are commented as a "dangerous". I don't
think, it would be wise to add yet another set of methods, which
somebody could (what means "will") misuse.

**Cloning whole `LensContext`**

To be honest I haven't think about this approach very much. It simply
seems to me as a too big chunk of data to clone without a reason.

**Clonging `LensFocusContext` and `LensProjectionContext`

This method seems to me as a compromise between cloning too much data
and modifying potentially "living" state. It also does not require
addition of any new "modification" methods to the `ElementState` class
which in turn reduce the risk of misuse.

**Proper solution**

Based on my current understanding, the best solution, would be to limit
data which are needed for a preview. If I understand it correctly, the
data which are necessary to display a preview are just deltas. So I
think, the proper solution would be to sent just those to the UI. Of
course if more data are needed, than those could be sent too, but
definitely not whole `LensContext`.

If data sent to UI would be limited, we could simply apply the security
constraints just to those deltas and not bother with whole `LensContext`
which would be "dropped" anyway (since it's just preview).

**Fixes**: MID-10204


  Commit: df020860dce1c9522ae016fc1bba0c70cbee0ab0
      https://github.com/Evolveum/midpoint/commit/df020860dce1c9522ae016fc1bba0c70cbee0ab0
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-07 (Tue, 07 Jan 2025)

  Changed paths:
    M docs/security/credentials/initial-password-management-discussion.adoc
    R docs/security/credentials/password-reset/configuration.adoc
    M docs/security/credentials/password-reset/index.adoc
    R docs/security/credentials/password-reset/login-panel.png
    A docs/security/credentials/password-reset/password-reset-link.png
    A docs/security/credentials/password-reset/process-overview.adoc

  Log Message:
  -----------
  password reset docs updated


  Commit: 4f837c4a9c59d8c5e3052fbfc79b97eec9200fac
      https://github.com/Evolveum/midpoint/commit/4f837c4a9c59d8c5e3052fbfc79b97eec9200fac
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-07 (Tue, 07 Jan 2025)

  Changed paths:
    M docs/security/credentials/password-reset/index.adoc

  Log Message:
  -----------
  added status to the doc page


  Commit: 101b5e7851b82561add455310b70b937f8d5283f
      https://github.com/Evolveum/midpoint/commit/101b5e7851b82561add455310b70b937f8d5283f
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-07 (Tue, 07 Jan 2025)

  Changed paths:
    M docs/security/credentials/initial-password-management-discussion.adoc

  Log Message:
  -----------
  fixing the broken link


  Commit: 932398ac3b516c9006efa19d6f9a180755b83e00
      https://github.com/Evolveum/midpoint/commit/932398ac3b516c9006efa19d6f9a180755b83e00
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java

  Log Message:
  -----------
  MID-10317 Missing message when user disable fails. Also fixed enable/reconcile/delete messages as well


  Commit: 2cd3d5f47d7321480db4041181a71b3b08fba25b
      https://github.com/Evolveum/midpoint/commit/2cd3d5f47d7321480db4041181a71b3b08fba25b
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java

  Log Message:
  -----------
  MID-10317 MID-10139 fixed keys localization, removed test code


  Commit: 8bbf035ed00666d15dcec4fbf3040344cde6902b
      https://github.com/Evolveum/midpoint/commit/8bbf035ed00666d15dcec4fbf3040344cde6902b
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M docs/roles-policies/certification/tutorial/index.adoc

  Log Message:
  -----------
  access certification guide update


  Commit: 1568f02294dfd8c35b149fee0318240b03dc9d1f
      https://github.com/Evolveum/midpoint/commit/1568f02294dfd8c35b149fee0318240b03dc9d1f
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java

  Log Message:
  -----------
  Merge branch 'master' of https://github.com/Evolveum/midpoint


  Commit: 5167e33ab6352ebdbde06a782bf6a99f8ee7dbef
      https://github.com/Evolveum/midpoint/commit/5167e33ab6352ebdbde06a782bf6a99f8ee7dbef
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  MID-10276 upgraded spring boot to 3.4.1 (another attempt) while hibernate stays on 6.5.3 and oracle driver ojdbc11/21.9.0.0


  Commit: abb4b22ab616f6c85fd47dcd97a22a96b3d08aca
      https://github.com/Evolveum/midpoint/commit/abb4b22ab616f6c85fd47dcd97a22a96b3d08aca
  Author: Andrej Zan <andrej.zan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java

  Log Message:
  -----------
  Remove unnecessary call to get read constraints

**What**

Read constraints needed for securing "eveluated assignments" are
"calculated" from the focus object. Same constraints are also needed to
securing the focus itself. Before this change, constraints were
"calculated" two times with the same focus object. Now it's calculated
only once.

**Why**

Even though this version is a bit less "clean" (maybe subjective), the
benefit is in reducing excesive logging, which is generated by the
constraints "calculation".


  Commit: 2dc0313ebb2966f35413c3c8598ec324dc36de54
      https://github.com/Evolveum/midpoint/commit/2dc0313ebb2966f35413c3c8598ec324dc36de54
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/ProtectedStringPanel.java

  Log Message:
  -----------
  fixing 10129 : hided password strength bar for the protected string panel


  Commit: 781058072feab36be0a2698964703d67ce073788
      https://github.com/Evolveum/midpoint/commit/781058072feab36be0a2698964703d67ce073788
  Author: KaterynaHonchar <honchar at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  Merge branch 'master' of https://github.com/Evolveum/midpoint


  Commit: a414ea691fee229df8a2f54988ab8d9f2280640d
      https://github.com/Evolveum/midpoint/commit/a414ea691fee229df8a2f54988ab8d9f2280640d
  Author: Andrej Zan <andrej.zan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M release-notes.adoc

  Log Message:
  -----------
  Add fix of MID-1024 to release notes


  Commit: 7874e995d1eb9d3f52a3e5e4b93ab43292faf354
      https://github.com/Evolveum/midpoint/commit/7874e995d1eb9d3f52a3e5e4b93ab43292faf354
  Author: mederly <mederly at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
    A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
    M release-notes.adoc

  Log Message:
  -----------
  Merge pull request #246 from Evolveum/bugfix/10204

Fix change of immutable object caused by preview


  Commit: 6731232f4c290a59a7f3cbabfebe5d19e78f77a0
      https://github.com/Evolveum/midpoint/commit/6731232f4c290a59a7f3cbabfebe5d19e78f77a0
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/worker/ImportProducerWorker.java
    M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/util/NinjaUtils.java
    A tools/ninja/src/test/java/com/evolveum/midpoint/ninja/BaseUpgradeTest.java
    M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/ImportRepositoryTest.java
    R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/BaseUpgradeTest.java
    M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/CreateDatabaseTest.java
    M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/UpgradeTest.java
    M tools/ninja/testng-unit.xml

  Log Message:
  -----------
  MID-10320 fixed issue of export/import with -z/--zip. Also fixed and enabled a bunch of ninja tests.


  Commit: 5d4946846239dc16fb34cc15b3878e4cdca8e5be
      https://github.com/Evolveum/midpoint/commit/5d4946846239dc16fb34cc15b3878e4cdca8e5be
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/ProtectedStringPanel.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
    A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
    M release-notes.adoc

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master'


  Commit: 4b43a13c33727410f3933d67c201a35cd16ee42c
      https://github.com/Evolveum/midpoint/commit/4b43a13c33727410f3933d67c201a35cd16ee42c
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/JenkinsTest.java
    R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/TestMain.java
    M tools/ninja/testng-unit.xml

  Log Message:
  -----------
  removed dead code, enabled more ninja tests


  Commit: 436e826020e46df655f6557896f3edfc0b6a728a
      https://github.com/Evolveum/midpoint/commit/436e826020e46df655f6557896f3edfc0b6a728a
  Author: Viliam Repan <vilo.repan at evolveum.com>
  Date:   2025-01-08 (Wed, 08 Jan 2025)

  Changed paths:
    M docs/roles-policies/certification/tutorial/index.adoc
    M docs/security/credentials/initial-password-management-discussion.adoc
    R docs/security/credentials/password-reset/configuration.adoc
    M docs/security/credentials/password-reset/index.adoc
    R docs/security/credentials/password-reset/login-panel.png
    A docs/security/credentials/password-reset/password-reset-link.png
    A docs/security/credentials/password-reset/process-overview.adoc
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/ProtectedStringPanel.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
    A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
    M pom.xml
    M release-notes.adoc
    M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/worker/ImportProducerWorker.java
    M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/util/NinjaUtils.java
    A tools/ninja/src/test/java/com/evolveum/midpoint/ninja/BaseUpgradeTest.java
    M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/ImportRepositoryTest.java
    R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/JenkinsTest.java
    R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/TestMain.java
    R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/BaseUpgradeTest.java
    M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/CreateDatabaseTest.java
    M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/UpgradeTest.java
    M tools/ninja/testng-unit.xml

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master' into feature/mid-10276-dependencies-upgrade


Compare: https://github.com/Evolveum/midpoint/compare/c2ec1734b267...436e826020e4

To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications


More information about the midPoint-svn mailing list