Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/AuditedLogoutHandler.java

@@ -1,116 +1,115 @@
-/*
- * Copyright (c) 2010-2013 Evolveum and contributors
- *
- * This work is dual-licensed under the Apache License 2.0
- * and European Union Public License. See LICENSE file for details.
- */
-
-package com.evolveum.midpoint.web.security;
-
-import com.evolveum.midpoint.audit.api.AuditEventRecord;
-import com.evolveum.midpoint.audit.api.AuditEventStage;
-import com.evolveum.midpoint.audit.api.AuditEventType;
-import com.evolveum.midpoint.audit.api.AuditService;
-import com.evolveum.midpoint.gui.api.GuiConstants;
-import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
-import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
-import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
-import com.evolveum.midpoint.model.api.authentication.StateOfModule;
-import com.evolveum.midpoint.prism.PrismObject;
-import com.evolveum.midpoint.schema.constants.SchemaConstants;
-import com.evolveum.midpoint.schema.result.OperationResultStatus;
-import com.evolveum.midpoint.security.api.MidPointPrincipal;
-import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.task.api.TaskManager;
-import com.evolveum.midpoint.util.logging.Trace;
-import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.web.security.filter.MidpointAuthFilter;
-import com.evolveum.midpoint.web.security.util.SecurityUtils;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * @author lazyman
- */
-public class AuditedLogoutHandler extends SimpleUrlLogoutSuccessHandler {
-
-    private static final transient Trace LOGGER = TraceManager.getTrace(AuditedLogoutHandler.class);
-
-    @Autowired
-    private TaskManager taskManager;
-    @Autowired
-    private AuditService auditService;
-
-    boolean useDefaultUrl = false;
-
-    private boolean useDefaultUrl() {
-        return useDefaultUrl;
-    }
-
-    @Override
-    public void setDefaultTargetUrl(String defaultTargetUrl) {
-        super.setDefaultTargetUrl(defaultTargetUrl);
-        this.useDefaultUrl = true;
-    }
-
-    @Override
-    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
-            throws IOException, ServletException {
-
-        String targetUrl;
-        if (useDefaultUrl()) {
-            targetUrl = getDefaultTargetUrl();
-        } else {
-            targetUrl = GuiConstants.DEFAULT_PATH_AFTER_LOGOUT;
-        }
-
-        if (authentication instanceof MidpointAuthentication) {
-            MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
-            ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
-            if (mpAuthentication.getAuthenticationChannel() != null) {
-                targetUrl = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
-            }
-        }
-
-        if (response.isCommitted()) {
-            LOGGER.debug("Response has already been committed. Unable to redirect to " + targetUrl);
-        } else {
-            getRedirectStrategy().sendRedirect(request, response, targetUrl);
-        }
-
-        auditEvent(request, authentication);
-    }
-
-    private void auditEvent(HttpServletRequest request, Authentication authentication) {
-        MidPointPrincipal principal = SecurityUtils.getPrincipalUser(authentication);
-        PrismObject<UserType> user = principal != null ? principal.getUser().asPrismObject() : null;
-
-        Task task = taskManager.createTaskInstance();
-        task.setOwner(user);
-        task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
-
-        AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
-        record.setInitiator(user);
-        record.setParameter(WebComponentUtil.getName(user, false));
-
-        record.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
-        record.setTimestamp(System.currentTimeMillis());
-        record.setOutcome(OperationResultStatus.SUCCESS);
-
-        // probably not needed, as audit service would take care of it; but it doesn't hurt so let's keep it here
-        record.setHostIdentifier(request.getLocalName());
-        record.setRemoteHostAddress(request.getLocalAddr());
-        record.setNodeIdentifier(taskManager.getNodeId());
-        record.setSessionIdentifier(request.getRequestedSessionId());
-
-        auditService.audit(record, task);
-    }
-}
+/*
+ * Copyright (c) 2010-2013 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+
+package com.evolveum.midpoint.web.security;
+
+import com.evolveum.midpoint.audit.api.AuditEventRecord;
+import com.evolveum.midpoint.audit.api.AuditEventStage;
+import com.evolveum.midpoint.audit.api.AuditEventType;
+import com.evolveum.midpoint.audit.api.AuditService;
+import com.evolveum.midpoint.gui.api.GuiConstants;
+import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
+import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
+import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
+import com.evolveum.midpoint.model.api.authentication.StateOfModule;
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
+import com.evolveum.midpoint.schema.result.OperationResultStatus;
+import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.util.logging.Trace;
+import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.web.security.filter.MidpointAuthFilter;
+import com.evolveum.midpoint.web.security.util.SecurityUtils;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author lazyman
+ */
+public class AuditedLogoutHandler extends SimpleUrlLogoutSuccessHandler {
+
+    private static final transient Trace LOGGER = TraceManager.getTrace(AuditedLogoutHandler.class);
+
+    @Autowired
+    private TaskManager taskManager;
+    @Autowired
+    private AuditService auditService;
+
+    boolean useDefaultUrl = false;
+
+    private boolean useDefaultUrl() {
+        return useDefaultUrl;
+    }
+
+    @Override
+    public void setDefaultTargetUrl(String defaultTargetUrl) {
+        super.setDefaultTargetUrl(defaultTargetUrl);
+        this.useDefaultUrl = true;
+    }
+
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+
+        String targetUrl = null;
+        if (useDefaultUrl()) {
+            targetUrl = getDefaultTargetUrl();
+        } else {
+            targetUrl = GuiConstants.DEFAULT_PATH_AFTER_LOGOUT;
+        }
+
+        if (authentication instanceof MidpointAuthentication) {
+            MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
+            if (mpAuthentication.getAuthenticationChannel() != null) {
+                targetUrl = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
+            }
+        }
+
+        if (response.isCommitted()) {
+            LOGGER.debug("Response has already been committed. Unable to redirect to " + targetUrl);
+        } else {
+            getRedirectStrategy().sendRedirect(request, response, targetUrl);
+        }
+
+        auditEvent(request, authentication);
+    }
+
+    private void auditEvent(HttpServletRequest request, Authentication authentication) {
+        MidPointPrincipal principal = SecurityUtils.getPrincipalUser(authentication);
+        PrismObject<UserType> user = principal != null ? principal.getUser().asPrismObject() : null;
+
+        Task task = taskManager.createTaskInstance();
+        task.setOwner(user);
+        task.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
+
+        AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
+        record.setInitiator(user);
+        record.setParameter(WebComponentUtil.getName(user, false));
+
+        record.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
+        record.setTimestamp(System.currentTimeMillis());
+        record.setOutcome(OperationResultStatus.SUCCESS);
+
+        // probably not needed, as audit service would take care of it; but it doesn't hurt so let's keep it here
+        record.setHostIdentifier(request.getLocalName());
+        record.setRemoteHostAddress(request.getLocalAddr());
+        record.setNodeIdentifier(taskManager.getNodeId());
+        record.setSessionIdentifier(request.getRequestedSessionId());
+
+        auditService.audit(record, task);
+    }
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/channel/GuiAuthenticationChannel.java

@@ -1,53 +1,54 @@
-/*
- * Copyright (c) 2010-2019 Evolveum and contributors
- *
- * This work is dual-licensed under the Apache License 2.0
- * and European Union Public License. See LICENSE file for details.
- */
-package com.evolveum.midpoint.web.security.channel;
-
-import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
-import com.evolveum.midpoint.model.api.ModelInteractionService;
-import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
-import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration;
-import com.evolveum.midpoint.schema.constants.SchemaConstants;
-import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
-import com.evolveum.midpoint.security.api.Authorization;
-import com.evolveum.midpoint.task.api.TaskManager;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.Validate;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import java.util.Collection;
-
-import static org.springframework.security.saml.util.StringUtils.stripSlashes;
-
-/**
- * @author skublik
- */
-
-public class GuiAuthenticationChannel extends AuthenticationChannelImpl {
-
-    private TaskManager taskManager;
-    private ModelInteractionService modelInteractionService;
-
-    public GuiAuthenticationChannel(TaskManager taskManager, ModelInteractionService modelInteractionService) {
-        this.taskManager = taskManager;
-        this.modelInteractionService = modelInteractionService;
-    }
-
-    public String getChannelId() {
-        return SchemaConstants.CHANNEL_USER_URI;
-    }
-
-    public String getPathAfterSuccessfulAuthentication() {
-        if (WebModelServiceUtils.isPostAuthenticationEnabled(taskManager, modelInteractionService)) {
-                return "/self/postAuthentication";
-        }
-
-        return super.getPathAfterSuccessfulAuthentication();
-    }
-
-}
+/*
+ * Copyright (c) 2010-2019 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.web.security.channel;
+
+import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
+import com.evolveum.midpoint.model.api.ModelInteractionService;
+import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
+import com.evolveum.midpoint.model.api.authentication.ModuleWebSecurityConfiguration;
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
+import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
+import com.evolveum.midpoint.security.api.Authorization;
+import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.Validate;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import java.util.Collection;
+
+import static org.springframework.security.saml.util.StringUtils.stripSlashes;
+
+/**
+ * @author skublik
+ */
+
+public class GuiAuthenticationChannel extends AuthenticationChannelImpl {
+
+    private TaskManager taskManager;
+    private ModelInteractionService modelInteractionService;
+
+    public GuiAuthenticationChannel(AuthenticationSequenceChannelType channel, TaskManager taskManager, ModelInteractionService modelInteractionService) {
+        super(channel);
+        this.taskManager = taskManager;
+        this.modelInteractionService = modelInteractionService;
+    }
+
+    public String getChannelId() {
+        return SchemaConstants.CHANNEL_USER_URI;
+    }
+
+    public String getPathAfterSuccessfulAuthentication() {
+        if (WebModelServiceUtils.isPostAuthenticationEnabled(taskManager, modelInteractionService)) {
+                return "/self/postAuthentication";
+        }
+
+        return super.getPathAfterSuccessfulAuthentication();
+    }
+
+}