Merge branch 'master' into feature/mid-6303

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidpointResponse.java

@@ -50,7 +50,16 @@ public void setHeader(String name, String value) {
         if ("Location".equals(name)) {
             String publicUrlPrefix = getPublicUrlPrefix();
             if (publicUrlPrefix != null && StringUtils.isNotBlank(value)) {
-                if (value.startsWith(".")) {
+                if (value.startsWith("..")) {
+                    String path = getRequest().getServletPath().substring(0, getRequest().getServletPath().lastIndexOf("/"));
+                    while (value.startsWith("..")) {
+                        if (!StringUtils.isEmpty(path)) {
+                            path = path.substring(0, path.lastIndexOf("/"));
+                        }
+                        value = value.substring(3);
+                    }
+                    value = publicUrlPrefix + path + "/" + value;
+                } else if (value.startsWith(".")) {
                     List<String> segments = Arrays.asList(getRequest().getServletPath().substring(1).split("/"));
                     if (segments.size() <= 1) {
                         value = publicUrlPrefix + value.substring(1);

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPasswordConfirmation.java

@@ -128,7 +128,7 @@ private void init(final PageParameters pageParameters) {
             AuthenticationSequenceType sequence = SecurityPolicyUtil.createPasswordResetSequence();
             Map<Class<? extends Object>, Object> sharedObjects = new HashMap<>();
             AuthenticationModulesType modules = new AuthenticationModulesType();
-            AuthenticationModuleLoginFormType loginForm = new AuthenticationModuleLoginFormType();
+            LoginFormAuthenticationModuleType loginForm = new LoginFormAuthenticationModuleType();
             loginForm.name(SecurityPolicyUtil.DEFAULT_MODULE_NAME);
             modules.loginForm(loginForm);
             AuthModule authModule = null;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/HttpAuthenticationEntryPoint.java

@@ -44,7 +44,7 @@ public void commence(
                         sb.append(", ");
                     }
                     first = false;
-                    sb.append(moduleAuthentication.getNameOfModuleType().getName())
+                    sb.append(moduleAuthentication.getNameOfModuleType())
                             .append(" realm=\"").append(moduleAuthentication.getNameOfModule()).append("\"");
                 }
                 response.setHeader("WWW-Authenticate",sb.toString());

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/HttpSecurityQuestionsAuthenticationEntryPoint.java

@@ -9,7 +9,7 @@
 import com.evolveum.midpoint.model.api.ModelInteractionService;
 import com.evolveum.midpoint.model.api.ModelService;
 import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
-import com.evolveum.midpoint.model.api.authentication.NameOfModuleType;
+import com.evolveum.midpoint.model.api.authentication.AuthenticationModuleNameConstants;
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.schema.SearchResultList;
@@ -102,12 +102,12 @@ public void commence(
        try {
            if (authentication instanceof MidpointAuthentication) {
                if (request.getHeader(AUTHENTICATION_HEADER) != null
-                       && request.getHeader(AUTHENTICATION_HEADER).toLowerCase().startsWith(NameOfModuleType.SECURITY_QUESTIONS.getName().toLowerCase())) {
+                       && request.getHeader(AUTHENTICATION_HEADER).toLowerCase().startsWith(AuthenticationModuleNameConstants.SECURITY_QUESTIONS.toLowerCase())) {
                    String header = request.getHeader(AUTHENTICATION_HEADER);
-                   if (header.toLowerCase().equals(NameOfModuleType.SECURITY_QUESTIONS.getName().toLowerCase())) {
+                   if (header.toLowerCase().equals(AuthenticationModuleNameConstants.SECURITY_QUESTIONS.toLowerCase())) {
                        createSecurityQuestionAbortMessage(response, DEFAULT_JSON);
                    } else {
-                       byte[] jsonByte = Base64Utility.decode(header.substring(NameOfModuleType.SECURITY_QUESTIONS.getName().length() + 1));
+                       byte[] jsonByte = Base64Utility.decode(header.substring(AuthenticationModuleNameConstants.SECURITY_QUESTIONS.length() + 1));
                        String json = new String(jsonByte);
                        JSONObject jsonObject =  new JSONObject(json);
                        if (jsonObject.keySet().size() == 1 && jsonObject.keySet().contains(HttpSecurityQuestionsAuthenticationFilter.J_USER)) {
@@ -149,7 +149,7 @@ public void commence(
     }
 
     public static void createSecurityQuestionAbortMessage(HttpServletResponse request, String json){
-        String value = NameOfModuleType.SECURITY_QUESTIONS.getName() + " " + Base64Utility.encode(json.getBytes());
+        String value = AuthenticationModuleNameConstants.SECURITY_QUESTIONS + " " + Base64Utility.encode(json.getBytes());
         request.setHeader(WWW_AUTHENTICATION_HEADER, value);
     }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/HttpBasicModuleFactory.java

@@ -8,8 +8,8 @@
 
 import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
 import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
+import com.evolveum.midpoint.model.api.authentication.AuthenticationModuleNameConstants;
 import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration;
-import com.evolveum.midpoint.model.api.authentication.NameOfModuleType;
 import com.evolveum.midpoint.web.security.module.HttpBasicModuleWebSecurityConfig;
 import com.evolveum.midpoint.web.security.module.ModuleWebSecurityConfig;
 import com.evolveum.midpoint.web.security.module.authentication.HttpModuleAuthentication;
@@ -27,7 +27,7 @@ public class HttpBasicModuleFactory extends AbstractCredentialModuleFactory<Modu
 
     @Override
     public boolean match(AbstractAuthenticationModuleType moduleType) {
-        if (moduleType instanceof AuthenticationModuleHttpBasicType) {
+        if (moduleType instanceof HttpBasicAuthenticationModuleType) {
             return true;
         }
         return false;
@@ -57,7 +57,7 @@ protected Class<? extends CredentialPolicyType> supportedClass() {
 
     @Override
     protected ModuleAuthentication createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
-        HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(NameOfModuleType.HTTP_BASIC);
+        HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.HTTP_BASIC);
         moduleAuthentication.setPrefix(configuration.getPrefix());
         moduleAuthentication.setCredentialName(((AbstractPasswordAuthenticationModuleType)moduleType).getCredentialName());
         moduleAuthentication.setCredentialType(supportedClass());

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/HttpClusterModuleFactory.java

@@ -70,7 +70,7 @@ private AuthenticationProvider createProvider() {
     }
 
     private ModuleAuthentication createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
-        ModuleAuthentication moduleAuthentication = new ModuleAuthentication(NameOfModuleType.CLUSTER);
+        ModuleAuthentication moduleAuthentication = new ModuleAuthentication(AuthenticationModuleNameConstants.CLUSTER);
         moduleAuthentication.setPrefix(configuration.getPrefix());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
         return moduleAuthentication;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/HttpHeaderModuleFactory.java

@@ -19,9 +19,10 @@
 import com.evolveum.midpoint.web.security.provider.PasswordProvider;
 import com.evolveum.midpoint.web.security.util.AuthModuleImpl;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModuleHttpHeaderType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.HttpHeaderAuthenticationModuleType;
+
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.stereotype.Component;
@@ -42,7 +43,7 @@ public class HttpHeaderModuleFactory extends AbstractModuleFactory {
 
     @Override
     public boolean match(AbstractAuthenticationModuleType moduleType) {
-        if (moduleType instanceof AuthenticationModuleHttpHeaderType) {
+        if (moduleType instanceof HttpHeaderAuthenticationModuleType) {
             return true;
         }
         return false;
@@ -51,14 +52,14 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     @Override
     public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, ServletRequest request,
                                          Map<Class<? extends Object>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
-        if (!(moduleType instanceof AuthenticationModuleHttpHeaderType)) {
-            LOGGER.error("This factory support only AuthenticationModuleHttpHeaderType, but modelType is " + moduleType);
+        if (!(moduleType instanceof HttpHeaderAuthenticationModuleType)) {
+            LOGGER.error("This factory support only HttpHeaderAuthenticationModuleType, but modelType is " + moduleType);
             return null;
         }
 
         isSupportedChannel(authenticationChannel);
 
-        HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build((AuthenticationModuleHttpHeaderType)moduleType, prefixOfSequence);
+        HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build(moduleType, prefixOfSequence);
         configuration.addAuthenticationProvider(new PasswordProvider());
         ModuleWebSecurityConfig module = getObjectObjectPostProcessor().postProcess(new HttpHeaderModuleWebSecurityConfig(configuration));
         module.setObjectPostProcessor(getObjectObjectPostProcessor());

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/HttpSecurityQuestionModuleFactory.java

@@ -8,8 +8,8 @@
 
 import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
 import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
+import com.evolveum.midpoint.model.api.authentication.AuthenticationModuleNameConstants;
 import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration;
-import com.evolveum.midpoint.model.api.authentication.NameOfModuleType;
 import com.evolveum.midpoint.web.security.module.HttpSecurityQuestionsModuleWebSecurityConfig;
 import com.evolveum.midpoint.web.security.module.ModuleWebSecurityConfig;
 import com.evolveum.midpoint.web.security.module.authentication.HttpModuleAuthentication;
@@ -27,7 +27,7 @@ public class HttpSecurityQuestionModuleFactory extends AbstractCredentialModuleF
 
     @Override
     public boolean match(AbstractAuthenticationModuleType moduleType) {
-        if (moduleType instanceof AuthenticationModuleHttpSecQType) {
+        if (moduleType instanceof HttpSecQAuthenticationModuleType) {
             return true;
         }
         return false;
@@ -57,7 +57,7 @@ protected Class<? extends CredentialPolicyType> supportedClass() {
 
     @Override
     protected ModuleAuthentication createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
-        HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(NameOfModuleType.SECURITY_QUESTIONS);
+        HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.SECURITY_QUESTIONS);
         moduleAuthentication.setPrefix(configuration.getPrefix());
         moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType)moduleType).getCredentialName());
         moduleAuthentication.setCredentialType(supportedClass());

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/LdapModuleFactory.java

@@ -59,7 +59,7 @@ public class LdapModuleFactory extends AbstractModuleFactory {
 
     @Override
     public boolean match(AbstractAuthenticationModuleType moduleType) {
-        if (moduleType instanceof AuthenticationModuleLdapType) {
+        if (moduleType instanceof LdapAuthenticationModuleType) {
             return true;
         }
         return false;
@@ -70,8 +70,8 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
             ServletRequest request, Map<Class<? extends Object>, Object> sharedObjects,
             AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
 
-        if (!(moduleType instanceof AuthenticationModuleLdapType)) {
-            LOGGER.error("This factory support only AuthenticationModuleLdapType, but modelType is " + moduleType);
+        if (!(moduleType instanceof LdapAuthenticationModuleType)) {
+            LOGGER.error("This factory support only LdapAuthenticationModuleType, but modelType is " + moduleType);
             return null;
         }
 
@@ -80,19 +80,19 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
         ModuleWebSecurityConfigurationImpl configuration = LdapModuleWebSecurityConfiguration.build(moduleType, prefixOfSequence);
         configuration.setPrefixOfSequence(prefixOfSequence);
 
-        configuration.addAuthenticationProvider(getProvider((AuthenticationModuleLdapType)moduleType, credentialPolicy));
+        configuration.addAuthenticationProvider(getProvider((LdapAuthenticationModuleType)moduleType, credentialPolicy));
 
         ModuleWebSecurityConfig module = createModule(configuration);
         module.setObjectPostProcessor(getObjectObjectPostProcessor());
         HttpSecurity http = module.getNewHttpSecurity();
         setSharedObjects(http, sharedObjects);
 
-        ModuleAuthentication moduleAuthentication = createEmptyModuleAuthentication((AuthenticationModuleLdapType) moduleType, configuration);
+        ModuleAuthentication moduleAuthentication = createEmptyModuleAuthentication((LdapAuthenticationModuleType) moduleType, configuration);
         SecurityFilterChain filter = http.build();
         return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
     }
 
-    protected AuthenticationProvider getProvider(AuthenticationModuleLdapType moduleType, CredentialsPolicyType credentialsPolicy){
+    protected AuthenticationProvider getProvider(LdapAuthenticationModuleType moduleType, CredentialsPolicyType credentialsPolicy){
         DefaultSpringSecurityContextSource ctx = new DefaultSpringSecurityContextSource(moduleType.getHost());
         ctx.setUserDn(moduleType.getUserDn());
 
@@ -129,7 +129,7 @@ protected ModuleWebSecurityConfig createModule(ModuleWebSecurityConfiguration co
         return  getObjectObjectPostProcessor().postProcess(new LdapWebSecurityConfig((LdapModuleWebSecurityConfiguration) configuration));
     }
 
-    protected ModuleAuthentication createEmptyModuleAuthentication(AuthenticationModuleLdapType moduleType,
+    protected ModuleAuthentication createEmptyModuleAuthentication(LdapAuthenticationModuleType moduleType,
                                                                    ModuleWebSecurityConfiguration configuration) {
         LdapModuleAuthentication moduleAuthentication = new LdapModuleAuthentication();
         moduleAuthentication.setPrefix(configuration.getPrefix());

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/LoginFormModuleFactory.java

@@ -30,7 +30,7 @@ public class LoginFormModuleFactory extends AbstractCredentialModuleFactory {
 
     @Override
     public boolean match(AbstractAuthenticationModuleType moduleType) {
-        if (moduleType instanceof AuthenticationModuleLoginFormType) {
+        if (moduleType instanceof LoginFormAuthenticationModuleType) {
             return true;
         }
         return false;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/MailNonceModuleFactory.java

@@ -27,7 +27,7 @@ public class MailNonceModuleFactory extends AbstractCredentialModuleFactory {
 
     @Override
     public boolean match(AbstractAuthenticationModuleType moduleType) {
-        if (moduleType instanceof AuthenticationModuleMailNonceType) {
+        if (moduleType instanceof MailNonceAuthenticationModuleType) {
             return true;
         }
         return false;

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/factory/module/OtherModuleFactory.java

@@ -2,13 +2,15 @@
 
 import com.evolveum.midpoint.model.api.authentication.AuthModule;
 import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
+import com.evolveum.midpoint.util.annotation.Experimental;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModuleOtherType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OtherAuthenticationModuleType;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Component;
@@ -20,6 +22,7 @@
  * Created by Viliam Repan (lazyman).
  */
 @Component
+@Experimental
 public class OtherModuleFactory extends AbstractModuleFactory {
 
     private static final Trace LOGGER = TraceManager.getTrace(OtherModuleFactory.class);
@@ -29,7 +32,7 @@ public class OtherModuleFactory extends AbstractModuleFactory {
 
     @Override
     public boolean match(AbstractAuthenticationModuleType module) {
-        if (module instanceof AuthenticationModuleOtherType) {
+        if (module instanceof OtherAuthenticationModuleType) {
             return true;
         }
 
@@ -41,12 +44,12 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType module, St
             Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy,
             CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
 
-        if (!(module instanceof AuthenticationModuleOtherType)) {
-            LOGGER.error("This factory support only AuthenticationModuleOtherType, but module is " + module);
+        if (!(module instanceof OtherAuthenticationModuleType)) {
+            LOGGER.error("This factory support only OtherAuthenticationModuleType, but module is " + module);
             return null;
         }
 
-        AuthenticationModuleOtherType other = (AuthenticationModuleOtherType) module;
+        OtherAuthenticationModuleType other = (OtherAuthenticationModuleType) module;
 
         String factoryClass = other.getFactoryClass();