Interface SecurityContextManager
public interface SecurityContextManager
Manager of security context. Used for storing authentication into
the security context, set up security context for task ownership, etc.
This is a part of low-level security functions. Those are security functions that
deal with the basic concepts of authentication, task ownership,
security context and so on.
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic interfaceASecurityContextManager.ResultAwareProducerthat can throw anyCommonException.static interfaceProducer of a value that isSerializableand operates under givenOperationResult. -
Method Summary
Modifier and TypeMethodDescriptionvoidInternal method to reset temporary principal OID.org.springframework.security.core.Authenticationdefault MidPointPrincipalReturns principal representing the currently logged-in user.Returns OID of the current principal.@Nullable HttpConnectionInformationReturns stored connection information.boolean<T> TrunAs(@NotNull SecurityContextManager.ResultAwareProducer<T> producer, @Nullable PrismObject<? extends FocusType> newPrincipalObject, boolean privileged, @NotNull OperationResult result) Runs the provided code (withinSecurityContextManager.ResultAwareProducer) as a specific user and/or with elevated privileges.default <T> TrunAsChecked(SecurityContextManager.ResultAwareCheckedProducer<T> producer, PrismObject<? extends UserType> newPrincipalObject, OperationResult result) Convenience method to deal with producers that can throw anyCommonException.<T> TrunPrivileged(@NotNull Producer<T> producer) Runs the provided code (withinProducer) with elevated privileges.default <T> TrunPrivilegedChecked(CheckedProducer<T> producer) Convenience method to deal with producers that can throwCommonException.voidsetTemporaryPrincipalOid(String value) Internal method to set temporary principal OID used during login process as a return value of getPrincipalOid() method.voidsetupPreAuthenticatedSecurityContext(PrismObject<? extends FocusType> focus, OperationResult result) CallsMidPointPrincipalManagerto create a principal from provided focus object and sets it up.voidsetupPreAuthenticatedSecurityContext(PrismObject<? extends FocusType> focus, ProfileCompilerOptions options, OperationResult result) voidvoidsetupPreAuthenticatedSecurityContext(org.springframework.security.core.Authentication authentication) voidsetUserProfileService(MidPointPrincipalManager userProfileService) voidstoreConnectionInformation(@Nullable HttpConnectionInformation value) Store connection information for later use within current thread.
-
Method Details
-
isAuthenticated
boolean isAuthenticated() -
getAuthentication
org.springframework.security.core.Authentication getAuthentication() -
getPrincipal
Returns principal representing the currently logged-in user. Assumes that the user is logged-in. Otherwise an exception is thrown. -
getPrincipalOid
String getPrincipalOid()Returns OID of the current principal. After login is complete, the returned OID is the same as getPrincipal().getOid(). However, during login process, this method returns the OID of the user that is being authenticated/logged-in (a.k.a. temporary principal OID). -
setTemporaryPrincipalOid
Internal method to set temporary principal OID used during login process as a return value of getPrincipalOid() method. -
clearTemporaryPrincipalOid
void clearTemporaryPrincipalOid()Internal method to reset temporary principal OID. -
setupPreAuthenticatedSecurityContext
void setupPreAuthenticatedSecurityContext(org.springframework.security.core.Authentication authentication) -
setupPreAuthenticatedSecurityContext
-
setupPreAuthenticatedSecurityContext
void setupPreAuthenticatedSecurityContext(PrismObject<? extends FocusType> focus, OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException CallsMidPointPrincipalManagerto create a principal from provided focus object and sets it up. -
setupPreAuthenticatedSecurityContext
void setupPreAuthenticatedSecurityContext(PrismObject<? extends FocusType> focus, ProfileCompilerOptions options, OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException -
runAs
<T> T runAs(@NotNull @NotNull SecurityContextManager.ResultAwareProducer<T> producer, @Nullable @Nullable PrismObject<? extends FocusType> newPrincipalObject, boolean privileged, @NotNull @NotNull OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException Runs the provided code (withinSecurityContextManager.ResultAwareProducer) as a specific user and/or with elevated privileges. -
runAsChecked
default <T> T runAsChecked(SecurityContextManager.ResultAwareCheckedProducer<T> producer, PrismObject<? extends UserType> newPrincipalObject, OperationResult result) throws CommonException Convenience method to deal with producers that can throw anyCommonException.- Throws:
CommonException
-
runPrivileged
Runs the provided code (withinProducer) with elevated privileges. -
runPrivilegedChecked
Convenience method to deal with producers that can throwCommonException.- Throws:
CommonException
-
getUserProfileService
MidPointPrincipalManager getUserProfileService() -
setUserProfileService
-
storeConnectionInformation
Store connection information for later use within current thread. -
getStoredConnectionInformation
Returns stored connection information. Should be used for non-HTTP threads that have no access to stored Request object (seeSecurityUtil.getCurrentConnectionInformation()).
-