@Override public void refreshPrincipal(String oid) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException { try { MidPointPrincipal principal = userProfileService.getPrincipalByOid(oid); securityContextManager.setupPreAuthenticatedSecurityContext(principal); } catch (Throwable e) { LOGGER.error("Cannot refresh authentication for user identified with" + oid); throw e; } }
@Override public MidPointPrincipal dropPowerOfAttorney(Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal donorPrincipal = securityContextManager.getPrincipal(); if (donorPrincipal.getAttorney() == null) { throw new IllegalStateException("Attempt to drop attorney powers using non-donor principal "+donorPrincipal); } MidPointPrincipal previousPrincipal = donorPrincipal.getPreviousPrincipal(); if (previousPrincipal == null) { throw new IllegalStateException("Attempt to drop attorney powers, but no previous principal in "+donorPrincipal); } // TODO: audit switch // TODO: maybe refresh previous principal using userProfileService? securityContextManager.setupPreAuthenticatedSecurityContext(previousPrincipal); return previousPrincipal; }
@Override public MidPointPrincipal assumePowerOfAttorney(PrismObject<UserType> donor, Task task, OperationResult result) throws SchemaException, SecurityViolationException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException { MidPointPrincipal attorneyPrincipal = securityContextManager.getPrincipal(); MidPointPrincipal donorPrincipal = securityEnforcer.createDonorPrincipal(attorneyPrincipal, ModelAuthorizationAction.ATTORNEY.getUrl(), donor, task, result); // TODO: audit switch securityContextManager.setupPreAuthenticatedSecurityContext(donorPrincipal); return donorPrincipal; }
private void authenticateUser(PrismObject<UserType> user, String enteredUsername, ConnectionEnvironment connEnv, ContainerRequestContext requestCtx) { try { securityContextManager.setupPreAuthenticatedSecurityContext(user); } catch (SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { securityHelper.auditLoginFailure(enteredUsername, user.asObjectable(), connEnv, "Schema error: "+e.getMessage()); requestCtx.abortWith(Response.status(Status.BAD_REQUEST).build()); // return false; } LOGGER.trace("Authenticated to REST service as {}", user); }
securityContextManager.setupPreAuthenticatedSecurityContext(task.getOwner()); } catch (SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { LoggingUtils.logUnexpectedException(LOGGER, "Couldn't set up task security context {}", e, task);
try { taskManagerImpl.getSecurityContextManager().setupPreAuthenticatedSecurityContext((Authentication) null); taskManagerImpl.getSecurityContextManager().setupPreAuthenticatedSecurityContext(taskOwner); } catch (SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { LoggingUtils.logUnexpectedException(LOGGER, "Task with OID {} cannot be executed: error setting security context", e, oid); } finally { taskManagerImpl.getSecurityContextManager().setupPreAuthenticatedSecurityContext((Authentication) null);