@Component(value="securityEnforcer") public class SecurityEnforcerImpl extends Object implements SecurityEnforcer
Constructor and Description |
---|
SecurityEnforcerImpl() |
Modifier and Type | Method and Description |
---|---|
<O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
authorize(String operationUrl,
com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase,
PrismObject<O> object,
ObjectDelta<O> delta,
PrismObject<T> target,
OwnerResolver ownerResolver,
OperationResult result)
Evaluates authorization: simply returns if the currently logged it user is authorized for a
specified action.
|
<O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
compileSecurityConstraints(PrismObject<O> object,
OwnerResolver ownerResolver) |
void |
decide(org.springframework.security.core.Authentication authentication,
Object object,
Collection<org.springframework.security.access.ConfigAttribute> configAttributes)
Spring security method.
|
MidPointPrincipal |
getPrincipal()
Returns principal representing the currently logged-in user.
|
UserProfileService |
getUserProfileService() |
boolean |
isAuthenticated() |
<O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
isAuthorized(String operationUrl,
com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase,
PrismObject<O> object,
ObjectDelta<O> delta,
PrismObject<T> target,
OwnerResolver ownerResolver)
Returns true if the currently logged-in user is authorized for specified action, returns false otherwise.
|
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
preProcessObjectFilter(String operationUrl,
com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase,
Class<T> objectType,
PrismObject<O> object,
ObjectFilter origFilter)
TODO
If it returns NoneFilter then no search should be done.
|
<T> T |
runAs(Producer<T> producer,
PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user) |
<T> T |
runPrivileged(Producer<T> producer) |
void |
setupPreAuthenticatedSecurityContext(org.springframework.security.core.Authentication authentication) |
void |
setupPreAuthenticatedSecurityContext(PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user) |
void |
setUserProfileService(UserProfileService userProfileService) |
boolean |
supports(Class<?> clazz) |
boolean |
supports(org.springframework.security.access.ConfigAttribute attribute) |
public UserProfileService getUserProfileService()
getUserProfileService
in interface SecurityEnforcer
public void setUserProfileService(UserProfileService userProfileService)
setUserProfileService
in interface SecurityEnforcer
public MidPointPrincipal getPrincipal() throws SecurityViolationException
SecurityEnforcer
getPrincipal
in interface SecurityEnforcer
SecurityViolationException
public boolean isAuthenticated()
isAuthenticated
in interface SecurityEnforcer
public void setupPreAuthenticatedSecurityContext(org.springframework.security.core.Authentication authentication)
setupPreAuthenticatedSecurityContext
in interface SecurityEnforcer
public void setupPreAuthenticatedSecurityContext(PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user)
setupPreAuthenticatedSecurityContext
in interface SecurityEnforcer
public <O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> boolean isAuthorized(String operationUrl, com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase, PrismObject<O> object, ObjectDelta<O> delta, PrismObject<T> target, OwnerResolver ownerResolver) throws SchemaException
SecurityEnforcer
isAuthorized
in interface SecurityEnforcer
phase
- check authorization for a specific phase. If null then all phases are checked.SchemaException
public <O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> void authorize(String operationUrl, com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase, PrismObject<O> object, ObjectDelta<O> delta, PrismObject<T> target, OwnerResolver ownerResolver, OperationResult result) throws SecurityViolationException, SchemaException
SecurityEnforcer
authorize
in interface SecurityEnforcer
phase
- check authorization for a specific phase. If null then all phases are checked.SecurityViolationException
SchemaException
public void decide(org.springframework.security.core.Authentication authentication, Object object, Collection<org.springframework.security.access.ConfigAttribute> configAttributes) throws org.springframework.security.access.AccessDeniedException, org.springframework.security.authentication.InsufficientAuthenticationException
decide
in interface org.springframework.security.access.AccessDecisionManager
org.springframework.security.access.AccessDeniedException
org.springframework.security.authentication.InsufficientAuthenticationException
public boolean supports(org.springframework.security.access.ConfigAttribute attribute)
supports
in interface org.springframework.security.access.AccessDecisionManager
public boolean supports(Class<?> clazz)
supports
in interface org.springframework.security.access.AccessDecisionManager
public <O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> ObjectSecurityConstraints compileSecurityConstraints(PrismObject<O> object, OwnerResolver ownerResolver) throws SchemaException
compileSecurityConstraints
in interface SecurityEnforcer
SchemaException
public <T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> ObjectFilter preProcessObjectFilter(String operationUrl, com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase, Class<T> objectType, PrismObject<O> object, ObjectFilter origFilter) throws SchemaException
SecurityEnforcer
preProcessObjectFilter
in interface SecurityEnforcer
SchemaException
public <T> T runAs(Producer<T> producer, PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user)
runAs
in interface SecurityEnforcer
public <T> T runPrivileged(Producer<T> producer)
runPrivileged
in interface SecurityEnforcer
Copyright © 2016 evolveum. All rights reserved.