Merge branch 'post-3.7-fixes' of https://github.com/Evolveum/midpoint …

…into post-3.7-fixes
Evolveum · Feb 26, 2018 · 8ea74f6 · 8ea74f6
2 parents 6e3abb5 + e816204
commit 8ea74f6
Show file tree

Hide file tree

Showing 20 changed files with 1,344 additions and 294 deletions.
diff --git a/...min-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointAccessDeniedHandler.java b/...min-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointAccessDeniedHandler.java
@@ -16,13 +16,13 @@
 
 package com.evolveum.midpoint.web.security;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.access.AccessDeniedHandlerImpl;
-import org.springframework.security.web.csrf.CsrfException;
-import org.springframework.security.web.csrf.InvalidCsrfTokenException;
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -57,6 +57,20 @@ private boolean isLoginLogoutRequest(HttpServletRequest req) {
         }
 
         String uri = req.getRequestURI();
-        return "/j_spring_security_logout".equals(uri) || "/spring_security_login".equals(uri);
+        return createUri(req, "/j_spring_security_logout").equals(uri)
+                || createUri(req, "/spring_security_login").equals(uri);
+    }
+
+    private String createUri(HttpServletRequest req, String uri) {
+        StringBuilder sb = new StringBuilder();
+
+        ServletContext ctx = req.getServletContext();
+        String ctxPath = ctx.getContextPath();
+        if (StringUtils.isNotEmpty(ctxPath)) {
+            sb.append(ctxPath);
+        }
+        sb.append(uri);
+
+        return sb.toString();
     }
 }
diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/internals/InternalCounters.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/internals/InternalCounters.java
@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2017 Evolveum
+ * Copyright (c) 2017-2018 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,9 @@ public enum InternalCounters {
 
 	RESOURCE_SCHEMA_FETCH_COUNT("resourceSchemaFetchCount", "resource schema fetch count", InternalOperationClasses.REPOSITORY_OPERATIONS),
 
-	RESOURCE_REPOSITORY_READ_COUNT("resourceRepositoryReadCount", "resource repository read count", null),
+	RESOURCE_REPOSITORY_READ_COUNT("resourceRepositoryReadCount", "resource repository read count", InternalOperationClasses.REPOSITORY_OPERATIONS),
+
+	RESOURCE_REPOSITORY_MODIFY_COUNT("resourceRepositoryModifyCount", "resource repository modify count", InternalOperationClasses.REPOSITORY_OPERATIONS),
 
 	CONNECTOR_INSTANCE_INITIALIZATION_COUNT("connectorInstanceInitializationCount", "connector instance initialization count", InternalOperationClasses.CONNECTOR_OPERATIONS),
 

diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/internals/InternalMonitor.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/internals/InternalMonitor.java
@@ -65,7 +65,7 @@ public static void recordCount(InternalCounters counter) {
 		long count = recordCountInternal(counter);
 		InternalOperationClasses operationClass = counter.getOperationClass();
 		if (operationClass != null && isTrace(operationClass)) {
-			traceOperation(operationClass, count);
+			traceOperation(counter, operationClass, count);
 		}
 	}
 
@@ -100,12 +100,12 @@ public static void setTrace(InternalOperationClasses operationClass, boolean val
 		traceMap.put(operationClass, val);
 	}
 
-	private static void traceOperation(InternalOperationClasses operationClass, long counter) {
-		traceOperation(operationClass.getKey(), null, counter, false);
+	private static void traceOperation(InternalCounters counter, InternalOperationClasses operationClass, long count) {
+		traceOperation(counter.getKey() + "["+ operationClass.getKey() +"]", null, count, false);
 	}
 
-	private static void traceOperation(String opName, Supplier<String> paramsSupplier, long counter, boolean traceAndDebug) {
-		LOGGER.info("MONITOR {} ({})", opName, counter);
+	private static void traceOperation(String opName, Supplier<String> paramsSupplier, long count, boolean traceAndDebug) {
+		LOGGER.info("MONITOR {} ({})", opName, count);
 		if (LOGGER.isDebugEnabled()) {
 			StackTraceElement[] fullStack = Thread.currentThread().getStackTrace();
 			String immediateClass = null;
@@ -129,9 +129,9 @@ private static void traceOperation(String opName, Supplier<String> paramsSupplie
 				params = paramsSupplier.get();
 			}
 			if (traceAndDebug) {
-				LOGGER.debug("MONITOR {}({}) ({}): {} {}", opName, params, counter, immediateClass, immediateMethod);
+				LOGGER.debug("MONITOR {}({}) ({}): {} {}", opName, params, count, immediateClass, immediateMethod);
 			}
-			LOGGER.trace("MONITOR {}({}) ({}):\n{}", opName, params, counter, sb);
+			LOGGER.trace("MONITOR {}({}) ({}):\n{}", opName, params, count, sb);
 		}
 	}
 

diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
@@ -14578,52 +14578,101 @@
 	<xsd:complexType name="CredentialsResetPolicyType">
 		<xsd:annotation>
 			<xsd:documentation>
-				Credentials reset management policy. It specifies the management details for each supported
-				credentials reset type. It defines parameters such as reset method. 
+				<p>
+					Credentials reset management policy. It specifies the management details for each supported
+					credentials reset type. It defines parameters such as reset method.
+				</p>
+				<p>
+					The idea is that all the password reset mechanisms have the same parts:
+					request, authentication, credential source, delivery.
+					This data structure is meant to configure those steps.
+				</p> 
 			</xsd:documentation>
 			<xsd:appinfo>
 				<a:container/>
 			</xsd:appinfo>
 		</xsd:annotation>
 		<xsd:sequence>
 			<xsd:element name="name" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>
+						Name of the password reset scheme. This is a short name that acts both as an
+						identifier of the scheme and also as a short name used for diagnostics.
+					</xsd:documentation>
+					<xsd:appinfo>
+						<a:since>3.7.1</a:since>
+					</xsd:appinfo>
+				</xsd:annotation>
 			</xsd:element>
-			<xsd:element name="forceChange" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
-			</xsd:element>
+			<!-- Later: authentication -->
 			<xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0" maxOccurs="1">
+				<xsd:annotation>
+					<xsd:documentation>
+						Source of a new credential value. This setting specifies whether the new credential
+						value should be provided by the user, randomly generated, derived by a key-exchange
+						protocol and so on.
+					</xsd:documentation>
+					<xsd:appinfo>
+						<a:since>3.7.1</a:since>
+					</xsd:appinfo>
+				</xsd:annotation>
 			</xsd:element>
-<!-- 			TODO: delivery, authentication -->
+			<xsd:element name="forceChange" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
+				<xsd:annotation>
+					<xsd:documentation>
+						If set to true then the new credential will have the forceChange flag set.
+						Which usualy means that the user will have to change the credential on next logon.
+					</xsd:documentation>
+					<xsd:appinfo>
+						<a:since>3.7.1</a:since>
+					</xsd:appinfo>
+				</xsd:annotation>
+			</xsd:element>
+			<!-- Later: delivery -->
 			<xsd:element name="securityQuestionReset" type="tns:SecurityQuestionsResetPolicyType" minOccurs="0">
+				<!-- This will be deprecated soon -->
 			</xsd:element>
 			<xsd:element name="mailReset" type="tns:MailResetPolicyType" minOccurs="0">
+				<!-- This will be deprecated soon -->
 			</xsd:element>
 			<xsd:element name="smsReset" type="tns:SmsResetPolicyType" minOccurs="0">
+				<!-- This will be deprecated soon -->
 			</xsd:element>
 		</xsd:sequence>
 	</xsd:complexType>
 
 	<xsd:complexType name="CredentialSourceType">
 		<xsd:annotation>
 			<xsd:documentation>
-				TODO 
+				Source of a new credential value. This setting specifies whether the new credential
+				value should be provided by the user, randomly generated, derived by a key-exchange
+				protocol and so on.
 			</xsd:documentation>
 			<xsd:appinfo>
 				<a:container/>
+				<a:since>3.7.1</a:since>
 			</xsd:appinfo>
 		</xsd:annotation>
 		<xsd:sequence>
 			<xsd:element name="userEntry" type="tns:UserEntryCredentialSourceType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>
+						New credential value is entered by the user.
+					</xsd:documentation>
+				</xsd:annotation>
 			</xsd:element>
+			<!-- Later: generate, key-exchange, PKI, ... -->
 		</xsd:sequence>
 	</xsd:complexType>
 
 	<xsd:complexType name="UserEntryCredentialSourceType">
 		<xsd:annotation>
 			<xsd:documentation>
-				TODO 
+				Specifies the details of a new credential entered manually by a user. 
 			</xsd:documentation>
 			<xsd:appinfo>
 				<a:container/>
+				<a:since>3.7.1</a:since>
 			</xsd:appinfo>
 		</xsd:annotation>
 		<xsd:sequence>