fix for flow of post-authentication (MID-7375, MID-7376)

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PagePostAuthentication.java

@@ -195,17 +195,6 @@ protected void submitRegistration(AjaxRequestTarget target) {
                 ObjectDelta<UserType> lifecycleDelta = getPrismContext().deltaFactory().object().createModificationDeleteProperty(UserType.class,
                         userModel.getObject().getOid(), UserType.F_LIFECYCLE_STATE,
                         getPostAuthenticationConfiguration().getRequiredLifecycleState());
-
-//                try {
-//                    if (getUserDelta().findItemDelta(SchemaConstants.PATH_PASSWORD_VALUE) != null) {
-//                        PrismProperty<Boolean> forceChangeProperty = userModel.getObject().asPrismObject().findProperty(SchemaConstants.PATH_PASSWORD_FORCE_CHANGE);
-//                        if (forceChangeProperty != null && !forceChangeProperty.isEmpty()) {
-//                            lifecycleDelta.addModificationDeleteProperty(SchemaConstants.PATH_PASSWORD_FORCE_CHANGE, forceChangeProperty.getRealValue());
-//                        }
-//                    }
-//                } catch (SchemaException e) {
-//                    LoggingUtils.logException(LOGGER, "Cannot create delete delta for property: force change", e);
-//                }
                 OperationResult opResult = new OperationResult(OPERATION_SAVE_USER);
                 Task task = createAnonymousTask(OPERATION_SAVE_USER);
                 WebModelServiceUtils.save(lifecycleDelta, opResult, task, PagePostAuthentication.this);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointAuthenticationSuccessHandler.java

@@ -74,6 +74,10 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
                 if (mpAuthentication.isAuthenticated()) {
                     urlSuffix = mpAuthentication.getAuthenticationChannel().getPathAfterSuccessfulAuthentication();
                     mpAuthentication.getAuthenticationChannel().postSuccessAuthenticationProcessing();
+                    if (mpAuthentication.getAuthenticationChannel().isPostAuthenticationEnabled()) {
+                        getRedirectStrategy().sendRedirect(request, response, urlSuffix);
+                        return;
+                    }
                 } else {
                     urlSuffix = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
                 }
@@ -105,6 +109,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         } else {
             setDefaultTargetUrl(urlSuffix);
         }
+
         super.onAuthenticationSuccess(request, response, authentication);
     }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/AuthenticationChannelImpl.java

@@ -111,4 +111,9 @@ public boolean isSupportActivationByChannel() {
     public String getUrlSuffix() {
         return this.channel.getUrlSuffix();
     }
+
+    @Override
+    public boolean isPostAuthenticationEnabled() {
+        return false;
+    }
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/GuiAuthenticationChannel.java

@@ -1,42 +1,46 @@
-/*
- * Copyright (c) 2010-2019 Evolveum and contributors
- *
- * This work is dual-licensed under the Apache License 2.0
- * and European Union Public License. See LICENSE file for details.
- */
-package com.evolveum.midpoint.web.security.channel;
-
-import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
-import com.evolveum.midpoint.model.api.ModelInteractionService;
-import com.evolveum.midpoint.schema.constants.SchemaConstants;
-import com.evolveum.midpoint.task.api.TaskManager;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
-
-/**
- * @author skublik
- */
-
-public class GuiAuthenticationChannel extends AuthenticationChannelImpl {
-
-    private TaskManager taskManager;
-    private ModelInteractionService modelInteractionService;
-
-    public GuiAuthenticationChannel(AuthenticationSequenceChannelType channel, TaskManager taskManager, ModelInteractionService modelInteractionService) {
-        super(channel);
-        this.taskManager = taskManager;
-        this.modelInteractionService = modelInteractionService;
-    }
-
-    public String getChannelId() {
-        return SchemaConstants.CHANNEL_USER_URI;
-    }
-
-    public String getPathAfterSuccessfulAuthentication() {
-        if (WebModelServiceUtils.isPostAuthenticationEnabled(taskManager, modelInteractionService)) {
-                return "/self/postAuthentication";
-        }
-
-        return super.getPathAfterSuccessfulAuthentication();
-    }
-
-}
+/*
+ * Copyright (c) 2010-2019 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.web.security.channel;
+
+import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
+import com.evolveum.midpoint.model.api.ModelInteractionService;
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
+import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+
+/**
+ * @author skublik
+ */
+
+public class GuiAuthenticationChannel extends AuthenticationChannelImpl {
+
+    private TaskManager taskManager;
+    private ModelInteractionService modelInteractionService;
+
+    public GuiAuthenticationChannel(AuthenticationSequenceChannelType channel, TaskManager taskManager, ModelInteractionService modelInteractionService) {
+        super(channel);
+        this.taskManager = taskManager;
+        this.modelInteractionService = modelInteractionService;
+    }
+
+    public String getChannelId() {
+        return SchemaConstants.CHANNEL_USER_URI;
+    }
+
+    public String getPathAfterSuccessfulAuthentication() {
+        if (isPostAuthenticationEnabled()) {
+                return "/self/postAuthentication";
+        }
+
+        return super.getPathAfterSuccessfulAuthentication();
+    }
+
+    @Override
+    public boolean isPostAuthenticationEnabled() {
+        return WebModelServiceUtils.isPostAuthenticationEnabled(taskManager, modelInteractionService);
+    }
+}

model/model-api/src/main/java/com/evolveum/midpoint/model/api/authentication/AuthenticationChannel.java

@@ -47,4 +47,6 @@ public interface AuthenticationChannel {
     public boolean isSupportActivationByChannel();
 
     public String getUrlSuffix();
+
+    public boolean isPostAuthenticationEnabled();
 }

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java

@@ -1647,7 +1647,12 @@ public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject<Us
     public void refreshPrincipal(String oid, Class<? extends FocusType> clazz) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
         try {
             MidPointPrincipal principal = guiProfiledPrincipalManager.getPrincipalByOid(oid, clazz);
-            securityContextManager.setupPreAuthenticatedSecurityContext(principal);
+            Authentication authentication = securityContextManager.getAuthentication();
+            if (authentication instanceof MidpointAuthentication) {
+                ((MidpointAuthentication) authentication).setPrincipal(principal);
+            } else {
+                securityContextManager.setupPreAuthenticatedSecurityContext(principal);
+            }
         } catch (Throwable e) {
             LOGGER.error("Cannot refresh authentication for user identified with" + oid);
             throw e;