From 50d5a03d30c5f4fb5f07f918c1963ddd4d8c08f7 Mon Sep 17 00:00:00 2001 From: Richard Richter Date: Wed, 20 May 2020 13:51:43 +0200 Subject: [PATCH] AbstractRestController.java: fixed finishRequest logic It wasn't aligned with init request (one was from "experimental" code, other wasn't), now they work hadn in hand (they are NOT controlled by "experimental" code flag and pass tests in both modes). --- .../rest/impl/AbstractRestController.java | 51 +++++++++++--- .../impl/ExtensionSchemaRestController.java | 4 +- .../rest/impl/ModelRestController.java | 68 +++++++++---------- 3 files changed, 76 insertions(+), 47 deletions(-) diff --git a/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java b/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java index ffa7b887e61..219d40a8a15 100644 --- a/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java +++ b/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/AbstractRestController.java @@ -7,18 +7,27 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import com.evolveum.midpoint.audit.api.AuditEventRecord; +import com.evolveum.midpoint.audit.api.AuditEventStage; +import com.evolveum.midpoint.audit.api.AuditEventType; +import com.evolveum.midpoint.audit.api.AuditService; import com.evolveum.midpoint.model.impl.ModelRestService; import com.evolveum.midpoint.model.impl.security.SecurityHelper; +import com.evolveum.midpoint.prism.PrismObject; import com.evolveum.midpoint.schema.constants.SchemaConstants; import com.evolveum.midpoint.schema.result.OperationResult; -import com.evolveum.midpoint.security.api.ConnectionEnvironment; +import com.evolveum.midpoint.schema.result.OperationResultStatus; +import com.evolveum.midpoint.security.api.MidPointPrincipal; import com.evolveum.midpoint.task.api.Task; import com.evolveum.midpoint.task.api.TaskManager; import com.evolveum.midpoint.util.exception.*; import com.evolveum.midpoint.util.logging.LoggingUtils; import com.evolveum.midpoint.util.logging.Trace; import com.evolveum.midpoint.util.logging.TraceManager; +import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType; import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType; /** @@ -29,6 +38,7 @@ class AbstractRestController { protected final Trace logger = TraceManager.getTrace(getClass()); private final String opNamePrefix = getClass().getName() + "."; + @Autowired protected AuditService auditService; @Autowired protected SecurityHelper securityHelper; @Autowired protected TaskManager taskManager; @@ -139,15 +149,34 @@ protected ResponseEntity createErrorResponseBuilder( return status(status).body(resultBean); } - protected void finishRequest(Task task) { - // TODO what level of auditing do we want anyway? -// if (isExperimentalEnabled()) { -// auditEvent(request); -// SecurityContextHolder.getContext().setAuthentication(null); -// } else { - task.getResult().computeStatus(); - ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI); - connEnv.setSessionIdOverride(task.getTaskIdentifier()); - securityHelper.auditLogout(connEnv, task); + protected void finishRequest() { + auditEvent(); + SecurityContextHolder.getContext().setAuthentication(null); + } + + private void auditEvent() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + Object principal = authentication.getPrincipal(); + String name = null; + if (principal instanceof MidPointPrincipal) { + name = ((MidPointPrincipal) principal).getUsername(); + } else if (principal != null) { + return; + } + PrismObject user = principal != null ? ((MidPointPrincipal) principal).getFocus().asPrismObject() : null; + + Task task = taskManager.createTaskInstance(); + task.setOwner(user); + task.setChannel(SchemaConstants.CHANNEL_REST_URI); + + AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST); + record.setInitiator(user); + record.setParameter(name); + + record.setChannel(SchemaConstants.CHANNEL_REST_URI); + record.setTimestamp(System.currentTimeMillis()); + record.setOutcome(OperationResultStatus.SUCCESS); + + auditService.audit(record, task); } } diff --git a/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ExtensionSchemaRestController.java b/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ExtensionSchemaRestController.java index ceb731edbd5..d1a534e9bae 100644 --- a/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ExtensionSchemaRestController.java +++ b/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ExtensionSchemaRestController.java @@ -72,7 +72,7 @@ public ResponseEntity listSchemas() { .body(ex.getMessage()); // TODO handle this somehow better } - finishRequest(task); + finishRequest(); return response; } @@ -140,7 +140,7 @@ public ResponseEntity getSchema( response = handleException(result, ex); } - finishRequest(task); + finishRequest(); return response; } } diff --git a/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java b/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java index 3f6e9102d21..89fd9afc104 100644 --- a/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java +++ b/model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java @@ -82,7 +82,7 @@ public ResponseEntity generateValue( response = handleException(parentResult, ex); } - finishRequest(task); + finishRequest(); return response; } @@ -93,7 +93,7 @@ public ResponseEntity generateValueRpc( OperationResult parentResult = task.getResult().createSubresult("generateValueRpc"); ResponseEntity response = generateValue(null, policyItemsDefinition, task, parentResult); - finishRequest(task); + finishRequest(); return response; } @@ -142,7 +142,7 @@ public ResponseEntity validateValue( response = handleException(parentResult, ex); } - finishRequest(task); + finishRequest(); return response; } @@ -153,7 +153,7 @@ public ResponseEntity validateValue( OperationResult parentResult = task.getResult().createSubresult("validateValue"); ResponseEntity response = validateValue(null, policyItemsDefinition, task, parentResult); - finishRequest(task); + finishRequest(); return response; } @@ -163,13 +163,13 @@ private ResponseEntity validateValue( ResponseEntity response; if (policyItemsDefinition == null) { response = createBadPolicyItemsDefinitionResponse("Policy items definition must not be null", parentResult); - finishRequest(task); + finishRequest(); return response; } if (CollectionUtils.isEmpty(policyItemsDefinition.getPolicyItemDefinition())) { response = createBadPolicyItemsDefinitionResponse("No definitions for items", parentResult); - finishRequest(task); + finishRequest(); return response; } @@ -220,7 +220,7 @@ public ResponseEntity getValuePolicyForUser( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); logger.debug("getValuePolicyForUser finish"); return response; @@ -271,7 +271,7 @@ public ResponseEntity getObject( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -294,7 +294,7 @@ public ResponseEntity getSelf() { response = status(HttpStatus.INTERNAL_SERVER_ERROR).body(e.getMessage()); } - finishRequest(task); + finishRequest(); return response; } @@ -310,7 +310,7 @@ public ResponseEntity addObject( Class clazz = ObjectTypes.getClassFromRestType(type); if (!object.getCompileTimeClass().equals(clazz)) { - finishRequest(task); + finishRequest(); parentResult.recordFatalError("Request to add object of type " + object.getCompileTimeClass().getSimpleName() + " to the collection of " + type); return createErrorResponseBuilder(HttpStatus.BAD_REQUEST, parentResult); @@ -338,7 +338,7 @@ public ResponseEntity addObject( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -379,7 +379,7 @@ public ResponseEntity searchObjectsByType( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -396,7 +396,7 @@ public ResponseEntity addObject( Class clazz = ObjectTypes.getClassFromRestType(type); if (!object.getCompileTimeClass().equals(clazz)) { - finishRequest(task); + finishRequest(); parentResult.recordFatalError("Request to add object of type " + object.getCompileTimeClass().getSimpleName() + " to the collection of " + type); @@ -425,7 +425,7 @@ public ResponseEntity addObject( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -446,7 +446,7 @@ public ResponseEntity deleteObject( if (clazz.isAssignableFrom(TaskType.class)) { taskService.suspendAndDeleteTask(id, WAIT_FOR_TASK_STOP, true, task, parentResult); parentResult.computeStatus(); - finishRequest(task); + finishRequest(); if (parentResult.isSuccess()) { return ResponseEntity.noContent().build(); } @@ -463,7 +463,7 @@ public ResponseEntity deleteObject( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -501,7 +501,7 @@ public ResponseEntity modifyObjectPatch( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -523,7 +523,7 @@ public ResponseEntity notifyChange( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -543,7 +543,7 @@ public ResponseEntity findShadowOwner( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -565,7 +565,7 @@ public ResponseEntity importShadow( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -602,7 +602,7 @@ public ResponseEntity searchObjects( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -634,7 +634,7 @@ public ResponseEntity importFromResource( } parentResult.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -659,7 +659,7 @@ public ResponseEntity testResource( parentResult.getSubresults().add(testResult); } - finishRequest(task); + finishRequest(); return response; } @@ -679,7 +679,7 @@ public ResponseEntity suspendTask( response = handleException(parentResult, ex); } - finishRequest(task); + finishRequest(); return response; } @@ -699,7 +699,7 @@ public ResponseEntity resumeTask( response = handleException(parentResult, ex); } - finishRequest(task); + finishRequest(); return response; } @@ -718,7 +718,7 @@ public ResponseEntity scheduleTaskNow( response = handleException(parentResult, ex); } - finishRequest(task); + finishRequest(); return response; } @@ -752,7 +752,7 @@ public ResponseEntity executeScript( response = handleExceptionNoLog(result, ex); } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -782,7 +782,7 @@ public ResponseEntity compare( } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -801,7 +801,7 @@ public ResponseEntity getLogFileSize() { } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -828,7 +828,7 @@ public ResponseEntity getLog( } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -850,7 +850,7 @@ public ResponseEntity executeCredentialReset( } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -869,7 +869,7 @@ public ResponseEntity getThreadsDump() { response = handleExceptionNoLog(result, ex); } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -888,7 +888,7 @@ public ResponseEntity getRunningTasksThreadsDump() { response = handleExceptionNoLog(result, ex); } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } @@ -907,7 +907,7 @@ public ResponseEntity getTaskThreadsDump( response = handleExceptionNoLog(result, ex); } result.computeStatus(); - finishRequest(task); + finishRequest(); return response; } }