Skip to content

Commit

Permalink
Fixing many issues in security questions pages. Support for more real…
Browse files Browse the repository at this point in the history 
…iable privilege escalation. (MID-3166)
  • Loading branch information
@semancik
semancik committed Jun 21, 2016
1 parent f22ecb8 commit 2de0bcc
Show file tree
Hide file tree
Showing 18 changed files with 769 additions and 694 deletions.
39 changes: 31 additions & 8 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageBase.java
View file
Expand Up @@ -101,6 +101,7 @@
import com.evolveum.midpoint.task.api.TaskCategory;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.Holder;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
Expand Down Expand Up @@ -172,6 +173,7 @@
import com.evolveum.midpoint.xml.ns._public.common.common_3.RichHyperlinkType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;

/**
* @author lazyman
Expand Down Expand Up @@ -307,7 +309,8 @@ protected Integer load() {
}

protected void createBreadcrumb() {
BreadcrumbPageClass bc = new BreadcrumbPageClass(new AbstractReadOnlyModel() {
BreadcrumbPageClass bc = new BreadcrumbPageClass(new AbstractReadOnlyModel<String>() {
private static final long serialVersionUID = 1L;

@Override
public String getObject() {
Expand All @@ -319,7 +322,8 @@ public String getObject() {
}

protected void createInstanceBreadcrumb() {
BreadcrumbPageInstance bc = new BreadcrumbPageInstance(new AbstractReadOnlyModel() {
BreadcrumbPageInstance bc = new BreadcrumbPageInstance(new AbstractReadOnlyModel<String>() {
private static final long serialVersionUID = 1L;

@Override
public String getObject() {
Expand Down Expand Up @@ -424,12 +428,6 @@ public MidPointPrincipal getPrincipal() {
return SecurityUtils.getPrincipalUser();
}

// public static StringResourceModel createStringResourceStatic(Component
// component, String resourceKey, Object... objects) {
// return new StringResourceModel(resourceKey, component, new
// Model<String>(), resourceKey, objects);
// }

public static StringResourceModel createStringResourceStatic(Component component, Enum e) {
String resourceKey = createEnumResourceKey(e);
return createStringResourceStatic(component, resourceKey);
Expand Down Expand Up @@ -457,6 +455,15 @@ public Task createSimpleTask(String operation, PrismObject<UserType> owner) {

return task;
}

public Task createAnonymousTask(String operation) {
TaskManager manager = getTaskManager();
Task task = manager.createTaskInstance(operation);

task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);

return task;
}

public Task createSimpleTask(String operation) {
MidPointPrincipal user = SecurityUtils.getPrincipalUser();
Expand Down Expand Up @@ -517,6 +524,7 @@ private void initTitleLayout() {

ListView breadcrumbs = new ListView<Breadcrumb>(ID_BREADCRUMB,
new AbstractReadOnlyModel<List<Breadcrumb>>() {
private static final long serialVersionUID = 1L;

@Override
public List<Breadcrumb> getObject() {
Expand All @@ -529,6 +537,7 @@ protected void populateItem(ListItem<Breadcrumb> item) {
final Breadcrumb dto = item.getModelObject();

AjaxLink bcLink = new AjaxLink(ID_BC_LINK) {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
Expand All @@ -537,6 +546,7 @@ public void onClick(AjaxRequestTarget target) {
};
item.add(bcLink);
bcLink.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isEnabled() {
Expand All @@ -546,6 +556,7 @@ public boolean isEnabled() {

WebMarkupContainer bcIcon = new WebMarkupContainer(ID_BC_ICON);
bcIcon.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isVisible() {
Expand All @@ -559,6 +570,7 @@ public boolean isVisible() {
bcLink.add(bcName);

item.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isVisible() {
Expand All @@ -572,6 +584,7 @@ public boolean isVisible() {

private void initLayout() {
AjaxLink logo = new AjaxLink(ID_LOGO) {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
Expand All @@ -598,12 +611,16 @@ public void onClick(AjaxRequestTarget target) {
add(sidebarMenu);

WebMarkupContainer version = new WebMarkupContainer(ID_VERSION) {
private static final long serialVersionUID = 1L;

@Deprecated
public String getDescribe() {
return PageBase.this.getDescribe();
}
};
version.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isVisible() {
return RuntimeConfigurationType.DEVELOPMENT.equals(getApplication().getConfigurationType());
Expand Down Expand Up @@ -661,6 +678,7 @@ private void initDebugBarLayout() {

WebMarkupContainer debugBar = new WebMarkupContainer(ID_DEBUG_BAR);
debugBar.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isVisible() {
Expand All @@ -671,6 +689,7 @@ public boolean isVisible() {
add(debugBar);

AjaxButton clearCache = new AjaxButton(ID_CLEAR_CACHE, createStringResource("PageBase.clearCssCache")) {
private static final long serialVersionUID = 1L;

@Override
public void onClick(AjaxRequestTarget target) {
Expand Down Expand Up @@ -1560,4 +1579,8 @@ protected void setTimeZone(PageBase page){
}
}

protected <T> T runPrivileged(Producer<T> producer) {
return securityEnforcer.runPrivileged(producer);
}

}
73 changes: 61 additions & 12 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java
View file
Expand Up @@ -13,7 +13,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.evolveum.midpoint.gui.api.util;

import static com.evolveum.midpoint.gui.api.page.PageBase.createStringResourceStatic;
Expand All @@ -37,13 +36,6 @@
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;

import com.evolveum.midpoint.gui.api.model.NonEmptyModel;
import com.evolveum.midpoint.prism.*;
import com.evolveum.midpoint.prism.match.*;
import com.evolveum.midpoint.web.component.AjaxTabbedPanel;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.page.admin.services.PageService;
import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.wicket.Component;
Expand Down Expand Up @@ -80,11 +72,31 @@
import com.evolveum.midpoint.gui.api.GuiStyleConstants;
import com.evolveum.midpoint.gui.api.component.result.OpResult;
import com.evolveum.midpoint.gui.api.model.LoadableModel;
import com.evolveum.midpoint.gui.api.model.NonEmptyModel;
import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.model.api.ModelInteractionService;
import com.evolveum.midpoint.prism.Objectable;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.PrismPropertyDefinition;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.Revivable;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PropertyDelta;
import com.evolveum.midpoint.prism.match.DefaultMatchingRule;
import com.evolveum.midpoint.prism.match.DistinguishedNameMatchingRule;
import com.evolveum.midpoint.prism.match.ExchangeEmailAddressesMatchingRule;
import com.evolveum.midpoint.prism.match.PolyStringNormMatchingRule;
import com.evolveum.midpoint.prism.match.PolyStringOrigMatchingRule;
import com.evolveum.midpoint.prism.match.PolyStringStrictMatchingRule;
import com.evolveum.midpoint.prism.match.StringIgnoreCaseMatchingRule;
import com.evolveum.midpoint.prism.match.UuidMatchingRule;
import com.evolveum.midpoint.prism.match.XmlMatchingRule;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.path.ItemPathSegment;
import com.evolveum.midpoint.prism.polystring.PolyString;
Expand Down Expand Up @@ -118,6 +130,7 @@
import com.evolveum.midpoint.web.component.data.Table;
import com.evolveum.midpoint.web.component.input.DropDownChoicePanel;
import com.evolveum.midpoint.web.component.util.Selectable;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.midpoint.web.page.PageDialog;
import com.evolveum.midpoint.web.page.admin.configuration.component.EmptyOnBlurAjaxFormUpdatingBehaviour;
import com.evolveum.midpoint.web.page.admin.configuration.component.EmptyOnChangeAjaxFormUpdatingBehavior;
Expand All @@ -126,12 +139,45 @@
import com.evolveum.midpoint.web.page.admin.roles.PageRole;
import com.evolveum.midpoint.web.page.admin.server.PageTaskEdit;
import com.evolveum.midpoint.web.page.admin.server.dto.OperationResultStatusPresentationProperties;
import com.evolveum.midpoint.web.page.admin.services.PageService;
import com.evolveum.midpoint.web.page.admin.users.PageOrgUnit;
import com.evolveum.midpoint.web.page.admin.users.PageUser;
import com.evolveum.midpoint.web.security.MidPointApplication;
import com.evolveum.midpoint.web.security.SecurityUtils;
import com.evolveum.midpoint.web.util.InfoTooltipBehavior;
import com.evolveum.midpoint.web.util.OnePageParameterEncoder;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AvailabilityStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MisfireActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationalStateType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ReportType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ScheduleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ServiceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskBindingType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskExecutionStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskRecurrenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ThreadStopActionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemType;
import com.evolveum.prism.xml.ns._public.query_3.QueryType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
Expand Down Expand Up @@ -175,9 +221,6 @@ public String getChannel() {
}
}

private WebComponentUtil() {
}

public static Class<?> qnameToClass(PrismContext prismContext, QName type) {
return prismContext.getSchemaRegistry().determineCompileTimeClass(type);
}
Expand Down Expand Up @@ -1497,6 +1540,7 @@ public static TabbedPanel<ITab> createTabPanel(
final String tabChangeParameter) {

TabbedPanel<ITab> tabPanel = new TabbedPanel<ITab>(id, tabs, provider) {
private static final long serialVersionUID = 1L;

@Override
protected void onTabChange(int index) {
Expand All @@ -1508,6 +1552,7 @@ protected void onTabChange(int index) {
@Override
protected WebMarkupContainer newLink(String linkId, final int index) {
return new AjaxSubmitLink(linkId) {
private static final long serialVersionUID = 1L;

@Override
protected void onError(AjaxRequestTarget target,
Expand Down Expand Up @@ -1568,6 +1613,8 @@ public static String exceptionToString(String message, Exception e) {

public static Behavior visibleIfFalse(final NonEmptyModel<Boolean> model) {
return new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isVisible() {
return !model.getObject();
Expand All @@ -1577,6 +1624,8 @@ public boolean isVisible() {

public static Behavior enabledIfFalse(final NonEmptyModel<Boolean> model) {
return new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;

@Override
public boolean isEnabled() {
return !model.getObject();
Expand Down Expand Up @@ -1606,5 +1655,5 @@ public static void setSelectedTabFromPageParameters(TabbedPanel tabbed, PagePara
}

tabbed.setSelectedTab(tabIndex);
}
}
}

0 comments on commit 2de0bcc

Please sign in to comment.