Merge remote-tracking branch 'refs/remotes/origin/master'

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/channel/InvitationAuthenticationChannel.java

@@ -47,6 +47,11 @@ public boolean isSupportActivationByChannel() {
         return false;
     }
 
+    @Override
+    public String getPathDuringProccessing() {
+        return "/";
+    }
+
     @Override
     public Collection<Authorization> resolveAuthorities(Collection<Authorization> authorities) {
         ArrayList<Authorization> newAuthorities = new ArrayList<>();

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointExceptionTranslationFilter.java

@@ -7,6 +7,9 @@
 package com.evolveum.midpoint.authentication.impl.filter;
 
 import java.io.IOException;
+
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -57,15 +60,19 @@ protected void sendStartAuthentication(HttpServletRequest request, HttpServletRe
             ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
             if (moduleAuthentication != null && moduleAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken
                     && !mpAuthentication.hasSucceededAuthentication()) {
+                AuthenticationSequenceChannelType channel = mpAuthentication.getSequence() != null ?
+                        mpAuthentication.getSequence().getChannel() : null;
                 moduleAuthentication.setAuthentication(
-                        createNewAuthentication((AnonymousAuthenticationToken) moduleAuthentication.getAuthentication()));
+                        createNewAuthentication((AnonymousAuthenticationToken) moduleAuthentication.getAuthentication(),
+                                channel));
                 mpAuthentication.setPrincipal(null);
             }
             SecurityContextHolder.getContext().setAuthentication(mpAuthentication);
         }
     }
 
-    protected Authentication createNewAuthentication(AnonymousAuthenticationToken authentication) {
+    protected Authentication createNewAuthentication(AnonymousAuthenticationToken authentication,
+            AuthenticationSequenceChannelType channel) {
         return null;
     }
 

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/configurers/MidpointExceptionHandlingConfigurer.java

@@ -10,6 +10,8 @@
 
 import com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter;
 import com.evolveum.midpoint.authentication.impl.filter.MidpointExceptionTranslationFilter;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
@@ -87,8 +89,9 @@ public void configure(H http) throws Exception {
         ExceptionTranslationFilter exceptionTranslationFilter = new MidpointExceptionTranslationFilter(
                 entryPoint, getRequestCache(http)) {
             @Override
-            protected Authentication createNewAuthentication(AnonymousAuthenticationToken authentication) {
-                return MidpointExceptionHandlingConfigurer.this.createNewAuthentication(authentication);
+            protected Authentication createNewAuthentication(AnonymousAuthenticationToken authentication,
+                    AuthenticationSequenceChannelType channel) {
+                return MidpointExceptionHandlingConfigurer.this.createNewAuthentication(authentication, channel);
             }
         };
         AccessDeniedHandler deniedHandler = getAccessDeniedHandler();
@@ -98,7 +101,8 @@ protected Authentication createNewAuthentication(AnonymousAuthenticationToken au
         http.addFilterAfter(exceptionTranslationFilter, MidpointAnonymousAuthenticationFilter.class);
     }
 
-    protected Authentication createNewAuthentication(AnonymousAuthenticationToken authentication) {
+    protected Authentication createNewAuthentication(AnonymousAuthenticationToken authentication,
+            AuthenticationSequenceChannelType channel) {
         return null;
     }
 

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/MailNonceFormModuleWebSecurityConfigurer.java

@@ -15,7 +15,13 @@
 import com.evolveum.midpoint.authentication.api.util.AuthUtil;
 import com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration;
 
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.Authentication;
+
 
 /**
  * @author skublik
@@ -36,7 +42,18 @@ protected void configure(HttpSecurity http) throws Exception {
                 .failureHandler(new MidpointAuthenticationFailureHandler())
                 .successHandler(getObjectPostProcessor().postProcess(
                         new MidPointAuthenticationSuccessHandler())).permitAll();
-        getOrApply(http, new MidpointExceptionHandlingConfigurer<>())
+        MidpointExceptionHandlingConfigurer exceptionConfigurer = new MidpointExceptionHandlingConfigurer() {
+            @Override
+            protected Authentication createNewAuthentication(AnonymousAuthenticationToken anonymousAuthenticationToken,
+                    AuthenticationSequenceChannelType channel) {
+                if (channel != null && SchemaConstants.CHANNEL_INVITATION_URI.equals(channel.getChannelId())) {
+                    anonymousAuthenticationToken.setAuthenticated(false);
+                    return anonymousAuthenticationToken;
+                }
+                return null;
+            }
+        };
+        getOrApply(http, exceptionConfigurer)
                 .authenticationEntryPoint(new WicketLoginUrlAuthenticationEntryPoint(
                         getConfiguration().getSpecificLoginUrl() == null ? "/emailNonce" : getConfiguration().getSpecificLoginUrl()));
 

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/RemoteModuleWebSecurityConfigurer.java

@@ -8,6 +8,9 @@
 package com.evolveum.midpoint.authentication.impl.module.configurer;
 
 import java.util.UUID;
+
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+
 import jakarta.servlet.ServletRequest;
 import jakarta.servlet.http.HttpServletRequest;
 
@@ -70,7 +73,8 @@ protected void configure(HttpSecurity http) throws Exception {
 
         MidpointExceptionHandlingConfigurer exceptionConfigurer = new MidpointExceptionHandlingConfigurer() {
             @Override
-            protected Authentication createNewAuthentication(AnonymousAuthenticationToken anonymousAuthenticationToken) {
+            protected Authentication createNewAuthentication(AnonymousAuthenticationToken anonymousAuthenticationToken,
+                    AuthenticationSequenceChannelType channel) {
                 if (anonymousAuthenticationToken.getDetails() != null
                         && getAuthTokenClass().isAssignableFrom(anonymousAuthenticationToken.getDetails().getClass())) {
                     return (Authentication) anonymousAuthenticationToken.getDetails();

model/rest-impl/src/main/java/com/evolveum/midpoint/rest/impl/ModelRestController.java

@@ -284,6 +284,11 @@ private PrismObject<? extends ObjectType> getCurrentNodeObject(Collection<Select
         }
     }
 
+    @GetMapping("/self/")
+    public ResponseEntity<?> getSelfAlt() {
+        return getSelf();
+    }
+
     @GetMapping("/self")
     public ResponseEntity<?> getSelf() {
         logger.debug("model rest service for get operation start");
@@ -306,6 +311,14 @@ public ResponseEntity<?> getSelf() {
         return response;
     }
 
+    @PostMapping("/{type}/")
+    public <T extends ObjectType> ResponseEntity<?> addObjectAlt(
+            @PathVariable("type") String type,
+            @RequestParam(value = "options", required = false) List<String> options,
+            @RequestBody @NotNull PrismObject<T> object) {
+        return addObject(type, options, object);
+    }
+
     @PostMapping("/{type}")
     public <T extends ObjectType> ResponseEntity<?> addObject(
             @PathVariable("type") String type,

repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/MidPointPostgreSQLDialect.java

@@ -8,28 +8,30 @@
 package com.evolveum.midpoint.repo.sql.util;
 
 import org.hibernate.boot.model.TypeContributions;
-import org.hibernate.dialect.PostgreSQL95Dialect;
+import org.hibernate.dialect.DatabaseVersion;
+import org.hibernate.dialect.PostgreSQLDialect;
 import org.hibernate.service.ServiceRegistry;
 import org.hibernate.type.SqlTypes;
+import org.hibernate.type.descriptor.jdbc.LongVarbinaryJdbcType;
 import org.hibernate.type.descriptor.sql.internal.DdlTypeImpl;
 
 import java.sql.Types;
 
 /**
  * @author lazyman
  */
-public class MidPointPostgreSQLDialect extends PostgreSQL95Dialect {
+public class MidPointPostgreSQLDialect extends PostgreSQLDialect {
 
     public MidPointPostgreSQLDialect() {
-
+        super( DatabaseVersion.make( 9, 5 ) );
     }
 
     @Override
-    protected void registerColumnTypes(TypeContributions typeContributions, ServiceRegistry serviceRegistry) {
+    public void contributeTypes(TypeContributions typeContributions, ServiceRegistry serviceRegistry) {
         super.registerColumnTypes(typeContributions, serviceRegistry);
         var blobBytea = new DdlTypeImpl(SqlTypes.BLOB, "bytea", this);
         typeContributions.getTypeConfiguration().getDdlTypeRegistry().addDescriptor(blobBytea);
-
+        typeContributions.getTypeConfiguration().getJdbcTypeRegistry().addDescriptor(Types.BLOB, LongVarbinaryJdbcType.INSTANCE);
     }
 
     @Override
@@ -40,13 +42,4 @@ protected String columnType(int sqlTypeCode) {
         return super.columnType(sqlTypeCode);
     }
 
-    /*
-    @Override
-    public SqlTypeDescriptor getSqlTypeDescriptorOverride(int sqlCode) {
-        if (Types.BLOB == sqlCode) {
-            return LongVarbinaryTypeDescriptor.INSTANCE;
-        }
-
-        return super.getSqlTypeDescriptorOverride(sqlCode);
-    }*/
 }

testing/story/pom.xml

@@ -307,7 +307,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.activemq</groupId>
-            <artifactId>artemis-jms-client</artifactId>
+            <artifactId>artemis-jakarta-client</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

testing/story/src/test/resources/grouper/task-async-update.xml

@@ -14,7 +14,6 @@
         <!-- administrator -->
     </ownerRef>
     <executionState>runnable</executionState>
-    <category>AsynchronousUpdate</category>
     <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/async-update/handler-3</handlerUri>
     <objectRef oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233" relation="org:default" type="c:ResourceType">
         <!-- Grouper Resource -->

testing/story/src/test/resources/grouper/task-group-scavenger.xml

@@ -76,7 +76,6 @@ Looks for groups with the lifecycleState of 'retired' and completes their deleti
     </extension>
     <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
     <executionState>runnable</executionState>
-    <category>BulkActions</category>
     <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/iterative-scripting/handler-3</handlerUri>
     <schedule>
         <recurrence>recurring</recurrence>

tools/ninja/src/main/java/com/evolveum/midpoint/ninja/action/mining/ExportMiningOptions.java

@@ -33,8 +33,8 @@ public class ExportMiningOptions extends BaseMiningOptions implements BasicExpor
     public static final String P_SUFFIX_APPLICATION_LONG = "--applicationRoleSuffix";
     public static final String P_SUFFIX_BUSINESS = "-brs";
     public static final String P_SUFFIX_BUSINESS_LONG = "--businessRoleSuffix";
-    public static final String P_ORG = "-org";
-    public static final String P_ORG_LONG = "--includeOrg";
+    public static final String P_ORG = "-do";
+    public static final String P_ORG_LONG = "--disableOrg";
     public static final String P_NAME_OPTIONS = "-nm";
     public static final String P_NAME_OPTIONS_LONG = "--nameMode";
     public static final String P_ARCHETYPE_OID_APPLICATION_LONG = "--applicationRoleArchetypeOid";
@@ -64,7 +64,7 @@ public class ExportMiningOptions extends BaseMiningOptions implements BasicExpor
     private String applicationRolePrefix;
 
     @Parameter(names = { P_ORG, P_ORG_LONG }, descriptionKey = "export.prevent.org")
-    private boolean includeOrg = true;
+    private boolean disableOrg = false;
 
     @Parameter(names = { P_NAME_OPTIONS, P_NAME_OPTIONS_LONG }, descriptionKey = "export.name.options")
     private RoleMiningExportUtils.NameMode nameMode = RoleMiningExportUtils.NameMode.SEQUENTIAL;
@@ -82,7 +82,7 @@ public RoleMiningExportUtils.SecurityMode getSecurityLevel() {
     }
 
     public boolean isIncludeOrg() {
-        return includeOrg;
+        return !disableOrg;
     }
 
     public String getApplicationRoleArchetypeOid() {

tools/ninja/src/main/resources/messages.properties

@@ -52,7 +52,7 @@ export.application.role.prefix=Prefix for identifying exported application roles
 export.application.role.suffix=Suffix for identifying exported application roles. Multiple suffixes can be specified using a comma "," as a delimiter.
 export.business.role.prefix=Prefix for identifying exported business roles. Multiple prefixes can be specified using a comma "," as a delimiter.
 export.business.role.suffix=Suffix for identifying exported business roles. Multiple suffixes can be specified using a comma "," as a delimiter.
-export.prevent.org=Specifies whether to include the export of organizational structures.
+export.prevent.org=Prevent the export of organizational structures.
 export.name.options=Defines the format of the name parameter in the export.
 export.business.role.archetype.oid=Detects a business role based on a specific archetype, provided by its OID.
 export.application.role.archetype.oid=Detects an application role based on a specific archetype, provided by its OID.