You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2020/04/10 08:28:03 UTC
[syncope] 01/08: [SYNCOPE-160] Preliminary settings
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit d42c2cf923d22b1cb865ef263d55db945589d5d9
Author: Marco Di Sabatino <md...@apache.org>
AuthorDate: Thu Apr 9 13:45:46 2020 +0200
[SYNCOPE-160] Preliminary settings
---
.../init/ClassPathScanImplementationLookup.java | 2 +-
.../syncope/common/lib/to/client/package-info.java | 30 ++++
.../apache/syncope/common/lib/to/package-info.java | 30 ++++
.../syncope/common/lib/types/AMEntitlement.java | 20 +++
.../common/lib/types/AMImplementationType.java | 47 ++++++
.../syncope/common/lib/types/OIDCSubjectType.java | 28 ++++
.../apache/syncope/common/lib/to/ResourceTO.java | 26 ++++
.../org/apache/syncope/common/lib/to/RealmTO.java | 36 +++++
core/am/logic/pom.xml | 6 +
.../logic/init/AMImplementationTypeLoader.java | 39 +++++
.../init/ClassPathScanImplementationLookup.java | 127 ++++++++++++++++
.../syncope/core/logic/cocoon/FopSerializer.java | 26 ++--
.../syncope/core/logic/cocoon/TextSerializer.java | 2 +-
.../syncope/core/logic/cocoon/XSLTTransformer.java | 26 ++--
.../syncope/core/persistence/api/entity/Realm.java | 27 +++-
.../api/entity/resource/ExternalResource.java | 2 +-
.../src/test/resources/domains/MasterContent.xml | 44 +++++-
.../core/persistence/jpa/dao/AbstractDAO.java | 4 +-
.../core/persistence/jpa/dao/JPARealmDAO.java | 17 ++-
.../persistence/jpa/entity/JPAEntityFactory.java | 110 +++++++++-----
.../core/persistence/jpa/entity/JPARealm.java | 50 ++++++-
.../persistence/jpa/inner/ImplementationTest.java | 9 +-
.../src/test/resources/domains/MasterContent.xml | 48 +++++-
.../java/data/ConnInstanceDataBinderImpl.java | 4 -
.../java/data/ImplementationDataBinderImpl.java | 42 ++++++
.../java/data/RealmDataBinderImpl.java | 86 ++++++++++-
.../java/data/ResourceDataBinderImpl.java | 4 -
.../org/apache/syncope/fit/AbstractITCase.java | 105 ++++++++++++-
.../org/apache/syncope/fit/core/RealmITCase.java | 166 ++++++++++++++++++++-
pom.xml | 52 ++++++-
30 files changed, 1111 insertions(+), 104 deletions(-)
diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
index 3064747..f1733f5 100644
--- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
+++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
@@ -241,7 +241,7 @@ public class ClassPathScanImplementationLookup {
idmPages.sort(Comparator.comparing(o -> o.getAnnotation(IdMPage.class).priority()));
idmPages = Collections.unmodifiableList(idmPages);
- amPages.sort(Comparator.comparing(o -> o.getAnnotation(IdMPage.class).priority()));
+ amPages.sort(Comparator.comparing(o -> o.getAnnotation(AMPage.class).priority()));
amPages = Collections.unmodifiableList(amPages);
extPages.sort(Comparator.comparing(o -> o.getAnnotation(ExtPage.class).priority()));
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/package-info.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/package-info.java
new file mode 100644
index 0000000..503eff0
--- /dev/null
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/package-info.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+@XmlSchema(namespace = SyncopeConstants.NS)
+@XmlJavaTypeAdapters({ @XmlJavaTypeAdapter(type = Date.class, value = DateAdapter.class), })
+package org.apache.syncope.common.lib.to.client;
+
+import org.apache.syncope.common.lib.SyncopeConstants;
+import org.apache.syncope.common.lib.jaxb.DateAdapter;
+
+import javax.xml.bind.annotation.XmlSchema;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapters;
+
+import java.util.Date;
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/package-info.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/package-info.java
new file mode 100644
index 0000000..54e71ba
--- /dev/null
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/package-info.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+@XmlSchema(namespace = SyncopeConstants.NS)
+@XmlJavaTypeAdapters({ @XmlJavaTypeAdapter(type = Date.class, value = DateAdapter.class), })
+package org.apache.syncope.common.lib.to;
+
+import org.apache.syncope.common.lib.SyncopeConstants;
+import org.apache.syncope.common.lib.jaxb.DateAdapter;
+
+import javax.xml.bind.annotation.XmlSchema;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapters;
+
+import java.util.Date;
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMEntitlement.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMEntitlement.java
index 06d511c..5938dd9 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMEntitlement.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMEntitlement.java
@@ -34,6 +34,26 @@ public final class AMEntitlement {
public static final String GATEWAY_ROUTE_PUSH = "GATEWAY_ROUTE_PUSH";
+ public static final String CLIENTAPP_READ = "CLIENTAPP_READ";
+
+ public static final String CLIENTAPP_LIST = "CLIENTAPP_LIST";
+
+ public static final String CLIENTAPP_CREATE = "CLIENTAPP_CREATE";
+
+ public static final String CLIENTAPP_UPDATE = "CLIENTAPP_CREATE";
+
+ public static final String CLIENTAPP_DELETE = "CLIENTAPP_DELETE";
+
+ public static final String AUTH_MODULE_LIST = "AUTH_MODULE_LIST";
+
+ public static final String AUTH_MODULE_CREATE = "AUTH_MODULE_CREATE";
+
+ public static final String AUTH_MODULE_READ = "AUTH_MODULE_READ";
+
+ public static final String AUTH_MODULE_UPDATE = "AUTH_MODULE_UPDATE";
+
+ public static final String AUTH_MODULE_DELETE = "AUTH_MODULE_DELETE";
+
private static final Set<String> VALUES;
static {
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMImplementationType.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMImplementationType.java
new file mode 100644
index 0000000..1c05727
--- /dev/null
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/AMImplementationType.java
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+import org.apache.commons.lang3.tuple.Pair;
+import java.util.Map;
+
+public final class AMImplementationType {
+
+ public static final String AUTH_POLICY_CONFIGURATIONS = "AUTH_POLICY_CONFIGURATIONS";
+
+ public static final String ACCESS_POLICY_CONFIGURATIONS = "ACCESS_POLICY_CONFIGURATIONS";
+
+ public static final String ATTR_RELEASE_POLICY_CONFIGURATIONS = "ATTR_RELEASE_CONFIGURATIONS";
+
+ private AMImplementationType() {
+ // private constructor for static utility class
+ }
+
+ private static final Map<String, String> VALUES = Map.ofEntries(
+ Pair.of(AUTH_POLICY_CONFIGURATIONS,
+ "org.apache.syncope.common.lib.policy.AuthPolicyConf"),
+ Pair.of(ATTR_RELEASE_POLICY_CONFIGURATIONS,
+ "org.apache.syncope.common.lib.policy.AttrReleasePolicyConf"),
+ Pair.of(ACCESS_POLICY_CONFIGURATIONS,
+ "org.apache.syncope.common.lib.policy.AccessPolicyConf"));
+
+ public static Map<String, String> values() {
+ return VALUES;
+ }
+}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
new file mode 100644
index 0000000..93966a5
--- /dev/null
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+import javax.xml.bind.annotation.XmlEnum;
+
+@XmlEnum
+public enum OIDCSubjectType {
+ PAIRWISE,
+ PUBLIC
+
+}
diff --git a/common/idm/lib/src/main/java/org/apache/syncope/common/lib/to/ResourceTO.java b/common/idm/lib/src/main/java/org/apache/syncope/common/lib/to/ResourceTO.java
index 20a8628..945ab80 100644
--- a/common/idm/lib/src/main/java/org/apache/syncope/common/lib/to/ResourceTO.java
+++ b/common/idm/lib/src/main/java/org/apache/syncope/common/lib/to/ResourceTO.java
@@ -82,6 +82,10 @@ public class ResourceTO implements EntityTO {
private String provisionSorter;
+ private String authPolicy;
+
+ private String accessPolicy;
+
private final List<ConnConfProperty> confOverride = new ArrayList<>();
private boolean overrideCapabilities = false;
@@ -205,6 +209,22 @@ public class ResourceTO implements EntityTO {
this.provisionSorter = provisionSorter;
}
+ public String getAuthPolicy() {
+ return authPolicy;
+ }
+
+ public void setAuthPolicy(final String authPolicy) {
+ this.authPolicy = authPolicy;
+ }
+
+ public String getAccessPolicy() {
+ return accessPolicy;
+ }
+
+ public void setAccessPolicy(final String accessPolicy) {
+ this.accessPolicy = accessPolicy;
+ }
+
@JsonIgnore
public Optional<ProvisionTO> getProvision(final String anyType) {
return provisions.stream().filter(
@@ -294,9 +314,12 @@ public class ResourceTO implements EntityTO {
append(accountPolicy, other.accountPolicy).
append(pullPolicy, other.pullPolicy).
append(pushPolicy, other.pushPolicy).
+ append(authPolicy, other.authPolicy).
+ append(accessPolicy, other.accessPolicy).
append(confOverride, other.confOverride).
append(capabilitiesOverride, other.capabilitiesOverride).
append(propagationActions, other.propagationActions).
+ append(provisionSorter, other.provisionSorter).
build();
}
@@ -319,10 +342,13 @@ public class ResourceTO implements EntityTO {
append(accountPolicy).
append(pullPolicy).
append(pushPolicy).
+ append(authPolicy).
+ append(accessPolicy).
append(confOverride).
append(overrideCapabilities).
append(capabilitiesOverride).
append(propagationActions).
+ append(provisionSorter).
build();
}
}
diff --git a/common/idrepo/lib/src/main/java/org/apache/syncope/common/lib/to/RealmTO.java b/common/idrepo/lib/src/main/java/org/apache/syncope/common/lib/to/RealmTO.java
index 910043f..037f782 100644
--- a/common/idrepo/lib/src/main/java/org/apache/syncope/common/lib/to/RealmTO.java
+++ b/common/idrepo/lib/src/main/java/org/apache/syncope/common/lib/to/RealmTO.java
@@ -54,6 +54,12 @@ public class RealmTO extends BaseBean implements NamedEntityTO, TemplatableTO {
private String passwordPolicy;
+ private String authPolicy;
+
+ private String accessPolicy;
+
+ private String attrReleasePolicy;
+
private final List<String> actions = new ArrayList<>();
@XmlJavaTypeAdapter(XmlGenericMapAdapter.class)
@@ -114,6 +120,30 @@ public class RealmTO extends BaseBean implements NamedEntityTO, TemplatableTO {
this.passwordPolicy = passwordPolicy;
}
+ public String getAuthPolicy() {
+ return authPolicy;
+ }
+
+ public void setAuthPolicy(final String authPolicy) {
+ this.authPolicy = authPolicy;
+ }
+
+ public String getAccessPolicy() {
+ return accessPolicy;
+ }
+
+ public void setAccessPolicy(final String accessPolicy) {
+ this.accessPolicy = accessPolicy;
+ }
+
+ public String getAttrReleasePolicy() {
+ return attrReleasePolicy;
+ }
+
+ public void setAttrReleasePolicy(final String attrReleasePolicy) {
+ this.attrReleasePolicy = attrReleasePolicy;
+ }
+
@XmlElementWrapper(name = "actions")
@XmlElement(name = "action")
@JsonProperty("actions")
@@ -153,6 +183,9 @@ public class RealmTO extends BaseBean implements NamedEntityTO, TemplatableTO {
append(fullPath, other.fullPath).
append(accountPolicy, other.accountPolicy).
append(passwordPolicy, other.passwordPolicy).
+ append(authPolicy, other.authPolicy).
+ append(accessPolicy, other.accessPolicy).
+ append(attrReleasePolicy, other.attrReleasePolicy).
append(actions, other.actions).
append(templates, other.templates).
append(resources, other.resources).
@@ -168,6 +201,9 @@ public class RealmTO extends BaseBean implements NamedEntityTO, TemplatableTO {
append(fullPath).
append(accountPolicy).
append(passwordPolicy).
+ append(authPolicy).
+ append(accessPolicy).
+ append(attrReleasePolicy).
append(actions).
append(templates).
append(resources).
diff --git a/core/am/logic/pom.xml b/core/am/logic/pom.xml
index 82e0d6d..e4ad801 100644
--- a/core/am/logic/pom.xml
+++ b/core/am/logic/pom.xml
@@ -43,6 +43,12 @@ under the License.
<artifactId>syncope-core-idrepo-logic</artifactId>
<version>${project.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>org.apache.syncope.common.am</groupId>
+ <artifactId>syncope-common-am-lib</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
<build>
diff --git a/core/am/logic/src/main/java/org/apache/syncope/core/logic/init/AMImplementationTypeLoader.java b/core/am/logic/src/main/java/org/apache/syncope/core/logic/init/AMImplementationTypeLoader.java
new file mode 100644
index 0000000..da5d393
--- /dev/null
+++ b/core/am/logic/src/main/java/org/apache/syncope/core/logic/init/AMImplementationTypeLoader.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.logic.init;
+
+import org.apache.syncope.common.lib.types.AMImplementationType;
+import org.apache.syncope.common.lib.types.ImplementationTypesHolder;
+import org.apache.syncope.core.persistence.api.SyncopeCoreLoader;
+import org.springframework.core.Ordered;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AMImplementationTypeLoader implements SyncopeCoreLoader {
+
+ @Override
+ public int getOrder() {
+ return Ordered.HIGHEST_PRECEDENCE;
+ }
+
+ @Override
+ public void load() {
+ ImplementationTypesHolder.getInstance().putAll(AMImplementationType.values());
+ }
+}
diff --git a/core/am/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java b/core/am/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
new file mode 100644
index 0000000..e887aef
--- /dev/null
+++ b/core/am/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.logic.init;
+
+import java.lang.reflect.Modifier;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import org.apache.syncope.common.lib.policy.AccessPolicyConf;
+import org.apache.syncope.common.lib.types.AMImplementationType;
+import org.apache.syncope.common.lib.types.ImplementationTypesHolder;
+import org.apache.syncope.core.persistence.api.ImplementationLookup;
+import org.apache.syncope.core.persistence.api.SyncopeCoreLoader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
+import org.springframework.core.Ordered;
+import org.springframework.core.type.filter.AssignableTypeFilter;
+import org.springframework.util.ClassUtils;
+import org.apache.syncope.common.lib.policy.AuthPolicyConf;
+
+/**
+ * Cache class names for all implementations of Syncope interfaces found in classpath, for later usage.
+ */
+public class ClassPathScanImplementationLookup implements SyncopeCoreLoader {
+
+ private static final Logger LOG = LoggerFactory.getLogger(ImplementationLookup.class);
+
+ private static final String DEFAULT_BASE_PACKAGE = "org.apache.syncope.core";
+
+ private Map<String, Set<String>> classNames;
+
+ private Map<Class<? extends AuthPolicyConf>, Class<? extends AuthPolicyConf>> authPolicyClasses;
+
+ private Map<Class<? extends AccessPolicyConf>, Class<? extends AccessPolicyConf>> accessPolicyClasses;
+
+ @Override
+ public int getOrder() {
+ return Ordered.HIGHEST_PRECEDENCE;
+ }
+
+ /**
+ * This method can be overridden by subclasses to customize classpath scan.
+ *
+ * @return basePackage for classpath scanning
+ */
+ protected static String getBasePackage() {
+ return DEFAULT_BASE_PACKAGE;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public void load() {
+ classNames = new HashMap<>();
+ ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(false);
+ ImplementationTypesHolder.getInstance().getValues().forEach((typeName, typeInterface) -> {
+ classNames.put(typeName, new HashSet<>());
+ try {
+ scanner.addIncludeFilter(new AssignableTypeFilter(
+ ClassUtils.resolveClassName(typeInterface, ClassUtils.getDefaultClassLoader())));
+ } catch (IllegalArgumentException e) {
+ LOG.error("Could not find class, ignoring...", e);
+ }
+ });
+
+ authPolicyClasses = new HashMap<>();
+ accessPolicyClasses = new HashMap<>();
+
+ scanner.findCandidateComponents(getBasePackage()).forEach(bd -> {
+ try {
+ Class<?> clazz = ClassUtils.resolveClassName(
+ Objects.requireNonNull(bd.getBeanClassName()), ClassUtils.getDefaultClassLoader());
+ boolean isAbstractClazz = Modifier.isAbstract(clazz.getModifiers());
+
+ if (AuthPolicyConf.class.isAssignableFrom(clazz) && !isAbstractClazz) {
+ classNames.get(AMImplementationType.AUTH_POLICY_CONFIGURATIONS).add(bd.getBeanClassName());
+ }
+ if (AccessPolicyConf.class.isAssignableFrom(clazz) && !isAbstractClazz) {
+ classNames.get(AMImplementationType.ACCESS_POLICY_CONFIGURATIONS).add(bd.getBeanClassName());
+ }
+ } catch (Throwable t) {
+ LOG.warn("Could not inspect class {}", bd.getBeanClassName(), t);
+ }
+ });
+
+ classNames = Collections.unmodifiableMap(classNames);
+ LOG.debug("Implementation classes found: {}", classNames);
+
+ authPolicyClasses = Collections.unmodifiableMap(authPolicyClasses);
+ accessPolicyClasses = Collections.unmodifiableMap(accessPolicyClasses);
+ }
+
+ public Set<String> getClassNames(final String type) {
+ return classNames.get(type);
+ }
+
+ public Class<? extends AuthPolicyConf> getAuthPolicyConfClass(
+ final Class<? extends AuthPolicyConf> authPolicyConfClass) {
+
+ return authPolicyClasses.get(authPolicyConfClass);
+ }
+
+ public Class<? extends AccessPolicyConf> getAccessPolicyConfClass(
+ final Class<? extends AccessPolicyConf> accessPolicyConfClass) {
+
+ return accessPolicyClasses.get(accessPolicyConfClass);
+ }
+}
diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/FopSerializer.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/FopSerializer.java
index bacec1f..5af1669 100644
--- a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/FopSerializer.java
+++ b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/FopSerializer.java
@@ -1,18 +1,20 @@
/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.syncope.core.logic.cocoon;
diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/TextSerializer.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/TextSerializer.java
index ce4ffb4..8d60855 100644
--- a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/TextSerializer.java
+++ b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/TextSerializer.java
@@ -7,7 +7,7 @@
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/XSLTTransformer.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/XSLTTransformer.java
index 271f84a..eb5dab6 100644
--- a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/XSLTTransformer.java
+++ b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/cocoon/XSLTTransformer.java
@@ -1,18 +1,20 @@
/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.syncope.core.logic.cocoon;
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Realm.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Realm.java
index c4ef281..3e2b23b 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Realm.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Realm.java
@@ -18,31 +18,46 @@
*/
package org.apache.syncope.core.persistence.api.entity;
-import java.util.List;
-import java.util.Optional;
import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
+import java.util.List;
+import java.util.Optional;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
public interface Realm extends Entity {
String getName();
+ void setName(String name);
+
Realm getParent();
+ void setParent(Realm parent);
+
String getFullPath();
AccountPolicy getAccountPolicy();
+ void setAccountPolicy(AccountPolicy accountPolicy);
+
PasswordPolicy getPasswordPolicy();
- void setName(String name);
+ void setPasswordPolicy(PasswordPolicy passwordPolicy);
- void setParent(Realm parent);
+ void setAuthPolicy(AuthPolicy authPolicy);
- void setAccountPolicy(AccountPolicy accountPolicy);
+ AuthPolicy getAuthPolicy();
- void setPasswordPolicy(PasswordPolicy passwordPolicy);
+ void setAccessPolicy(AccessPolicy accessPolicy);
+
+ AccessPolicy getAccessPolicy();
+
+ void setAttrReleasePolicy(AttrReleasePolicy policy);
+
+ AttrReleasePolicy getAttrReleasePolicy();
boolean add(Implementation action);
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/resource/ExternalResource.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/resource/ExternalResource.java
index 1bb44d9..8ad9c40 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/resource/ExternalResource.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/resource/ExternalResource.java
@@ -63,7 +63,7 @@ public interface ExternalResource extends ProvidedKeyEntity {
void setPullPolicy(PullPolicy pullPolicy);
PushPolicy getPushPolicy();
-
+
Implementation getProvisionSorter();
void setProvisionSorter(Implementation provisionSorter);
diff --git a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
index 7669c7b..8e82492 100644
--- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
@@ -43,6 +43,48 @@ under the License.
<Implementation id="DefaultPasswordRuleConf3" type="PASSWORD_RULE" engine="JAVA"
body='{"@class":"org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf","maxLength":0,"minLength":10,"nonAlphanumericRequired":true,"alphanumericRequired":false,"digitRequired":true,"lowercaseRequired":true,"uppercaseRequired":true,"mustStartWithDigit":true,"mustntStartWithDigit":false,"mustEndWithDigit":true,"mustntEndWithDigit":false,"mustStartWithNonAlpha":false,"mustStartWithAlpha":false,"mustntStartWithNonAlpha":false,"mustntStartWithAlpha":false,"mustEndWit [...]
<PasswordPolicyRule policy_id="55e5de0b-c79c-4e66-adda-251b6fb8579a" implementation_id="DefaultPasswordRuleConf3"/>
+
+ <!-- authentication policies -->
+ <Implementation id="MyDefaultAuthPolicyConf" type="AUTH_POLICY_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf","authModules":["LdapAuthenticationTest"]}'/>
+ <AuthPolicy id="659b9906-4b6e-4bc0-aca0-6809dff346d4" name="MyDefaultAuthPolicyConf" description="an authentication policy"/>
+ <AuthPolicy id="b912a0d4-a890-416f-9ab8-84ab077eb028" name="DefaultAuthPolicy" description="Default authentication policy"/>
+
+ <!-- access policies -->
+ <Implementation id="MyDefaultAccessPolicyConf" type="ACCESS_POLICY_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf","name":"MyDefaultAccessPolicyConf","enabled":true,"ssoEnabled":true}'/>
+ <AccessPolicy id="419935c7-deb3-40b3-8a9a-683037e523a2" name="MyDefaultAccessPolicyConf" description="an access policy"/>
+
+ <!-- Attr Release Policies -->
+ <Implementation id="AllowedAttrReleasePolicyConf" type="ATTR_RELEASE_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.AllowedAttrReleasePolicyConf","name":"AllowedAttrReleasePolicy","allowedAttributes":["cn","givenName","uid"]}'/>
+ <AttrReleasePolicy id="319935c7-deb3-40b3-8a9a-683037e523a2" name="AllowedAttrReleasePolicy" description="allowed attribute release policy policy"/>
+
+ <Implementation id="DenyAttrReleasePolicyConf" type="ATTR_RELEASE_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.AllowedAttrReleasePolicyConf","name":"DenyAttrReleasePolicyConf"}'/>
+ <AttrReleasePolicy id="219935c7-deb3-40b3-8a9a-683037e523a2" name="DenyAttrReleasePolicy" description="deny attribute release policy policy"/>
+
+ <!-- Authentication modules -->
+ <AuthModule id="be456831-593d-4003-b273-4c3fb61700df" name="DefaultLDAPAuthModule"
+ description="LDAP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","name":"MyLDAPAuthModuleConf","userIdAttribute":"uid","bindCredential":"Password","ldapUrl":"ldap://localhost:1389","searchFilter":"cn={user}","baseDn":"dc=example,dc=org","subtreeSearch":true}'/>
+ <AuthModule id="4c3ed7e8-7008-11ea-bc55-0242ac130003" name="DefaultJDBCAuthModule"
+ description="JDBC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","name":"MyJDBCAuthModuleConf", "sql":"SELECT * FROM table WHERE name=?"}'/>
+ <AuthModule id="4c3ed4e6-7008-11ea-bc55-0242ac130003" name="DefaultGoogleMfaAuthModule"
+ description="Google Mfa auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf","name":"MyGoogleMfaAuthModuleConf","codeDigits":6,"issuer":"SyncopeTest"}'/>
+ <AuthModule id="4c3ed8f6-7008-11ea-bc55-0242ac130003" name="DefaultOIDCAuthModule"
+ description="OIDC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.OIDCAuthModuleConf","name":"MyOIDCAuthModuleConf", "discoveryUri":"www.testurl.com"}'/>
+ <AuthModule id="4c3ed9d2-7008-11ea-bc55-0242ac130003" name="DefaultSAML2IdPAuthModule"
+ description="SAML2 IdP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf","name":"MySAML2IdPAuthModuleConf", "providerName":"testProviderName","serviceProviderMetadataPath":"file:/etc/metadata"}'/>
+ <AuthModule id="4c3edbbc-7008-11ea-bc55-0242ac130003" name="DefaultJaasAuthModule"
+ description="Jaas auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JaasAuthModuleConf","name":"MyJaasAuthModuleConf","realm":"SYNCOPE","kerberosRealmSystemProperty":"sample-value"}'/>
+ <AuthModule id="4c3edc98-7008-11ea-bc55-0242ac130003" name="DefaultStaticAuthModule"
+ description="Static auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","name":"MyStaticAuthModuleConf","users":{"user1": "testUserPassword123"}}'/>
+ <AuthModule id="4c3edd60-7008-11ea-bc55-0242ac130003" name="DefaultSyncopeAuthModule"
+ description="Syncope auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","name":"MySyncopeAuthModuleConf","domain":"Master","url":"http://mydomain.com/syncope/rest"}'/>
+ <AuthModule id="07c528f3-63b4-4dc1-a4da-87f35b8bdec8" name="DefaultRadiusAuthModule"
+ description="Radius auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.RadiusAuthModuleConf","name":"MyRadiusAuthModuleConf","protocol":"MSCHAPv2","inetAddress":"1.2.3.4", "sharedSecret":"thesecret"}'/>
+ <AuthModule id="f6e1288d-50d9-45fe-82ee-597c42242205" name="DefaultU2FAuthModule"
+ description="U2F auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","name":"MyU2FAuthModuleConf","expireDevices":40}'/>
<RelationshipType id="inclusion" description="Models the act that an object is included in another"/>
<RelationshipType id="neighborhood" description="Models the act that an object is near another"/>
@@ -2383,4 +2425,4 @@ $$ }
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[AnyObjectLogic]:[]:[unassign]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[AnyObjectLogic]:[]:[unlink]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[AnyObjectLogic]:[]:[update]:[SUCCESS]" logLevel="DEBUG"/>
-</dataset>
\ No newline at end of file
+</dataset>
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractDAO.java
index fd87b30..899c3a5 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractDAO.java
@@ -19,10 +19,10 @@
package org.apache.syncope.core.persistence.jpa.dao;
import javax.persistence.EntityManager;
-import org.apache.syncope.core.spring.security.AuthContextUtils;
-import org.apache.syncope.core.spring.ApplicationContextProvider;
import org.apache.syncope.core.persistence.api.dao.DAO;
import org.apache.syncope.core.persistence.api.entity.Entity;
+import org.apache.syncope.core.spring.ApplicationContextProvider;
+import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Configurable;
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARealmDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARealmDAO.java
index 1773a9b..b0abd08 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARealmDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPARealmDAO.java
@@ -32,6 +32,8 @@ import org.apache.syncope.core.persistence.api.dao.RoleDAO;
import org.apache.syncope.core.persistence.api.entity.Implementation;
import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy;
import org.apache.syncope.core.persistence.api.entity.Realm;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.Policy;
import org.apache.syncope.core.persistence.api.entity.policy.ProvisioningPolicy;
@@ -41,6 +43,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
@Repository
public class JPARealmDAO extends AbstractDAO<Realm> implements RealmDAO {
@@ -147,10 +150,22 @@ public class JPARealmDAO extends AbstractDAO<Realm> implements RealmDAO {
if (ProvisioningPolicy.class.isAssignableFrom(policy.getClass())) {
return Collections.<Realm>emptyList();
}
+ String policyColumn = null;
+ if (policy instanceof AccountPolicy) {
+ policyColumn = "accountPolicy";
+ } else if (policy instanceof PasswordPolicy) {
+ policyColumn = "passwordPolicy";
+ } else if (policy instanceof AuthPolicy) {
+ policyColumn = "authPolicy";
+ } else if (policy instanceof AccessPolicy) {
+ policyColumn = "accessPolicy";
+ } else if (policy instanceof AttrReleasePolicy) {
+ policyColumn = "attrReleasePolicy";
+ }
TypedQuery<Realm> query = entityManager().createQuery(
"SELECT e FROM " + JPARealm.class.getSimpleName() + " e WHERE e."
- + (policy instanceof AccountPolicy ? "accountPolicy" : "passwordPolicy") + "=:policy", Realm.class);
+ + policyColumn + "=:policy", Realm.class);
query.setParameter("policy", policy);
List<Realm> result = new ArrayList<>();
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAEntityFactory.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAEntityFactory.java
index b2a6786..a034449 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAEntityFactory.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAEntityFactory.java
@@ -19,15 +19,7 @@
package org.apache.syncope.core.persistence.jpa.entity;
import org.apache.syncope.core.persistence.api.dao.AnySearchDAO;
-import org.apache.syncope.core.persistence.jpa.entity.user.JPASecurityQuestion;
import org.apache.syncope.core.persistence.api.entity.AccessToken;
-import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPasswordPolicy;
-import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPullPolicy;
-import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccountPolicy;
-import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPushPolicy;
-import org.apache.syncope.core.persistence.jpa.entity.user.JPADynRoleMembership;
-import org.apache.syncope.core.persistence.jpa.entity.resource.JPAExternalResource;
-import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy;
import org.apache.syncope.core.persistence.api.entity.AnyAbout;
import org.apache.syncope.core.persistence.api.entity.AnyTemplateRealm;
import org.apache.syncope.core.persistence.api.entity.AnyType;
@@ -37,22 +29,25 @@ import org.apache.syncope.core.persistence.api.entity.Batch;
import org.apache.syncope.core.persistence.api.entity.ConnInstance;
import org.apache.syncope.core.persistence.api.entity.ConnPoolConf;
import org.apache.syncope.core.persistence.api.entity.DerSchema;
-import org.apache.syncope.core.persistence.api.entity.user.DynRoleMembership;
+import org.apache.syncope.core.persistence.api.entity.DynRealm;
+import org.apache.syncope.core.persistence.api.entity.DynRealmMembership;
import org.apache.syncope.core.persistence.api.entity.Entity;
import org.apache.syncope.core.persistence.api.entity.EntityFactory;
-import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
+import org.apache.syncope.core.persistence.api.entity.GatewayRoute;
+import org.apache.syncope.core.persistence.api.entity.Implementation;
import org.apache.syncope.core.persistence.api.entity.Logger;
import org.apache.syncope.core.persistence.api.entity.MailTemplate;
import org.apache.syncope.core.persistence.api.entity.Notification;
-import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
import org.apache.syncope.core.persistence.api.entity.PlainSchema;
-import org.apache.syncope.core.persistence.api.entity.policy.PushPolicy;
+import org.apache.syncope.core.persistence.api.entity.Privilege;
import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.RelationshipType;
+import org.apache.syncope.core.persistence.api.entity.Remediation;
import org.apache.syncope.core.persistence.api.entity.Report;
import org.apache.syncope.core.persistence.api.entity.ReportExec;
import org.apache.syncope.core.persistence.api.entity.ReportTemplate;
import org.apache.syncope.core.persistence.api.entity.Role;
+import org.apache.syncope.core.persistence.api.entity.SchemaLabel;
import org.apache.syncope.core.persistence.api.entity.VirSchema;
import org.apache.syncope.core.persistence.api.entity.anyobject.ADynGroupMembership;
import org.apache.syncope.core.persistence.api.entity.anyobject.AMembership;
@@ -61,20 +56,43 @@ import org.apache.syncope.core.persistence.api.entity.anyobject.APlainAttrUnique
import org.apache.syncope.core.persistence.api.entity.anyobject.APlainAttrValue;
import org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship;
import org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject;
+import org.apache.syncope.core.persistence.api.entity.auth.AuthModule;
+import org.apache.syncope.core.persistence.api.entity.auth.AuthModuleItem;
+import org.apache.syncope.core.persistence.api.entity.auth.OIDCRP;
+import org.apache.syncope.core.persistence.api.entity.auth.SAML2SP;
import org.apache.syncope.core.persistence.api.entity.group.GPlainAttr;
import org.apache.syncope.core.persistence.api.entity.group.GPlainAttrUniqueValue;
import org.apache.syncope.core.persistence.api.entity.group.GPlainAttrValue;
import org.apache.syncope.core.persistence.api.entity.group.Group;
import org.apache.syncope.core.persistence.api.entity.group.TypeExtension;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.PullCorrelationRuleEntity;
+import org.apache.syncope.core.persistence.api.entity.policy.PullPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.PushCorrelationRuleEntity;
+import org.apache.syncope.core.persistence.api.entity.policy.PushPolicy;
+import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.persistence.api.entity.resource.Mapping;
import org.apache.syncope.core.persistence.api.entity.resource.MappingItem;
+import org.apache.syncope.core.persistence.api.entity.resource.OrgUnit;
+import org.apache.syncope.core.persistence.api.entity.resource.OrgUnitItem;
import org.apache.syncope.core.persistence.api.entity.resource.Provision;
+import org.apache.syncope.core.persistence.api.entity.task.AnyTemplatePullTask;
import org.apache.syncope.core.persistence.api.entity.task.NotificationTask;
import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
+import org.apache.syncope.core.persistence.api.entity.task.PullTask;
import org.apache.syncope.core.persistence.api.entity.task.PushTask;
import org.apache.syncope.core.persistence.api.entity.task.PushTaskAnyFilter;
import org.apache.syncope.core.persistence.api.entity.task.SchedTask;
import org.apache.syncope.core.persistence.api.entity.task.TaskExec;
+import org.apache.syncope.core.persistence.api.entity.user.DynRoleMembership;
+import org.apache.syncope.core.persistence.api.entity.user.LAPlainAttr;
+import org.apache.syncope.core.persistence.api.entity.user.LAPlainAttrUniqueValue;
+import org.apache.syncope.core.persistence.api.entity.user.LAPlainAttrValue;
+import org.apache.syncope.core.persistence.api.entity.user.LinkedAccount;
import org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion;
import org.apache.syncope.core.persistence.api.entity.user.UDynGroupMembership;
import org.apache.syncope.core.persistence.api.entity.user.UMembership;
@@ -83,6 +101,7 @@ import org.apache.syncope.core.persistence.api.entity.user.UPlainAttrUniqueValue
import org.apache.syncope.core.persistence.api.entity.user.UPlainAttrValue;
import org.apache.syncope.core.persistence.api.entity.user.URelationship;
import org.apache.syncope.core.persistence.api.entity.user.User;
+import org.apache.syncope.core.persistence.jpa.dao.JPAAnySearchDAO;
import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAADynGroupMembership;
import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAAMembership;
import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAAPlainAttr;
@@ -90,22 +109,42 @@ import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAAPlainAttrUni
import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAAPlainAttrValue;
import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAARelationship;
import org.apache.syncope.core.persistence.jpa.entity.anyobject.JPAAnyObject;
+import org.apache.syncope.core.persistence.jpa.entity.auth.JPAOIDCRP;
+import org.apache.syncope.core.persistence.jpa.entity.auth.JPASAML2SP;
import org.apache.syncope.core.persistence.jpa.entity.group.JPAGPlainAttr;
import org.apache.syncope.core.persistence.jpa.entity.group.JPAGPlainAttrUniqueValue;
import org.apache.syncope.core.persistence.jpa.entity.group.JPAGPlainAttrValue;
import org.apache.syncope.core.persistence.jpa.entity.group.JPAGroup;
import org.apache.syncope.core.persistence.jpa.entity.group.JPATypeExtension;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccessPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccountPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAttrReleasePolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAuthPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPasswordPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPullCorrelationRuleEntity;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPullPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPushCorrelationRuleEntity;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPushPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.resource.JPAExternalResource;
import org.apache.syncope.core.persistence.jpa.entity.resource.JPAMapping;
import org.apache.syncope.core.persistence.jpa.entity.resource.JPAMappingItem;
+import org.apache.syncope.core.persistence.jpa.entity.resource.JPAOrgUnit;
+import org.apache.syncope.core.persistence.jpa.entity.resource.JPAOrgUnitItem;
import org.apache.syncope.core.persistence.jpa.entity.resource.JPAProvision;
-import org.apache.syncope.core.persistence.jpa.entity.task.JPAPushTaskAnyFilter;
import org.apache.syncope.core.persistence.jpa.entity.task.JPAAnyTemplatePullTask;
import org.apache.syncope.core.persistence.jpa.entity.task.JPANotificationTask;
import org.apache.syncope.core.persistence.jpa.entity.task.JPAPropagationTask;
+import org.apache.syncope.core.persistence.jpa.entity.task.JPAPullTask;
import org.apache.syncope.core.persistence.jpa.entity.task.JPAPushTask;
+import org.apache.syncope.core.persistence.jpa.entity.task.JPAPushTaskAnyFilter;
import org.apache.syncope.core.persistence.jpa.entity.task.JPASchedTask;
-import org.apache.syncope.core.persistence.jpa.entity.task.JPAPullTask;
import org.apache.syncope.core.persistence.jpa.entity.task.JPATaskExec;
+import org.apache.syncope.core.persistence.jpa.entity.user.JPADynRoleMembership;
+import org.apache.syncope.core.persistence.jpa.entity.user.JPALAPlainAttr;
+import org.apache.syncope.core.persistence.jpa.entity.user.JPALAPlainAttrUniqueValue;
+import org.apache.syncope.core.persistence.jpa.entity.user.JPALAPlainAttrValue;
+import org.apache.syncope.core.persistence.jpa.entity.user.JPALinkedAccount;
+import org.apache.syncope.core.persistence.jpa.entity.user.JPASecurityQuestion;
import org.apache.syncope.core.persistence.jpa.entity.user.JPAUDynGroupMembership;
import org.apache.syncope.core.persistence.jpa.entity.user.JPAUMembership;
import org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttr;
@@ -113,34 +152,9 @@ import org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrUniqueVa
import org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrValue;
import org.apache.syncope.core.persistence.jpa.entity.user.JPAURelationship;
import org.apache.syncope.core.persistence.jpa.entity.user.JPAUser;
-import org.apache.syncope.core.persistence.api.entity.task.PullTask;
-import org.apache.syncope.core.persistence.api.entity.task.AnyTemplatePullTask;
-import org.apache.syncope.core.persistence.api.entity.policy.PullPolicy;
-import org.apache.syncope.core.persistence.api.entity.resource.OrgUnit;
-import org.apache.syncope.core.persistence.jpa.entity.resource.JPAOrgUnit;
-import org.apache.syncope.core.persistence.api.entity.DynRealm;
-import org.apache.syncope.core.persistence.api.entity.DynRealmMembership;
-import org.apache.syncope.core.persistence.api.entity.GatewayRoute;
-import org.apache.syncope.core.persistence.api.entity.Implementation;
-import org.apache.syncope.core.persistence.api.entity.Privilege;
-import org.apache.syncope.core.persistence.api.entity.Remediation;
-import org.apache.syncope.core.persistence.api.entity.SchemaLabel;
-import org.apache.syncope.core.persistence.api.entity.resource.OrgUnitItem;
-import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPullCorrelationRuleEntity;
-import org.apache.syncope.core.persistence.jpa.entity.resource.JPAOrgUnitItem;
-import org.apache.syncope.core.persistence.api.entity.policy.PullCorrelationRuleEntity;
-import org.apache.syncope.core.persistence.api.entity.policy.PushCorrelationRuleEntity;
-import org.apache.syncope.core.persistence.api.entity.user.LAPlainAttr;
-import org.apache.syncope.core.persistence.api.entity.user.LAPlainAttrUniqueValue;
-import org.apache.syncope.core.persistence.api.entity.user.LAPlainAttrValue;
-import org.apache.syncope.core.persistence.api.entity.user.LinkedAccount;
-import org.apache.syncope.core.persistence.jpa.dao.JPAAnySearchDAO;
-import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPushCorrelationRuleEntity;
-import org.apache.syncope.core.persistence.jpa.entity.user.JPALAPlainAttr;
-import org.apache.syncope.core.persistence.jpa.entity.user.JPALAPlainAttrUniqueValue;
-import org.apache.syncope.core.persistence.jpa.entity.user.JPALAPlainAttrValue;
-import org.apache.syncope.core.persistence.jpa.entity.user.JPALinkedAccount;
import org.apache.syncope.core.spring.security.SecureRandomUtils;
+import org.apache.syncope.core.persistence.jpa.entity.auth.JPAAuthModule;
+import org.apache.syncope.core.persistence.jpa.entity.auth.JPAAuthModuleItem;
public class JPAEntityFactory implements EntityFactory {
@@ -293,6 +307,20 @@ public class JPAEntityFactory implements EntityFactory {
result = (E) new JPABatch();
} else if (reference.equals(GatewayRoute.class)) {
result = (E) new JPAGatewayRoute();
+ } else if (reference.equals(AuthModule.class)) {
+ result = (E) new JPAAuthModule();
+ } else if (reference.equals(AuthModuleItem.class)) {
+ result = (E) new JPAAuthModuleItem();
+ } else if (reference.equals(AuthPolicy.class)) {
+ result = (E) new JPAAuthPolicy();
+ } else if (reference.equals(AccessPolicy.class)) {
+ result = (E) new JPAAccessPolicy();
+ } else if (reference.equals(AttrReleasePolicy.class)) {
+ result = (E) new JPAAttrReleasePolicy();
+ } else if (reference.equals(OIDCRP.class)) {
+ result = (E) new JPAOIDCRP();
+ } else if (reference.equals(SAML2SP.class)) {
+ result = (E) new JPASAML2SP();
} else {
throw new IllegalArgumentException("Could not find a JPA implementation of " + reference.getName());
}
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARealm.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARealm.java
index a0ad395..abe881c 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARealm.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARealm.java
@@ -40,11 +40,17 @@ import org.apache.syncope.common.lib.types.IdRepoImplementationType;
import org.apache.syncope.core.persistence.api.entity.AnyTemplateRealm;
import org.apache.syncope.core.persistence.api.entity.AnyType;
import org.apache.syncope.core.persistence.api.entity.Implementation;
+import org.apache.syncope.core.persistence.api.entity.Realm;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
-import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccessPolicy;
import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccountPolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAttrReleasePolicy;
+import org.apache.syncope.core.persistence.jpa.entity.policy.JPAAuthPolicy;
import org.apache.syncope.core.persistence.jpa.entity.policy.JPAPasswordPolicy;
import org.apache.syncope.core.persistence.jpa.entity.resource.JPAExternalResource;
import org.apache.syncope.core.persistence.jpa.validation.entity.RealmCheck;
@@ -72,6 +78,15 @@ public class JPARealm extends AbstractGeneratedKeyEntity implements Realm {
@ManyToOne(fetch = FetchType.EAGER)
private JPAAccountPolicy accountPolicy;
+ @ManyToOne(fetch = FetchType.EAGER)
+ private JPAAuthPolicy authPolicy;
+
+ @ManyToOne(fetch = FetchType.EAGER)
+ private JPAAccessPolicy accessPolicy;
+
+ @ManyToOne(fetch = FetchType.EAGER)
+ private JPAAttrReleasePolicy attrReleasePolicy;
+
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = TABLE + "Action",
joinColumns =
@@ -145,6 +160,28 @@ public class JPARealm extends AbstractGeneratedKeyEntity implements Realm {
}
@Override
+ public AuthPolicy getAuthPolicy() {
+ return authPolicy;
+ }
+
+ @Override
+ public void setAuthPolicy(final AuthPolicy authPolicy) {
+ checkType(authPolicy, JPAAuthPolicy.class);
+ this.authPolicy = (JPAAuthPolicy) authPolicy;
+ }
+
+ @Override
+ public AccessPolicy getAccessPolicy() {
+ return accessPolicy;
+ }
+
+ @Override
+ public void setAccessPolicy(final AccessPolicy accessPolicy) {
+ checkType(accessPolicy, JPAAccessPolicy.class);
+ this.accessPolicy = (JPAAccessPolicy) accessPolicy;
+ }
+
+ @Override
public boolean add(final Implementation action) {
checkType(action, JPAImplementation.class);
checkImplementationType(action, IdRepoImplementationType.LOGIC_ACTIONS);
@@ -175,6 +212,17 @@ public class JPARealm extends AbstractGeneratedKeyEntity implements Realm {
}
@Override
+ public void setAttrReleasePolicy(final AttrReleasePolicy policy) {
+ checkType(policy, JPAAttrReleasePolicy.class);
+ this.attrReleasePolicy = (JPAAttrReleasePolicy) policy;
+ }
+
+ @Override
+ public AttrReleasePolicy getAttrReleasePolicy() {
+ return this.attrReleasePolicy;
+ }
+
+ @Override
public boolean add(final ExternalResource resource) {
checkType(resource, JPAExternalResource.class);
return resources.contains((JPAExternalResource) resource) || resources.add((JPAExternalResource) resource);
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ImplementationTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ImplementationTest.java
index 21297d0..f34a7e7 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ImplementationTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ImplementationTest.java
@@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import java.util.List;
+import org.apache.syncope.common.lib.types.AMImplementationType;
import org.apache.syncope.common.lib.types.IdMImplementationType;
import org.apache.syncope.common.lib.types.IdRepoImplementationType;
import org.apache.syncope.common.lib.types.ImplementationEngine;
@@ -44,7 +45,7 @@ public class ImplementationTest extends AbstractTest {
List<Implementation> implementations = implementationDAO.findAll();
assertFalse(implementations.isEmpty());
- assertEquals(18, implementations.size());
+ assertEquals(22, implementations.size());
implementations = implementationDAO.findByType(IdMImplementationType.PULL_ACTIONS);
assertEquals(1, implementations.size());
@@ -72,6 +73,12 @@ public class ImplementationTest extends AbstractTest {
implementations = implementationDAO.findByType(IdMImplementationType.PUSH_CORRELATION_RULE);
assertEquals(1, implementations.size());
+
+ implementations = implementationDAO.findByType(AMImplementationType.AUTH_POLICY_CONFIGURATIONS);
+ assertEquals(1, implementations.size());
+
+ implementations = implementationDAO.findByType(AMImplementationType.ACCESS_POLICY_CONFIGURATIONS);
+ assertEquals(1, implementations.size());
}
@Test
diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
index f338a2b..b484956 100644
--- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
@@ -43,6 +43,48 @@ under the License.
<Implementation id="DefaultPasswordRuleConf3" type="PASSWORD_RULE" engine="JAVA"
body='{"@class":"org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf","maxLength":0,"minLength":10,"nonAlphanumericRequired":true,"alphanumericRequired":false,"digitRequired":true,"lowercaseRequired":true,"uppercaseRequired":true,"mustStartWithDigit":true,"mustntStartWithDigit":false,"mustEndWithDigit":true,"mustntEndWithDigit":false,"mustStartWithNonAlpha":false,"mustStartWithAlpha":false,"mustntStartWithNonAlpha":false,"mustntStartWithAlpha":false,"mustEndWit [...]
<PasswordPolicyRule policy_id="55e5de0b-c79c-4e66-adda-251b6fb8579a" implementation_id="DefaultPasswordRuleConf3"/>
+
+ <!-- Authentication policies -->
+ <Implementation id="MyDefaultAuthPolicyConf" type="AUTH_POLICY_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf","authModules":["LdapAuthenticationTest"]}'/>
+ <AuthPolicy id="659b9906-4b6e-4bc0-aca0-6809dff346d4" name="MyDefaultAuthPolicyConf" description="an authentication policy"/>
+ <AuthPolicy id="b912a0d4-a890-416f-9ab8-84ab077eb028" name="DefaultAuthPolicy" description="Default authentication policy"/>
+
+ <!-- Access policies -->
+ <Implementation id="MyDefaultAccessPolicyConf" type="ACCESS_POLICY_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf","name":"MyDefaultAccessPolicyConf","enabled":true,"ssoEnabled":true}'/>
+ <AccessPolicy id="419935c7-deb3-40b3-8a9a-683037e523a2" name="MyDefaultAccessPolicyConf" description="an access policy"/>
+
+ <!-- Attr Release Policies -->
+ <Implementation id="AllowedAttrReleasePolicyConf" type="ATTR_RELEASE_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.AllowedAttrReleasePolicyConf","name":"AllowedAttrReleasePolicy","allowedAttributes":["cn","givenName","uid"]}'/>
+ <AttrReleasePolicy id="319935c7-deb3-40b3-8a9a-683037e523a2" name="AllowedAttrReleasePolicy" description="allowed attribute release policy policy"/>
+
+ <Implementation id="DenyAttrReleasePolicyConf" type="ATTR_RELEASE_CONFIGURATIONS" engine="JAVA"
+ body='{"@class":"org.apache.syncope.common.lib.policy.AllowedAttrReleasePolicyConf","name":"DenyAttrReleasePolicyConf"}'/>
+ <AttrReleasePolicy id="219935c7-deb3-40b3-8a9a-683037e523a2" name="DenyAttrReleasePolicy" description="deny attribute release policy policy"/>
+
+ <!-- Authentication modules -->
+ <AuthModule id="be456831-593d-4003-b273-4c3fb61700df" name="DefaultLDAPAuthModule"
+ description="LDAP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","name":"MyLDAPAuthModuleConf","userIdAttribute":"uid","bindCredential":"Password","ldapUrl":"ldap://localhost:1389","searchFilter":"cn={user}","baseDn":"dc=example,dc=org","subtreeSearch":true}'/>
+ <AuthModule id="4c3ed7e8-7008-11ea-bc55-0242ac130003" name="DefaultJDBCAuthModule"
+ description="JDBC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","name":"MyJDBCAuthModuleConf", "sql":"SELECT * FROM table WHERE name=?"}'/>
+ <AuthModule id="4c3ed4e6-7008-11ea-bc55-0242ac130003" name="DefaultGoogleMfaAuthModule"
+ description="Google Mfa auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf","name":"MyGoogleMfaAuthModuleConf","codeDigits":6,"issuer":"SyncopeTest"}'/>
+ <AuthModule id="4c3ed8f6-7008-11ea-bc55-0242ac130003" name="DefaultOIDCAuthModule"
+ description="OIDC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.OIDCAuthModuleConf","name":"MyOIDCAuthModuleConf", "discoveryUri":"www.testurl.com"}'/>
+ <AuthModule id="4c3ed9d2-7008-11ea-bc55-0242ac130003" name="DefaultSAML2IdPAuthModule"
+ description="SAML2 IdP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf","name":"MySAML2IdPAuthModuleConf", "providerName":"testProviderName","serviceProviderMetadataPath":"file:/etc/metadata"}'/>
+ <AuthModule id="4c3edbbc-7008-11ea-bc55-0242ac130003" name="DefaultJaasAuthModule"
+ description="Jaas auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JaasAuthModuleConf","name":"MyJaasAuthModuleConf","realm":"SYNCOPE","kerberosRealmSystemProperty":"sample-value"}'/>
+ <AuthModule id="4c3edc98-7008-11ea-bc55-0242ac130003" name="DefaultStaticAuthModule"
+ description="Static auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","name":"MyStaticAuthModuleConf","users":{"user1": "testUserPassword123"}}'/>
+ <AuthModule id="4c3edd60-7008-11ea-bc55-0242ac130003" name="DefaultSyncopeAuthModule"
+ description="Syncope auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","name":"MySyncopeAuthModuleConf","domain":"Master","url":"http://mydomain.com/syncope/rest"}'/>
+ <AuthModule id="07c528f3-63b4-4dc1-a4da-87f35b8bdec8" name="DefaultRadiusAuthModule"
+ description="Radius auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.RadiusAuthModuleConf","name":"MyRadiusAuthModuleConf","protocol":"MSCHAPv2","inetAddress":"1.2.3.4", "sharedSecret":"thesecret"}'/>
+ <AuthModule id="f6e1288d-50d9-45fe-82ee-597c42242205" name="DefaultU2FAuthModule"
+ description="U2F auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","name":"MyU2FAuthModuleConf","expireDevices":40}'/>
<RelationshipType id="inclusion" description="Models the act that an object is included in another"/>
<RelationshipType id="neighborhood" description="Models the act that an object is near another"/>
@@ -500,7 +542,7 @@ under the License.
<GPlainAttr id="22690472-ed3f-4972-8979-4c9251fab044" owner_id="ba9ed509-b1f5-48ab-a334-c8530a6422dc" schema_id="title"/>
<GPlainAttrValue attribute_id="22690472-ed3f-4972-8979-4c9251fab044" id="e16765e6-f806-469e-ae34-1ddf56f2102a" stringValue="r13"/>
-
+
<!-- pull policies -->
<PullPolicy id="66691e96-285f-4464-bc19-e68384ea4c85" description="a pull policy" conflictResolutionAction="IGNORE"/>
<PullPolicy id="880f8553-069b-4aed-9930-2cd53873f544" description="another pull policy" conflictResolutionAction="ALL"/>
@@ -2451,7 +2493,6 @@ $$ }
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[UserLogic]:[]:[unassign]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[UserLogic]:[]:[unlink]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[UserLogic]:[]:[update]:[SUCCESS]" logLevel="DEBUG"/>
-
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[GroupLogic]:[]:[assign]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[GroupLogic]:[]:[create]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[GroupLogic]:[]:[deprovision]:[SUCCESS]" logLevel="DEBUG"/>
@@ -2469,4 +2510,5 @@ $$ }
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[AnyObjectLogic]:[]:[unassign]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[AnyObjectLogic]:[]:[unlink]:[SUCCESS]" logLevel="DEBUG"/>
<SyncopeLogger logType="AUDIT" logName="syncope.audit.[LOGIC]:[AnyObjectLogic]:[]:[update]:[SUCCESS]" logLevel="DEBUG"/>
-</dataset>
\ No newline at end of file
+
+</dataset>
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ConnInstanceDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ConnInstanceDataBinderImpl.java
index 812b1bf..9502a5d 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ConnInstanceDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ConnInstanceDataBinderImpl.java
@@ -24,7 +24,6 @@ import java.util.Collections;
import java.util.List;
import java.util.Optional;
import org.apache.commons.lang3.tuple.Pair;
-import org.apache.syncope.common.keymaster.client.api.ConfParamOps;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.ConnInstanceTO;
import org.apache.syncope.common.lib.to.ConnPoolConfTO;
@@ -60,9 +59,6 @@ public class ConnInstanceDataBinderImpl implements ConnInstanceDataBinder {
private RealmDAO realmDAO;
@Autowired
- private ConfParamOps confParamOps;
-
- @Autowired
private EntityFactory entityFactory;
@Override
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ImplementationDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ImplementationDataBinderImpl.java
index 0cfe2ff..9df9f8c 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ImplementationDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ImplementationDataBinderImpl.java
@@ -21,9 +21,12 @@ package org.apache.syncope.core.provisioning.java.data;
import java.lang.reflect.Modifier;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.SyncopeClientException;
+import org.apache.syncope.common.lib.policy.AccessPolicyConf;
+import org.apache.syncope.common.lib.policy.AttrReleasePolicyConf;
import org.apache.syncope.common.lib.policy.RuleConf;
import org.apache.syncope.common.lib.report.ReportletConf;
import org.apache.syncope.common.lib.to.ImplementationTO;
+import org.apache.syncope.common.lib.types.AMImplementationType;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.IdMImplementationType;
import org.apache.syncope.common.lib.types.IdRepoImplementationType;
@@ -34,6 +37,8 @@ import org.apache.syncope.core.persistence.api.dao.PasswordRule;
import org.apache.syncope.core.persistence.api.dao.Reportlet;
import org.apache.syncope.core.persistence.api.entity.EntityFactory;
import org.apache.syncope.core.persistence.api.entity.Implementation;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
import org.apache.syncope.core.provisioning.api.LogicActions;
import org.apache.syncope.core.provisioning.api.data.ImplementationDataBinder;
import org.apache.syncope.core.provisioning.api.data.ItemTransformer;
@@ -51,6 +56,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import org.apache.syncope.common.lib.policy.AuthPolicyConf;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
@Component
public class ImplementationDataBinderImpl implements ImplementationDataBinder {
@@ -149,6 +156,17 @@ public class ImplementationDataBinderImpl implements ImplementationDataBinder {
base = ProvisionSorter.class;
break;
+ case AMImplementationType.ACCESS_POLICY_CONFIGURATIONS:
+ base = AccessPolicy.class;
+ break;
+
+ case AMImplementationType.AUTH_POLICY_CONFIGURATIONS:
+ base = AuthPolicy.class;
+ break;
+
+ case AMImplementationType.ATTR_RELEASE_POLICY_CONFIGURATIONS:
+ base = AttrReleasePolicy.class;
+ break;
default:
}
@@ -158,6 +176,30 @@ public class ImplementationDataBinderImpl implements ImplementationDataBinder {
}
switch (implementation.getType()) {
+ case AMImplementationType.ACCESS_POLICY_CONFIGURATIONS:
+ AccessPolicyConf accessPolicyConf =
+ POJOHelper.deserialize(implementation.getBody(), AccessPolicyConf.class);
+ if (accessPolicyConf == null) {
+ sce.getElements().add("Could not deserialize as AccessPolicy");
+ throw sce;
+ }
+ break;
+ case AMImplementationType.ATTR_RELEASE_POLICY_CONFIGURATIONS:
+ AttrReleasePolicyConf policyConf =
+ POJOHelper.deserialize(implementation.getBody(), AttrReleasePolicyConf.class);
+ if (policyConf == null) {
+ sce.getElements().add("Could not deserialize as AttrReleasePolicy");
+ throw sce;
+ }
+ break;
+ case AMImplementationType.AUTH_POLICY_CONFIGURATIONS:
+ AuthPolicyConf authPolicyConf =
+ POJOHelper.deserialize(implementation.getBody(), AuthPolicyConf.class);
+ if (authPolicyConf == null) {
+ sce.getElements().add("Could not deserialize as AuthPolicy");
+ throw sce;
+ }
+ break;
case IdRepoImplementationType.REPORTLET:
ReportletConf reportlet = POJOHelper.deserialize(implementation.getBody(), ReportletConf.class);
if (reportlet == null) {
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RealmDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RealmDataBinderImpl.java
index 236027c..00599ff 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RealmDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RealmDataBinderImpl.java
@@ -36,6 +36,8 @@ import org.apache.syncope.core.persistence.api.entity.EntityFactory;
import org.apache.syncope.core.persistence.api.entity.Implementation;
import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
import org.apache.syncope.core.persistence.api.entity.Realm;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
import org.apache.syncope.core.persistence.api.entity.policy.Policy;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.provisioning.api.data.RealmDataBinder;
@@ -43,6 +45,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
@Component
public class RealmDataBinderImpl implements RealmDataBinder {
@@ -67,9 +70,6 @@ public class RealmDataBinderImpl implements RealmDataBinder {
@Autowired
private EntityFactory entityFactory;
- @Autowired
- private TemplateUtils templateUtils;
-
private void setTemplates(final RealmTO realmTO, final Realm realm) {
// validate JEXL expressions from templates and proceed if fine
TemplateUtils.check(realmTO.getTemplates(), ClientExceptionType.InvalidRealm);
@@ -123,6 +123,39 @@ public class RealmDataBinderImpl implements RealmDataBinder {
throw sce;
}
}
+ if (realmTO.getAuthPolicy() != null) {
+ Policy policy = policyDAO.find(realmTO.getAuthPolicy());
+ if (policy instanceof AuthPolicy) {
+ realm.setAuthPolicy((AuthPolicy) policy);
+ } else {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
+ sce.getElements().add("Expected " + AuthPolicy.class.getSimpleName()
+ + ", found " + policy.getClass().getSimpleName());
+ throw sce;
+ }
+ }
+ if (realmTO.getAccessPolicy() != null) {
+ Policy policy = policyDAO.find(realmTO.getAccessPolicy());
+ if (policy instanceof AccessPolicy) {
+ realm.setAccessPolicy((AccessPolicy) policy);
+ } else {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
+ sce.getElements().add("Expected " + AccessPolicy.class.getSimpleName()
+ + ", found " + policy.getClass().getSimpleName());
+ throw sce;
+ }
+ }
+ if (realmTO.getAttrReleasePolicy() != null) {
+ Policy policy = policyDAO.find(realmTO.getAttrReleasePolicy());
+ if (policy instanceof AttrReleasePolicy) {
+ realm.setAttrReleasePolicy((AttrReleasePolicy) policy);
+ } else {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
+ sce.getElements().add("Expected " + AttrReleasePolicy.class.getSimpleName()
+ + ", found " + policy.getClass().getSimpleName());
+ throw sce;
+ }
+ }
realmTO.getActions().forEach(logicActionsKey -> {
Implementation logicAction = implementationDAO.find(logicActionsKey);
@@ -180,6 +213,48 @@ public class RealmDataBinderImpl implements RealmDataBinder {
}
}
+ if (realmTO.getAuthPolicy() == null) {
+ realm.setAuthPolicy(null);
+ } else {
+ Policy policy = policyDAO.find(realmTO.getAuthPolicy());
+ if (policy instanceof AuthPolicy) {
+ realm.setAuthPolicy((AuthPolicy) policy);
+ } else {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
+ sce.getElements().add("Expected " + AuthPolicy.class.getSimpleName()
+ + ", found " + policy.getClass().getSimpleName());
+ throw sce;
+ }
+ }
+
+ if (realmTO.getAccessPolicy() == null) {
+ realm.setAccessPolicy(null);
+ } else {
+ Policy policy = policyDAO.find(realmTO.getAccessPolicy());
+ if (policy instanceof AccessPolicy) {
+ realm.setAccessPolicy((AccessPolicy) policy);
+ } else {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
+ sce.getElements().add("Expected " + AccessPolicy.class.getSimpleName()
+ + ", found " + policy.getClass().getSimpleName());
+ throw sce;
+ }
+ }
+
+ if (realmTO.getAttrReleasePolicy() == null) {
+ realm.setAttrReleasePolicy(null);
+ } else {
+ Policy policy = policyDAO.find(realmTO.getAttrReleasePolicy());
+ if (policy instanceof AttrReleasePolicy) {
+ realm.setAttrReleasePolicy((AttrReleasePolicy) policy);
+ } else {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
+ sce.getElements().add("Expected " + AttrReleasePolicy.class.getSimpleName()
+ + ", found " + policy.getClass().getSimpleName());
+ throw sce;
+ }
+ }
+
realmTO.getActions().forEach(logicActionsKey -> {
Implementation logicActions = implementationDAO.find(logicActionsKey);
if (logicActions == null) {
@@ -228,6 +303,11 @@ public class RealmDataBinderImpl implements RealmDataBinder {
if (admin) {
realmTO.setAccountPolicy(realm.getAccountPolicy() == null ? null : realm.getAccountPolicy().getKey());
realmTO.setPasswordPolicy(realm.getPasswordPolicy() == null ? null : realm.getPasswordPolicy().getKey());
+ realmTO.setAuthPolicy(
+ realm.getAuthPolicy() == null ? null : realm.getAuthPolicy().getKey());
+ realmTO.setAccessPolicy(realm.getAccessPolicy() == null ? null : realm.getAccessPolicy().getKey());
+ realmTO.setAttrReleasePolicy(
+ realm.getAttrReleasePolicy() == null ? null : realm.getAttrReleasePolicy().getKey());
realm.getActions().forEach(action -> realmTO.getActions().add(action.getKey()));
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ResourceDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ResourceDataBinderImpl.java
index 1df550e..34fd19b 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ResourceDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ResourceDataBinderImpl.java
@@ -27,7 +27,6 @@ import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.keymaster.client.api.ConfParamOps;
import org.apache.syncope.common.lib.SyncopeClientCompositeException;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.AnyTypeClassTO;
@@ -97,9 +96,6 @@ public class ResourceDataBinderImpl implements ResourceDataBinder {
private AnyTypeClassDAO anyTypeClassDAO;
@Autowired
- private ConfParamOps confParamOps;
-
- @Autowired
private ImplementationDAO implementationDAO;
@Autowired
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index 38ca003..c8f8129 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -18,7 +18,6 @@
*/
package org.apache.syncope.fit;
-import static de.agilecoders.wicket.extensions.markup.html.bootstrap.icon.FontAwesome5IconType.java;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.fail;
@@ -66,6 +65,7 @@ import org.apache.syncope.common.lib.request.UserCR;
import org.apache.syncope.common.lib.to.SchemaTO;
import org.apache.syncope.common.lib.to.AnyObjectTO;
import org.apache.syncope.common.lib.Attr;
+import org.apache.syncope.common.lib.to.AccessPolicyTO;
import org.apache.syncope.common.lib.to.ConnInstanceTO;
import org.apache.syncope.common.lib.to.ResourceTO;
import org.apache.syncope.common.lib.to.GroupTO;
@@ -75,9 +75,17 @@ import org.apache.syncope.common.lib.to.ProvisioningResult;
import org.apache.syncope.common.lib.to.ReportTO;
import org.apache.syncope.common.lib.to.RoleTO;
import org.apache.syncope.common.lib.to.UserTO;
+import org.apache.syncope.common.lib.to.AuthModuleTO;
+import org.apache.syncope.common.lib.to.AuthPolicyTO;
+import org.apache.syncope.common.lib.to.client.ClientAppTO;
+import org.apache.syncope.common.lib.to.client.OIDCRPTO;
+import org.apache.syncope.common.lib.to.client.SAML2SPTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
+import org.apache.syncope.common.lib.types.ClientAppType;
+import org.apache.syncope.common.lib.types.OIDCSubjectType;
import org.apache.syncope.common.lib.types.PatchOperation;
import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.common.lib.types.SAML2SPNameId;
import org.apache.syncope.common.lib.types.SchemaType;
import org.apache.syncope.common.lib.types.TraceLevel;
import org.apache.syncope.common.rest.api.RESTHeaders;
@@ -87,11 +95,14 @@ import org.apache.syncope.common.rest.api.service.AnyObjectService;
import org.apache.syncope.common.rest.api.service.AnyTypeClassService;
import org.apache.syncope.common.rest.api.service.AnyTypeService;
import org.apache.syncope.common.rest.api.service.ApplicationService;
+import org.apache.syncope.common.rest.api.service.AuthModuleService;
import org.apache.syncope.common.rest.api.service.CamelRouteService;
+import org.apache.syncope.common.rest.api.service.ClientAppService;
import org.apache.syncope.common.rest.api.service.ConnectorService;
import org.apache.syncope.common.rest.api.service.DynRealmService;
import org.apache.syncope.common.rest.api.service.LoggerService;
import org.apache.syncope.common.rest.api.service.NotificationService;
+import org.apache.syncope.common.rest.api.service.SAML2SPService;
import org.apache.syncope.common.rest.api.service.PolicyService;
import org.apache.syncope.common.rest.api.service.ReportService;
import org.apache.syncope.common.rest.api.service.ResourceService;
@@ -107,7 +118,6 @@ import org.apache.syncope.common.rest.api.service.RemediationService;
import org.apache.syncope.common.rest.api.service.ReportTemplateService;
import org.apache.syncope.common.rest.api.service.RoleService;
import org.apache.syncope.common.rest.api.service.SAML2IdPService;
-import org.apache.syncope.common.rest.api.service.SAML2SPService;
import org.apache.syncope.common.rest.api.service.SCIMConfService;
import org.apache.syncope.common.rest.api.service.SchemaService;
import org.apache.syncope.common.rest.api.service.SecurityQuestionService;
@@ -268,6 +278,8 @@ public abstract class AbstractITCase {
protected static PolicyService policyService;
+ protected static AuthModuleService authModuleService;
+
protected static SecurityQuestionService securityQuestionService;
protected static ImplementationService implementationService;
@@ -288,6 +300,8 @@ public abstract class AbstractITCase {
protected static SCIMConfService scimConfService;
+ protected static ClientAppService clientAppService;
+
@BeforeAll
public static void securitySetup() {
try (InputStream propStream = Encryptor.class.getResourceAsStream("/security.properties")) {
@@ -352,11 +366,13 @@ public abstract class AbstractITCase {
remediationService = adminClient.getService(RemediationService.class);
gatewayRouteService = adminClient.getService(GatewayRouteService.class);
camelRouteService = adminClient.getService(CamelRouteService.class);
- saml2SpService = adminClient.getService(SAML2SPService.class);
+ saml2SpService = adminClient.getService(org.apache.syncope.common.rest.api.service.SAML2SPService.class);
saml2IdPService = adminClient.getService(SAML2IdPService.class);
oidcClientService = adminClient.getService(OIDCClientService.class);
oidcProviderService = adminClient.getService(OIDCProviderService.class);
scimConfService = adminClient.getService(SCIMConfService.class);
+ clientAppService = adminClient.getService(ClientAppService.class);
+ authModuleService = adminClient.getService(AuthModuleService.class);
}
@Autowired
@@ -559,6 +575,18 @@ public abstract class AbstractITCase {
return (T) getObject(response.getLocation(), PolicyService.class, policy.getClass());
}
+ @SuppressWarnings("unchecked")
+ protected AuthModuleTO createAuthModule(final AuthModuleTO authModule) {
+ Response response = authModuleService.create(authModule);
+ if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
+ Exception ex = clientFactory.getExceptionMapper().fromResponse(response);
+ if (ex != null) {
+ throw (RuntimeException) ex;
+ }
+ }
+ return getObject(response.getLocation(), AuthModuleService.class, authModule.getClass());
+ }
+
protected ResourceTO createResource(final ResourceTO resourceTO) {
Response response = resourceService.create(resourceTO);
if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
@@ -695,4 +723,75 @@ public abstract class AbstractITCase {
return object;
}
+
+ protected OIDCRPTO buildOIDCRP() {
+ AuthPolicyTO authPolicyTO = new AuthPolicyTO();
+ authPolicyTO.setKey("AuthPolicyTest_" + getUUIDString());
+ authPolicyTO.setDescription("Authentication Policy");
+ authPolicyTO = createPolicy(PolicyType.AUTH, authPolicyTO);
+ assertNotNull(authPolicyTO);
+
+ AccessPolicyTO accessPolicyTO = new AccessPolicyTO();
+ accessPolicyTO.setKey("AccessPolicyTest_" + getUUIDString());
+ accessPolicyTO.setDescription("Access policy");
+ accessPolicyTO = createPolicy(PolicyType.ACCESS, accessPolicyTO);
+ assertNotNull(accessPolicyTO);
+
+ OIDCRPTO oidcrpTO = new OIDCRPTO();
+ oidcrpTO.setName("ExampleRP_" + getUUIDString());
+ oidcrpTO.setClientAppId(UUID.randomUUID().getMostSignificantBits() & Long.MAX_VALUE);
+ oidcrpTO.setDescription("Example OIDC RP application");
+ oidcrpTO.setClientId("clientId_" + getUUIDString());
+ oidcrpTO.setClientSecret("secret");
+ oidcrpTO.setSubjectType(OIDCSubjectType.PUBLIC);
+ oidcrpTO.getSupportedGrantTypes().add("something");
+ oidcrpTO.getSupportedResponseTypes().add("something");
+
+ oidcrpTO.setAuthPolicy(authPolicyTO.getKey());
+ oidcrpTO.setAccessPolicy(accessPolicyTO.getKey());
+
+ return oidcrpTO;
+ }
+
+ protected SAML2SPTO buildSAML2SP() {
+ AuthPolicyTO authPolicyTO = new AuthPolicyTO();
+ authPolicyTO.setKey("AuthPolicyTest_" + getUUIDString());
+ authPolicyTO.setDescription("Authentication Policy");
+ authPolicyTO = createPolicy(PolicyType.AUTH, authPolicyTO);
+ assertNotNull(authPolicyTO);
+
+ AccessPolicyTO accessPolicyTO = new AccessPolicyTO();
+ accessPolicyTO.setKey("AccessPolicyTest_" + getUUIDString());
+ accessPolicyTO.setDescription("Access policy");
+ accessPolicyTO = createPolicy(PolicyType.ACCESS, accessPolicyTO);
+ assertNotNull(accessPolicyTO);
+
+ SAML2SPTO saml2spto = new SAML2SPTO();
+ saml2spto.setName("ExampleSAML2SP_" + getUUIDString());
+ saml2spto.setClientAppId(UUID.randomUUID().getMostSignificantBits() & Long.MAX_VALUE);
+ saml2spto.setDescription("Example SAML 2.0 service provider");
+ saml2spto.setEntityId("SAML2SPEntityId_" + getUUIDString());
+ saml2spto.setMetadataLocation("file:./test.xml");
+ saml2spto.setRequiredNameIdFormat(SAML2SPNameId.EMAIL_ADDRESS);
+ saml2spto.setEncryptionOptional(true);
+ saml2spto.setEncryptAssertions(true);
+
+ saml2spto.setAuthPolicy(authPolicyTO.getKey());
+ saml2spto.setAccessPolicy(accessPolicyTO.getKey());
+
+ return saml2spto;
+ }
+
+ @SuppressWarnings("unchecked")
+ protected <T extends ClientAppTO> T createClientApp(final ClientAppType type, final T clientAppTO) {
+ Response response = clientAppService.create(type, clientAppTO);
+ if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
+ Exception ex = clientFactory.getExceptionMapper().fromResponse(response);
+ if (ex != null) {
+ throw (RuntimeException) ex;
+ }
+ }
+ return (T) getObject(response.getLocation(), ClientAppService.class, clientAppTO.getClass());
+ }
+
}
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
index 1d8d5bc..8a0d9b2 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
@@ -27,17 +27,25 @@ import static org.junit.jupiter.api.Assertions.fail;
import java.util.List;
import java.util.Optional;
+import java.util.Set;
import java.util.UUID;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.Response;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.SyncopeConstants;
+import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
+import org.apache.syncope.common.lib.policy.AllowedAttrReleasePolicyConf;
+import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
import org.apache.syncope.common.lib.policy.AccountPolicyTO;
import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.policy.DefaultAccountRuleConf;
+import org.apache.syncope.common.lib.to.AccessPolicyTO;
+import org.apache.syncope.common.lib.to.AttrReleasePolicyTO;
+import org.apache.syncope.common.lib.to.AuthPolicyTO;
import org.apache.syncope.common.lib.to.ImplementationTO;
import org.apache.syncope.common.lib.to.PagedResult;
import org.apache.syncope.common.lib.to.ProvisioningResult;
+import org.apache.syncope.common.lib.types.AMImplementationType;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.ImplementationEngine;
import org.apache.syncope.common.lib.types.PolicyType;
@@ -99,11 +107,17 @@ public class RealmITCase extends AbstractITCase {
// 2. update setting policies
actual.setAccountPolicy("06e2ed52-6966-44aa-a177-a0ca7434201f");
actual.setPasswordPolicy("986d1236-3ac5-4a19-810c-5ab21d79cba1");
+ actual.setAuthPolicy("b912a0d4-a890-416f-9ab8-84ab077eb028");
+ actual.setAccessPolicy("419935c7-deb3-40b3-8a9a-683037e523a2");
+ actual.setAttrReleasePolicy("319935c7-deb3-40b3-8a9a-683037e523a2");
realmService.update(actual);
actual = getRealm(actual.getFullPath()).get();
assertNotNull(actual.getAccountPolicy());
assertNotNull(actual.getPasswordPolicy());
+ assertNotNull(actual.getAuthPolicy());
+ assertNotNull(actual.getAccessPolicy());
+ assertNotNull(actual.getAttrReleasePolicy());
// 3. update changing parent
actual.setParent(getRealm("/odd").get().getKey());
@@ -170,7 +184,7 @@ public class RealmITCase extends AbstractITCase {
// 2. create realm with policy assigned
RealmTO realm = new RealmTO();
- realm.setName("withppolicy");
+ realm.setName("withPolicy");
response = realmService.create(SyncopeConstants.ROOT_REALM, realm);
RealmTO[] actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
@@ -198,6 +212,156 @@ public class RealmITCase extends AbstractITCase {
}
@Test
+ public void deletingAuthPolicy() {
+ // 1. create authentication policy
+ DefaultAuthPolicyConf ruleConf = new DefaultAuthPolicyConf();
+ ruleConf.getAuthModules().addAll(List.of("LdapAuthentication1"));
+
+ ImplementationTO rule = new ImplementationTO();
+ rule.setKey("TestAuthPolicy" + getUUIDString());
+ rule.setEngine(ImplementationEngine.JAVA);
+ rule.setType(AMImplementationType.AUTH_POLICY_CONFIGURATIONS);
+ rule.setBody(POJOHelper.serialize(ruleConf));
+ Response response = implementationService.create(rule);
+ rule.setKey(response.getHeaderString(RESTHeaders.RESOURCE_KEY));
+
+ AuthPolicyTO policy = new AuthPolicyTO();
+ policy.setDescription("Test Authentication policy");
+ policy.setKey(rule.getKey());
+ policy = createPolicy(PolicyType.AUTH, policy);
+ assertNotNull(policy);
+
+ // 2. create realm with policy assigned
+ RealmTO realm = new RealmTO();
+ realm.setName("withAuthPolicy");
+
+ response = realmService.create(SyncopeConstants.ROOT_REALM, realm);
+ RealmTO[] actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
+ assertNotNull(actuals);
+ assertTrue(actuals.length > 0);
+ realm = actuals[0];
+
+ String existingAuthPolicy = realm.getAuthPolicy();
+
+ realm.setAuthPolicy(policy.getKey());
+ realmService.update(realm);
+
+ actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
+ assertNotNull(actuals);
+ assertTrue(actuals.length > 0);
+ RealmTO actual = actuals[0];
+ assertEquals(policy.getKey(), actual.getAuthPolicy());
+
+ // 3. remove policy
+ policyService.delete(PolicyType.AUTH, policy.getKey());
+
+ // 4. verify
+ actual = getRealm(actual.getFullPath()).get();
+ assertEquals(existingAuthPolicy, actual.getAuthPolicy());
+ }
+
+ @Test
+ public void deletingAccessPolicy() {
+ // 1. create access policy
+ DefaultAccessPolicyConf ruleConf = new DefaultAccessPolicyConf();
+ ruleConf.setEnabled(true);
+ ruleConf.setName("TestAccessPolicyConf" + getUUIDString());
+ ruleConf.getRequiredAttributes().put("cn", Set.of("admin", "Admin", "TheAdmin"));
+
+ ImplementationTO rule = new ImplementationTO();
+ rule.setKey("TestAccessPolicy" + getUUIDString());
+ rule.setEngine(ImplementationEngine.JAVA);
+ rule.setType(AMImplementationType.ACCESS_POLICY_CONFIGURATIONS);
+ rule.setBody(POJOHelper.serialize(ruleConf));
+ Response response = implementationService.create(rule);
+ rule.setKey(response.getHeaderString(RESTHeaders.RESOURCE_KEY));
+
+ AccessPolicyTO policy = new AccessPolicyTO();
+ policy.setDescription("Test Access policy");
+ policy.setKey(rule.getKey());
+ policy = createPolicy(PolicyType.ACCESS, policy);
+ assertNotNull(policy);
+
+ // 2. create realm with policy assigned
+ RealmTO realm = new RealmTO();
+ realm.setName("withAccessPolicy");
+
+ response = realmService.create(SyncopeConstants.ROOT_REALM, realm);
+ RealmTO[] actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
+ assertNotNull(actuals);
+ assertTrue(actuals.length > 0);
+ realm = actuals[0];
+
+ String existingAccessPolicy = realm.getAccessPolicy();
+
+ realm.setAccessPolicy(policy.getKey());
+ realmService.update(realm);
+
+ actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
+ assertNotNull(actuals);
+ assertTrue(actuals.length > 0);
+ RealmTO actual = actuals[0];
+ assertEquals(policy.getKey(), actual.getAccessPolicy());
+
+ // 3. remove policy
+ policyService.delete(PolicyType.ACCESS, policy.getKey());
+
+ // 4. verify
+ actual = getRealm(actual.getFullPath()).get();
+ assertEquals(existingAccessPolicy, actual.getAccessPolicy());
+ }
+
+ @Test
+ public void deletingAttributeReleasePolicy() {
+ // 1. create attribute release policy
+ AllowedAttrReleasePolicyConf ruleConf = new AllowedAttrReleasePolicyConf();
+ ruleConf.setName("MyDefaultAttrReleasePolicyConf" + getUUIDString());
+ ruleConf.getAllowedAttributes().addAll(List.of("cn", "givenName"));
+
+ ImplementationTO rule = new ImplementationTO();
+ rule.setKey("TestAttrReleasePolicy" + getUUIDString());
+ rule.setEngine(ImplementationEngine.JAVA);
+ rule.setType(AMImplementationType.ATTR_RELEASE_POLICY_CONFIGURATIONS);
+ rule.setBody(POJOHelper.serialize(ruleConf));
+ Response response = implementationService.create(rule);
+ rule.setKey(response.getHeaderString(RESTHeaders.RESOURCE_KEY));
+
+ AttrReleasePolicyTO policy = new AttrReleasePolicyTO();
+ policy.setDescription("Test Attribute Release policy");
+ policy.setKey(rule.getKey());
+ policy = createPolicy(PolicyType.ATTR_RELEASE, policy);
+ assertNotNull(policy);
+
+ // 2. create realm with policy assigned
+ RealmTO realm = new RealmTO();
+ realm.setName("withAttrReleasePolicy");
+
+ response = realmService.create(SyncopeConstants.ROOT_REALM, realm);
+ RealmTO[] actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
+ assertNotNull(actuals);
+ assertTrue(actuals.length > 0);
+ realm = actuals[0];
+
+ String existingAttrReleasePolicy = realm.getAttrReleasePolicy();
+
+ realm.setAttrReleasePolicy(policy.getKey());
+ realmService.update(realm);
+
+ actuals = getObject(response.getLocation(), RealmService.class, RealmTO[].class);
+ assertNotNull(actuals);
+ assertTrue(actuals.length > 0);
+ RealmTO actual = actuals[0];
+ assertEquals(policy.getKey(), actual.getAttrReleasePolicy());
+
+ // 3. remove policy
+ policyService.delete(PolicyType.ATTR_RELEASE, policy.getKey());
+
+ // 4. verify
+ actual = getRealm(actual.getFullPath()).get();
+ assertEquals(existingAttrReleasePolicy, actual.getAttrReleasePolicy());
+ }
+
+ @Test
public void delete() {
RealmTO realm = new RealmTO();
realm.setName("deletable3");
diff --git a/pom.xml b/pom.xml
index 03565b3..d66f64c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1465,6 +1465,11 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-core-util-api</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-configuration</artifactId>
<version>${cas.version}</version>
</dependency>
@@ -1490,6 +1495,16 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-core-services-registry</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-core-services-api</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-tickets</artifactId>
<version>${cas.version}</version>
</dependency>
@@ -1560,11 +1575,36 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-radius</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-radius-mfa</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-saml-idp</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-saml-idp-core</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-oidc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-oauth-services</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-validation</artifactId>
<version>${cas.version}</version>
</dependency>
@@ -1921,6 +1961,11 @@ under the License.
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>1.65</version>
+ </dependency>
<!-- TEST -->
<dependency>
@@ -1942,17 +1987,12 @@ under the License.
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <version>1.65</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-client</artifactId>
<version>9.4.20.v20190813</version>
<scope>test</scope>
</dependency>
+
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>