Merge remote-tracking branch 'origin/post-3.7-fixes' into post-3.7-fixes

infra/prism/src/main/java/com/evolveum/midpoint/prism/path/ItemPath.java

@@ -487,7 +487,12 @@ public static boolean containsEquivalent(Collection<ItemPath> paths, ItemPath pa
 	 *  - path = X -&gt; false
 	 */
     public static boolean containsSuperpathOrEquivalent(Collection<ItemPath> paths, ItemPath pathToBeFound) {
-    	return paths.stream().anyMatch(p -> p.isSuperPathOrEquivalent(pathToBeFound));
+    	for (ItemPath path : paths) {
+    		if (path.isSuperPathOrEquivalent(pathToBeFound)) {
+    			return true;
+    		}
+    	}
+    	return false;
     }
 
 	/**
@@ -500,7 +505,12 @@ public static boolean containsSuperpathOrEquivalent(Collection<ItemPath> paths,
 	 *  - path = X -&gt; false
 	 */
 	public static boolean containsSuperpath(Collection<ItemPath> paths, ItemPath pathToBeFound) {
-		return paths.stream().anyMatch(p -> p.isSuperPath(pathToBeFound));
+		for (ItemPath path : paths) {
+    		if (path.isSuperPath(pathToBeFound)) {
+    			return true;
+    		}
+    	}
+    	return false;
 	}
 
 	/**
@@ -513,7 +523,12 @@ public static boolean containsSuperpath(Collection<ItemPath> paths, ItemPath pat
 	 *  - path = X -&gt; false
 	 */
     public static boolean containsSubpathOrEquivalent(Collection<ItemPath> paths, ItemPath pathToBeFound) {
-    	return paths.stream().anyMatch(p -> p.isSubPathOrEquivalent(pathToBeFound));
+    	for (ItemPath path : paths) {
+    		if (path.isSubPathOrEquivalent(pathToBeFound)) {
+    			return true;
+    		}
+    	}
+    	return false;
     }
 
 	/**
@@ -526,7 +541,12 @@ public static boolean containsSubpathOrEquivalent(Collection<ItemPath> paths, It
 	 *  - path = X -&gt; false
 	 */
 	public static boolean containsSubpath(Collection<ItemPath> paths, ItemPath pathToBeFound) {
-		return paths.stream().anyMatch(p -> p.isSubPath(pathToBeFound));
+		for (ItemPath path : paths) {
+    		if (path.isSubPath(pathToBeFound)) {
+    			return true;
+    		}
+    	}
+    	return false;
 	}
 
     public ItemPath namedSegmentsOnly() {
@@ -836,11 +856,21 @@ public static boolean containsSpecialSymbols(ItemPath path) {
 	}
 
 	public boolean containsSpecialSymbols() {
-		return segments.stream().anyMatch(s -> s instanceof IdentifierPathSegment || s instanceof ReferencePathSegment);
+		for (ItemPathSegment segment : segments) {
+			if (segment instanceof IdentifierPathSegment || segment instanceof ReferencePathSegment) {
+				return true;
+			}
+		}
+		return false;
 	}
 
 	public boolean containsSpecialSymbolsExceptParent() {
-		return segments.stream().anyMatch(s -> s instanceof IdentifierPathSegment || s instanceof ObjectReferencePathSegment);
+		for (ItemPathSegment segment : segments) {
+			if (segment instanceof IdentifierPathSegment || segment instanceof ObjectReferencePathSegment) {
+				return true;
+			}
+		}
+		return false;
 	}
 
 	public static void checkNoSpecialSymbols(ItemPath path) {

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java

@@ -458,22 +458,19 @@ public <T extends ObjectType> Response searchObjectsByType(@PathParam("type") St
 			Collection<SelectorOptions<GetOperationOptions>> searchOptions = GetOperationOptions.fromRestOptions(options, null, null, DefinitionProcessingOption.ONLY_IF_EXISTS);
 
 
-			List<PrismObject<T>> objects = new ArrayList<>();
+			List<T> objects = new ArrayList<>();
 			ResultHandler<T> handler = new ResultHandler<T>() {
 
 				@Override
 				public boolean handle(PrismObject<T> object, OperationResult parentResult) {
-					return objects.add(object);
+					return objects.add(object.asObjectable());
 				}
 			};
 
 			SearchResultMetadata searchMetadata = modelService.searchObjectsIterative(clazz, null, handler, searchOptions, task, parentResult);
 
 			ObjectListType listType = new ObjectListType();
-			if (objects != null){
-				List<ObjectType> list = objects.stream().map(o -> convert(clazz, o, parentResult.createOperationResultType())).collect(Collectors.toList());
-				listType.getObject().addAll(list);
-			}
+			listType.getObject().addAll(objects);
 
 			response = RestServiceUtil.createResponse(Response.Status.OK, listType, parentResult, true);
 //			response = Response.ok().entity(listType).build();

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java

@@ -18,6 +18,7 @@
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
+import javax.xml.namespace.QName;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
@@ -133,9 +134,10 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 					if (!authorizeUser(AuthorizationConstants.AUTZ_REST_PROXY_URL, user, authorizedUser, enteredUsername, connEnv, requestCtx)){
 		        		return;
 		        	}
-					if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)){
-		        		return;
-		        	}
+					authenticateUser(authorizedUser, authorizedUser.getName().getOrig(), connEnv, requestCtx);
+//					if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)){
+//		        		return;
+//		        	}
 				} catch (ObjectNotFoundException | SchemaException | SecurityViolationException
 						| CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
 					LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
@@ -153,22 +155,26 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 	    }
 
 	   private boolean authorizeUser(UserType user, PrismObject<UserType> proxyUser, String enteredUsername, ConnectionEnvironment connEnv, ContainerRequestContext requestCtx) {
-	    	try {
-	    		securityContextManager.setupPreAuthenticatedSecurityContext(user.asPrismObject());
+	    	authenticateUser(user.asPrismObject(), enteredUsername, connEnv, requestCtx);
+	        return authorizeUser(AuthorizationConstants.AUTZ_REST_ALL_URL, user, null, enteredUsername, connEnv, requestCtx);
+	    }
+
+	   private void authenticateUser(PrismObject<UserType> user, String enteredUsername, ConnectionEnvironment connEnv, ContainerRequestContext requestCtx) {
+		   try {
+	    		securityContextManager.setupPreAuthenticatedSecurityContext(user);
 	        } catch (SchemaException e) {
-				securityHelper.auditLoginFailure(enteredUsername, user, connEnv, "Schema error: "+e.getMessage());
+				securityHelper.auditLoginFailure(enteredUsername, user.asObjectable(), connEnv, "Schema error: "+e.getMessage());
 				requestCtx.abortWith(Response.status(Status.BAD_REQUEST).build());
-				return false;
+//				return false;
 			}
 
 	        LOGGER.trace("Authenticated to REST service as {}", user);
-
-	        return authorizeUser(AuthorizationConstants.AUTZ_REST_ALL_URL, user, null, enteredUsername, connEnv, requestCtx);
-	    }
-
+	   }
+
 	    private boolean authorizeUser(String authorization, UserType user, PrismObject<UserType> proxyUser, String enteredUsername, ConnectionEnvironment connEnv, ContainerRequestContext requestCtx) {
 	    	Task task = taskManager.createTaskInstance(MidpointRestAuthenticator.class.getName() + ".authorizeUser");
 	    	try {
+	    		// authorize for proxy
 	    		securityEnforcer.authorize(authorization, null, AuthorizationParameters.Builder.buildObject(proxyUser), null, task, task.getResult());
 			} catch (SecurityViolationException e){
 				securityHelper.auditLoginFailure(enteredUsername, user, connEnv, "Not authorized");