You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2017/06/28 10:30:52 UTC
[2/2] syncope git commit: [SYNCOPE-1118] Authorization summary
provided
[SYNCOPE-1118] Authorization summary provided
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/733b9720
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/733b9720
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/733b9720
Branch: refs/heads/master
Commit: 733b97203924daacc9c4e07b6caeddb9e85ddb97
Parents: 26fb9bd
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Wed Jun 28 12:30:29 2017 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Wed Jun 28 12:30:42 2017 +0200
----------------------------------------------------------------------
.../apache/syncope/common/lib/AnyOperations.java | 6 +++---
.../reference-guide/architecture/architecture.adoc | 2 +-
.../reference-guide/concepts/entitlements.adoc | 2 +-
.../workingwithapachesyncope/restfulservices.adoc | 16 ++++++++++++++++
4 files changed, 21 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java
----------------------------------------------------------------------
diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java b/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java
index 55ff54a..ba68a49 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java
@@ -293,9 +293,9 @@ public final class AnyOperations {
if (updated.getPassword() != null
&& (original.getPassword() == null || !original.getPassword().equals(updated.getPassword()))) {
- result.setPassword(new PasswordPatch.Builder()
- .value(updated.getPassword())
- .resources(updated.getResources()).build());
+ result.setPassword(new PasswordPatch.Builder().
+ value(updated.getPassword()).
+ resources(updated.getResources()).build());
}
// 2. username
http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/src/main/asciidoc/reference-guide/architecture/architecture.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/architecture/architecture.adoc b/src/main/asciidoc/reference-guide/architecture/architecture.adoc
index ce26e8c..0ba26d3 100644
--- a/src/main/asciidoc/reference-guide/architecture/architecture.adoc
+++ b/src/main/asciidoc/reference-guide/architecture/architecture.adoc
@@ -39,7 +39,7 @@ More details are available in the dedicated <<admin-console,usage>> section.
[[enduser-component]]
=== End-user UI
-The End-user UI is the web-based application for self-registration, self-service and password reset.
+The End-user UI is the web-based application for self-registration, self-service and <<password-reset,password reset>>.
The communication between End-user UI and Core is exclusively REST-based.
http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/src/main/asciidoc/reference-guide/concepts/entitlements.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/entitlements.adoc b/src/main/asciidoc/reference-guide/concepts/entitlements.adoc
index 3a86200..89b9b3f 100644
--- a/src/main/asciidoc/reference-guide/concepts/entitlements.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/entitlements.adoc
@@ -30,7 +30,7 @@ ifeval::["{snapshotOrRelease}" == "snapshot"]
https://github.com/apache/syncope/blob/master/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java[RealmLogic^]
endif::[]
, the
-http://docs.spring.io/spring-security/site/docs/4.1.x/reference/htmlsingle/#el-common-built-in[`hasRole` expression^]
+http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#el-common-built-in[`hasRole` expression^]
is used together with one of the standard entitlements to restrict access only to Users owning the `REALM_LIST`
entitlement.
http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
index 9e240a1..595c96e 100644
--- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
+++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
@@ -72,6 +72,22 @@ while normally not needed, this configuration can be anyway customized via the <
https://en.wikipedia.org/wiki/Basic_access_authentication[HTTP Basic Authentication] is set for use by default.
====
+[[authorization-summary]]
+.Authorization Summary
+****
+The set of RESTful services provided by Apache Syncope can be divided as:
+
+. endpoints accessible without any sort of authentication (e.g. truly anonymous), for self-registration and
+<<password-reset,password reset>>;
+. endpoints disclosing information about the given Syncope deployment (available <<schema,schema>>, configured
+<<extensions,extensions>>, Groups, Roles, ...), requiring some sort of shared authentication defined by the
+`anonymousKey` value in the `security.properties` file - for more information, read about Spring Security's
+http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#anonymous[Anonymous Authentication^];
+. endpoints for self-service (self-update, password change, ...), requiring user authentication and no entitlements;
+. endpoints for administrative operations, requiring user authentication with authorization granted by the related
+<<entitlements,entitlements>>, handed over to users via <<roles,roles>>.
+****
+
==== REST Headers
Apache Syncope supports a number of HTTP headers as detailed below, in addition to the common HTTP headers such as