github-advanced-security[bot] commented on code in PR #1170:
URL: https://github.com/apache/syncope/pull/1170#discussion_r2322577275
##########
client/am/console/src/main/java/org/apache/syncope/client/console/panels/PasswordManagementDirectoryPanel.java:
##########
@@ -0,0 +1,249 @@
+package org.apache.syncope.client.console.panels;
+
+import de.agilecoders.wicket.core.markup.html.bootstrap.dialog.Modal;
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.client.console.SyncopeConsoleSession;
+import org.apache.syncope.client.console.audit.AuditHistoryModal;
+import org.apache.syncope.client.console.commons.AMConstants;
+import org.apache.syncope.client.console.commons.DirectoryDataProvider;
+import
org.apache.syncope.client.console.commons.SortableDataProviderComparator;
+import org.apache.syncope.client.console.pages.BasePage;
+import org.apache.syncope.client.console.rest.AuditRestClient;
+import org.apache.syncope.client.console.rest.PasswordManagementRestClient;
+import
org.apache.syncope.client.console.wicket.extensions.markup.html.repeater.data.table.BooleanPropertyColumn;
+import
org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
+import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink;
+import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel;
+import
org.apache.syncope.client.console.wizards.PasswordManagementWizardBuilder;
+import org.apache.syncope.client.ui.commons.Constants;
+import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
+import org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
+import org.apache.syncope.common.lib.to.PasswordManagementTO;
+import org.apache.syncope.common.lib.types.AMEntitlement;
+import org.apache.syncope.common.lib.types.IdRepoEntitlement;
+import org.apache.syncope.common.lib.types.OpEvent;
+import org.apache.wicket.PageReference;
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import
org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
+import org.apache.wicket.event.Broadcast;
+import
org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
+import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
+import
org.apache.wicket.extensions.markup.html.repeater.data.table.PropertyColumn;
+import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.markup.repeater.Item;
+import org.apache.wicket.model.CompoundPropertyModel;
+import org.apache.wicket.model.IModel;
+import org.apache.wicket.model.Model;
+import org.apache.wicket.model.ResourceModel;
+import org.apache.wicket.model.StringResourceModel;
+import org.apache.wicket.spring.injection.annot.SpringBean;
+
+public class PasswordManagementDirectoryPanel extends
DirectoryPanel<PasswordManagementTO, PasswordManagementTO,
+ PasswordManagementDirectoryPanel.PasswordManagementProvider,
PasswordManagementRestClient> {
+ private static final long serialVersionUID = 1005345990563741296L;
+
+ @SpringBean
+ protected AuditRestClient auditRestClient;
+
+ protected final BaseModal<Serializable> historyModal;
+
+ public PasswordManagementDirectoryPanel(
+ final String id,
+ final PasswordManagementRestClient restClient,
+ final PageReference pageRef) {
+
+ super(id, restClient, pageRef);
+
+ disableCheckBoxes();
+
+ addNewItemPanelBuilder(new PasswordManagementWizardBuilder(
+ new PasswordManagementTO(), restClient, pageRef), true);
+
+ MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER,
AMEntitlement.AUTH_MODULE_CREATE);
+
+ modal.size(Modal.Size.Extra_large);
+ initResultTable();
+
+ historyModal = new BaseModal<>(Constants.OUTER);
+ historyModal.size(Modal.Size.Large);
+ addOuterObject(historyModal);
+ }
+
+ @Override
+ protected PasswordManagementProvider dataProvider() {
+ return new PasswordManagementProvider(rows);
+ }
+
+ @Override
+ protected String paginatorRowsKey() {
+ return AMConstants.PREF_AUTHMODULE_PAGINATOR_ROWS;
+ }
+
+ @Override
+ protected Collection<ActionLink.ActionType> getBatches() {
+ return List.of();
+ }
+
+ @Override
+ protected List<IColumn<PasswordManagementTO, String>> getColumns() {
+ List<IColumn<PasswordManagementTO, String>> columns = new
ArrayList<>();
+ columns.add(new PropertyColumn<>(
+ new StringResourceModel(Constants.KEY_FIELD_NAME, this),
+ Constants.KEY_FIELD_NAME, Constants.KEY_FIELD_NAME));
+ columns.add(new PropertyColumn<>(new
ResourceModel(Constants.DESCRIPTION_FIELD_NAME),
+ Constants.DESCRIPTION_FIELD_NAME,
Constants.DESCRIPTION_FIELD_NAME));
+ columns.add(new PropertyColumn<>(new ResourceModel("type"), "conf") {
+
+ private static final long serialVersionUID = -1822504503325964706L;
+
+ @Override
+ public void populateItem(
+ final Item<ICellPopulator<PasswordManagementTO>> item,
+ final String componentId,
+ final IModel<PasswordManagementTO> rowModel) {
+
+ item.add(new Label(componentId, rowModel.getObject().getConf()
== null
+ ? StringUtils.EMPTY
+ : StringUtils.substringBefore(
+
rowModel.getObject().getConf().getClass().getSimpleName(),
"PasswordManagementConf")));
+ }
+ });
+ columns.add(new BooleanPropertyColumn<>(
+ new StringResourceModel("enabled", this),
+ "enabled",
+ "enabled"));
+ return columns;
+ }
+
+ @Override
+ public ActionsPanel<PasswordManagementTO> getActions(final
IModel<PasswordManagementTO> model) {
+ ActionsPanel<PasswordManagementTO> panel = super.getActions(model);
+
+ panel.add(new ActionLink<>() {
+
+ private static final long serialVersionUID = -3722207913631435501L;
+
+ @Override
+ public void onClick(final AjaxRequestTarget target, final
PasswordManagementTO ignore) {
+ send(PasswordManagementDirectoryPanel.this, Broadcast.EXACT,
new AjaxWizard.EditItemActionEvent<>(
+ restClient.read(model.getObject().getKey()), target));
+ }
+ }, ActionLink.ActionType.EDIT,
AMEntitlement.PASSWORD_MANAGEMENT_UPDATE);
+
+ panel.add(new ActionLink<>() {
+
+ private static final long serialVersionUID = -3722207913631435501L;
+
+ @Override
+ public void onClick(final AjaxRequestTarget target, final
PasswordManagementTO ignore) {
+ try {
+
model.setObject(restClient.read(model.getObject().getKey()));
+ Boolean enabled =
Boolean.parseBoolean(model.getObject().getEnabled());
Review Comment:
## Boxed variable is never null
The variable 'enabled' is only assigned values of primitive type and is
never 'null', but it is declared with the boxed type 'Boolean'.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2287)
##########
common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/PasswordManagementService.java:
##########
@@ -0,0 +1,104 @@
+package org.apache.syncope.common.rest.api.service;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
+import io.swagger.v3.oas.annotations.headers.Header;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityRequirements;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.constraints.NotNull;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.DELETE;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.PUT;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import java.util.List;
+import org.apache.syncope.common.lib.to.PasswordManagementTO;
+import org.apache.syncope.common.rest.api.RESTHeaders;
+
+/**
+ * REST operations for password management modules.
+ */
+@Tag(name = "PasswordManagement")
+@SecurityRequirements({
+ @SecurityRequirement(name = "BasicAuthentication"),
+ @SecurityRequirement(name = "Bearer") })
+@Path("passwordManagement")
+public interface PasswordManagementService extends JAXRSService {
Review Comment:
## Constant interface anti-pattern
Type PasswordManagementService implements constant interface
[JAXRSService](1).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2286)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
