Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/configuration/component/SystemConfigPanel.java

@@ -1,75 +1,75 @@
-/*
- * Copyright (c) 2018 Evolveum and contributors
- *
- * This work is dual-licensed under the Apache License 2.0
- * and European Union Public License. See LICENSE file for details.
- */
-
-package com.evolveum.midpoint.gui.impl.page.admin.configuration.component;
-
-import com.evolveum.midpoint.gui.impl.prism.ItemPanelSettingsBuilder;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
-import org.apache.wicket.markup.html.panel.Panel;
-import org.apache.wicket.model.IModel;
-
-import com.evolveum.midpoint.gui.api.component.BasePanel;
-import com.evolveum.midpoint.gui.api.prism.ItemWrapper;
-import com.evolveum.midpoint.gui.api.prism.PrismObjectWrapper;
-import com.evolveum.midpoint.prism.path.ItemPath;
-import com.evolveum.midpoint.util.exception.SchemaException;
-import com.evolveum.midpoint.util.logging.Trace;
-import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.web.component.prism.ItemVisibility;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
-
-/**
- * @author skublik
- */
-public class SystemConfigPanel extends BasePanel<PrismObjectWrapper<SystemConfigurationType>> {
-
-    private static final long serialVersionUID = 1L;
-
-    private static final Trace LOGGER = TraceManager.getTrace(SystemConfigPanel.class);
-
-    private static final String ID_SYSTEM_CONFIG = "basicSystemConfiguration";
-
-
-    public SystemConfigPanel(String id, IModel<PrismObjectWrapper<SystemConfigurationType>> model) {
-        super(id, model);
-
-        setOutputMarkupId(true);
-
-    }
-
-    @Override
-    protected void onInitialize() {
-        super.onInitialize();
-
-        initLayout();
-    }
-
-    protected void initLayout() {
-        try {
-            ItemPanelSettingsBuilder builder = new ItemPanelSettingsBuilder().visibilityHandler(itemWrapper -> getBasicTabVisibity(itemWrapper));
-            Panel panel = getPageBase().initItemPanel(ID_SYSTEM_CONFIG, SystemConfigurationType.COMPLEX_TYPE, getModel(), builder.build());
-            add(panel);
-        } catch (SchemaException e) {
-            LOGGER.error("Cannot create basic panel for system configuration.");
-            getSession().error("Cannot create basic panel for system configuration.");
-        }
-
-    }
-
-    private ItemVisibility getBasicTabVisibity(ItemWrapper<?, ?, ?, ?> itemWrapper) {
-        if(itemWrapper.getPath().isSubPathOrEquivalent(ItemPath.create(ItemPath.EMPTY_PATH, SystemConfigurationType.F_DESCRIPTION)) || itemWrapper.getPath().isSubPathOrEquivalent(ItemPath.create(
-                ItemPath.EMPTY_PATH, SystemConfigurationType.F_GLOBAL_SECURITY_POLICY_REF))) {
-            return ItemVisibility.AUTO;
-        }
-
-        if(itemWrapper.getPath().isSuperPathOrEquivalent(ItemPath.create(ObjectType.F_EXTENSION))) {
-            return ItemVisibility.AUTO;
-        }
-
-        return ItemVisibility.HIDDEN;
-    }
-}
+/*
+ * Copyright (c) 2018 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+package com.evolveum.midpoint.gui.impl.page.admin.configuration.component;
+
+import com.evolveum.midpoint.gui.impl.prism.ItemPanelSettingsBuilder;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
+import org.apache.wicket.markup.html.panel.Panel;
+import org.apache.wicket.model.IModel;
+
+import com.evolveum.midpoint.gui.api.component.BasePanel;
+import com.evolveum.midpoint.gui.api.prism.ItemWrapper;
+import com.evolveum.midpoint.gui.api.prism.PrismObjectWrapper;
+import com.evolveum.midpoint.prism.path.ItemPath;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.web.component.prism.ItemVisibility;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
+
+/**
+ * @author skublik
+ */
+public class SystemConfigPanel extends BasePanel<PrismObjectWrapper<SystemConfigurationType>> {
+
+    private static final long serialVersionUID = 1L;
+
+    private static final Trace LOGGER = TraceManager.getTrace(SystemConfigPanel.class);
+
+    private static final String ID_SYSTEM_CONFIG = "basicSystemConfiguration";
+
+
+    public SystemConfigPanel(String id, IModel<PrismObjectWrapper<SystemConfigurationType>> model) {
+        super(id, model);
+
+        setOutputMarkupId(true);
+
+    }
+
+    @Override
+    protected void onInitialize() {
+        super.onInitialize();
+
+        initLayout();
+    }
+
+    protected void initLayout() {
+        try {
+            ItemPanelSettingsBuilder builder = new ItemPanelSettingsBuilder().visibilityHandler(this::getBasicTabVisibity);
+            Panel panel = getPageBase().initItemPanel(ID_SYSTEM_CONFIG, SystemConfigurationType.COMPLEX_TYPE, getModel(), builder.build());
+            add(panel);
+        } catch (SchemaException e) {
+            LOGGER.error("Cannot create basic panel for system configuration.");
+            getSession().error("Cannot create basic panel for system configuration.");
+        }
+
+    }
+
+    private ItemVisibility getBasicTabVisibity(ItemWrapper<?, ?, ?, ?> itemWrapper) {
+        if(itemWrapper.getPath().isSubPathOrEquivalent(ItemPath.create(ItemPath.EMPTY_PATH, SystemConfigurationType.F_DESCRIPTION)) || itemWrapper.getPath().isSubPathOrEquivalent(ItemPath.create(
+                ItemPath.EMPTY_PATH, SystemConfigurationType.F_GLOBAL_SECURITY_POLICY_REF))) {
+            return ItemVisibility.AUTO;
+        }
+
+        if(itemWrapper.getPath().isSuperPathOrEquivalent(ItemPath.create(ObjectType.F_EXTENSION))) {
+            return ItemVisibility.AUTO;
+        }
+
+        return ItemVisibility.HIDDEN;
+    }
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/UserMenuPanel.html

@@ -31,7 +31,6 @@
         <!-- Menu Footer-->
         <li class="user-footer">
             <div class="pull-right">
-                <!--<form method="post" action="logout">-->
                 <form method="post" wicket:id="logoutForm">
 
                     <div wicket:id="csrfField"/>

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/menu/UserMenuPanel.java

@@ -21,9 +21,7 @@
 import com.evolveum.midpoint.util.logging.LoggingUtils;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
 import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
-import com.evolveum.midpoint.model.api.authentication.StateOfModule;
 import com.evolveum.midpoint.web.component.AjaxButton;
 import com.evolveum.midpoint.web.component.form.Form;
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
@@ -43,7 +41,6 @@
 import org.apache.wicket.model.Model;
 import org.apache.wicket.request.resource.AbstractResource;
 import org.apache.wicket.request.resource.ByteArrayResource;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import javax.xml.namespace.QName;
@@ -224,7 +221,7 @@ public String getObject() {
         form.add(AttributeModifier.replace("action", new IModel<String>() {
             @Override
             public String getObject() {
-                return getUrlForLogout();
+                return SecurityUtils.getPathForLogoutWithContextPath(getRequest().getContextPath(), getAuthenticatedModule());
             }
         }));
         add(form);
@@ -281,22 +278,13 @@ private String getUrlForLogout() {
     }
 
     private ModuleAuthentication getAuthenticatedModule() {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        ModuleAuthentication moduleAuthentication = SecurityUtils.getAuthenticatedModule();
 
-        if (authentication instanceof MidpointAuthentication) {
-            MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
-            for (ModuleAuthentication moduleAuthentication : mpAuthentication.getAuthentications()) {
-                if (StateOfModule.SUCCESSFULLY.equals(moduleAuthentication.getState())) {
-                    return moduleAuthentication;
-                }
-            }
-        } else {
-            String message = "Unsupported type " + (authentication == null ? null : authentication.getClass().getName())
-                    + " of authentication for MidpointLogoutRedirectFilter, supported is only MidpointAuthentication";
+        if (moduleAuthentication == null) {
+            String message = "Unauthenticated request";
             throw new IllegalArgumentException(message);
         }
-        String message = "Unauthenticated request";
-        throw new IllegalArgumentException(message);
+        return moduleAuthentication;
     }
 
     private String getShortUserName() {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/error/PageError.html

@@ -27,12 +27,19 @@ <h3>
                     <a class="btn btn-primary" wicket:id="home" />
                     <a class="btn btn-primary" wicket:id="back" />
 
-                    <wicket:enclosure>
-                        <form method="post" action="logout" style="display: inline; margin-left: 20px;">
+<!--                    <wicket:enclosure>-->
+<!--                        <form method="post" action="logout" style="display: inline; margin-left: 20px;">-->
+<!--                            <div wicket:id="csrfField"/>-->
+<!--                            <input type="submit" class="btn btn-default btn-flat"  wicket:message="value:PageError.logout"/>-->
+<!--                        </form>-->
+
+                        <form method="post" style="display: inline; margin-left: 20px;" wicket:id="logoutForm">
+
                             <div wicket:id="csrfField"/>
+
                             <input type="submit" class="btn btn-default btn-flat"  wicket:message="value:PageError.logout"/>
                         </form>
-                    </wicket:enclosure>
+<!--                    </wicket:enclosure>-->
                 </div>
 
             </div>

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/error/PageError.java

@@ -8,14 +8,16 @@
 package com.evolveum.midpoint.web.page.error;
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
+import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.web.application.PageDescriptor;
 import com.evolveum.midpoint.web.component.AjaxButton;
-import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
+import com.evolveum.midpoint.web.component.form.Form;
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.midpoint.web.security.util.SecurityUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.wicket.AttributeModifier;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.markup.head.IHeaderResponse;
 import org.apache.wicket.markup.head.OnDomReadyHeaderItem;
@@ -42,6 +44,7 @@ public class PageError extends PageBase {
     private static final String ID_ERROR_MESSAGE = "errorMessage";
     private static final String ID_BACK = "back";
     private static final String ID_HOME = "home";
+    private static final String ID_LOGOUT_FORM = "logoutForm";
     private static final String ID_CSRF_FIELD = "csrfField";
 
     private static final Trace LOGGER = TraceManager.getTrace(PageError.class);
@@ -135,9 +138,23 @@ public void onClick(AjaxRequestTarget target) {
         };
         add(home);
 
+        Form form = new Form(ID_LOGOUT_FORM);
+        form.add(AttributeModifier.replace("action", new IModel<String>() {
+            @Override
+            public String getObject() {
+                return getUrlForLogout();
+            }
+        }));
+        form.add(new VisibleEnableBehaviour() {
+            @Override
+            public boolean isVisible() {
+                return SecurityUtils.getPrincipalUser() != null;
+            }
+        });
+        add(form);
+
         WebMarkupContainer csrfField = SecurityUtils.createHiddenInputForCsrf(ID_CSRF_FIELD);
-        csrfField.add(new VisibleBehaviour(() -> SecurityUtils.getPrincipalUser() != null));
-        add(csrfField);
+        form.add(csrfField);
     }
 
     private int getCode() {
@@ -179,4 +196,13 @@ private void backPerformed(AjaxRequestTarget target) {
     protected String getErrorMessageKey() {
         return "PageError.message";
     }
+
+    private String getUrlForLogout() {
+        ModuleAuthentication moduleAuthentication = SecurityUtils.getAuthenticatedModule();
+
+        if (moduleAuthentication == null) {
+            return SecurityUtils.DEFAULT_LOGOUT_PATH;
+        }
+        return SecurityUtils.getPathForLogoutWithContextPath(getRequest().getContextPath(), moduleAuthentication);
+    }
 }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/AuditedLogoutHandler.java

@@ -71,7 +71,7 @@ public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse resp
         if (authentication instanceof MidpointAuthentication) {
             MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
             if (mpAuthentication.getAuthenticationChannel() != null) {
-                targetUrl = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
+                targetUrl = mpAuthentication.getAuthenticationChannel().getPathAfterLogout();
             }
         }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/AuthenticationChannelImpl.java

@@ -11,11 +11,16 @@
 import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration;
 import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
 import com.evolveum.midpoint.security.api.Authorization;
+import com.evolveum.midpoint.util.QNameUtil;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
+
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.Validate;
 
 import java.util.Collection;
+import java.util.List;
 
 import static org.springframework.security.saml.util.StringUtils.stripSlashes;
 
@@ -26,6 +31,7 @@
 public class AuthenticationChannelImpl implements AuthenticationChannel {
 
     private AuthenticationSequenceChannelType channel;
+    private String pathAfterLogout;
 
     public AuthenticationChannelImpl(AuthenticationSequenceChannelType channel) {
         Validate.notNull(channel, "Couldn't create authentication channel object, because channel is null");
@@ -41,6 +47,28 @@ protected AuthenticationSequenceChannelType getChannel() {
         return channel;
     }
 
+    @Override
+    public void setPathAfterLogout(String pathAfterLogout) {
+        this.pathAfterLogout = pathAfterLogout;
+    }
+
+    @Override
+    public String getPathAfterLogout() {
+        if (StringUtils.isNotBlank(this.pathAfterLogout)) {
+            return pathAfterLogout;
+        }
+        return getPathDuringProccessing();
+    }
+
+    @Override
+    public boolean matchChannel(AuthenticationSequenceType sequence) {
+            if (sequence == null || sequence.getChannel() == null
+                    || !getChannelId().equals(sequence.getChannel().getChannelId())) {
+                return false;
+            }
+        return true;
+    }
+
     public String getChannelId() {
         return channel.getChannelId();
     }