Uses of Class
com.evolveum.midpoint.security.api.MidPointPrincipal
Package
Description
Low-level security functions.
-
Uses of MidPointPrincipal in com.evolveum.midpoint.authentication.api.util
Modifier and TypeMethodDescriptionstatic @Nullable MidPointPrincipal
AuthUtil.getMidpointPrincipal()
Modifier and TypeMethodDescriptionAuthUtil.findAuthAttemptDataForModule
(ConnectionEnvironment connectionEnvironment, MidPointPrincipal principal) AuthUtil.findOrCreateAuthenticationAttemptDataFoModule
(ConnectionEnvironment connectionEnvironment, MidPointPrincipal principal) AuthUtil.getOrCreateBehavioralDataForSequence
(MidPointPrincipal principal, String sequenceId) -
Uses of MidPointPrincipal in com.evolveum.midpoint.cases.api
-
Uses of MidPointPrincipal in com.evolveum.midpoint.cases.api.util
Modifier and TypeMethodDescriptionstatic ObjectQuery
QueryUtils.createQueryForOpenWorkItems
(ObjectQuery baseWorkItemsQuery, MidPointPrincipal principal, boolean notDecidedOnly) static S_FilterExit
QueryUtils.filterForAssignees
(@NotNull S_FilterEntryOrEmpty q, @Nullable MidPointPrincipal principal, OtherPrivilegesLimitations.Type limitationType) Augments work item query by including filter to see only work items assigned to the current user or any of his delegators, providing that the limitation(s) allow it.static S_FilterExit
QueryUtils.filterForCaseAssignees
(@NotNull S_FilterEntryOrEmpty q, @Nullable MidPointPrincipal principal) The call toQueryUtils.filterForAssignees(S_FilterEntryOrEmpty, MidPointPrincipal, OtherPrivilegesLimitations.Type)
, for case management work items.static S_FilterExit
QueryUtils.filterForCertificationAssignees
(@NotNull S_FilterEntryOrEmpty q, @Nullable MidPointPrincipal principal) The call toQueryUtils.filterForAssignees(S_FilterEntryOrEmpty, MidPointPrincipal, OtherPrivilegesLimitations.Type)
, for access certification work items.static S_FilterExit
QueryUtils.filterForNotClosedStateAndAssignees
(@NotNull S_FilterEntryOrEmpty q, @Nullable MidPointPrincipal principal, OtherPrivilegesLimitations.Type limitationType) -
Uses of MidPointPrincipal in com.evolveum.midpoint.model.api
Modifier and TypeMethodDescriptionModelInteractionService.assumePowerOfAttorney
(PrismObject<? extends FocusType> donor, Task task, OperationResult result) ModelInteractionService.dropPowerOfAttorney
(Task task, OperationResult result) -
Uses of MidPointPrincipal in com.evolveum.midpoint.model.api.authentication
Modifier and TypeClassDescriptionclass
Principal that extends simple MidPointPrincipal with user interface concepts (user profile).Modifier and TypeMethodDescriptionvoid
GuiProfiledPrincipalManager.updateFocus
(MidPointPrincipal principal, Collection<? extends ItemDelta<?, ?>> itemDeltas) -
Uses of MidPointPrincipal in com.evolveum.midpoint.model.api.expr
Modifier and TypeMethodDescriptionMidpointFunctions.getPrincipal()
Returns principal representing the user whose identity is used to execute the expression. -
Uses of MidPointPrincipal in com.evolveum.midpoint.model.impl.controller
Modifier and TypeMethodDescriptionModelInteractionServiceImpl.assumePowerOfAttorney
(PrismObject<? extends FocusType> donor, Task task, OperationResult result) ModelInteractionServiceImpl.dropPowerOfAttorney
(Task task, OperationResult result) -
Uses of MidPointPrincipal in com.evolveum.midpoint.model.impl.expr
-
Uses of MidPointPrincipal in com.evolveum.midpoint.model.impl.security
Modifier and TypeMethodDescriptionvoid
GuiProfiledPrincipalManagerImpl.updateFocus
(MidPointPrincipal principal, Collection<? extends ItemDelta<?, ?>> itemDeltas) -
Uses of MidPointPrincipal in com.evolveum.midpoint.security.api
Modifier and TypeMethodDescriptionMidPointPrincipal.clone()
Semi-shallow clone.MidPointPrincipal.cloneWithAdditionalAuthorizations
(@NotNull List<Authorization> additionalAuthorizations, boolean full) SetseffectivePrivilegesModification
flag if needed.static MidPointPrincipal
Returns a principal without authorizations.MidPointPrincipal.getPreviousPrincipal()
Principal that was used before this principal was active.MidPointPrincipalManager.getPrincipal
(PrismObject<? extends FocusType> focus, AuthorizationTransformer authorizationTransformer, ProfileCompilerOptions options, OperationResult result) MidPointPrincipalManager.getPrincipal
(PrismObject<? extends FocusType> focus, ProfileCompilerOptions options, OperationResult result) default MidPointPrincipal
MidPointPrincipalManager.getPrincipal
(String username, Class<? extends FocusType> clazz) MidPointPrincipalManager.getPrincipal
(String username, Class<? extends FocusType> clazz, ProfileCompilerOptions options) default MidPointPrincipal
SecurityContextManager.getPrincipal()
Returns principal representing the currently logged-in user.static MidPointPrincipal
SecurityUtil.getPrincipal()
Returns principal representing currently logged-in user.MidPointPrincipalManager.getPrincipalByOid
(String oid, Class<? extends FocusType> clazz, ProfileCompilerOptions options) static @Nullable MidPointPrincipal
SecurityUtil.getPrincipalIfExists()
Benevolent version ofSecurityUtil.getPrincipal()
static MidPointPrincipal
SecurityUtil.getPrincipalRequired()
Returns the principal, insisting on that it exists.static MidPointPrincipal
SecurityUtil.getPrincipalSilent()
Consider using more benevolentSecurityUtil.getPrincipalIfExists()
.static @NotNull MidPointPrincipal
MidPointPrincipal.privileged
(@NotNull FocusType focus) Returns a principal with a single privileged authorization; regardless of what authorizations the focus has.Modifier and TypeMethodDescriptionprotected void
MidPointPrincipal.copyValues
(MidPointPrincipal clone) static void
SecurityUtil.logSecurityDeny
(MidPointPrincipal midPointPrincipal, Object object, String message) void
MidPointPrincipal.setPreviousPrincipal
(MidPointPrincipal previousPrincipal) void
SecurityContextManager.setupPreAuthenticatedSecurityContext
(MidPointPrincipal principal) void
MidPointPrincipalManager.updateFocus
(MidPointPrincipal principal, Collection<? extends ItemDelta<?, ?>> itemDeltas) -
Uses of MidPointPrincipal in com.evolveum.midpoint.security.enforcer.api
Modifier and TypeMethodDescription<F extends FocusType>
MidPointPrincipalSecurityEnforcer.createDonorPrincipal
(MidPointPrincipal attorneyPrincipal, String attorneyAuthorizationAction, PrismObject<F> donor, Task task, OperationResult result) TODO describe@Nullable MidPointPrincipal
SecurityEnforcer.getMidPointPrincipal()
Obtains currently logged-in principal, if it's ofMidPointPrincipal
type.Modifier and TypeMethodDescriptionSecurityEnforcer.compileOperationConstraints
(@Nullable MidPointPrincipal principal, @NotNull PrismObjectValue<?> value, @Nullable AuthorizationPhaseType phase, @NotNull String[] actionUrls, @NotNull SecurityEnforcer.Options enforcerOptions, @NotNull CompileConstraintsOptions compileConstraintsOptions, @NotNull Task task, @NotNull OperationResult result) Compiles the security constraints related to given `actionUrls` and `phase` for a given principal against the `object`.<T extends ObjectType,
O extends ObjectType, F>
FSecurityEnforcer.computeTargetSecurityFilter
(MidPointPrincipal principal, String[] operationUrls, AuthorizationPhaseType phase, Class<T> searchResultType, @NotNull PrismObject<O> object, ObjectFilter origFilter, String limitAuthorizationAction, List<OrderConstraintsType> paramOrderConstraints, FilterGizmo<F> gizmo, Task task, OperationResult result) Similar toSecurityEnforcer.preProcessObjectFilter(MidPointPrincipal, String[], AuthorizationPhaseType, Class, ObjectFilter, String, List, Options, Task, OperationResult)
but deals with the target-related authorization statements, not object-related ones.<F extends FocusType>
MidPointPrincipalSecurityEnforcer.createDonorPrincipal
(MidPointPrincipal attorneyPrincipal, String attorneyAuthorizationAction, PrismObject<F> donor, Task task, OperationResult result) TODO describe@NotNull AccessDecision
SecurityEnforcer.decideAccess
(@Nullable MidPointPrincipal principal, @NotNull String operationUrl, @Nullable AuthorizationPhaseType phase, @NotNull AbstractAuthorizationParameters params, @NotNull SecurityEnforcer.Options options, @NotNull Task task, @NotNull OperationResult result) General access-decision method.default <O extends ObjectType,
T extends ObjectType>
@NotNull AccessDecisionSecurityEnforcer.decideAccess
(@Nullable MidPointPrincipal principal, @NotNull List<String> operationUrls, @NotNull AuthorizationParameters<O, T> params, @NotNull Task task, @NotNull OperationResult result) Simple access control decision similar to that used by spring security.default @NotNull AccessDecision
SecurityEnforcer.decideAccess
(@Nullable MidPointPrincipal principal, @NotNull List<String> operationUrls, @NotNull Task task, @NotNull OperationResult result) <O extends ObjectType,
R extends AbstractRoleType>
ItemSecurityConstraintsSecurityEnforcer.getAllowedRequestAssignmentItems
(MidPointPrincipal midPointPrincipal, String operationUrl, PrismObject<O> object, PrismObject<R> target, Task task, OperationResult result) Returns decisions for individual items for "assign" authorization.<T> @Nullable ObjectFilter
SecurityEnforcer.preProcessObjectFilter
(@Nullable MidPointPrincipal principal, @NotNull String[] operationUrls, @Nullable AuthorizationPhaseType phase, @NotNull Class<T> filterType, @Nullable ObjectFilter origFilter, @Nullable String limitAuthorizationAction, @NotNull List<OrderConstraintsType> paramOrderConstraints, @NotNull SecurityEnforcer.Options options, @NotNull Task task, @NotNull OperationResult result) Returns a filter that covers all the objects for which the principal is authorized to apply `operationUrls`.