Skip to content

Commit

Permalink
archetype sec policy merge with org sec policy; small refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
@KaterynaHonchar
KaterynaHonchar committed Nov 18, 2022
1 parent 97d9a9d commit 69659bf
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 22 deletions.
34 changes: 19 additions & 15 deletions ...l/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/loader/ContextLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,7 @@ private <O extends ObjectType> void loadSecurityPolicy(LensContext<O> context, b
PrismObject<FocusType> focus = focusContext.getObjectAny();
SecurityPolicyType globalSecurityPolicy = determineAndSetGlobalSecurityPolicy(context, focus, task, result);
SecurityPolicyType focusSecurityPolicy =
determineAndSetFocusSecurityPolicy(focusContext, focus, globalSecurityPolicy, forceReload, task, result);
determineAndSetFocusSecurityPolicy(focusContext, focus, context.getSystemConfiguration(), forceReload, task, result);

if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Security policies:\n Global:\n{}\n Focus:\n{}",
Expand Down Expand Up @@ -418,24 +418,28 @@ private <O extends ObjectType> SecurityPolicyType determineAndSetGlobalSecurityP
}

private SecurityPolicyType determineAndSetFocusSecurityPolicy(LensFocusContext<FocusType> focusContext,
PrismObject<FocusType> focus, SecurityPolicyType globalSecurityPolicy, boolean forceReload, Task task,
OperationResult result) throws SchemaException {
PrismObject<FocusType> focus, PrismObject<SystemConfigurationType> systemConfiguration, boolean forceReload, Task task,
OperationResult result) throws CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, SchemaException {
SecurityPolicyType existingPolicy = focusContext.getSecurityPolicy();
if (existingPolicy != null && !forceReload) {
return existingPolicy;
} else {
SecurityPolicyType loadedPolicy = securityHelper.locateFocusSecurityPolicyFromOrgs(focus, task, result);
SecurityPolicyType resultingPolicy;
if (loadedPolicy != null) {
resultingPolicy = loadedPolicy;
} else {
// Not very clean. In fact we should store focus security policy separate from global
// policy to avoid confusion. But need to do this to fix MID-4793 and backport the fix.
// Therefore avoiding big changes. TODO: fix properly later
resultingPolicy = globalSecurityPolicy;
}
focusContext.setSecurityPolicy(resultingPolicy);
return resultingPolicy;
SecurityPolicyType loadedPolicy = securityHelper.locateSecurityPolicy(focus, systemConfiguration, task, result); //todo review please
// locateSecurityPolicy tries to load security policy from org
//and archetypes at first but if no one is found, return global security policy. therefore the usage
//method locateFocusSecurityPolicyFromOrgs was replaced with locateSecurityPolicy and the following
//peace of code was commented
// SecurityPolicyType resultingPolicy;
// if (loadedPolicy != null) {
// resultingPolicy = loadedPolicy;
// } else {
// // Not very clean. In fact we should store focus security policy separate from global
// // policy to avoid confusion. But need to do this to fix MID-4793 and backport the fix.
// // Therefore avoiding big changes. TODO: fix properly later
// resultingPolicy = globalSecurityPolicy;
// }
focusContext.setSecurityPolicy(loadedPolicy);
return loadedPolicy;
}
}
}
31 changes: 24 additions & 7 deletions model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,10 +146,12 @@ private void storeConnectionEnvironment(AuditEventRecord record, ConnectionEnvir
public <F extends FocusType> SecurityPolicyType locateSecurityPolicy(PrismObject<F> focus, PrismObject<SystemConfigurationType> systemConfiguration,
Task task, OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {

SecurityPolicyType focusSecurityPolicy = locateFocusSecurityPolicyFromOrgs(focus, task, result);
if (focusSecurityPolicy != null) {
traceSecurityPolicy(focusSecurityPolicy, focus);
return focusSecurityPolicy;
SecurityPolicyType securityPolicyFromOrgs = locateFocusSecurityPolicyFromOrgs(focus, task, result);
SecurityPolicyType securityPolicyFromArchetypes = locateFocusSecurityPolicyFromArchetypes(focus, task, result);
SecurityPolicyType mergedSecurityPolicy = mergeSecurityPolicies(securityPolicyFromArchetypes, securityPolicyFromOrgs); //sec policy from archetypes overrides sec policy from org
if (mergedSecurityPolicy != null) {
traceSecurityPolicy(mergedSecurityPolicy, focus);
return mergedSecurityPolicy;
}

SecurityPolicyType globalSecurityPolicy = locateGlobalSecurityPolicy(focus, systemConfiguration, task, result);
Expand All @@ -161,7 +163,7 @@ public <F extends FocusType> SecurityPolicyType locateSecurityPolicy(PrismObject
return null;
}

public <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromOrgs(PrismObject<F> focus, Task task,
private <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromOrgs(PrismObject<F> focus, Task task,
OperationResult result) throws SchemaException {
PrismObject<SecurityPolicyType> orgSecurityPolicy = objectResolver.searchOrgTreeWidthFirstReference(focus,
o -> o.asObjectable().getSecurityPolicyRef(), "security policy", task, result);
Expand All @@ -175,7 +177,7 @@ public <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromOrg
}
}

public <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromArchetypes(PrismObject<F> focus, Task task,
private <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromArchetypes(PrismObject<F> focus, Task task,
OperationResult result) throws SchemaException {
PrismObject<SecurityPolicyType> archetypeSecurityPolicy = searchSecurityPolicyFromArchetype(focus,
"security policy", task, result);
Expand All @@ -189,7 +191,7 @@ public <F extends FocusType> SecurityPolicyType locateFocusSecurityPolicyFromArc
}
}

public <O extends ObjectType> PrismObject<SecurityPolicyType> searchSecurityPolicyFromArchetype(PrismObject<O> object,
private <O extends ObjectType> PrismObject<SecurityPolicyType> searchSecurityPolicyFromArchetype(PrismObject<O> object,
String shortDesc, Task task, OperationResult result) throws SchemaException {
if (object == null) {
LOGGER.trace("No object provided. Cannot find security policy specific for an object.");
Expand Down Expand Up @@ -243,6 +245,21 @@ private PrismObject<SecurityPolicyType> mergeSecurityPolicyWithSuperArchetype(Ar
return mergeSecurityPolicyWithSuperArchetype(superArchetype, mergedSecurityPolicy, task, result);
}

private SecurityPolicyType mergeSecurityPolicies(SecurityPolicyType lowLevelSecurityPolicy,
SecurityPolicyType topLevelSecurityPolicy) {
if (lowLevelSecurityPolicy == null && topLevelSecurityPolicy == null) {
return null;
}
if (topLevelSecurityPolicy == null) {
return lowLevelSecurityPolicy.clone();
}
if (lowLevelSecurityPolicy == null) {
return topLevelSecurityPolicy.clone();
}
PrismObject<SecurityPolicyType> mergedSecurityPolicy = mergeSecurityPolicies(lowLevelSecurityPolicy.asPrismObject(), topLevelSecurityPolicy.asPrismObject());
return mergedSecurityPolicy != null ? mergedSecurityPolicy.asObjectable() : null;
}

/**
*
* @param lowLevelSecurityPolicy means the security policy referenced from child archetype
Expand Down

0 comments on commit 69659bf

Please sign in to comment.