fixing REST authnetication+authorizations..

Evolveum · May 30, 2014 · de48ad3 · de48ad3
1 parent 2e0ec30
commit de48ad3
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 10 deletions.
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java
@@ -132,10 +132,13 @@ public <T extends ObjectType> Response getObject(@PathParam("type") String type,
 	@Path("/{type}")
 //	@Produces({"text/html", "application/xml"})
 	@Consumes({"application/xml", "application/json"})
-	public <T extends ObjectType> Response addObject(@PathParam("type") String type, PrismObject<T> object, @QueryParam("options") List<String> options, @Context UriInfo uriInfo){
+	public <T extends ObjectType> Response addObject(@PathParam("type") String type, PrismObject<T> object, @QueryParam("options") List<String> options, @Context UriInfo uriInfo, @Context MessageContext mc){
 		LOGGER.info("model rest service for add operation start");
 
+		UserType user = (UserType) mc.get("authenticatedUser");
+
 		Task task = taskManager.createTaskInstance();
+		task.setOwner(user.asPrismObject());
 		OperationResult parentResult = new OperationResult("add");
 		Class clazz = ObjectTypes.getClassFromRestType(type);
 		if (!object.getCompileTimeClass().equals(clazz)){
@@ -180,11 +183,15 @@ public <T extends ObjectType> Response addObject(@PathParam("type") String type,
 	@PUT
 	@Path("/{type}/{id}")
 //	@Produces({"text/html", "application/xml"})
-	public <T extends ObjectType> Response addObject(@PathParam("type") String type, @PathParam("id") String id, PrismObject<T> object, @QueryParam("options") List<String> options, @Context UriInfo uriInfo, @Context Request request){
+	public <T extends ObjectType> Response addObject(@PathParam("type") String type, @PathParam("id") String id, PrismObject<T> object, @QueryParam("options") List<String> options, @Context UriInfo uriInfo, @Context Request request, @Context MessageContext mc){
 
 LOGGER.info("model rest service for add operation start");
 
+
+		UserType user = (UserType) mc.get("authenticatedUser");
+
 		Task task = taskManager.createTaskInstance();
+		task.setOwner(user.asPrismObject());
 		OperationResult parentResult = new OperationResult("add");
 
 		Class clazz = ObjectTypes.getClassFromRestType(type);

diff --git a/...l/model-impl/src/main/java/com/evolveum/midpoint/model/impl/rest/MidpointXmlProvider.java b/...l/model-impl/src/main/java/com/evolveum/midpoint/model/impl/rest/MidpointXmlProvider.java
@@ -107,9 +107,9 @@ public T readFrom(Class<T> type, Type genericType,
 			return null;
 		}
 
-		if (entityStream.available() == 0){
-			return null;
-		}
+//		if (entityStream.available() == 0){
+//			return null;
+//		}
 
 		T object = null;
 		try {

diff --git a/...ain/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.java b/...ain/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.java
@@ -22,11 +22,13 @@
 
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.ext.ResponseHandler;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.jaxrs.model.OperationResourceInfo;
 import org.apache.cxf.message.Message;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
@@ -36,7 +38,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 
-public class MidpointRestAuthenticationHandler implements RequestHandler {
+public class MidpointRestAuthenticationHandler implements RequestHandler, ResponseHandler {
 
 	@Autowired(required =true)
 	private UserProfileService userDetails;
@@ -113,6 +115,7 @@ public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
         }
 
         m.put("authenticatedUser", userToAuthenticate);
+        securityEnforcer.setupPreAuthenticatedSecurityContext(userToAuthenticate.asPrismObject());
 
 
         return null;
@@ -130,5 +133,11 @@ public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
 //            return Response.status(401).header("WWW-Authenticate", "Basic").build();
 //        }
     }
+
+	@Override
+	public Response handleResponse(Message m, OperationResourceInfo ori, Response response) {
+		securityEnforcer.setupPreAuthenticatedSecurityContext((PrismObject) null);
+		return null;
+	}
 
 }
diff --git a/samples/objects/user-jack-with-password.xml b/samples/objects/user-jack-with-password.xml
@@ -23,9 +23,9 @@ so please do not edit unless you know what you are doing.
 
 -->
 
-<user oid="abebabaf-c001-f00d-1111-222233330012"
-xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
-	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'>
+<user xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+	oid="abebabaf-c001-f00d-1111-222233330012">
 	<name>jack1</name>
 	<fullName>Cpt. Jack Sparrow</fullName>
 	<givenName>Jack</givenName>

diff --git a/samples/rest/account-jack-opendj.xml b/samples/rest/account-jack-opendj.xml
@@ -22,7 +22,7 @@
 	xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
 	xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
 	<name>jack</name>
-	<resourceRef oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3e1a2"/>
+	<resourceRef oid="10000000-0000-0000-0000-000000000003"/>
 	<objectClass>ri:AccountObjectClass</objectClass>
 	<intent>default</intent>
 	<attributes>