You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2022/03/04 11:49:46 UTC
[syncope] branch master updated: [SYNCOPE-1652] Add missing conf items (#320)
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 9d0160e [SYNCOPE-1652] Add missing conf items (#320)
9d0160e is described below
commit 9d0160eac046990d1df7c3eaf05a0429d82b0afd
Author: Francesco Chicchiriccò <il...@users.noreply.github.com>
AuthorDate: Fri Mar 4 12:49:39 2022 +0100
[SYNCOPE-1652] Add missing conf items (#320)
---
.../client/console/commons/AMConstants.java | 3 +-
.../console/panels/SRARouteWizardBuilder.java | 9 ++--
...l.java => AccessPolicyAttrsDirectoryPanel.java} | 28 +++++++----
...er.java => AccessPolicyAttrsWizardBuilder.java} | 14 ++++--
.../policies/AccessPolicyDirectoryPanel.java | 42 ++++++++++++++--
.../syncope/client/console/pages/SRA_it.properties | 2 +-
.../console/policies/PolicyModalPanelBuilder.java | 48 ++++++++++++++++++
.../policies/PolicyDirectoryPanel.properties | 10 +++-
.../policies/PolicyDirectoryPanel_fr_CA.properties | 10 +++-
.../policies/PolicyDirectoryPanel_it.properties | 10 +++-
.../policies/PolicyDirectoryPanel_ja.properties | 10 +++-
.../policies/PolicyDirectoryPanel_pt_BR.properties | 10 +++-
.../policies/PolicyDirectoryPanel_ru.properties | 10 +++-
.../syncope/client/enduser/panels/any/Groups.java | 44 +++++++---------
.../common/lib/policy/AccessPolicyConf.java | 2 +
.../syncope/common/lib/policy/AccessPolicyTO.java | 41 +++++++++++++++
.../common/lib/policy/DefaultAccessPolicyConf.java | 9 ++++
.../syncope/common/lib/SerializationTest.java | 4 ++
.../api/entity/policy/AccessPolicy.java | 17 +++++++
.../core/persistence/jpa/entity/JPASRARoute.java | 5 +-
.../jpa/entity/policy/JPAAccessPolicy.java | 58 ++++++++++++++++++++--
.../java/data/PolicyDataBinderImpl.java | 8 +++
.../wa/starter/mapping/DefaultAccessMapper.java | 15 +++++-
23 files changed, 346 insertions(+), 63 deletions(-)
diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMConstants.java b/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMConstants.java
index 7b2eb35..c185b55 100644
--- a/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMConstants.java
+++ b/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMConstants.java
@@ -32,8 +32,7 @@ public final class AMConstants {
public static final String PREF_CLIENTAPP_PROPERTIES_PAGINATOR_ROWS = "clientapp.properties.paginator.rows";
- public static final String PREF_ACCESS_POLICY_CONF_REQUIRED_ATTRS_PAGINATOR_ROWS =
- "accesspolicy.conf.requiredattrs.paginator.rows";
+ public static final String PREF_ACCESS_POLICY_CONF_ATTRS_PAGINATOR_ROWS = "accesspolicy.conf.attrs.paginator.rows";
public static final String PREF_SAML2_IDP_ENTITY_PAGINATOR_ROWS = "saml2idpentity.properties.paginator.rows";
diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SRARouteWizardBuilder.java b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SRARouteWizardBuilder.java
index 96230f6..66bba51 100644
--- a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SRARouteWizardBuilder.java
+++ b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SRARouteWizardBuilder.java
@@ -21,6 +21,7 @@ package org.apache.syncope.client.console.panels;
import java.io.Serializable;
import java.net.URI;
import java.util.List;
+import java.util.Optional;
import org.apache.syncope.client.console.rest.SRARouteRestClient;
import org.apache.syncope.client.console.wizards.BaseAjaxWizardBuilder;
import org.apache.syncope.client.ui.commons.Constants;
@@ -82,16 +83,12 @@ public class SRARouteWizardBuilder extends BaseAjaxWizardBuilder<SRARouteTO> {
@Override
public String getObject() {
- return route.getTarget() == null ? null : route.getTarget().toASCIIString();
+ return Optional.ofNullable(route.getTarget()).map(URI::toASCIIString).orElse(null);
}
@Override
public void setObject(final String object) {
- if (object == null) {
- route.setTarget(null);
- } else {
- route.setTarget(URI.create(object));
- }
+ route.setTarget(Optional.ofNullable(object).map(URI::create).orElse(null));
}
}, false);
target.addRequiredLabel().setEnabled(true);
diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyRequiredAttrsDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
similarity index 74%
rename from client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyRequiredAttrsDirectoryPanel.java
rename to client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
index 91ccb23..2aa3058 100644
--- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyRequiredAttrsDirectoryPanel.java
+++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
@@ -18,36 +18,46 @@
*/
package org.apache.syncope.client.console.policies;
+import java.io.Serializable;
import java.util.List;
+import java.util.function.Function;
import org.apache.syncope.client.console.commons.AMConstants;
import org.apache.syncope.client.console.panels.AttrListDirectoryPanel;
import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
import org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
import org.apache.syncope.common.lib.Attr;
+import org.apache.syncope.common.lib.policy.AccessPolicyConf;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.event.IEvent;
import org.apache.wicket.model.IModel;
-public class AccessPolicyRequiredAttrsDirectoryPanel extends AttrListDirectoryPanel {
+public class AccessPolicyAttrsDirectoryPanel extends AttrListDirectoryPanel {
- private static final long serialVersionUID = 1L;
+ public interface AttrsAccessor extends Function<AccessPolicyConf, List<Attr>>, Serializable {
+ }
+
+ private static final long serialVersionUID = 33604877627114L;
private final BaseModal<AccessPolicyTO> wizardModal;
private final IModel<AccessPolicyTO> model;
- public AccessPolicyRequiredAttrsDirectoryPanel(
+ private final AttrsAccessor attrsAccessor;
+
+ public AccessPolicyAttrsDirectoryPanel(
final String id,
final BaseModal<AccessPolicyTO> wizardModal,
final IModel<AccessPolicyTO> model,
+ final AttrsAccessor attrsAccessor,
final PageReference pageRef) {
super(id, pageRef, false);
this.wizardModal = wizardModal;
this.model = model;
+ this.attrsAccessor = attrsAccessor;
setOutputMarkupId(true);
@@ -55,7 +65,7 @@ public class AccessPolicyRequiredAttrsDirectoryPanel extends AttrListDirectoryPa
setFooterVisibility(false);
addNewItemPanelBuilder(
- new AccessPolicyRequiredAttrsWizardBuilder(model.getObject(), new Attr(), pageRef), true);
+ new AccessPolicyAttrsWizardBuilder(model.getObject(), attrsAccessor, new Attr(), pageRef), true);
initResultTable();
}
@@ -75,25 +85,25 @@ public class AccessPolicyRequiredAttrsDirectoryPanel extends AttrListDirectoryPa
@Override
protected AttrListProvider dataProvider() {
- return new AccessPolicyRequiredAttrsProvider(rows);
+ return new AccessPolicyAttrsProvider(rows);
}
@Override
protected String paginatorRowsKey() {
- return AMConstants.PREF_ACCESS_POLICY_CONF_REQUIRED_ATTRS_PAGINATOR_ROWS;
+ return AMConstants.PREF_ACCESS_POLICY_CONF_ATTRS_PAGINATOR_ROWS;
}
- protected final class AccessPolicyRequiredAttrsProvider extends AttrListProvider {
+ protected final class AccessPolicyAttrsProvider extends AttrListProvider {
private static final long serialVersionUID = -185944053385660794L;
- private AccessPolicyRequiredAttrsProvider(final int paginatorRows) {
+ private AccessPolicyAttrsProvider(final int paginatorRows) {
super(paginatorRows);
}
@Override
protected List<Attr> list() {
- return model.getObject().getConf().getRequiredAttrs();
+ return attrsAccessor.apply(model.getObject().getConf());
}
}
}
diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyRequiredAttrsWizardBuilder.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
similarity index 74%
rename from client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyRequiredAttrsWizardBuilder.java
rename to client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
index 1636e38..61c9684 100644
--- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyRequiredAttrsWizardBuilder.java
+++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
@@ -26,25 +26,29 @@ import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.wicket.PageReference;
-public class AccessPolicyRequiredAttrsWizardBuilder extends AttrWizardBuilder {
+public class AccessPolicyAttrsWizardBuilder extends AttrWizardBuilder {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 33625775269155L;
private final AccessPolicyTO accessPolicy;
- public AccessPolicyRequiredAttrsWizardBuilder(
+ private final AccessPolicyAttrsDirectoryPanel.AttrsAccessor attrsAccessor;
+
+ public AccessPolicyAttrsWizardBuilder(
final AccessPolicyTO accessPolicy,
+ final AccessPolicyAttrsDirectoryPanel.AttrsAccessor attrsAccessor,
final Attr attr,
final PageReference pageRef) {
super(attr, pageRef);
this.accessPolicy = accessPolicy;
+ this.attrsAccessor = attrsAccessor;
}
@Override
protected Serializable onApplyInternal(final Attr modelObject) {
- accessPolicy.getConf().getRequiredAttrs().removeIf(p -> modelObject.getSchema().equals(p.getSchema()));
- accessPolicy.getConf().getRequiredAttrs().add(modelObject);
+ attrsAccessor.apply(accessPolicy.getConf()).removeIf(p -> modelObject.getSchema().equals(p.getSchema()));
+ attrsAccessor.apply(accessPolicy.getConf()).add(modelObject);
PolicyRestClient.update(PolicyType.ACCESS, accessPolicy);
diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
index 4bb4920..86fe8f4 100644
--- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
+++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
@@ -24,6 +24,7 @@ import org.apache.syncope.client.console.rest.PolicyRestClient;
import org.apache.syncope.client.console.wicket.extensions.markup.html.repeater.data.table.BooleanPropertyColumn;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel;
+import org.apache.syncope.common.lib.policy.AccessPolicyConf;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
@@ -32,6 +33,7 @@ import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
+import org.apache.wicket.extensions.markup.html.repeater.data.table.PropertyColumn;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.StringResourceModel;
@@ -54,10 +56,15 @@ public class AccessPolicyDirectoryPanel extends PolicyDirectoryPanel<AccessPolic
@Override
protected void addCustomColumnFields(final List<IColumn<AccessPolicyTO, String>> columns) {
+ columns.add(new PropertyColumn<>(new StringResourceModel("order", this), "order", "order"));
columns.add(new BooleanPropertyColumn<>(
new StringResourceModel("enabled", this), "enabled", "enabled"));
columns.add(new BooleanPropertyColumn<>(
new StringResourceModel("ssoEnabled", this), "ssoEnabled", "ssoEnabled"));
+ columns.add(new BooleanPropertyColumn<>(
+ new StringResourceModel("requireAllAttributes", this), "requireAllAttributes", "requireAllAttributes"));
+ columns.add(new BooleanPropertyColumn<>(
+ new StringResourceModel("caseInsensitive", this), "caseInsensitive", "caseInsensitive"));
}
@Override
@@ -73,12 +80,41 @@ public class AccessPolicyDirectoryPanel extends PolicyDirectoryPanel<AccessPolic
model.getObject().setConf(new DefaultAccessPolicyConf());
}
target.add(ruleCompositionModal.setContent(new ModalDirectoryPanel<>(
- ruleCompositionModal,
- new AccessPolicyRequiredAttrsDirectoryPanel("panel", ruleCompositionModal, model, pageRef),
- pageRef)));
+ ruleCompositionModal,
+ new AccessPolicyAttrsDirectoryPanel(
+ "panel",
+ ruleCompositionModal,
+ model,
+ AccessPolicyConf::getRequiredAttrs,
+ pageRef),
+ pageRef)));
ruleCompositionModal.header(new Model<>(getString("requiredAttrs.title", model)));
ruleCompositionModal.show(true);
}
}, ActionLink.ActionType.TYPE_EXTENSIONS, IdRepoEntitlement.POLICY_UPDATE);
+
+ panel.add(new ActionLink<>() {
+
+ private static final long serialVersionUID = -3722207913631435501L;
+
+ @Override
+ public void onClick(final AjaxRequestTarget target, final AccessPolicyTO ignore) {
+ model.setObject(PolicyRestClient.read(type, model.getObject().getKey()));
+ if (model.getObject().getConf() == null) {
+ model.getObject().setConf(new DefaultAccessPolicyConf());
+ }
+ target.add(ruleCompositionModal.setContent(new ModalDirectoryPanel<>(
+ ruleCompositionModal,
+ new AccessPolicyAttrsDirectoryPanel(
+ "panel",
+ ruleCompositionModal,
+ model,
+ AccessPolicyConf::getRejectedAttrs,
+ pageRef),
+ pageRef)));
+ ruleCompositionModal.header(new Model<>(getString("rejectedAttrs.title", model)));
+ ruleCompositionModal.show(true);
+ }
+ }, ActionLink.ActionType.CLAIM, IdRepoEntitlement.POLICY_UPDATE);
}
}
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/pages/SRA_it.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/pages/SRA_it.properties
index e725ef5..6e3a06a 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/pages/SRA_it.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/pages/SRA_it.properties
@@ -17,7 +17,7 @@
sra=SRA
routes=Rotte
metrics=Metriche
-order=Ordine
+order=Ordinamento
target=Obiettivo
type=Tipo
any.new=Nuova rotta del gateway
diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
index 812506c..f780786 100644
--- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
+++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
@@ -19,8 +19,10 @@
package org.apache.syncope.client.console.policies;
import java.io.Serializable;
+import java.net.URI;
import java.util.ArrayList;
import java.util.List;
+import java.util.Optional;
import org.apache.syncope.client.console.SyncopeWebApplication;
import org.apache.syncope.client.console.SyncopeConsoleSession;
import org.apache.syncope.client.ui.commons.Constants;
@@ -39,14 +41,19 @@ import org.apache.syncope.client.ui.commons.panels.WizardModalPanel;
import org.apache.syncope.common.lib.policy.PolicyTO;
import org.apache.syncope.common.lib.types.ConflictResolutionAction;
import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.wicket.Application;
import org.apache.wicket.Component;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.core.util.lang.PropertyResolver;
+import org.apache.wicket.core.util.lang.PropertyResolverConverter;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
+import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.model.util.ListModel;
+import org.apache.wicket.validation.validator.UrlValidator;
public class PolicyModalPanelBuilder<T extends PolicyTO> extends AbstractModalPanelBuilder<T> {
@@ -140,6 +147,11 @@ public class PolicyModalPanelBuilder<T extends PolicyTO> extends AbstractModalPa
break;
case ACCESS:
+ fields.add(new AjaxSpinnerFieldPanel.Builder<Integer>().build(
+ "field",
+ "order",
+ Integer.class,
+ new PropertyModel<>(policyTO, "order")));
fields.add(new AjaxCheckBoxPanel(
"field",
"enabled",
@@ -150,6 +162,42 @@ public class PolicyModalPanelBuilder<T extends PolicyTO> extends AbstractModalPa
"ssoEnabled",
new PropertyModel<>(policyTO, "ssoEnabled"),
false));
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
+ "requireAllAttributes",
+ new PropertyModel<>(policyTO, "requireAllAttributes"),
+ false));
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
+ "caseInsensitive",
+ new PropertyModel<>(policyTO, "caseInsensitive"),
+ false));
+ AjaxTextFieldPanel unauthorizedRedirectUrl = new AjaxTextFieldPanel(
+ "field",
+ "unauthorizedRedirectUrl",
+ new IModel<>() {
+
+ @Override
+ public String getObject() {
+ return Optional.ofNullable(
+ (URI) PropertyResolver.getValue("unauthorizedRedirectUrl", policyTO)).
+ map(URI::toASCIIString).orElse(null);
+ }
+
+ @Override
+ public void setObject(final String object) {
+ PropertyResolverConverter prc = new PropertyResolverConverter(
+ Application.get().getConverterLocator(),
+ SyncopeConsoleSession.get().getLocale());
+ PropertyResolver.setValue(
+ "unauthorizedRedirectUrl",
+ policyTO,
+ Optional.ofNullable(object).map(URI::create).orElse(null),
+ prc);
+ }
+ }, false);
+ unauthorizedRedirectUrl.getField().add(new UrlValidator(new String[] { "http", "https" }));
+ fields.add(unauthorizedRedirectUrl);
break;
case ATTR_RELEASE:
diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
index 1c0bfcc..ce8efc3 100644
--- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
+++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
@@ -32,7 +32,10 @@ conflictResolutionAction=Conflict Resolution Action
enabled=Enabled
ssoEnabled=SSO Enabled
requiredAttrs.title=Required Attributes
-type_extensions.title=configuration
+type_extensions.title=required attributes
+type_extensions.class=fas fa-check-circle
+claim.title=rejected attributes
+claim.class=far fa-check-circle
status=Status
allowedAttrs=Allowed Attributes
excludedAttrs=Excluded Attributes
@@ -41,3 +44,8 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+order=Order
+rejectedAttrs.title=Rejected Attributes
+unauthorizedRedirectUrl=Unauthorized Redirect URL
diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
index a4fbd1f..7058996 100644
--- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
+++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
@@ -32,7 +32,10 @@ conflictResolutionAction=Action de r\u00e9solution des conflits
enabled=Enabled
ssoEnabled=SSO Enabled
requiredAttrs.title=Required Attributes
-type_extensions.title=configuration
+type_extensions.title=required attributes
+type_extensions.class=fas fa-check-circle
+claim.title=rejected attributes
+claim.class=far fa-check-circle
status=Status
allowedAttrs=Allowed Attributes
excludedAttrs=Excluded Attributes
@@ -41,3 +44,8 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+order=Order
+rejectedAttrs.title=Rejected Attributes
+unauthorizedRedirectUrl=Unauthorized Redirect URL
diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
index c9cc229..284fdc3 100644
--- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
+++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
@@ -32,7 +32,10 @@ conflictResolutionAction=Azione di Risoluzione Conflitti
enabled=Abilitata
ssoEnabled=SSO Abilitato
requiredAttrs.title=Attributi Richiesti
-type_extensions.title=configurazione
+type_extensions.title=attributi richiesti
+type_extensions.class=fas fa-check-circle
+claim.title=attributi rifiutati
+claim.class=far fa-check-circle
status=Stato
allowedAttrs=Attributi Consentiti
excludedAttrs=Attributi Esclusi
@@ -41,3 +44,8 @@ attrReleasePolicyConf.title=Configurazione Rilascio Attributi
authPolicyConf.title=Configurazione Autenticazione
tryAll=Prova Tutti
authModules=Moduli di Authenticazione
+requireAllAttributes=Attributi Obbligatori
+caseInsensitive=Case Insensitive
+order=Ordinamento
+rejectedAttrs.title=Attributi Rifiutati
+unauthorizedRedirectUrl=URL di Ridirezione Per Mancata Autorizzazione
diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
index caf0908..dbf0ee1 100644
--- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
+++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
@@ -32,7 +32,10 @@ conflictResolutionAction=\u7af6\u5408\u89e3\u6c7a\u30a2\u30af\u30b7\u30e7\u30f3
enabled=Enabled
ssoEnabled=SSO Enabled
requiredAttrs.title=Required Attributes
-type_extensions.title=configuration
+type_extensions.title=required attributes
+type_extensions.class=fas fa-check-circle
+claim.title=rejected attributes
+claim.class=far fa-check-circle
status=Status
allowedAttrs=Allowed Attributes
excludedAttrs=Excluded Attributes
@@ -41,3 +44,8 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+order=Order
+rejectedAttrs.title=Rejected Attributes
+unauthorizedRedirectUrl=Unauthorized Redirect URL
diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
index 8af6ff8..322079e 100644
--- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
+++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
@@ -32,7 +32,10 @@ conflictResolutionAction=Conflict Resolution Action
enabled=Enabled
ssoEnabled=SSO Enabled
requiredAttrs.title=Required Attributes
-type_extensions.title=configuration
+type_extensions.title=required attributes
+type_extensions.class=fas fa-check-circle
+claim.title=rejected attributes
+claim.class=far fa-check-circle
status=Status
allowedAttrs=Allowed Attributes
excludedAttrs=Excluded Attributes
@@ -41,3 +44,8 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+order=Order
+rejectedAttrs.title=Rejected Attributes
+unauthorizedRedirectUrl=Unauthorized Redirect URL
diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
index 2ed8d8c..9c39956 100644
--- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
+++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
@@ -33,7 +33,10 @@ conflictResolutionAction=Conflict Resolution Action
enabled=Enabled
ssoEnabled=SSO Enabled
requiredAttrs.title=Required Attributes
-type_extensions.title=configuration
+type_extensions.title=required attributes
+type_extensions.class=fas fa-check-circle
+claim.title=rejected attributes
+claim.class=far fa-check-circle
status=Status
allowedAttrs=Allowed Attributes
excludedAttrs=Excluded Attributes
@@ -42,3 +45,8 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+order=Order
+rejectedAttrs.title=Rejected Attributes
+unauthorizedRedirectUrl=Unauthorized Redirect URL
diff --git a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/Groups.java b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/Groups.java
index ad9fe22..e70468f 100644
--- a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/Groups.java
+++ b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/Groups.java
@@ -124,39 +124,39 @@ public class Groups extends Panel {
@Override
public MembershipTO getObject(
- final String id, final IModel<? extends List<? extends MembershipTO>> choices) {
+ final String id, final IModel<? extends List<? extends MembershipTO>> choices) {
return choices.getObject().stream().
- filter(object -> id.equalsIgnoreCase(object.getGroupName())).findAny().orElse(null);
+ filter(object -> id.equalsIgnoreCase(object.getGroupName())).findAny().orElse(null);
}
}).event(getEventFunction());
groupsContainer.add(builder.setAllowOrder(true).withFilter().build("groups",
- new ListModel<>() {
+ new ListModel<>() {
- private static final long serialVersionUID = -2583290457773357445L;
+ private static final long serialVersionUID = -2583290457773357445L;
- @Override
- public List<MembershipTO> getObject() {
- return Groups.this.groupsModel.getMemberships();
- }
+ @Override
+ public List<MembershipTO> getObject() {
+ return Groups.this.groupsModel.getMemberships();
+ }
- }, new AjaxPalettePanel.Builder.Query<>() {
+ }, new AjaxPalettePanel.Builder.Query<>() {
- private static final long serialVersionUID = -7223078772249308813L;
+ private static final long serialVersionUID = -7223078772249308813L;
- @Override
- public List<MembershipTO> execute(final String filter) {
- return (StringUtils.isEmpty(filter) || "*".equals(filter)
+ @Override
+ public List<MembershipTO> execute(final String filter) {
+ return (StringUtils.isEmpty(filter) || "*".equals(filter)
? groupsModel.getObject()
: GroupRestClient.searchAssignableGroups(
- anyTO.getRealm(),
- filter,
- 1, MAX_GROUP_LIST_CARDINALITY)).stream()
+ anyTO.getRealm(),
+ filter,
+ 1, MAX_GROUP_LIST_CARDINALITY)).stream()
.map(input -> new MembershipTO.Builder(input.getKey())
- .groupName(input.getName()).build()).collect(Collectors.toList());
- }
- }).hideLabel().setOutputMarkupId(true));
+ .groupName(input.getName()).build()).collect(Collectors.toList());
+ }
+ }).hideLabel().setOutputMarkupId(true));
// ---------------------------------
}
}
@@ -171,12 +171,6 @@ public class Groups extends Panel {
private static final long serialVersionUID = -4541954630939063927L;
- private List<GroupTO> groups;
-
- private List<MembershipTO> memberships;
-
- private String realm;
-
@Override
public List<GroupTO> getObject() {
reload();
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
index 9b72535..24025d2 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
@@ -27,4 +27,6 @@ import org.apache.syncope.common.lib.BaseBean;
public interface AccessPolicyConf extends BaseBean {
List<Attr> getRequiredAttrs();
+
+ List<Attr> getRejectedAttrs();
}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
index 27da7c7..ed672a7 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
@@ -22,16 +22,25 @@ package org.apache.syncope.common.lib.policy;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import io.swagger.v3.oas.annotations.media.Schema;
+import java.net.URI;
@Schema(allOf = { PolicyTO.class })
public class AccessPolicyTO extends PolicyTO {
private static final long serialVersionUID = -6711411162433533300L;
+ private int order;
+
private boolean enabled = true;
private boolean ssoEnabled = true;
+ private boolean requireAllAttributes = true;
+
+ private boolean caseInsensitive;
+
+ private URI unauthorizedRedirectUrl;
+
private AccessPolicyConf conf;
@JacksonXmlProperty(localName = "_class", isAttribute = true)
@@ -42,6 +51,14 @@ public class AccessPolicyTO extends PolicyTO {
return getClass().getName();
}
+ public int getOrder() {
+ return order;
+ }
+
+ public void setOrder(final int order) {
+ this.order = order;
+ }
+
public boolean isEnabled() {
return enabled;
}
@@ -58,6 +75,30 @@ public class AccessPolicyTO extends PolicyTO {
this.ssoEnabled = ssoEnabled;
}
+ public boolean isRequireAllAttributes() {
+ return requireAllAttributes;
+ }
+
+ public void setRequireAllAttributes(final boolean requireAllAttributes) {
+ this.requireAllAttributes = requireAllAttributes;
+ }
+
+ public boolean isCaseInsensitive() {
+ return caseInsensitive;
+ }
+
+ public void setCaseInsensitive(final boolean caseInsensitive) {
+ this.caseInsensitive = caseInsensitive;
+ }
+
+ public URI getUnauthorizedRedirectUrl() {
+ return unauthorizedRedirectUrl;
+ }
+
+ public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) {
+ this.unauthorizedRedirectUrl = unauthorizedRedirectUrl;
+ }
+
public AccessPolicyConf getConf() {
return conf;
}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
index e2b9764..83685c6 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
@@ -30,10 +30,19 @@ public class DefaultAccessPolicyConf implements AccessPolicyConf {
private final List<Attr> requiredAttrs = new ArrayList<>();
+ private final List<Attr> rejectedAttrs = new ArrayList<>();
+
@JacksonXmlElementWrapper(localName = "requiredAttrs")
@JacksonXmlProperty(localName = "requiredAttr")
@Override
public List<Attr> getRequiredAttrs() {
return requiredAttrs;
}
+
+ @JacksonXmlElementWrapper(localName = "rejectedAttrs")
+ @JacksonXmlProperty(localName = "rejectedAttr")
+ @Override
+ public List<Attr> getRejectedAttrs() {
+ return rejectedAttrs;
+ }
}
diff --git a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
index 95453f2..a3839ac 100644
--- a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
+++ b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
@@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.StringWriter;
+import java.net.URI;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.junit.jupiter.api.Test;
@@ -35,10 +36,13 @@ public abstract class SerializationTest {
public void accessPolicyConf() throws IOException {
AccessPolicyTO policy = new AccessPolicyTO();
policy.setName("Test Access policy");
+ policy.setOrder(11);
policy.setEnabled(true);
+ policy.setUnauthorizedRedirectUrl(URI.create("https://syncope.apache.org"));
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin", "Admin", "TheAdmin").build());
+ conf.getRejectedAttrs().add(new Attr.Builder("uid").values("plain").build());
policy.setConf(conf);
StringWriter writer = new StringWriter();
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
index 67bc5fd..1dffe85 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
@@ -18,10 +18,15 @@
*/
package org.apache.syncope.core.persistence.api.entity.policy;
+import java.net.URI;
import org.apache.syncope.common.lib.policy.AccessPolicyConf;
public interface AccessPolicy extends Policy {
+ int getOrder();
+
+ void setOrder(int order);
+
boolean isEnabled();
void setEnabled(boolean enabled);
@@ -30,6 +35,18 @@ public interface AccessPolicy extends Policy {
void setSsoEnabled(boolean ssoEnabled);
+ boolean isRequireAllAttributes();
+
+ void setRequireAllAttributes(boolean requireAllAttributes);
+
+ boolean isCaseInsensitive();
+
+ void setCaseInsensitive(boolean caseInsensitive);
+
+ URI getUnauthorizedRedirectUrl();
+
+ void setUnauthorizedRedirectUrl(URI unauthorizedRedirectUrl);
+
AccessPolicyConf getConf();
void setConf(AccessPolicyConf conf);
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASRARoute.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASRARoute.java
index a851c2b..cda8808 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASRARoute.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASRARoute.java
@@ -29,6 +29,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Lob;
import javax.persistence.Table;
import javax.validation.constraints.NotNull;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.syncope.common.lib.types.SRARouteFilter;
import org.apache.syncope.common.lib.types.SRARoutePredicate;
import org.apache.syncope.common.lib.types.SRARouteType;
@@ -85,7 +86,7 @@ public class JPASRARoute extends AbstractGeneratedKeyEntity implements SRARoute
@Override
public URI getTarget() {
- return URI.create(target);
+ return Optional.ofNullable(target).map(URI::create).orElse(null);
}
@Override
@@ -115,7 +116,7 @@ public class JPASRARoute extends AbstractGeneratedKeyEntity implements SRARoute
@Override
public boolean isLogout() {
- return logout;
+ return BooleanUtils.isNotFalse(logout);
}
@Override
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
index 5047470..7159f52 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
@@ -18,6 +18,7 @@
*/
package org.apache.syncope.core.persistence.jpa.entity.policy;
+import java.net.URI;
import java.util.Optional;
import javax.persistence.Basic;
import javax.persistence.Entity;
@@ -37,15 +38,36 @@ public class JPAAccessPolicy extends AbstractPolicy implements AccessPolicy {
public static final String TABLE = "AccessPolicy";
@Basic
+ private Integer aporder = 0;
+
+ @Basic
private Boolean enabled = true;
@Basic
private Boolean ssoEnabled = true;
+ @Basic
+ private Boolean requireAllAttributes = true;
+
+ @Basic
+ private Boolean caseInsensitive;
+
+ private String unauthorizedRedirectUrl;
+
@Lob
private String jsonConf;
@Override
+ public int getOrder() {
+ return Optional.ofNullable(aporder).orElse(0);
+ }
+
+ @Override
+ public void setOrder(final int order) {
+ this.aporder = order;
+ }
+
+ @Override
public boolean isEnabled() {
return BooleanUtils.isNotFalse(enabled);
}
@@ -66,10 +88,40 @@ public class JPAAccessPolicy extends AbstractPolicy implements AccessPolicy {
}
@Override
+ public boolean isRequireAllAttributes() {
+ return BooleanUtils.isNotFalse(requireAllAttributes);
+ }
+
+ @Override
+ public void setRequireAllAttributes(final boolean requireAllAttributes) {
+ this.requireAllAttributes = requireAllAttributes;
+ }
+
+ @Override
+ public boolean isCaseInsensitive() {
+ return BooleanUtils.isNotFalse(caseInsensitive);
+ }
+
+ @Override
+ public void setCaseInsensitive(final boolean caseInsensitive) {
+ this.caseInsensitive = caseInsensitive;
+ }
+
+ @Override
+ public URI getUnauthorizedRedirectUrl() {
+ return Optional.ofNullable(unauthorizedRedirectUrl).
+ map(URI::create).orElse(null);
+ }
+
+ @Override
+ public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) {
+ this.unauthorizedRedirectUrl = Optional.ofNullable(unauthorizedRedirectUrl).
+ map(URI::toASCIIString).orElse(null);
+ }
+
+ @Override
public AccessPolicyConf getConf() {
- return jsonConf == null
- ? null
- : POJOHelper.deserialize(jsonConf, AccessPolicyConf.class);
+ return Optional.ofNullable(jsonConf).map(c -> POJOHelper.deserialize(c, AccessPolicyConf.class)).orElse(null);
}
@Override
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
index 4a3608e..85e1071 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
@@ -223,8 +223,12 @@ public class PolicyDataBinderImpl implements PolicyDataBinder {
AccessPolicyTO accessPolicyTO = AccessPolicyTO.class.cast(policyTO);
accessPolicy.setName(accessPolicyTO.getKey());
+ accessPolicy.setOrder(accessPolicyTO.getOrder());
accessPolicy.setEnabled(accessPolicyTO.isEnabled());
accessPolicy.setSsoEnabled(accessPolicyTO.isSsoEnabled());
+ accessPolicy.setRequireAllAttributes(accessPolicyTO.isRequireAllAttributes());
+ accessPolicy.setCaseInsensitive(accessPolicyTO.isCaseInsensitive());
+ accessPolicy.setUnauthorizedRedirectUrl(accessPolicyTO.getUnauthorizedRedirectUrl());
accessPolicy.setConf(accessPolicyTO.getConf());
} else if (policyTO instanceof AttrReleasePolicyTO) {
if (result == null) {
@@ -311,8 +315,12 @@ public class PolicyDataBinderImpl implements PolicyDataBinder {
AccessPolicyTO accessPolicyTO = new AccessPolicyTO();
policyTO = (T) accessPolicyTO;
+ accessPolicyTO.setOrder(accessPolicy.getOrder());
accessPolicyTO.setEnabled(accessPolicy.isEnabled());
accessPolicyTO.setSsoEnabled(accessPolicy.isSsoEnabled());
+ accessPolicyTO.setRequireAllAttributes(accessPolicy.isRequireAllAttributes());
+ accessPolicyTO.setCaseInsensitive(accessPolicy.isCaseInsensitive());
+ accessPolicyTO.setUnauthorizedRedirectUrl(accessPolicy.getUnauthorizedRedirectUrl());
accessPolicyTO.setConf(((AccessPolicy) policy).getConf());
} else if (policy instanceof AttrReleasePolicy) {
AttrReleasePolicyTO attrReleasePolicyTO = new AttrReleasePolicyTO();
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
index cb03d00..6c24e5e 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
@@ -29,10 +29,23 @@ public class DefaultAccessMapper implements AccessMapper {
@Override
public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) {
- RegisteredServiceAccessStrategy accessStrategy =
+ DefaultRegisteredServiceAccessStrategy accessStrategy =
new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(), policy.isSsoEnabled());
+
+ accessStrategy.setOrder(policy.getOrder());
+
+ accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes());
+
+ accessStrategy.setCaseInsensitive(policy.isCaseInsensitive());
+
+ accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl());
+
policy.getConf().getRequiredAttrs().forEach(
attr -> accessStrategy.getRequiredAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues())));
+
+ policy.getConf().getRejectedAttrs().forEach(
+ attr -> accessStrategy.getRejectedAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues())));
+
return accessStrategy;
}
}