Class MidPointPrincipal
java.lang.Object
com.evolveum.midpoint.security.api.MidPointPrincipal
- All Implemented Interfaces:
DebugDumpable
,ShortDumpable
,Serializable
,org.springframework.security.core.userdetails.UserDetails
- Direct Known Subclasses:
GuiProfiledPrincipal
public class MidPointPrincipal
extends Object
implements org.springframework.security.core.userdetails.UserDetails, DebugDumpable, ShortDumpable
Simple midPoint principal. This principal should contain only the concepts that are
essential for midPoint core to work. It should not contain user interface concepts
(e.g. adminGuiConfig). For that see GuiProfiledPrincipal.
- Author:
- Radovan Semancik
- See Also:
-
Field Summary
Fields inherited from interface com.evolveum.midpoint.util.DebugDumpable
INDENT_STRING
-
Constructor Summary
ModifierConstructorDescriptionprotected
MidPointPrincipal
(@NotNull FocusType focus) Use static factory methods when calling from the outside. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addAuthorization
(@NotNull Authorization authorization) Use only during "regular" building or updating of a principal.void
addDelegationTarget
(@NotNull PrismObject<? extends AssignmentHolderType> target, OtherPrivilegesLimitations.Limitation limitation) Registers an information about "membership delegation", i.e. that this principal is a delegate of given user(s) or - indirectly - it obtains a delegated abstract role membership.void
addExtraAuthorizationIfMissing
(@NotNull Authorization authorization, boolean full) Use to add extra authorizations - it setseffectivePrivilegesModification
flag.void
Checks if the midPoint object behind this principal is enabled.void
void
clone()
Semi-shallow clone.cloneWithAdditionalAuthorizations
(@NotNull List<Authorization> additionalAuthorizations, boolean full) SetseffectivePrivilegesModification
flag if needed.protected void
copyValues
(MidPointPrincipal clone) static MidPointPrincipal
Returns a principal without authorizations.debugDump
(int indent) protected void
debugDumpInternal
(StringBuilder sb, int indent) @Nullable FocusType
Real identity of the logged-in user.@Nullable PrismObject<? extends FocusType>
@NotNull Collection<Authorization>
getDelegatedMembershipFor
(OtherPrivilegesLimitations.Type limitationType) Includes the delegators themselves.getDelegatorsFor
(OtherPrivilegesLimitations.Type limitationType) TODO (null means we don't care about limitations)@Nullable EffectivePrivilegesModificationType
@NotNull FocusType
getFocus()
Effective identity that is used to execute all actions.PrismObject<? extends FocusType>
@Nullable Locale
Search for locale for this principal in multiple locations, returns first non-null item.getName()
getOid()
@NotNull OtherPrivilegesLimitations
Principal that was used before this principal was active.boolean
boolean
boolean
boolean
static @NotNull MidPointPrincipal
privileged
(@NotNull FocusType focus) Returns a principal with a single privileged authorization; regardless of what authorizations the focus has.void
setApplicableSecurityPolicy
(SecurityPolicyType applicableSecurityPolicy) void
setAttorney
(FocusType attorney) void
setOrReplaceFocus
(@NotNull FocusType newFocus) Must not change focus OID (at least for now).void
setPreferredLocale
(Locale preferredLocale) void
setPreviousPrincipal
(MidPointPrincipal previousPrincipal) void
Show the content of the object intended for diagnostics.@NotNull ObjectReferenceType
toString()
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface com.evolveum.midpoint.util.DebugDumpable
debugDump, debugDumpLazily, debugDumpLazily
Methods inherited from interface com.evolveum.midpoint.util.ShortDumpable
shortDump, shortDumpLazily
-
Constructor Details
-
MidPointPrincipal
Use static factory methods when calling from the outside.
-
-
Method Details
-
privileged
Returns a principal with a single privileged authorization; regardless of what authorizations the focus has. -
create
Returns a principal without authorizations. -
getAuthorities
- Specified by:
getAuthorities
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
addAuthorization
Use only during "regular" building or updating of a principal. Does NOT seteffectivePrivilegesModification
flag. -
addExtraAuthorizationIfMissing
public void addExtraAuthorizationIfMissing(@NotNull @NotNull Authorization authorization, boolean full) Use to add extra authorizations - it setseffectivePrivilegesModification
flag. The "if missing" will be (most of the time) a false positive match: . The authorization source will most probably differ between role-derived and artificial (runPrivileged) one; . Even if that would not be the case, any minor difference (like in name or description) would count as well. So, the full elevation would be signalled for the majority of cases even if the equivalent authorization was there. -
clearAuthorizations
public void clearAuthorizations() -
getPassword
- Specified by:
getPassword
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
getUsername
- Specified by:
getUsername
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
isAccountNonExpired
public boolean isAccountNonExpired()- Specified by:
isAccountNonExpired
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
isAccountNonLocked
public boolean isAccountNonLocked()- Specified by:
isAccountNonLocked
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
isCredentialsNonExpired
public boolean isCredentialsNonExpired()- Specified by:
isCredentialsNonExpired
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
isEnabled
public boolean isEnabled()- Specified by:
isEnabled
in interfaceorg.springframework.security.core.userdetails.UserDetails
-
getFocus
Effective identity that is used to execute all actions. Authorizations of this identity will be applied. This is usually the logged-in user. However, this may be the user on behalf who are the actions executed (donor of power) and the real logged-in user may be the attorney. -
getFocusPrismObject
-
setOrReplaceFocus
Must not change focus OID (at least for now). -
getName
-
getOid
-
getEffectivePrivilegesModification
-
clearEffectivePrivilegesModification
public void clearEffectivePrivilegesModification() -
getAttorney
Real identity of the logged-in user. Used in cases when there is a difference between logged-in user and the identity that is used to execute actions and evaluate authorizations. This may happen when one user (attorney) has switched identity to another user (donor of power). In that case the identity of the attorney is in this property. The user that was the target of the switch is stored in the "user" property. -
getAttorneyPrismObject
-
setAttorney
-
getPreviousPrincipal
Principal that was used before this principal was active. This is used when principals are chained (e.g. attorney) -
setPreviousPrincipal
-
getApplicableSecurityPolicy
-
setApplicableSecurityPolicy
-
clone
Semi-shallow clone. -
cloneWithAdditionalAuthorizations
public MidPointPrincipal cloneWithAdditionalAuthorizations(@NotNull @NotNull List<Authorization> additionalAuthorizations, boolean full) SetseffectivePrivilegesModification
flag if needed. -
copyValues
-
debugDump
- Specified by:
debugDump
in interfaceDebugDumpable
-
debugDumpInternal
-
toString
-
toObjectReference
-
shortDump
Description copied from interface:ShortDumpable
Show the content of the object intended for diagnostics. This method is supposed to append a compact, human-readable output in a single line. Unlike toString() method, there is no requirement to identify the actual class or type of the object. It is assumed that the class/type will be obvious from the context in which the output is used.- Specified by:
shortDump
in interfaceShortDumpable
- Parameters:
sb
- StringBuilder to which to a compact one-line content of the object intended for diagnostics by system administrator should be appended.
-
getLocale
Search for locale for this principal in multiple locations, returns first non-null item. Order of search:preferredLocale
FocusType.getPreferredLanguage()
FocusType.getLocale()
Locale.getDefault()
-
getPreferredLocale
-
setPreferredLocale
-
getOtherPrivilegesLimitations
-
addDelegationTarget
public void addDelegationTarget(@NotNull @NotNull PrismObject<? extends AssignmentHolderType> target, @NotNull OtherPrivilegesLimitations.Limitation limitation) Registers an information about "membership delegation", i.e. that this principal is a delegate of given user(s) or - indirectly - it obtains a delegated abstract role membership. The information on other privileges limitations is attached as well. -
getDelegatorsFor
TODO (null means we don't care about limitations) -
getDelegatedMembershipFor
public Set<String> getDelegatedMembershipFor(@Nullable OtherPrivilegesLimitations.Type limitationType) Includes the delegators themselves. Later we may extend this to full references (not only OIDs). -
checkEnabled
Checks if the midPoint object behind this principal is enabled. The method is placed here to be easily accessible from various contexts. (Although it is a bit questionable if it isn't just too late to check the object after being "installed" intoMidPointPrincipal
.) We assume that the object was recomputed.- Throws:
SecurityViolationException
-