Improved authorization logging (MID-1858)

Evolveum · Jun 30, 2015 · 8ba1266 · 8ba1266
1 parent 37113b8
commit 8ba1266
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 62 deletions.
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd
@@ -6781,6 +6781,7 @@
             </xsd:appinfo>
         </xsd:annotation>
         <xsd:sequence>
+        	<xsd:element name="name" type="xsd:string" minOccurs="0"/>
         	<xsd:element ref="tns:description" minOccurs="0"/>
         	<xsd:element name="decision" minOccurs="0" type="tns:AuthorizationDecisionType" default="allow"/>
         	<xsd:element name="action" type="xsd:anyURI" minOccurs="1" maxOccurs="unbounded">

diff --git a/...l/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentEvaluator.java b/...l/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/AssignmentEvaluator.java
@@ -527,7 +527,7 @@ private boolean evaluateAbstractRole(EvaluatedAssignmentImpl<F> assignment, Assi
 			evaluateAssignment(assignment, roleAssignmentPathSegment, evaluateOld, mode, roleType, subSourceDescription, assignmentPath, task, result);
 		}
 		for(AuthorizationType authorizationType: roleType.getAuthorization()) {
-			Authorization authorization = createAuthorization(authorizationType);
+			Authorization authorization = createAuthorization(authorizationType, roleType.toString());
 			assignment.addAuthorization(authorization);
 		}
 
@@ -574,8 +574,9 @@ public static String dumpAssignment(AssignmentType assignmentType) {
 	}
 
 
-	private Authorization createAuthorization(AuthorizationType authorizationType) {
+	private Authorization createAuthorization(AuthorizationType authorizationType, String sourceDesc) {
 		Authorization authorization = new Authorization(authorizationType);
+		authorization.setSourceDescription(sourceDesc);
 		return authorization;
 	}
 

diff --git a/model/model-intest/src/test/resources/security/role-prop-read-all-modify-some.xml b/model/model-intest/src/test/resources/security/role-prop-read-all-modify-some.xml
@@ -1,5 +1,5 @@
 <!--
-  ~ Copyright (c) 2014 Evolveum
+  ~ Copyright (c) 2014-2015 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -19,9 +19,11 @@
         xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
     <name>Prop Read All Modify Some</name>    
     <authorization>
+    	<name>AUTZreadAllModify1</name>
     	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
     </authorization>
     <authorization>
+    	<name>AUTZreadAllModify2</name>
     	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
     	<item>c:fullName</item>
     	<item>c:description</item>

diff --git a/model/model-intest/src/test/resources/security/role-readonly.xml b/model/model-intest/src/test/resources/security/role-readonly.xml
@@ -1,5 +1,5 @@
 <!--
-  ~ Copyright (c) 2014 Evolveum
+  ~ Copyright (c) 2014-2015 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
         xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
     <name>Read Only</name>    
     <authorization>
+    	<name>AUTZreadonly</name>
     	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
     </authorization>
 </role>
diff --git a/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java b/repo/security-api/src/main/java/com/evolveum/midpoint/security/api/Authorization.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2014 Evolveum
+ * Copyright (c) 2010-2015 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,8 @@
  */
 public class Authorization implements GrantedAuthority, DebugDumpable {
 
-	AuthorizationType authorizationType;
+	private AuthorizationType authorizationType;
+	private String sourceDescription;
 
 	public Authorization(AuthorizationType authorizationType) {
 		super();
@@ -56,6 +57,14 @@ public String getDescription() {
 		return authorizationType.getDescription();
 	}
 
+	public String getSourceDescription() {
+		return sourceDescription;
+	}
+
+	public void setSourceDescription(String sourceDescription) {
+		this.sourceDescription = sourceDescription;
+	}
+
 	public AuthorizationDecisionType getDecision() {
 		 AuthorizationDecisionType decision = authorizationType.getDecision();
 		 if (decision == null) {
@@ -84,6 +93,20 @@ public List<OwnedObjectSpecificationType> getTarget() {
 		return authorizationType.getTarget();
 	}
 
+	public String getHumanReadableDesc() {
+		StringBuilder sb = new StringBuilder();
+		if (authorizationType.getName() != null) {
+			sb.append("authorization '").append(authorizationType.getName()).append("'");
+		} else {
+			sb.append("unnamed authorization");
+		}
+		if (sourceDescription != null) {
+			sb.append(" in ");
+			sb.append(sourceDescription);
+		}
+		return sb.toString();
+	}
+
 	/* (non-Javadoc)
 	 * @see com.evolveum.midpoint.util.DebugDumpable#debugDump()
 	 */