[midPoint-git] [Evolveum/midpoint] a55cbe: Fix change of immutable object caused by preview
Viliam Repan
noreply at github.com
Wed Jan 8 18:09:40 CET 2025
Branch: refs/heads/feature/mid-10276-dependencies-upgrade
Home: https://github.com/Evolveum/midpoint
Commit: a55cbe43936a67ff4fa2f49559e2dcfd96f19f87
https://github.com/Evolveum/midpoint/commit/a55cbe43936a67ff4fa2f49559e2dcfd96f19f87
Author: Andrej Zan <andrej.zan at evolveum.com>
Date: 2025-01-07 (Tue, 07 Jan 2025)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
Log Message:
-----------
Fix change of immutable object caused by preview
**What**
Fix an error caused by change of immutable object (in this case
immutable delta), which happens during preview of "create role" changes.
But it could potentially happen during any "create" operation.
**Notes**
This error could be fixed in various ways. Some of considered solutions:
- Add `modifyEachObject` and `modifyEachDelta` methods to `ElementState`
and to `LensElementContext`. These methods would allow to modify
internal deltas/objects by internally cloning them if they are
immutable.
- Cloning whole `LensContext` before passing it to the
`SchemaTransformer` for application of security constraints.
- Cloning `LensFocusContext` and `LensProjectionContext` before passing
them to the `DataAccessProcessor`.
It's important to say, that **none** from mentioned solutions is very
good. So I simply chose the one which I see as a lesser evil, the third
one. Here are my arguments:
**Add `modifyEach*` methods**
This solution seemed to me as the most compelling. However, during more
research I have understood, that deltas and objects in the
`ElementState` should not be changed "just like that" without a big
amount of care. Changes of already immutable objects/deltas could cause
that whole `ElementState` would be invalid. It could be a problem
especially, if it was changed before or during clockwork execution. Even
though there already are methods, which allows to modify
primary/secondary deltas, they are commented as a "dangerous". I don't
think, it would be wise to add yet another set of methods, which
somebody could (what means "will") misuse.
**Cloning whole `LensContext`**
To be honest I haven't think about this approach very much. It simply
seems to me as a too big chunk of data to clone without a reason.
**Clonging `LensFocusContext` and `LensProjectionContext`
This method seems to me as a compromise between cloning too much data
and modifying potentially "living" state. It also does not require
addition of any new "modification" methods to the `ElementState` class
which in turn reduce the risk of misuse.
**Proper solution**
Based on my current understanding, the best solution, would be to limit
data which are needed for a preview. If I understand it correctly, the
data which are necessary to display a preview are just deltas. So I
think, the proper solution would be to sent just those to the UI. Of
course if more data are needed, than those could be sent too, but
definitely not whole `LensContext`.
If data sent to UI would be limited, we could simply apply the security
constraints just to those deltas and not bother with whole `LensContext`
which would be "dropped" anyway (since it's just preview).
**Fixes**: MID-10204
Commit: df020860dce1c9522ae016fc1bba0c70cbee0ab0
https://github.com/Evolveum/midpoint/commit/df020860dce1c9522ae016fc1bba0c70cbee0ab0
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-07 (Tue, 07 Jan 2025)
Changed paths:
M docs/security/credentials/initial-password-management-discussion.adoc
R docs/security/credentials/password-reset/configuration.adoc
M docs/security/credentials/password-reset/index.adoc
R docs/security/credentials/password-reset/login-panel.png
A docs/security/credentials/password-reset/password-reset-link.png
A docs/security/credentials/password-reset/process-overview.adoc
Log Message:
-----------
password reset docs updated
Commit: 4f837c4a9c59d8c5e3052fbfc79b97eec9200fac
https://github.com/Evolveum/midpoint/commit/4f837c4a9c59d8c5e3052fbfc79b97eec9200fac
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-07 (Tue, 07 Jan 2025)
Changed paths:
M docs/security/credentials/password-reset/index.adoc
Log Message:
-----------
added status to the doc page
Commit: 101b5e7851b82561add455310b70b937f8d5283f
https://github.com/Evolveum/midpoint/commit/101b5e7851b82561add455310b70b937f8d5283f
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-07 (Tue, 07 Jan 2025)
Changed paths:
M docs/security/credentials/initial-password-management-discussion.adoc
Log Message:
-----------
fixing the broken link
Commit: 932398ac3b516c9006efa19d6f9a180755b83e00
https://github.com/Evolveum/midpoint/commit/932398ac3b516c9006efa19d6f9a180755b83e00
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
Log Message:
-----------
MID-10317 Missing message when user disable fails. Also fixed enable/reconcile/delete messages as well
Commit: 2cd3d5f47d7321480db4041181a71b3b08fba25b
https://github.com/Evolveum/midpoint/commit/2cd3d5f47d7321480db4041181a71b3b08fba25b
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java
Log Message:
-----------
MID-10317 MID-10139 fixed keys localization, removed test code
Commit: 8bbf035ed00666d15dcec4fbf3040344cde6902b
https://github.com/Evolveum/midpoint/commit/8bbf035ed00666d15dcec4fbf3040344cde6902b
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M docs/roles-policies/certification/tutorial/index.adoc
Log Message:
-----------
access certification guide update
Commit: 1568f02294dfd8c35b149fee0318240b03dc9d1f
https://github.com/Evolveum/midpoint/commit/1568f02294dfd8c35b149fee0318240b03dc9d1f
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java
Log Message:
-----------
Merge branch 'master' of https://github.com/Evolveum/midpoint
Commit: 5167e33ab6352ebdbde06a782bf6a99f8ee7dbef
https://github.com/Evolveum/midpoint/commit/5167e33ab6352ebdbde06a782bf6a99f8ee7dbef
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M pom.xml
Log Message:
-----------
MID-10276 upgraded spring boot to 3.4.1 (another attempt) while hibernate stays on 6.5.3 and oracle driver ojdbc11/21.9.0.0
Commit: abb4b22ab616f6c85fd47dcd97a22a96b3d08aca
https://github.com/Evolveum/midpoint/commit/abb4b22ab616f6c85fd47dcd97a22a96b3d08aca
Author: Andrej Zan <andrej.zan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
Log Message:
-----------
Remove unnecessary call to get read constraints
**What**
Read constraints needed for securing "eveluated assignments" are
"calculated" from the focus object. Same constraints are also needed to
securing the focus itself. Before this change, constraints were
"calculated" two times with the same focus object. Now it's calculated
only once.
**Why**
Even though this version is a bit less "clean" (maybe subjective), the
benefit is in reducing excesive logging, which is generated by the
constraints "calculation".
Commit: 2dc0313ebb2966f35413c3c8598ec324dc36de54
https://github.com/Evolveum/midpoint/commit/2dc0313ebb2966f35413c3c8598ec324dc36de54
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/ProtectedStringPanel.java
Log Message:
-----------
fixing 10129 : hided password strength bar for the protected string panel
Commit: 781058072feab36be0a2698964703d67ce073788
https://github.com/Evolveum/midpoint/commit/781058072feab36be0a2698964703d67ce073788
Author: KaterynaHonchar <honchar at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M pom.xml
Log Message:
-----------
Merge branch 'master' of https://github.com/Evolveum/midpoint
Commit: a414ea691fee229df8a2f54988ab8d9f2280640d
https://github.com/Evolveum/midpoint/commit/a414ea691fee229df8a2f54988ab8d9f2280640d
Author: Andrej Zan <andrej.zan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M release-notes.adoc
Log Message:
-----------
Add fix of MID-1024 to release notes
Commit: 7874e995d1eb9d3f52a3e5e4b93ab43292faf354
https://github.com/Evolveum/midpoint/commit/7874e995d1eb9d3f52a3e5e4b93ab43292faf354
Author: mederly <mederly at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
M release-notes.adoc
Log Message:
-----------
Merge pull request #246 from Evolveum/bugfix/10204
Fix change of immutable object caused by preview
Commit: 6731232f4c290a59a7f3cbabfebe5d19e78f77a0
https://github.com/Evolveum/midpoint/commit/6731232f4c290a59a7f3cbabfebe5d19e78f77a0
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/worker/ImportProducerWorker.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/util/NinjaUtils.java
A tools/ninja/src/test/java/com/evolveum/midpoint/ninja/BaseUpgradeTest.java
M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/ImportRepositoryTest.java
R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/BaseUpgradeTest.java
M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/CreateDatabaseTest.java
M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/UpgradeTest.java
M tools/ninja/testng-unit.xml
Log Message:
-----------
MID-10320 fixed issue of export/import with -z/--zip. Also fixed and enabled a bunch of ninja tests.
Commit: 5d4946846239dc16fb34cc15b3878e4cdca8e5be
https://github.com/Evolveum/midpoint/commit/5d4946846239dc16fb34cc15b3878e4cdca8e5be
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/ProtectedStringPanel.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
M release-notes.adoc
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Commit: 4b43a13c33727410f3933d67c201a35cd16ee42c
https://github.com/Evolveum/midpoint/commit/4b43a13c33727410f3933d67c201a35cd16ee42c
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/JenkinsTest.java
R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/TestMain.java
M tools/ninja/testng-unit.xml
Log Message:
-----------
removed dead code, enabled more ninja tests
Commit: 436e826020e46df655f6557896f3edfc0b6a728a
https://github.com/Evolveum/midpoint/commit/436e826020e46df655f6557896f3edfc0b6a728a
Author: Viliam Repan <vilo.repan at evolveum.com>
Date: 2025-01-08 (Wed, 08 Jan 2025)
Changed paths:
M docs/roles-policies/certification/tutorial/index.adoc
M docs/security/credentials/initial-password-management-discussion.adoc
R docs/security/credentials/password-reset/configuration.adoc
M docs/security/credentials/password-reset/index.adoc
R docs/security/credentials/password-reset/login-panel.png
A docs/security/credentials/password-reset/password-reset-link.png
A docs/security/credentials/password-reset/process-overview.adoc
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/ProtectedStringPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/util/FocusListInlineMenuHelper.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/transformer/DataAccessProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensContext.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractInitializedSecurityTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java
A model/model-intest/src/test/resources/security/role-user-add-read-some.xml
M pom.xml
M release-notes.adoc
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/worker/ImportProducerWorker.java
M tools/ninja/src/main/java/com/evolveum/midpoint/ninja/util/NinjaUtils.java
A tools/ninja/src/test/java/com/evolveum/midpoint/ninja/BaseUpgradeTest.java
M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/ImportRepositoryTest.java
R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/JenkinsTest.java
R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/TestMain.java
R tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/BaseUpgradeTest.java
M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/CreateDatabaseTest.java
M tools/ninja/src/test/java/com/evolveum/midpoint/ninja/upgrade/UpgradeTest.java
M tools/ninja/testng-unit.xml
Log Message:
-----------
Merge remote-tracking branch 'origin/master' into feature/mid-10276-dependencies-upgrade
Compare: https://github.com/Evolveum/midpoint/compare/c2ec1734b267...436e826020e4
To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications
More information about the midPoint-svn
mailing list