public class MidPointGuiAuthorizationEvaluator extends Object implements SecurityEnforcer
Constructor and Description |
---|
MidPointGuiAuthorizationEvaluator(SecurityEnforcer securityEnforcer) |
Modifier and Type | Method and Description |
---|---|
<O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
authorize(String operationUrl,
com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase,
PrismObject<O> object,
ObjectDelta<O> delta,
PrismObject<T> target,
OwnerResolver ownerResolver,
OperationResult result)
Evaluates authorization: simply returns if the currently logged it user is authorized for a
specified action.
|
<O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
compileSecurityConstraints(PrismObject<O> object,
OwnerResolver ownerResolver) |
void |
decide(org.springframework.security.core.Authentication authentication,
Object object,
Collection<org.springframework.security.access.ConfigAttribute> configAttributes) |
MidPointPrincipal |
getPrincipal()
Returns principal representing the currently logged-in user.
|
UserProfileService |
getUserProfileService() |
boolean |
isAuthenticated() |
<O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
isAuthorized(String operationUrl,
com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase,
PrismObject<O> object,
ObjectDelta<O> delta,
PrismObject<T> target,
OwnerResolver ownerResolver)
Returns true if the currently logged-in user is authorized for specified action, returns false otherwise.
|
<T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> |
preProcessObjectFilter(String operationUrl,
com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase,
Class<T> objectType,
PrismObject<O> object,
ObjectFilter origFilter)
TODO
If it returns NoneFilter then no search should be done.
|
<T> T |
runAs(Producer<T> producer,
PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user) |
<T> T |
runPrivileged(Producer<T> producer) |
void |
setupPreAuthenticatedSecurityContext(org.springframework.security.core.Authentication authentication) |
void |
setupPreAuthenticatedSecurityContext(PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user) |
void |
setUserProfileService(UserProfileService userProfileService) |
boolean |
supports(Class<?> clazz) |
boolean |
supports(org.springframework.security.access.ConfigAttribute attribute) |
public MidPointGuiAuthorizationEvaluator(SecurityEnforcer securityEnforcer)
public UserProfileService getUserProfileService()
getUserProfileService
in interface SecurityEnforcer
public void setUserProfileService(UserProfileService userProfileService)
setUserProfileService
in interface SecurityEnforcer
public void setupPreAuthenticatedSecurityContext(org.springframework.security.core.Authentication authentication)
setupPreAuthenticatedSecurityContext
in interface SecurityEnforcer
public void setupPreAuthenticatedSecurityContext(PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user)
setupPreAuthenticatedSecurityContext
in interface SecurityEnforcer
public boolean isAuthenticated()
isAuthenticated
in interface SecurityEnforcer
public MidPointPrincipal getPrincipal() throws SecurityViolationException
SecurityEnforcer
getPrincipal
in interface SecurityEnforcer
SecurityViolationException
public <O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> boolean isAuthorized(String operationUrl, com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase, PrismObject<O> object, ObjectDelta<O> delta, PrismObject<T> target, OwnerResolver ownerResolver) throws SchemaException
SecurityEnforcer
isAuthorized
in interface SecurityEnforcer
phase
- check authorization for a specific phase. If null then all phases are checked.SchemaException
public boolean supports(org.springframework.security.access.ConfigAttribute attribute)
supports
in interface org.springframework.security.access.AccessDecisionManager
public <O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> void authorize(String operationUrl, com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase, PrismObject<O> object, ObjectDelta<O> delta, PrismObject<T> target, OwnerResolver ownerResolver, OperationResult result) throws SecurityViolationException, SchemaException
SecurityEnforcer
authorize
in interface SecurityEnforcer
phase
- check authorization for a specific phase. If null then all phases are checked.SecurityViolationException
SchemaException
public boolean supports(Class<?> clazz)
supports
in interface org.springframework.security.access.AccessDecisionManager
public void decide(org.springframework.security.core.Authentication authentication, Object object, Collection<org.springframework.security.access.ConfigAttribute> configAttributes) throws org.springframework.security.access.AccessDeniedException, org.springframework.security.authentication.InsufficientAuthenticationException
decide
in interface org.springframework.security.access.AccessDecisionManager
org.springframework.security.access.AccessDeniedException
org.springframework.security.authentication.InsufficientAuthenticationException
public <O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> ObjectSecurityConstraints compileSecurityConstraints(PrismObject<O> object, OwnerResolver ownerResolver) throws SchemaException
compileSecurityConstraints
in interface SecurityEnforcer
SchemaException
public <T extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType,O extends com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType> ObjectFilter preProcessObjectFilter(String operationUrl, com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType phase, Class<T> objectType, PrismObject<O> object, ObjectFilter origFilter) throws SchemaException
SecurityEnforcer
preProcessObjectFilter
in interface SecurityEnforcer
SchemaException
public <T> T runAs(Producer<T> producer, PrismObject<com.evolveum.midpoint.xml.ns._public.common.common_3.UserType> user)
runAs
in interface SecurityEnforcer
public <T> T runPrivileged(Producer<T> producer)
runPrivileged
in interface SecurityEnforcer
Copyright © 2016 evolveum. All rights reserved.