From 3cb2436fb98ce64de4b98917d85081a4f485e001 Mon Sep 17 00:00:00 2001 From: Viliam Repan Date: Thu, 9 Mar 2017 14:27:07 +0100 Subject: [PATCH] MID-3690 fix for url pattern matching in security --- .../web/application/DescriptorLoader.java | 76 +++++++++++----- .../web/application/PageDescriptor.java | 13 ++- .../midpoint/web/application/Url.java | 35 ++++++++ .../PageSystemConfiguration.java | 17 +++- .../web/page/admin/home/PageDashboard.java | 19 ++-- .../web/page/admin/reports/PageReports.java | 7 +- .../page/admin/resources/PageResource.java | 21 +++-- .../resources/PageResourceVisualization.java | 3 +- .../admin/resources/PageResourceWizard.java | 3 +- .../page/admin/resources/PageResources.java | 16 +++- .../web/page/admin/server/PageTasks.java | 7 +- .../web/page/admin/users/PageUsers.java | 16 +++- .../login/PageRegistrationConfirmation.java | 3 +- .../web/page/self/PageSelfDashboard.java | 21 +++-- .../web/security/MidPointApplication.java | 12 +-- .../web/util/ExactMatchMountedMapper.java | 52 +++++++++++ .../util/MidPointPageParametersEncoder.java | 89 ------------------- ...MountedMapperWithoutPageComponentInfo.java | 52 ----------- 18 files changed, 254 insertions(+), 208 deletions(-) create mode 100644 gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/Url.java create mode 100644 gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExactMatchMountedMapper.java delete mode 100644 gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MidPointPageParametersEncoder.java delete mode 100644 gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MountedMapperWithoutPageComponentInfo.java diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/DescriptorLoader.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/DescriptorLoader.java index dcac7c7ba5d..94b55c793ff 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/DescriptorLoader.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/DescriptorLoader.java @@ -25,8 +25,10 @@ import com.evolveum.midpoint.util.logging.Trace; import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.web.security.MidPointApplication; +import com.evolveum.midpoint.web.util.ExactMatchMountedMapper; import com.evolveum.midpoint.xml.ns._public.gui.admin_1.DescriptorType; import com.evolveum.midpoint.xml.ns._public.gui.admin_1.ObjectFactory; +import org.apache.commons.lang3.StringUtils; import org.apache.wicket.core.request.mapper.MountedMapper; import org.apache.wicket.markup.html.WebPage; import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder; @@ -133,48 +135,80 @@ private void scanPackagesForPages(List packages, MidPointApplication app } private void loadActions(PageDescriptor descriptor) { - for (String url : descriptor.url()) { - List actions = new ArrayList<>(); + List actions = new ArrayList<>(); - //avoid of setting guiAll authz for "public" pages (e.g. login page) - if (descriptor.action() == null || descriptor.action().length == 0) { - return; - } + //avoid of setting guiAll authz for "public" pages (e.g. login page) + if (descriptor.action() == null || descriptor.action().length == 0) { + return; + } - boolean canAccess = true; + boolean canAccess = true; - for (AuthorizationAction action : descriptor.action()) { - actions.add(new AuthorizationActionValue(action.actionUri(), action.label(), action.description())); - if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(action.actionUri())) { - canAccess = false; - break; - } + for (AuthorizationAction action : descriptor.action()) { + actions.add(new AuthorizationActionValue(action.actionUri(), action.label(), action.description())); + if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(action.actionUri())) { + canAccess = false; + break; } + } - //add http://.../..#guiAll authorization only for displayable pages, not for pages used for development.. - if (canAccess) { + //add http://.../..#guiAll authorization only for displayable pages, not for pages used for development.. + if (canAccess) { - actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_DEPRECATED_URL, - AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION)); - actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL, - AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION)); + actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_DEPRECATED_URL, + AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION)); + actions.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL, + AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION)); + } + + for (String url : descriptor.url()) { + this.actions.put(buildPrefixUrl(url), actions.toArray(new DisplayableValue[actions.size()])); + } + + for (Url url : descriptor.urls()) { + String urlForSecurity = url.matchUrlForSecurity(); + if (StringUtils.isEmpty(urlForSecurity)) { + urlForSecurity = buildPrefixUrl(url.mountUrl()); } - this.actions.put(url, actions.toArray(new DisplayableValue[actions.size()])); + this.actions.put(urlForSecurity, actions.toArray(new DisplayableValue[actions.size()])); + } + } + + public String buildPrefixUrl(String url) { + StringBuilder sb = new StringBuilder(); + sb.append(url); + + if (!url.endsWith("/")) { + sb.append("/"); } + sb.append("**"); + + return sb.toString(); } private void mountPage(PageDescriptor descriptor, Class clazz, MidPointApplication application) throws InstantiationException, IllegalAccessException { + //todo remove for cycle later for (String url : descriptor.url()) { IPageParametersEncoder encoder = descriptor.encoder().newInstance(); LOGGER.trace("Mounting page '{}' to url '{}' with encoder '{}'.", new Object[]{ clazz.getName(), url, encoder.getClass().getSimpleName()}); - application.mount(new MountedMapper(url, clazz, encoder)); + application.mount(new ExactMatchMountedMapper(url, clazz, encoder)); urlClassMap.put(url, clazz); } + + for (Url url : descriptor.urls()) { + IPageParametersEncoder encoder = descriptor.encoder().newInstance(); + + LOGGER.trace("Mounting page '{}' to url '{}' with encoder '{}'.", new Object[]{ + clazz.getName(), url, encoder.getClass().getSimpleName()}); + + application.mount(new ExactMatchMountedMapper(url.mountUrl(), clazz, encoder)); + urlClassMap.put(url.mountUrl(), clazz); + } } @Override diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/PageDescriptor.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/PageDescriptor.java index 7ddd72a129d..30fdbcab914 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/PageDescriptor.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/PageDescriptor.java @@ -16,8 +16,8 @@ package com.evolveum.midpoint.web.application; -import com.evolveum.midpoint.web.util.MidPointPageParametersEncoder; import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder; +import org.apache.wicket.request.mapper.parameter.PageParametersEncoder; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @@ -28,9 +28,16 @@ @Retention(RetentionPolicy.RUNTIME) public @interface PageDescriptor { - String[] url(); + /** + * Please use {@link PageDescriptor#urls()} + * @return + */ + @Deprecated + String[] url() default {}; - Class encoder() default MidPointPageParametersEncoder.class; + Url[] urls() default {}; + + Class encoder() default PageParametersEncoder.class; AuthorizationAction[] action() default {}; } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/Url.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/Url.java new file mode 100644 index 00000000000..bd6fd62c96d --- /dev/null +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/application/Url.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2010-2017 Evolveum + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.evolveum.midpoint.web.application; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +/** + * @author lazyman + */ +@Retention(RetentionPolicy.RUNTIME) +public @interface Url { + + String mountUrl(); + + /** + * If empty {@link Url#mountUrl()} + "/**" will be used for URL ant pattern matching in security configuration. + * See {@link DescriptorLoader}, {@link com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator}. + */ + String matchUrlForSecurity() default ""; +} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageSystemConfiguration.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageSystemConfiguration.java index ea0383fdfd1..e963267ef92 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageSystemConfiguration.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageSystemConfiguration.java @@ -20,6 +20,7 @@ import java.util.Collection; import java.util.List; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.web.page.admin.configuration.component.*; import com.evolveum.midpoint.web.page.admin.configuration.dto.*; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; @@ -58,9 +59,19 @@ /** * @author lazyman */ -@PageDescriptor(url = { "/admin/config", "/admin/config/system" }, action = { - @AuthorizationAction(actionUri = PageAdminConfiguration.AUTH_CONFIGURATION_ALL, label = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_LABEL, description = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_URL, label = "PageSystemConfiguration.auth.configSystemConfiguration.label", description = "PageSystemConfiguration.auth.configSystemConfiguration.description") }) +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin/config", matchUrlForSecurity = "/admin/config"), + @Url(mountUrl = "/admin/config/system"), + }, + action = { + @AuthorizationAction(actionUri = PageAdminConfiguration.AUTH_CONFIGURATION_ALL, + label = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_LABEL, + description = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_URL, + label = "PageSystemConfiguration.auth.configSystemConfiguration.label", + description = "PageSystemConfiguration.auth.configSystemConfiguration.description") + }) public class PageSystemConfiguration extends PageAdminConfiguration { public static final String SELECTED_TAB_INDEX = "tab"; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java index 8b4d3d2b8c4..6494b19640b 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/PageDashboard.java @@ -15,6 +15,7 @@ */ package com.evolveum.midpoint.web.page.admin.home; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; import org.apache.wicket.Component; import org.apache.wicket.model.Model; @@ -47,11 +48,19 @@ /** * @author lazyman */ -@PageDescriptor(url = {"/admin/dashboard", "/admin"}, action = { - @AuthorizationAction(actionUri = PageAdminHome.AUTH_HOME_ALL_URI, - label = PageAdminHome.AUTH_HOME_ALL_LABEL, description = PageAdminHome.AUTH_HOME_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_DASHBOARD_URL, - label = "PageDashboard.auth.dashboard.label", description = "PageDashboard.auth.dashboard.description")}) +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin", matchUrlForSecurity = "/admin"), + @Url(mountUrl = "/admin/dashboard"), + }, + action = { + @AuthorizationAction(actionUri = PageAdminHome.AUTH_HOME_ALL_URI, + label = PageAdminHome.AUTH_HOME_ALL_LABEL, + description = PageAdminHome.AUTH_HOME_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_DASHBOARD_URL, + label = "PageDashboard.auth.dashboard.label", + description = "PageDashboard.auth.dashboard.description") + }) public class PageDashboard extends PageAdminHome { private static final long serialVersionUID = 1L; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java index ab9a0cccefd..fb6cc0489b3 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageReports.java @@ -31,6 +31,7 @@ import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.web.application.AuthorizationAction; import com.evolveum.midpoint.web.application.PageDescriptor; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.web.component.BasicSearchPanel; import com.evolveum.midpoint.web.component.data.BoxedTablePanel; import com.evolveum.midpoint.web.component.data.ObjectDataProvider; @@ -72,7 +73,11 @@ /** * @author lazyman */ -@PageDescriptor(url = "/admin/reports", action = { +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin/reports", matchUrlForSecurity = "/admin/reports") + }, + action = { @AuthorizationAction(actionUri = PageAdminReports.AUTH_REPORTS_ALL, label = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_LABEL, description = PageAdminConfiguration.AUTH_CONFIGURATION_ALL_DESCRIPTION), diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResource.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResource.java index 1cf9957314a..b4c10930627 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResource.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResource.java @@ -15,10 +15,8 @@ */ package com.evolveum.midpoint.web.page.admin.resources; -import com.evolveum.midpoint.gui.api.component.result.OpResult; import com.evolveum.midpoint.gui.api.component.tabs.PanelTab; import com.evolveum.midpoint.gui.api.model.LoadableModel; -import com.evolveum.midpoint.gui.api.page.PageBase; import com.evolveum.midpoint.gui.api.util.WebComponentUtil; import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils; import com.evolveum.midpoint.model.api.util.ResourceUtils; @@ -34,6 +32,7 @@ import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.web.application.AuthorizationAction; import com.evolveum.midpoint.web.application.PageDescriptor; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.web.component.AjaxButton; import com.evolveum.midpoint.web.component.AjaxTabbedPanel; import com.evolveum.midpoint.web.page.admin.configuration.PageDebugView; @@ -42,13 +41,10 @@ import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType; import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType; import org.apache.commons.lang.StringUtils; -import org.apache.wicket.ajax.AjaxEventBehavior; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow; import org.apache.wicket.extensions.markup.html.tabs.ITab; import org.apache.wicket.markup.html.WebMarkupContainer; -import org.apache.wicket.markup.repeater.RepeatingView; -import org.apache.wicket.model.util.ListModel; import org.apache.wicket.request.mapper.parameter.PageParameters; import java.util.ArrayList; @@ -58,9 +54,18 @@ /** * @author katkav */ -@PageDescriptor(url = "/admin/resource", encoder = OnePageParameterEncoder.class, action = { - @AuthorizationAction(actionUri = PageAdminResources.AUTH_RESOURCE_ALL, label = PageAdminResources.AUTH_RESOURCE_ALL_LABEL, description = PageAdminResources.AUTH_RESOURCE_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_RESOURCE_URL, label = "PageResource.auth.resource.label", description = "PageResource.auth.resource.description") }) +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin/resource", matchUrlForSecurity = "/admin/resource") + }, + action = { + @AuthorizationAction(actionUri = PageAdminResources.AUTH_RESOURCE_ALL, + label = PageAdminResources.AUTH_RESOURCE_ALL_LABEL, + description = PageAdminResources.AUTH_RESOURCE_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_RESOURCE_URL, + label = "PageResource.auth.resource.label", + description = "PageResource.auth.resource.description") + }) public class PageResource extends PageAdminResources { private static final long serialVersionUID = 1L; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceVisualization.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceVisualization.java index 05fa5c893a7..5e2a83f7794 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceVisualization.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceVisualization.java @@ -34,7 +34,6 @@ import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour; import com.evolveum.midpoint.web.page.admin.PageAdmin; import com.evolveum.midpoint.web.page.admin.resources.dto.ResourceVisualizationDto; -import com.evolveum.midpoint.web.util.MidPointPageParametersEncoder; import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType; import org.apache.commons.configuration.Configuration; import org.apache.wicket.ajax.AjaxRequestTarget; @@ -51,7 +50,7 @@ /** * @author mederly */ -@PageDescriptor(url = "/admin/resources/visualization", encoder = MidPointPageParametersEncoder.class, action = { +@PageDescriptor(url = "/admin/resources/visualization", action = { @AuthorizationAction(actionUri = PageAdminResources.AUTH_RESOURCE_ALL, label = PageAdminResources.AUTH_RESOURCE_ALL_LABEL, description = PageAdminResources.AUTH_RESOURCE_ALL_DESCRIPTION), diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.java index 3eea1e13e02..2054cad7f07 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResourceWizard.java @@ -38,7 +38,6 @@ import com.evolveum.midpoint.web.component.wizard.WizardStep; import com.evolveum.midpoint.web.component.wizard.resource.*; import com.evolveum.midpoint.web.page.error.PageError; -import com.evolveum.midpoint.web.util.MidPointPageParametersEncoder; import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType; import org.apache.wicket.Component; import org.apache.wicket.RestartResponseException; @@ -59,7 +58,7 @@ /** * @author lazyman */ -@PageDescriptor(url = "/admin/resources/wizard", encoder = MidPointPageParametersEncoder.class, action = { +@PageDescriptor(url = "/admin/resources/wizard", action = { @AuthorizationAction(actionUri = PageAdminResources.AUTH_RESOURCE_ALL, label = PageAdminResources.AUTH_RESOURCE_ALL_LABEL, description = PageAdminResources.AUTH_RESOURCE_ALL_DESCRIPTION), diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResources.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResources.java index aafcf5f3428..d860b717932 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResources.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/resources/PageResources.java @@ -20,6 +20,7 @@ import java.util.Collection; import java.util.List; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.web.component.data.column.DoubleButtonColumn; import com.evolveum.midpoint.web.component.data.column.InlineMenuButtonColumn; import com.evolveum.midpoint.web.component.dialog.ConfirmationPanel; @@ -71,9 +72,18 @@ /** * @author lazyman */ -@PageDescriptor(url = "/admin/resources", action = { - @AuthorizationAction(actionUri = PageAdminResources.AUTH_RESOURCE_ALL, label = PageAdminResources.AUTH_RESOURCE_ALL_LABEL, description = PageAdminResources.AUTH_RESOURCE_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_RESOURCES_URL, label = "PageResources.auth.resources.label", description = "PageResources.auth.resources.description") }) +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin/resources", matchUrlForSecurity = "/admin/resources") + }, + action = { + @AuthorizationAction(actionUri = PageAdminResources.AUTH_RESOURCE_ALL, + label = PageAdminResources.AUTH_RESOURCE_ALL_LABEL, + description = PageAdminResources.AUTH_RESOURCE_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_RESOURCES_URL, + label = "PageResources.auth.resources.label", + description = "PageResources.auth.resources.description") + }) public class PageResources extends PageAdminResources { private static final long serialVersionUID = 1L; diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/server/PageTasks.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/server/PageTasks.java index 2e6ed2ab1b2..2e859f2a8ef 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/server/PageTasks.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/server/PageTasks.java @@ -42,6 +42,7 @@ import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.web.application.AuthorizationAction; import com.evolveum.midpoint.web.application.PageDescriptor; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.web.component.AjaxButton; import com.evolveum.midpoint.web.component.AjaxSubmitButton; import com.evolveum.midpoint.web.component.DateLabelComponent; @@ -96,7 +97,11 @@ /** * @author lazyman */ -@PageDescriptor(url = "/admin/tasks", action = { +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin/tasks", matchUrlForSecurity = "/admin/tasks") + }, + action = { @AuthorizationAction(actionUri = PageAdminTasks.AUTHORIZATION_TASKS_ALL, label = PageAdminTasks.AUTH_TASKS_ALL_LABEL, description = PageAdminTasks.AUTH_TASKS_ALL_DESCRIPTION), diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java index 39c13d1cc0b..15402d751c6 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/users/PageUsers.java @@ -24,6 +24,7 @@ import com.evolveum.midpoint.prism.query.InOidFilter; import com.evolveum.midpoint.prism.query.NotFilter; import com.evolveum.midpoint.prism.query.ObjectFilter; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.web.component.data.column.*; import com.evolveum.midpoint.web.component.dialog.ConfirmationPanel; import com.evolveum.midpoint.web.component.dialog.Popupable; @@ -80,9 +81,18 @@ /** * @author lazyman */ -@PageDescriptor(url = "/admin/users", action = { - @AuthorizationAction(actionUri = PageAdminUsers.AUTH_USERS_ALL, label = PageAdminUsers.AUTH_USERS_ALL_LABEL, description = PageAdminUsers.AUTH_USERS_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_USERS_URL, label = "PageUsers.auth.users.label", description = "PageUsers.auth.users.description") }) +@PageDescriptor( + urls = { + @Url(mountUrl = "/admin/users", matchUrlForSecurity = "/admin/users") + }, + action = { + @AuthorizationAction(actionUri = PageAdminUsers.AUTH_USERS_ALL, + label = PageAdminUsers.AUTH_USERS_ALL_LABEL, + description = PageAdminUsers.AUTH_USERS_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_USERS_URL, + label = "PageUsers.auth.users.label", + description = "PageUsers.auth.users.description") + }) public class PageUsers extends PageAdminUsers { private static final Trace LOGGER = TraceManager.getTrace(PageUsers.class); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationConfirmation.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationConfirmation.java index 6e7dbedc6a2..e9d89b5405a 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationConfirmation.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationConfirmation.java @@ -34,7 +34,6 @@ import com.evolveum.midpoint.util.logging.TraceManager; import com.evolveum.midpoint.web.application.PageDescriptor; import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour; -import com.evolveum.midpoint.web.util.MidPointPageParametersEncoder; import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType; import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType; import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType; @@ -42,7 +41,7 @@ import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; //CONFIRMATION_LINK = "http://localhost:8080/midpoint/confirm/registration/"; -@PageDescriptor(url = "/confirm", encoder = MidPointPageParametersEncoder.class) +@PageDescriptor(url = "/confirm") public class PageRegistrationConfirmation extends PageRegistrationBase { private static final Trace LOGGER = TraceManager.getTrace(PageRegistrationConfirmation.class); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java index bb4cc89e5a7..44ec3d721c8 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfDashboard.java @@ -21,6 +21,7 @@ import com.evolveum.midpoint.gui.api.PredefinedDashboardWidgetId; import com.evolveum.midpoint.schema.util.AdminGuiConfigTypeUtil; +import com.evolveum.midpoint.web.application.Url; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; import org.apache.commons.lang.Validate; import org.apache.wicket.Application; @@ -81,13 +82,19 @@ * @author Viliam Repan (lazyman) * @author Kate Honchar */ -@PageDescriptor(url = {"/self/dashboard", "/self"}, action = { - @AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI, - label = PageSelf.AUTH_SELF_ALL_LABEL, - description = PageSelf.AUTH_SELF_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_DASHBOARD_URL, - label = "PageSelfDashboard.auth.dashboard.label", - description = "PageSelfDashboard.auth.dashboard.description")}) +@PageDescriptor( + urls = { + @Url(mountUrl = "/self", matchUrlForSecurity = "/self"), + @Url(mountUrl = "/self/dashboard") + }, + action = { + @AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI, + label = PageSelf.AUTH_SELF_ALL_LABEL, + description = PageSelf.AUTH_SELF_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_DASHBOARD_URL, + label = "PageSelfDashboard.auth.dashboard.label", + description = "PageSelfDashboard.auth.dashboard.description") + }) public class PageSelfDashboard extends PageSelf { private static final Trace LOGGER = TraceManager.getTrace(PageSelfDashboard.class); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java index eb26f4563a5..2ce27a13e78 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointApplication.java @@ -50,6 +50,7 @@ import org.apache.wicket.markup.head.PriorityFirstComparator; import org.apache.wicket.markup.html.SecurePackageResourceGuard; import org.apache.wicket.markup.html.WebPage; +import org.apache.wicket.request.mapper.parameter.PageParametersEncoder; import org.apache.wicket.request.resource.PackageResourceReference; import org.apache.wicket.request.resource.SharedResourceReference; import org.apache.wicket.resource.loader.IStringResourceLoader; @@ -83,7 +84,6 @@ import com.evolveum.midpoint.web.page.login.PageLogin; import com.evolveum.midpoint.web.page.self.PageSelfDashboard; import com.evolveum.midpoint.web.resource.img.ImgResources; -import com.evolveum.midpoint.web.util.MidPointPageParametersEncoder; import com.evolveum.midpoint.web.util.Utf8BundleStringResourceLoader; /** @@ -261,11 +261,11 @@ public void init() { appSettings.setInternalErrorPage(PageError.class); appSettings.setPageExpiredErrorPage(PageError.class); - mount(new MountedMapper("/error", PageError.class, MidPointPageParametersEncoder.ENCODER)); - mount(new MountedMapper("/error/401", PageError401.class, MidPointPageParametersEncoder.ENCODER)); - mount(new MountedMapper("/error/403", PageError403.class, MidPointPageParametersEncoder.ENCODER)); - mount(new MountedMapper("/error/404", PageError404.class, MidPointPageParametersEncoder.ENCODER)); - mount(new MountedMapper("/error/410", PageError410.class, MidPointPageParametersEncoder.ENCODER)); + mount(new MountedMapper("/error", PageError.class, new PageParametersEncoder())); + mount(new MountedMapper("/error/401", PageError401.class, new PageParametersEncoder())); + mount(new MountedMapper("/error/403", PageError403.class, new PageParametersEncoder())); + mount(new MountedMapper("/error/404", PageError404.class, new PageParametersEncoder())); + mount(new MountedMapper("/error/410", PageError410.class, new PageParametersEncoder())); getRequestCycleListeners().add(new LoggingRequestCycleListener(this)); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExactMatchMountedMapper.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExactMatchMountedMapper.java new file mode 100644 index 00000000000..54cc56997c5 --- /dev/null +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/ExactMatchMountedMapper.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2010-2017 Evolveum + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.evolveum.midpoint.web.util; + +import org.apache.commons.lang3.StringUtils; +import org.apache.wicket.core.request.mapper.MountedMapper; +import org.apache.wicket.request.Url; +import org.apache.wicket.request.component.IRequestablePage; +import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder; + +/** + * Created by lazyman on 09/03/2017. + */ +public class ExactMatchMountedMapper extends MountedMapper { + + public ExactMatchMountedMapper(String mountPath, + Class pageClass, + IPageParametersEncoder pageParametersEncoder) { + super(mountPath, pageClass, pageParametersEncoder); + } + + /** + * We want to fully match url path. Parent class is OK with partial match and then + * marking other path element as page parameters. + * + * @param url + * @return + */ + @Override + protected boolean urlStartsWithMountedSegments(Url url) { + if (url == null) { + return false; + } + + String mountUrl = StringUtils.join(mountSegments, "/"); + return url.getPath().equals(mountUrl); + } +} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MidPointPageParametersEncoder.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MidPointPageParametersEncoder.java deleted file mode 100644 index b44e70f3560..00000000000 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MidPointPageParametersEncoder.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2010-2013 Evolveum - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.evolveum.midpoint.web.util; - -import com.evolveum.midpoint.util.logging.Trace; -import com.evolveum.midpoint.util.logging.TraceManager; -import org.apache.wicket.request.Url; -import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder; -import org.apache.wicket.request.mapper.parameter.PageParameters; - -import java.util.Iterator; - - -/** - * @author lazyman - */ -public class MidPointPageParametersEncoder implements IPageParametersEncoder { - - public static final MidPointPageParametersEncoder ENCODER = new MidPointPageParametersEncoder(); - - private static final Trace LOGGER = TraceManager.getTrace(MidPointPageParametersEncoder.class); - - /** - * Encodes a URL in the form: - *

- * /mountpoint/paramName1/paramValue1/paramName2/paramValue2 - *

- * (i.e. a URL using the pre wicket 1.5 Hybrid URL strategy) - */ - @Override - public Url encodePageParameters(PageParameters pageParameters) { - Url url = new Url(); - - for (PageParameters.NamedPair pair : pageParameters.getAllNamed()) { - url.getSegments().add(pair.getKey()); - url.getSegments().add(pair.getValue()); - } - - if (LOGGER.isTraceEnabled() && !pageParameters.isEmpty()) { - LOGGER.trace("Parameters '{}' encoded to: '{}'", pageParameters, url.toString()); - } - - return url; - } - - /** - * Decodes a URL in the form: - *

- * /mountpoint/paramName1/paramValue1/paramName2/paramValue2 - *

- * (i.e. a URL using the pre wicket 1.5 Hybrid URL strategy) - */ - @Override - public PageParameters decodePageParameters(Url url) { - PageParameters parameters = new PageParameters(); - - for (Iterator segment = url.getSegments().iterator(); segment.hasNext(); ) { - String key = segment.next(); - if (segment.hasNext()) { - String value = segment.next(); - - if (value != null) { - parameters.add(key, value); - } - } - } - - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("Parameters '{}' encoded from: '{}'", parameters, url.toString()); - } - - return parameters.isEmpty() ? null : parameters; - } - -} diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MountedMapperWithoutPageComponentInfo.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MountedMapperWithoutPageComponentInfo.java deleted file mode 100644 index 325e7edf501..00000000000 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MountedMapperWithoutPageComponentInfo.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2010-2013 Evolveum - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.evolveum.midpoint.web.util; - -import org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler; -import org.apache.wicket.core.request.mapper.MountedMapper; -import org.apache.wicket.request.IRequestHandler; -import org.apache.wicket.request.Url; -import org.apache.wicket.request.component.IRequestablePage; -import org.apache.wicket.request.mapper.info.PageComponentInfo; -import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder; - -/** - * @author lazyman - */ -public class MountedMapperWithoutPageComponentInfo extends MountedMapper { - - public MountedMapperWithoutPageComponentInfo(String mountPath, - Class pageClass, - IPageParametersEncoder encoder) { - - super(mountPath, pageClass, encoder); - } - - @Override - protected void encodePageComponentInfo(Url url, PageComponentInfo info) { - //do nothing, we don't want to render page version in url - } - - @Override - public Url mapHandler(IRequestHandler requestHandler) { - if (requestHandler instanceof ListenerInterfaceRequestHandler) { - return null; - } - - return super.mapHandler(requestHandler); - } -}