[SYNCOPE-1118] Authorization summary provided
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/733b9720 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/733b9720 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/733b9720 Branch: refs/heads/master Commit: 733b97203924daacc9c4e07b6caeddb9e85ddb97 Parents: 26fb9bd Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Wed Jun 28 12:30:29 2017 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Wed Jun 28 12:30:42 2017 +0200 ---------------------------------------------------------------------- .../apache/syncope/common/lib/AnyOperations.java | 6 +++--- .../reference-guide/architecture/architecture.adoc | 2 +- .../reference-guide/concepts/entitlements.adoc | 2 +- .../workingwithapachesyncope/restfulservices.adoc | 16 ++++++++++++++++ 4 files changed, 21 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java b/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java index 55ff54a..ba68a49 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/AnyOperations.java @@ -293,9 +293,9 @@ public final class AnyOperations { if (updated.getPassword() != null && (original.getPassword() == null || !original.getPassword().equals(updated.getPassword()))) { - result.setPassword(new PasswordPatch.Builder() - .value(updated.getPassword()) - .resources(updated.getResources()).build()); + result.setPassword(new PasswordPatch.Builder(). + value(updated.getPassword()). + resources(updated.getResources()).build()); } // 2. username http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/src/main/asciidoc/reference-guide/architecture/architecture.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/architecture/architecture.adoc b/src/main/asciidoc/reference-guide/architecture/architecture.adoc index ce26e8c..0ba26d3 100644 --- a/src/main/asciidoc/reference-guide/architecture/architecture.adoc +++ b/src/main/asciidoc/reference-guide/architecture/architecture.adoc @@ -39,7 +39,7 @@ More details are available in the dedicated <<admin-console,usage>> section. [[enduser-component]] === End-user UI -The End-user UI is the web-based application for self-registration, self-service and password reset. +The End-user UI is the web-based application for self-registration, self-service and <<password-reset,password reset>>. The communication between End-user UI and Core is exclusively REST-based. http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/src/main/asciidoc/reference-guide/concepts/entitlements.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/entitlements.adoc b/src/main/asciidoc/reference-guide/concepts/entitlements.adoc index 3a86200..89b9b3f 100644 --- a/src/main/asciidoc/reference-guide/concepts/entitlements.adoc +++ b/src/main/asciidoc/reference-guide/concepts/entitlements.adoc @@ -30,7 +30,7 @@ ifeval::["{snapshotOrRelease}" == "snapshot"] https://github.com/apache/syncope/blob/master/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java[RealmLogic^] endif::[] , the -http://docs.spring.io/spring-security/site/docs/4.1.x/reference/htmlsingle/#el-common-built-in[`hasRole` expression^] +http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#el-common-built-in[`hasRole` expression^] is used together with one of the standard entitlements to restrict access only to Users owning the `REALM_LIST` entitlement. http://git-wip-us.apache.org/repos/asf/syncope/blob/733b9720/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc index 9e240a1..595c96e 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc @@ -72,6 +72,22 @@ while normally not needed, this configuration can be anyway customized via the < https://en.wikipedia.org/wiki/Basic_access_authentication[HTTP Basic Authentication] is set for use by default. ==== +[[authorization-summary]] +.Authorization Summary +**** +The set of RESTful services provided by Apache Syncope can be divided as: + +. endpoints accessible without any sort of authentication (e.g. truly anonymous), for self-registration and +<<password-reset,password reset>>; +. endpoints disclosing information about the given Syncope deployment (available <<schema,schema>>, configured +<<extensions,extensions>>, Groups, Roles, ...), requiring some sort of shared authentication defined by the +`anonymousKey` value in the `security.properties` file - for more information, read about Spring Security's +http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#anonymous[Anonymous Authentication^]; +. endpoints for self-service (self-update, password change, ...), requiring user authentication and no entitlements; +. endpoints for administrative operations, requiring user authentication with authorization granted by the related +<<entitlements,entitlements>>, handed over to users via <<roles,roles>>. +**** + ==== REST Headers Apache Syncope supports a number of HTTP headers as detailed below, in addition to the common HTTP headers such as
