You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2019/04/24 11:10:52 UTC
[syncope] branch master updated: [SYNCOPE-1458] Verified with deb,
various small other fixes
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new e199104 [SYNCOPE-1458] Verified with deb, various small other fixes
e199104 is described below
commit e1991041983a93a372dbda2c6cdd8b8ca3fbc656
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed Apr 24 13:10:42 2019 +0200
[SYNCOPE-1458] Verified with deb, various small other fixes
---
.../resources/archetype-resources/enduser/pom.xml | 7 ++
.../src/main/resources/pgjsonb/indexes.xml | 1 -
deb/console/pom.xml | 14 +++
deb/console/src/deb/control/control | 1 +
deb/core/pom.xml | 29 +++++
deb/core/src/deb/control/control | 1 +
deb/enduser/pom.xml | 14 +++
deb/enduser/src/deb/control/control | 1 +
.../main/resources/domains/MasterContent.xml.all | 136 +--------------------
.../resources/domains/MasterContent.xml.myjson | 73 +----------
.../resources/domains/MasterContent.xml.pgjsonb | 69 -----------
docker/core/src/main/resources/indexes.xml.pgjsonb | 1 -
.../client/src/main/resources/keymaster.properties | 2 +-
.../apache/syncope/core/logic/ConfParamLogic.java | 8 +-
src/main/asciidoc/getting-started/obtain.adoc | 5 +-
15 files changed, 80 insertions(+), 282 deletions(-)
diff --git a/archetype/src/main/resources/archetype-resources/enduser/pom.xml b/archetype/src/main/resources/archetype-resources/enduser/pom.xml
index 89edb01..e9db868 100644
--- a/archetype/src/main/resources/archetype-resources/enduser/pom.xml
+++ b/archetype/src/main/resources/archetype-resources/enduser/pom.xml
@@ -171,6 +171,13 @@ under the License.
<copy file="../core/target/test-classes/connid.properties"
todir="../core/target/syncope/WEB-INF/classes"
overwrite="true"/>
+ <copy file="../core/target/test-classes/keymaster.properties"
+ todir="../core/target/syncope/WEB-INF/classes"
+ overwrite="true"/>
+
+ <copy file="../console/target/test-classes/keymaster.properties"
+ todir="../console/target/syncope-console/WEB-INF/classes"
+ overwrite="true"/>
<copy file="${project.build.directory}/test-classes/enduser.properties"
todir="${project.build.directory}/${project.build.finalName}/WEB-INF/classes"
diff --git a/core/persistence-jpa-json/src/main/resources/pgjsonb/indexes.xml b/core/persistence-jpa-json/src/main/resources/pgjsonb/indexes.xml
index 9264deb..9de817a 100644
--- a/core/persistence-jpa-json/src/main/resources/pgjsonb/indexes.xml
+++ b/core/persistence-jpa-json/src/main/resources/pgjsonb/indexes.xml
@@ -24,7 +24,6 @@ under the License.
<entry key="SyncopeUser_plainAttrs_idx">CREATE INDEX SyncopeUser_plainAttrs_idx ON SyncopeUser USING gin ((plainAttrs) jsonb_path_ops)</entry>
<entry key="SyncopeGroup_plainAttrs_idx">CREATE INDEX SyncopeGroup_plainAttrs_idx ON SyncopeGroup USING gin ((plainAttrs) jsonb_path_ops)</entry>
<entry key="AnyObject_plainAttrs_idx">CREATE INDEX AnyObject_plainAttrs_idx ON AnyObject USING gin ((plainAttrs) jsonb_path_ops)</entry>
- <entry key="SyncopeConf_plainAttrs_idx">CREATE INDEX SyncopeConf_plainAttrs_idx ON SyncopeConf USING gin ((plainAttrs) jsonb_path_ops)</entry>
<entry key="UDynGroupMembers_any_id">CREATE INDEX UDynGroupMembers_any_id ON UDynGroupMembers(any_id)</entry>
<entry key="UDynGroupMembers_group_id">CREATE INDEX UDynGroupMembers_group_id ON UDynGroupMembers(group_id)</entry>
diff --git a/deb/console/pom.xml b/deb/console/pom.xml
index 77da3c5..decbf2d 100644
--- a/deb/console/pom.xml
+++ b/deb/console/pom.xml
@@ -45,6 +45,12 @@ under the License.
</dependency>
<dependency>
+ <groupId>org.apache.syncope.ext.self-keymaster</groupId>
+ <artifactId>syncope-ext-self-keymaster-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.syncope.ext.flowable</groupId>
<artifactId>syncope-ext-flowable-client-console</artifactId>
<version>${project.version}</version>
@@ -99,6 +105,14 @@ under the License.
<filtering>true</filtering>
</resource>
<resource>
+ <directory>${basedir}/../../ext/self-keymaster/client/src/main/resources</directory>
+ <includes>
+ <include>keymaster.properties</include>
+ </includes>
+ <targetPath>${project.build.directory}/etc</targetPath>
+ <filtering>true</filtering>
+ </resource>
+ <resource>
<directory>${project.basedir}/../../ext/saml2sp/agent/src/main/resources</directory>
<includes>
<include>saml2sp-agent.properties</include>
diff --git a/deb/console/src/deb/control/control b/deb/console/src/deb/control/control
index cfe4ff1..4b1b8a3 100644
--- a/deb/console/src/deb/control/control
+++ b/deb/console/src/deb/control/control
@@ -12,3 +12,4 @@ Description: Apache Syncope Console Web Application
on systems and applications. IdM involves considering user attributes, roles, resources and
entitlements in trying to give a decent answer to the question bumping up every time in an
IT administrator's mind: Who has access to What, When, How, and Why?
+Homepage: http://syncope.apache.org
diff --git a/deb/core/pom.xml b/deb/core/pom.xml
index 85c88c8..c252f93 100644
--- a/deb/core/pom.xml
+++ b/deb/core/pom.xml
@@ -48,6 +48,27 @@ under the License.
<artifactId>syncope-core-idm-rest-cxf</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.syncope.core.am</groupId>
+ <artifactId>syncope-core-am-rest-cxf</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.syncope.ext.self-keymaster</groupId>
+ <artifactId>syncope-ext-self-keymaster-rest-cxf</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.syncope.ext.self-keymaster</groupId>
+ <artifactId>syncope-ext-self-keymaster-persistence-jpa</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.syncope.common.keymaster</groupId>
+ <artifactId>syncope-common-keymaster-client-zookeeper</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<dependency>
<groupId>org.apache.syncope.core</groupId>
@@ -150,6 +171,14 @@ under the License.
<filtering>true</filtering>
</resource>
<resource>
+ <directory>${basedir}/../../ext/self-keymaster/client/src/main/resources</directory>
+ <includes>
+ <include>keymaster.properties</include>
+ </includes>
+ <targetPath>${project.build.directory}/etc</targetPath>
+ <filtering>true</filtering>
+ </resource>
+ <resource>
<directory>${basedir}/../../ext/flowable/flowable-bpmn/src/main/resources</directory>
<includes>
<include>workflow.properties</include>
diff --git a/deb/core/src/deb/control/control b/deb/core/src/deb/control/control
index 1c91061..18a0914 100644
--- a/deb/core/src/deb/control/control
+++ b/deb/core/src/deb/control/control
@@ -12,3 +12,4 @@ Description: Apache Syncope Core Web Application
on systems and applications. IdM involves considering user attributes, groups, resources and
entitlements in trying to give a decent answer to the question bumping up every time in an
IT administrator's mind: Who has access to What, When, How, and Why?
+Homepage: http://syncope.apache.org
diff --git a/deb/enduser/pom.xml b/deb/enduser/pom.xml
index 34fbd19..d16d63b 100644
--- a/deb/enduser/pom.xml
+++ b/deb/enduser/pom.xml
@@ -45,6 +45,12 @@ under the License.
</dependency>
<dependency>
+ <groupId>org.apache.syncope.ext.self-keymaster</groupId>
+ <artifactId>syncope-ext-self-keymaster-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.syncope.ext.flowable</groupId>
<artifactId>syncope-ext-flowable-client-enduser</artifactId>
<version>${project.version}</version>
@@ -83,6 +89,14 @@ under the License.
<filtering>true</filtering>
</resource>
<resource>
+ <directory>${basedir}/../../ext/self-keymaster/client/src/main/resources</directory>
+ <includes>
+ <include>keymaster.properties</include>
+ </includes>
+ <targetPath>${project.build.directory}/etc</targetPath>
+ <filtering>true</filtering>
+ </resource>
+ <resource>
<directory>${project.basedir}/../../ext/saml2sp/agent/src/main/resources</directory>
<includes>
<include>saml2sp-agent.properties</include>
diff --git a/deb/enduser/src/deb/control/control b/deb/enduser/src/deb/control/control
index 25df9d5..a111502 100644
--- a/deb/enduser/src/deb/control/control
+++ b/deb/enduser/src/deb/control/control
@@ -12,3 +12,4 @@ Description: Apache Syncope enduser Web Application
on systems and applications. IdM involves considering user attributes, roles, resources and
entitlements in trying to give a decent answer to the question bumping up every time in an
IT administrator's mind: Who has access to What, When, How, and Why?
+Homepage: http://syncope.apache.org
diff --git a/docker/core/src/main/resources/domains/MasterContent.xml.all b/docker/core/src/main/resources/domains/MasterContent.xml.all
index fd66eb6..fa5e0b2 100644
--- a/docker/core/src/main/resources/domains/MasterContent.xml.all
+++ b/docker/core/src/main/resources/domains/MasterContent.xml.all
@@ -20,138 +20,6 @@ under the License.
<dataset>
<Realm id="ea696a4f-e77a-4ef1-be67-8f8093bc8686" name="/"/>
- <SyncopeConf id="cd64d66f-6fff-4008-b966-a06b1cc1436d"/>
-
- <SyncopeSchema id="password.cipher.algorithm"/>
- <PlainSchema id="password.cipher.algorithm" type="String"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="56db89b9-119e-4923-a16e-f42823b90c66"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="password.cipher.algorithm"/>
- <CPlainAttrValue id="870323e8-8db6-4a64-b512-15f9fa094905"
- attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" stringValue="SSHA256"/>
-
- <!-- notificationjob.cronExpression:
- + not existing: NotificationJob runs according to NotificationJob.DEFAULT_CRON_EXP
- + provided as empty string: NotificationJob disabled
- + provided as non-empty string: NotificationJob runs according to the given value -->
- <SyncopeSchema id="notificationjob.cronExpression"/>
- <PlainSchema id="notificationjob.cronExpression" type="String"
- mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="abd5a2d2-25ee-48b7-b5ca-76813b54a6f2"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="notificationjob.cronExpression"/>
- <CPlainAttrValue id="4828ea70-d151-4c16-b344-2d07b1956bee"
- attribute_id="abd5a2d2-25ee-48b7-b5ca-76813b54a6f2" stringValue=""/>
-
- <SyncopeSchema id="notification.maxRetries"/>
- <PlainSchema id="notification.maxRetries" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="0523d7e6-af13-4e1e-9edb-e35971aacee7"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="notification.maxRetries"/>
- <CPlainAttrValue id="010e2bdc-0094-4918-bac3-d0d5ea17b54a"
- attribute_id="0523d7e6-af13-4e1e-9edb-e35971aacee7" longValue="3"/>
-
- <SyncopeSchema id="token.length"/>
- <PlainSchema id="token.length" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="58977caa-dcf7-4ae3-8591-7e3d0a395200"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="token.length"/>
- <CPlainAttrValue id="372e28e0-3af1-4774-b668-81aa84903b75"
- attribute_id="58977caa-dcf7-4ae3-8591-7e3d0a395200" longValue="256"/>
-
- <SyncopeSchema id="token.expireTime"/>
- <PlainSchema id="token.expireTime" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="01f69abd-df85-4e1b-bb88-ad570594e045"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="token.expireTime"/>
- <CPlainAttrValue id="963970cf-4af6-46bb-875b-a1b758ac8d05"
- attribute_id="01f69abd-df85-4e1b-bb88-ad570594e045" longValue="60"/>
-
- <SyncopeSchema id="selfRegistration.allowed"/>
- <PlainSchema id="selfRegistration.allowed" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="7b19cefa-d606-477c-8431-c9464f53fe8b"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="selfRegistration.allowed"/>
- <CPlainAttrValue id="c8b9a0f1-0168-4e2a-95b8-4819fc70e620"
- attribute_id="7b19cefa-d606-477c-8431-c9464f53fe8b" booleanValue="1"/>
-
- <SyncopeSchema id="passwordReset.allowed"/>
- <PlainSchema id="passwordReset.allowed" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="dc35cc97-6ed9-4bb2-bb3b-509f4cd8f3d3"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="passwordReset.allowed"/>
- <CPlainAttrValue id="b1ecea41-ab7c-4dd3-9e3e-b6baf0f98046"
- attribute_id="dc35cc97-6ed9-4bb2-bb3b-509f4cd8f3d3" booleanValue="1"/>
-
- <SyncopeSchema id="passwordReset.securityQuestion"/>
- <PlainSchema id="passwordReset.securityQuestion" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="e5a712ad-53fd-4102-ba55-fb45caed5f7b"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="passwordReset.securityQuestion"/>
- <CPlainAttrValue id="b5e8e79d-8039-4318-9698-fe5e181ebe98"
- attribute_id="e5a712ad-53fd-4102-ba55-fb45caed5f7b" booleanValue="1"/>
-
- <SyncopeSchema id="authentication.attributes"/>
- <PlainSchema id="authentication.attributes" type="String" multivalue="1" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="577c6c4d-7149-43c2-9821-9ab4510effbd"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="authentication.attributes"/>
- <CPlainAttrValue id="c13660b5-926c-47ea-946d-52db32dd492b"
- attribute_id="577c6c4d-7149-43c2-9821-9ab4510effbd" stringValue="username"/>
- <CPlainAttrValue id="0f112dbd-00d4-441c-b732-331e7f348f8a"
- attribute_id="577c6c4d-7149-43c2-9821-9ab4510effbd" stringValue="email"/>
-
- <SyncopeSchema id="authentication.statuses"/>
- <PlainSchema id="authentication.statuses" type="String" multivalue="1" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="888ae8e1-a295-4ee2-a15e-31dbf6dfc3f9"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="authentication.statuses"/>
- <CPlainAttrValue id="4b8e7d2b-f527-43a3-a2e2-5530dcab2f52"
- attribute_id="888ae8e1-a295-4ee2-a15e-31dbf6dfc3f9" stringValue="created"/>
- <CPlainAttrValue id="f0c89f2c-ea87-4c95-a1cf-142bf6e6f523"
- attribute_id="888ae8e1-a295-4ee2-a15e-31dbf6dfc3f9" stringValue="active"/>
-
- <!-- Save user login date upon successful authentication -->
- <SyncopeSchema id="log.lastlogindate"/>
- <PlainSchema id="log.lastlogindate" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="9891c0a7-27ee-4215-9eea-ca32e580b4e4"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="log.lastlogindate"/>
- <CPlainAttrValue id="162dd874-0417-4bb9-9724-db1ff2952dd1"
- attribute_id="9891c0a7-27ee-4215-9eea-ca32e580b4e4" booleanValue="1"/>
-
- <!-- Return hashed password values when reading users -->
- <SyncopeSchema id="return.password.value"/>
- <PlainSchema id="return.password.value" type="Boolean"
- mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="bcfd7efc-0605-4b5e-b4bb-85c1d5f6493a"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="return.password.value"/>
- <CPlainAttrValue id="e5fa94db-b524-4309-908d-8198d0b3f779"
- attribute_id="bcfd7efc-0605-4b5e-b4bb-85c1d5f6493a" booleanValue="0"/>
-
- <!-- JWT lifetime in minutes -->
- <SyncopeSchema id="jwt.lifetime.minutes"/>
- <PlainSchema id="jwt.lifetime.minutes" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="cfec3140-562d-459c-ac6a-e3e10758661d"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="jwt.lifetime.minutes"/>
- <CPlainAttrValue id="447e2456-3ff5-41bc-8ff1-cbb0567546cb"
- attribute_id="cfec3140-562d-459c-ac6a-e3e10758661d" longValue="120"/>
-
- <!-- Connector and Resource configuration history -->
- <SyncopeSchema id="connector.conf.history.size"/>
- <PlainSchema id="connector.conf.history.size" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="ae36c6ab-0f39-40d7-b6e6-3b8394547c9c"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="connector.conf.history.size"/>
- <CPlainAttrValue id="4989ce5d-7b42-4a5c-b725-54286888df10"
- attribute_id="ae36c6ab-0f39-40d7-b6e6-3b8394547c9c" longValue="10"/>
-
- <SyncopeSchema id="resource.conf.history.size"/>
- <PlainSchema id="resource.conf.history.size" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
- <CPlainAttr id="ae7ae53a-74cf-48b0-9a57-6d2c94928e60"
- owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="resource.conf.history.size"/>
- <CPlainAttrValue id="059ac3e1-687f-4dd9-a28b-a23f8b436f31"
- attribute_id="ae7ae53a-74cf-48b0-9a57-6d2c94928e60" longValue="10"/>
-
<AnyType id="USER" kind="USER"/>
<AnyTypeClass id="BaseUser"/>
<AnyType_AnyTypeClass anyType_id="USER" anyTypeClass_id="BaseUser"/>
@@ -193,7 +61,7 @@ a password reset was request for ${user.getUsername()}.
In order to complete this request, you need to visit this link:
-http://localhost:9080/syncope-enduser/app/#!/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}
+http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}
If you did not request this reset, just ignore the present e-mail.
@@ -204,7 +72,7 @@ Best regards."
a password reset was request for ${user.getUsername()}.</p>
<p>In order to complete this request, you need to visit this
-<a href="http://localhost:9080/syncope-enduser/app/#!/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}">link</a></p>.
+<a href="http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}">link</a></p>.
<p>If you did not request this reset, just ignore the present e-mail.</p>
diff --git a/docker/core/src/main/resources/domains/MasterContent.xml.myjson b/docker/core/src/main/resources/domains/MasterContent.xml.myjson
index 814b3c6..c630d46 100644
--- a/docker/core/src/main/resources/domains/MasterContent.xml.myjson
+++ b/docker/core/src/main/resources/domains/MasterContent.xml.myjson
@@ -20,75 +20,6 @@ under the License.
<dataset>
<Realm id="ea696a4f-e77a-4ef1-be67-8f8093bc8686" name="/"/>
- <SyncopeSchema id="password.cipher.algorithm"/>
- <PlainSchema id="password.cipher.algorithm" type="String"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- notificationjob.cronExpression:
- + not existing: NotificationJob runs according to NotificationJob.DEFAULT_CRON_EXP
- + provided as empty string: NotificationJob disabled
- + provided as non-empty string: NotificationJob runs according to the given value -->
- <SyncopeSchema id="notificationjob.cronExpression"/>
- <PlainSchema id="notificationjob.cronExpression" type="String"
- mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="notification.maxRetries"/>
- <PlainSchema id="notification.maxRetries" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="token.length"/>
- <PlainSchema id="token.length" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="token.expireTime"/>
- <PlainSchema id="token.expireTime" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="selfRegistration.allowed"/>
- <PlainSchema id="selfRegistration.allowed" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="passwordReset.allowed"/>
- <PlainSchema id="passwordReset.allowed" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="passwordReset.securityQuestion"/>
- <PlainSchema id="passwordReset.securityQuestion" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="authentication.attributes"/>
- <PlainSchema id="authentication.attributes" type="String" multivalue="1" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="authentication.statuses"/>
- <PlainSchema id="authentication.statuses" type="String" multivalue="1" uniqueConstraint="0" readonly="0"/>
-
- <!-- Save user login date upon successful authentication -->
- <SyncopeSchema id="log.lastlogindate"/>
- <PlainSchema id="log.lastlogindate" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- Return hashed password values when reading users -->
- <SyncopeSchema id="return.password.value"/>
- <PlainSchema id="return.password.value" type="Boolean"
- mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- JWT lifetime in minutes -->
- <SyncopeSchema id="jwt.lifetime.minutes"/>
- <PlainSchema id="jwt.lifetime.minutes" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- Connector and Resource configuration history -->
- <SyncopeSchema id="connector.conf.history.size"/>
- <PlainSchema id="connector.conf.history.size" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="resource.conf.history.size"/>
- <PlainSchema id="resource.conf.history.size" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeConf id="cd64d66f-6fff-4008-b966-a06b1cc1436d"
- plainAttrs="[{"values":[{"stringValue":"SSHA256"}],"schema":"password.cipher.algorithm"},{"values":[{"stringValue":""}],"schema":"notificationjob.cronExpression"},{"values":[{"longValue":3}],"schema":"notification.maxRetries"},{"values":[{"longValue":256}],"schema":"token.length"},{"values&q [...]
-
<AnyType id="USER" kind="USER"/>
<AnyTypeClass id="BaseUser"/>
<AnyType_AnyTypeClass anyType_id="USER" anyTypeClass_id="BaseUser"/>
@@ -130,7 +61,7 @@ a password reset was request for ${user.getUsername()}.
In order to complete this request, you need to visit this link:
-http://localhost:9080/syncope-enduser/app/#!/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}
+http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}
If you did not request this reset, just ignore the present e-mail.
@@ -141,7 +72,7 @@ Best regards."
a password reset was request for ${user.getUsername()}.</p>
<p>In order to complete this request, you need to visit this
-<a href="http://localhost:9080/syncope-enduser/app/#!/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}">link</a></p>.
+<a href="http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}">link</a></p>.
<p>If you did not request this reset, just ignore the present e-mail.</p>
diff --git a/docker/core/src/main/resources/domains/MasterContent.xml.pgjsonb b/docker/core/src/main/resources/domains/MasterContent.xml.pgjsonb
index 02b9a25..c630d46 100644
--- a/docker/core/src/main/resources/domains/MasterContent.xml.pgjsonb
+++ b/docker/core/src/main/resources/domains/MasterContent.xml.pgjsonb
@@ -20,75 +20,6 @@ under the License.
<dataset>
<Realm id="ea696a4f-e77a-4ef1-be67-8f8093bc8686" name="/"/>
- <SyncopeSchema id="password.cipher.algorithm"/>
- <PlainSchema id="password.cipher.algorithm" type="String"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- notificationjob.cronExpression:
- + not existing: NotificationJob runs according to NotificationJob.DEFAULT_CRON_EXP
- + provided as empty string: NotificationJob disabled
- + provided as non-empty string: NotificationJob runs according to the given value -->
- <SyncopeSchema id="notificationjob.cronExpression"/>
- <PlainSchema id="notificationjob.cronExpression" type="String"
- mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="notification.maxRetries"/>
- <PlainSchema id="notification.maxRetries" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="token.length"/>
- <PlainSchema id="token.length" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="token.expireTime"/>
- <PlainSchema id="token.expireTime" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="selfRegistration.allowed"/>
- <PlainSchema id="selfRegistration.allowed" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="passwordReset.allowed"/>
- <PlainSchema id="passwordReset.allowed" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="passwordReset.securityQuestion"/>
- <PlainSchema id="passwordReset.securityQuestion" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="authentication.attributes"/>
- <PlainSchema id="authentication.attributes" type="String" multivalue="1" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="authentication.statuses"/>
- <PlainSchema id="authentication.statuses" type="String" multivalue="1" uniqueConstraint="0" readonly="0"/>
-
- <!-- Save user login date upon successful authentication -->
- <SyncopeSchema id="log.lastlogindate"/>
- <PlainSchema id="log.lastlogindate" type="Boolean"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- Return hashed password values when reading users -->
- <SyncopeSchema id="return.password.value"/>
- <PlainSchema id="return.password.value" type="Boolean"
- mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- JWT lifetime in minutes -->
- <SyncopeSchema id="jwt.lifetime.minutes"/>
- <PlainSchema id="jwt.lifetime.minutes" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <!-- Connector and Resource configuration history -->
- <SyncopeSchema id="connector.conf.history.size"/>
- <PlainSchema id="connector.conf.history.size" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeSchema id="resource.conf.history.size"/>
- <PlainSchema id="resource.conf.history.size" type="Long"
- mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-
- <SyncopeConf id="cd64d66f-6fff-4008-b966-a06b1cc1436d"
- plainAttrs="[{"values":[{"stringValue":"SSHA256"}],"schema":"password.cipher.algorithm"},{"values":[{"stringValue":""}],"schema":"notificationjob.cronExpression"},{"values":[{"longValue":3}],"schema":"notification.maxRetries"},{"values":[{"longValue":256}],"schema":"token.length"},{"values&q [...]
-
<AnyType id="USER" kind="USER"/>
<AnyTypeClass id="BaseUser"/>
<AnyType_AnyTypeClass anyType_id="USER" anyTypeClass_id="BaseUser"/>
diff --git a/docker/core/src/main/resources/indexes.xml.pgjsonb b/docker/core/src/main/resources/indexes.xml.pgjsonb
index 9264deb..9de817a 100644
--- a/docker/core/src/main/resources/indexes.xml.pgjsonb
+++ b/docker/core/src/main/resources/indexes.xml.pgjsonb
@@ -24,7 +24,6 @@ under the License.
<entry key="SyncopeUser_plainAttrs_idx">CREATE INDEX SyncopeUser_plainAttrs_idx ON SyncopeUser USING gin ((plainAttrs) jsonb_path_ops)</entry>
<entry key="SyncopeGroup_plainAttrs_idx">CREATE INDEX SyncopeGroup_plainAttrs_idx ON SyncopeGroup USING gin ((plainAttrs) jsonb_path_ops)</entry>
<entry key="AnyObject_plainAttrs_idx">CREATE INDEX AnyObject_plainAttrs_idx ON AnyObject USING gin ((plainAttrs) jsonb_path_ops)</entry>
- <entry key="SyncopeConf_plainAttrs_idx">CREATE INDEX SyncopeConf_plainAttrs_idx ON SyncopeConf USING gin ((plainAttrs) jsonb_path_ops)</entry>
<entry key="UDynGroupMembers_any_id">CREATE INDEX UDynGroupMembers_any_id ON UDynGroupMembers(any_id)</entry>
<entry key="UDynGroupMembers_group_id">CREATE INDEX UDynGroupMembers_group_id ON UDynGroupMembers(group_id)</entry>
diff --git a/ext/self-keymaster/client/src/main/resources/keymaster.properties b/ext/self-keymaster/client/src/main/resources/keymaster.properties
index e604790..0b9818a 100644
--- a/ext/self-keymaster/client/src/main/resources/keymaster.properties
+++ b/ext/self-keymaster/client/src/main/resources/keymaster.properties
@@ -14,6 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-keymaster.address=http://localhost:8080/syncope/keymaster
+keymaster.address=http://localhost:8080/syncope/rest/keymaster
keymaster.username=${anonymousUser}
keymaster.password=${anonymousKey}
diff --git a/ext/self-keymaster/logic/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java b/ext/self-keymaster/logic/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
index 6014926..7d3b585 100644
--- a/ext/self-keymaster/logic/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
+++ b/ext/self-keymaster/logic/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
@@ -45,7 +45,7 @@ public class ConfParamLogic extends AbstractTransactionalLogic<EntityTO> {
@Autowired
private SelfKeymasterEntityFactory entityFactory;
- @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name")
+ @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name and not(isAnonymous())")
@Transactional(readOnly = true)
public Map<String, Object> list() {
Map<String, Object> params = new TreeMap<>();
@@ -59,7 +59,7 @@ public class ConfParamLogic extends AbstractTransactionalLogic<EntityTO> {
return params;
}
- @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name")
+ @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name and not(isAnonymous())")
@Transactional(readOnly = true)
public JsonNode get(final String key) {
ConfParam param = confParamDAO.find(key);
@@ -69,7 +69,7 @@ public class ConfParamLogic extends AbstractTransactionalLogic<EntityTO> {
: param.getValue();
}
- @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name")
+ @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name and not(isAnonymous())")
public void set(final String key, final JsonNode value) {
ConfParam param = confParamDAO.find(key);
if (param == null) {
@@ -85,7 +85,7 @@ public class ConfParamLogic extends AbstractTransactionalLogic<EntityTO> {
confParamDAO.save(param);
}
- @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name")
+ @PreAuthorize("@environment.getProperty('keymaster.username') == authentication.name and not(isAnonymous())")
public void remove(final String key) {
confParamDAO.delete(key);
}
diff --git a/src/main/asciidoc/getting-started/obtain.adoc b/src/main/asciidoc/getting-started/obtain.adoc
index 29fd0bd..4a40272 100644
--- a/src/main/asciidoc/getting-started/obtain.adoc
+++ b/src/main/asciidoc/getting-started/obtain.adoc
@@ -133,7 +133,10 @@ $ sudo service tomcat8 stop
. Install Apache Syncope core, console and enduser via the downloaded packages
+
[source,bash]
-$ sudo dpkg -i apache-syncope-*.deb
+$ sudo dpkg -i --force-overwrite apache-syncope-*.deb
++
+[WARNING]
+The `--force-overwrite` shall be used only when installing two or more packages on the same host
+
. Create a database for use with Apache Syncope
+