This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 3_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 4018a109cf425f7d884508e884ce09b5faeb7216 Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Wed Jan 11 17:13:20 2023 +0100 [SYNCOPE-1721] Supporting more ServiceAccessStrategy classes --- ...AMConsoleContext.java => AMConsoleContext.java} | 9 +- .../commons/AMAccessPolicyConfProvider.java | 19 ++- .../AMClassPathScanImplementationContributor.java | 15 ++ .../panels/SAML2IdPEntityDirectoryPanel.java | 20 ++- .../panels/SAML2SPEntityDirectoryPanel.java | 20 ++- .../policies/AccessPolicyAttrsDirectoryPanel.java | 11 +- .../policies/AccessPolicyAttrsWizardBuilder.java | 11 +- .../policies/AccessPolicyDirectoryPanel.java | 108 ++++++++------ .../console/policies/AccessPolicyModalPanel.java | 164 +++++++++++++++++++++ .../policies/AttrReleasePolicyModalPanel.java | 2 +- .../console/policies/AccessPolicyModalPanel.html | 27 ++++ .../policies/AccessPolicyModalPanel.properties} | 14 +- .../policies/AccessPolicyModalPanel_fr.properties} | 14 +- .../policies/AccessPolicyModalPanel_it.properties} | 14 +- .../policies/AccessPolicyModalPanel_ja.properties} | 14 +- .../AccessPolicyModalPanel_pt_BR.properties} | 14 +- .../policies/AccessPolicyModalPanel_ru.properties} | 14 +- ...MConsoleContext.java => IdMConsoleContext.java} | 2 +- ...nsoleContext.java => IdRepoConsoleContext.java} | 10 +- .../client/console/SyncopeConsoleApplication.java | 6 +- .../client/console/SyncopeWebApplication.java | 9 ++ .../console/commons/AccessPolicyConfProvider.java | 14 +- .../commons/IdRepoAccessPolicyConfProvider.java | 15 +- .../init/ClassPathScanImplementationLookup.java | 6 +- .../console/policies/PolicyModalPanelBuilder.java | 70 ++++----- .../src/main/resources/META-INF/spring.factories | 2 +- .../policies/PolicyDirectoryPanel.properties | 5 +- .../policies/PolicyDirectoryPanel_fr_CA.properties | 5 +- .../policies/PolicyDirectoryPanel_it.properties | 5 +- .../policies/PolicyDirectoryPanel_ja.properties | 5 +- .../policies/PolicyDirectoryPanel_pt_BR.properties | 5 +- .../policies/PolicyDirectoryPanel_ru.properties | 5 +- .../syncope/client/console/AbstractTest.java | 10 +- .../common/lib/policy/AccessPolicyConf.java | 6 - .../syncope/common/lib/policy/AccessPolicyTO.java | 61 -------- .../common/lib/policy/DefaultAccessPolicyConf.java | 63 +++++++- ...yConf.java => HttpRequestAccessPolicyConf.java} | 28 +++- ...nf.java => RemoteEndpointAccessPolicyConf.java} | 29 ++-- ...icyConf.java => TimeBasedAccessPolicyConf.java} | 21 ++- .../syncope/common/lib/SerializationTest.java | 6 +- .../api/entity/policy/AccessPolicy.java | 25 ---- .../src/test/resources/domains/MasterContent.xml | 3 +- .../jpa/entity/policy/JPAAccessPolicy.java | 82 ----------- .../jpa/inner/AbstractClientAppTest.java | 4 +- .../src/test/resources/domains/MasterContent.xml | 3 +- .../java/data/PolicyDataBinderImpl.java | 13 -- .../org/apache/syncope/fit/AbstractITCase.java | 2 +- .../syncope/fit/console/AbstractConsoleITCase.java | 8 +- .../reference-guide/concepts/policies.adoc | 53 ++++++- .../wa/starter/mapping/DefaultAccessMapper.java | 16 +- ...essMapper.java => HttpRequestAccessMapper.java} | 28 ++-- ...Mapper.java => RemoteEndpointAccessMapper.java} | 27 ++-- ...ccessMapper.java => TimeBasedAccessMapper.java} | 31 ++-- .../syncope/wa/starter/WAServiceRegistryTest.java | 2 +- 54 files changed, 694 insertions(+), 481 deletions(-) diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/SyncopeAMConsoleContext.java b/client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java similarity index 85% rename from client/am/console/src/main/java/org/apache/syncope/client/console/SyncopeAMConsoleContext.java rename to client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java index b5b35524d8..82f09ad40d 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/SyncopeAMConsoleContext.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java @@ -18,8 +18,10 @@ */ package org.apache.syncope.client.console; +import org.apache.syncope.client.console.commons.AMAccessPolicyConfProvider; import org.apache.syncope.client.console.commons.AMPolicyTabProvider; import org.apache.syncope.client.console.commons.AMRealmPolicyProvider; +import org.apache.syncope.client.console.commons.AccessPolicyConfProvider; import org.apache.syncope.client.console.commons.PolicyTabProvider; import org.apache.syncope.client.console.commons.RealmPolicyProvider; import org.apache.syncope.client.console.init.AMClassPathScanImplementationContributor; @@ -28,7 +30,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration(proxyBeanMethods = false) -public class SyncopeAMConsoleContext { +public class AMConsoleContext { @Bean public ClassPathScanImplementationContributor amClassPathScanImplementationContributor() { @@ -44,4 +46,9 @@ public class SyncopeAMConsoleContext { public PolicyTabProvider amPolicyTabProvider() { return new AMPolicyTabProvider(); } + + @Bean + public AccessPolicyConfProvider accessPolicyConfProvider() { + return new AMAccessPolicyConfProvider(); + } } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMAccessPolicyConfProvider.java similarity index 58% copy from common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java copy to client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMAccessPolicyConfProvider.java index 24025d2774..78a66df4a0 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMAccessPolicyConfProvider.java @@ -16,17 +16,20 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.syncope.common.lib.policy; +package org.apache.syncope.client.console.commons; -import com.fasterxml.jackson.annotation.JsonTypeInfo; import java.util.List; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.BaseBean; +import java.util.stream.Collectors; +import org.apache.syncope.client.console.SyncopeWebApplication; +import org.apache.syncope.common.lib.policy.AccessPolicyConf; -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "_class") -public interface AccessPolicyConf extends BaseBean { +public class AMAccessPolicyConfProvider implements AccessPolicyConfProvider { - List<Attr> getRequiredAttrs(); + private static final long serialVersionUID = 5657864541765007494L; - List<Attr> getRejectedAttrs(); + @Override + public List<String> get() { + return SyncopeWebApplication.get().getLookup().getClasses(AccessPolicyConf.class).stream(). + map(Class::getName).sorted().collect(Collectors.toList()); + } } diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java b/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java index e7ca032553..dfa9349ac4 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java @@ -21,6 +21,9 @@ package org.apache.syncope.client.console.init; import java.util.Optional; import org.apache.syncope.common.lib.attr.AttrRepoConf; import org.apache.syncope.common.lib.auth.AuthModuleConf; +import org.apache.syncope.common.lib.policy.AccessPolicyConf; +import org.apache.syncope.common.lib.policy.AttrReleasePolicyConf; +import org.apache.syncope.common.lib.policy.AuthPolicyConf; import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider; import org.springframework.core.type.filter.AssignableTypeFilter; @@ -30,6 +33,9 @@ public class AMClassPathScanImplementationContributor implements ClassPathScanIm public void extend(final ClassPathScanningCandidateComponentProvider scanner) { scanner.addIncludeFilter(new AssignableTypeFilter(AuthModuleConf.class)); scanner.addIncludeFilter(new AssignableTypeFilter(AttrRepoConf.class)); + scanner.addIncludeFilter(new AssignableTypeFilter(AccessPolicyConf.class)); + scanner.addIncludeFilter(new AssignableTypeFilter(AttrReleasePolicyConf.class)); + scanner.addIncludeFilter(new AssignableTypeFilter(AuthPolicyConf.class)); } @Override @@ -40,6 +46,15 @@ public class AMClassPathScanImplementationContributor implements ClassPathScanIm if (AttrRepoConf.class.isAssignableFrom(clazz)) { return Optional.of(AttrRepoConf.class.getName()); } + if (AccessPolicyConf.class.isAssignableFrom(clazz)) { + return Optional.of(AccessPolicyConf.class.getName()); + } + if (AttrReleasePolicyConf.class.isAssignableFrom(clazz)) { + return Optional.of(AttrReleasePolicyConf.class.getName()); + } + if (AuthPolicyConf.class.isAssignableFrom(clazz)) { + return Optional.of(AuthPolicyConf.class.getName()); + } return Optional.empty(); } } diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java index 9523053a71..b8487037c1 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java @@ -86,16 +86,20 @@ public class SAML2IdPEntityDirectoryPanel extends DirectoryPanel< Constants.KEY_FIELD_NAME, Constants.KEY_FIELD_NAME)); columns.add(new AbstractColumn<>(Model.of("URL")) { + private static final long serialVersionUID = -7226955670801277153L; + @Override public void populateItem( - final Item<ICellPopulator<SAML2IdPEntityTO>> cellItem, - final String componentId, - final IModel<SAML2IdPEntityTO> rowModel) { + final Item<ICellPopulator<SAML2IdPEntityTO>> cellItem, + final String componentId, + final IModel<SAML2IdPEntityTO> rowModel) { cellItem.add(new ExternalLink( - componentId, - Model.of(metadataURL), - Model.of(metadataURL)) { + componentId, + Model.of(metadataURL), + Model.of(metadataURL)) { + + private static final long serialVersionUID = -1919646533527005367L; @Override protected void onComponentTag(final ComponentTag tag) { @@ -125,8 +129,8 @@ public class SAML2IdPEntityDirectoryPanel extends DirectoryPanel< @Override public void onClick(final AjaxRequestTarget target, final SAML2IdPEntityTO ignore) { send(SAML2IdPEntityDirectoryPanel.this, Broadcast.EXACT, - new AjaxWizard.EditItemActionEvent<>( - SAML2IdPEntityRestClient.get(model.getObject().getKey()), target)); + new AjaxWizard.EditItemActionEvent<>( + SAML2IdPEntityRestClient.get(model.getObject().getKey()), target)); } }, ActionLink.ActionType.EDIT, AMEntitlement.SAML2_IDP_ENTITY_SET); diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java index ad2ffee7d9..6ac5f77c42 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java @@ -92,17 +92,21 @@ public class SAML2SPEntityDirectoryPanel extends DirectoryPanel< columns.add(new AbstractColumn<>(Model.of("URL")) { + private static final long serialVersionUID = -7226955670801277153L; + @Override public void populateItem( - final Item<ICellPopulator<SAML2SPEntityTO>> cellItem, - final String componentId, - final IModel<SAML2SPEntityTO> rowModel) { + final Item<ICellPopulator<SAML2SPEntityTO>> cellItem, + final String componentId, + final IModel<SAML2SPEntityTO> rowModel) { String metadataURL = waPrefix + "/sp/" + rowModel.getObject().getKey() + "/metadata"; cellItem.add(new ExternalLink( - componentId, - Model.of(metadataURL), - Model.of(metadataURL)) { + componentId, + Model.of(metadataURL), + Model.of(metadataURL)) { + + private static final long serialVersionUID = -1919646533527005367L; @Override protected void onComponentTag(final ComponentTag tag) { @@ -132,8 +136,8 @@ public class SAML2SPEntityDirectoryPanel extends DirectoryPanel< @Override public void onClick(final AjaxRequestTarget target, final SAML2SPEntityTO ignore) { send(SAML2SPEntityDirectoryPanel.this, Broadcast.EXACT, - new AjaxWizard.EditItemActionEvent<>( - SAML2SPEntityRestClient.get(model.getObject().getKey()), target)); + new AjaxWizard.EditItemActionEvent<>( + SAML2SPEntityRestClient.get(model.getObject().getKey()), target)); } }, ActionLink.ActionType.EDIT, AMEntitlement.SAML2_SP_ENTITY_SET); diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java index e7c1c0720a..72a9bf6592 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java @@ -31,8 +31,8 @@ import org.apache.syncope.client.ui.commons.pages.BaseWebPage; import org.apache.syncope.client.ui.commons.wizards.AjaxWizard; import org.apache.syncope.common.lib.Attr; import org.apache.syncope.common.lib.SyncopeClientException; -import org.apache.syncope.common.lib.policy.AccessPolicyConf; import org.apache.syncope.common.lib.policy.AccessPolicyTO; +import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; import org.apache.syncope.common.lib.types.IdRepoEntitlement; import org.apache.syncope.common.lib.types.PolicyType; import org.apache.wicket.PageReference; @@ -49,13 +49,13 @@ public class AccessPolicyAttrsDirectoryPanel extends AttrListDirectoryPanel { private final IModel<AccessPolicyTO> accessPolicyModel; - private final SerializableFunction<AccessPolicyConf, List<Attr>> attrsAccessor; + private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor; public AccessPolicyAttrsDirectoryPanel( final String id, final BaseModal<AccessPolicyTO> wizardModal, final IModel<AccessPolicyTO> model, - final SerializableFunction<AccessPolicyConf, List<Attr>> attrsAccessor, + final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor, final PageReference pageRef) { super(id, pageRef, false); @@ -86,7 +86,8 @@ public class AccessPolicyAttrsDirectoryPanel extends AttrListDirectoryPanel { @Override public void onClick(final AjaxRequestTarget target, final Attr ignore) { try { - attrsAccessor.apply(accessPolicyModel.getObject().getConf()).remove(model.getObject()); + attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicyModel.getObject().getConf()). + remove(model.getObject()); PolicyRestClient.update(PolicyType.ACCESS, accessPolicyModel.getObject()); SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED)); @@ -135,7 +136,7 @@ public class AccessPolicyAttrsDirectoryPanel extends AttrListDirectoryPanel { @Override protected List<Attr> list() { - return attrsAccessor.apply(accessPolicyModel.getObject().getConf()); + return attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicyModel.getObject().getConf()); } } } diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java index a371e0328c..a9029e9008 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java @@ -23,8 +23,8 @@ import java.util.List; import org.apache.syncope.client.console.rest.PolicyRestClient; import org.apache.syncope.client.console.wizards.AttrWizardBuilder; import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.policy.AccessPolicyConf; import org.apache.syncope.common.lib.policy.AccessPolicyTO; +import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; import org.apache.syncope.common.lib.types.PolicyType; import org.apache.wicket.PageReference; import org.danekja.java.util.function.serializable.SerializableFunction; @@ -35,11 +35,11 @@ public class AccessPolicyAttrsWizardBuilder extends AttrWizardBuilder { private final AccessPolicyTO accessPolicy; - private final SerializableFunction<AccessPolicyConf, List<Attr>> attrsAccessor; + private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor; public AccessPolicyAttrsWizardBuilder( final AccessPolicyTO accessPolicy, - final SerializableFunction<AccessPolicyConf, List<Attr>> attrsAccessor, + final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor, final Attr attr, final PageReference pageRef) { @@ -50,8 +50,9 @@ public class AccessPolicyAttrsWizardBuilder extends AttrWizardBuilder { @Override protected Serializable onApplyInternal(final Attr modelObject) { - attrsAccessor.apply(accessPolicy.getConf()).removeIf(p -> modelObject.getSchema().equals(p.getSchema())); - attrsAccessor.apply(accessPolicy.getConf()).add(modelObject); + attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicy.getConf()). + removeIf(p -> modelObject.getSchema().equals(p.getSchema())); + attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicy.getConf()).add(modelObject); PolicyRestClient.update(PolicyType.ACCESS, accessPolicy); diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java index 86fe8f4147..4261ad8236 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java @@ -21,10 +21,8 @@ package org.apache.syncope.client.console.policies; import java.util.List; import org.apache.syncope.client.console.panels.ModalDirectoryPanel; import org.apache.syncope.client.console.rest.PolicyRestClient; -import org.apache.syncope.client.console.wicket.extensions.markup.html.repeater.data.table.BooleanPropertyColumn; import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink; import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel; -import org.apache.syncope.common.lib.policy.AccessPolicyConf; import org.apache.syncope.common.lib.policy.AccessPolicyTO; import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; import org.apache.syncope.common.lib.types.IdRepoEntitlement; @@ -32,8 +30,11 @@ import org.apache.syncope.common.lib.types.PolicyType; import org.apache.wicket.PageReference; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy; +import org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator; +import org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn; import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn; -import org.apache.wicket.extensions.markup.html.repeater.data.table.PropertyColumn; +import org.apache.wicket.markup.html.basic.Label; +import org.apache.wicket.markup.repeater.Item; import org.apache.wicket.model.IModel; import org.apache.wicket.model.Model; import org.apache.wicket.model.StringResourceModel; @@ -56,15 +57,21 @@ public class AccessPolicyDirectoryPanel extends PolicyDirectoryPanel<AccessPolic @Override protected void addCustomColumnFields(final List<IColumn<AccessPolicyTO, String>> columns) { - columns.add(new PropertyColumn<>(new StringResourceModel("order", this), "order", "order")); - columns.add(new BooleanPropertyColumn<>( - new StringResourceModel("enabled", this), "enabled", "enabled")); - columns.add(new BooleanPropertyColumn<>( - new StringResourceModel("ssoEnabled", this), "ssoEnabled", "ssoEnabled")); - columns.add(new BooleanPropertyColumn<>( - new StringResourceModel("requireAllAttributes", this), "requireAllAttributes", "requireAllAttributes")); - columns.add(new BooleanPropertyColumn<>( - new StringResourceModel("caseInsensitive", this), "caseInsensitive", "caseInsensitive")); + columns.add(new AbstractColumn<AccessPolicyTO, String>(new StringResourceModel("conf", this)) { + + private static final long serialVersionUID = -7226955670801277153L; + + @Override + public void populateItem( + final Item<ICellPopulator<AccessPolicyTO>> cellItem, + final String componentId, + final IModel<AccessPolicyTO> rowModel) { + + cellItem.add(new Label(componentId, rowModel.getObject().getConf() == null + ? "" + : rowModel.getObject().getConf().getClass().getName())); + } + }); } @Override @@ -79,42 +86,55 @@ public class AccessPolicyDirectoryPanel extends PolicyDirectoryPanel<AccessPolic if (model.getObject().getConf() == null) { model.getObject().setConf(new DefaultAccessPolicyConf()); } - target.add(ruleCompositionModal.setContent(new ModalDirectoryPanel<>( - ruleCompositionModal, - new AccessPolicyAttrsDirectoryPanel( - "panel", - ruleCompositionModal, - model, - AccessPolicyConf::getRequiredAttrs, - pageRef), - pageRef))); - ruleCompositionModal.header(new Model<>(getString("requiredAttrs.title", model))); - ruleCompositionModal.show(true); + target.add(policySpecModal.setContent( + new AccessPolicyModalPanel(policySpecModal, model, pageRef))); + policySpecModal.header(new Model<>(getString("accessPolicyConf.title", model))); + policySpecModal.show(true); } - }, ActionLink.ActionType.TYPE_EXTENSIONS, IdRepoEntitlement.POLICY_UPDATE); + }, ActionLink.ActionType.CHANGE_VIEW, IdRepoEntitlement.POLICY_UPDATE); - panel.add(new ActionLink<>() { + if (model.getObject().getConf() instanceof DefaultAccessPolicyConf) { + panel.add(new ActionLink<>() { - private static final long serialVersionUID = -3722207913631435501L; + private static final long serialVersionUID = -3722207913631435501L; - @Override - public void onClick(final AjaxRequestTarget target, final AccessPolicyTO ignore) { - model.setObject(PolicyRestClient.read(type, model.getObject().getKey())); - if (model.getObject().getConf() == null) { - model.getObject().setConf(new DefaultAccessPolicyConf()); + @Override + public void onClick(final AjaxRequestTarget target, final AccessPolicyTO ignore) { + model.setObject(PolicyRestClient.read(type, model.getObject().getKey())); + target.add(ruleCompositionModal.setContent(new ModalDirectoryPanel<>( + ruleCompositionModal, + new AccessPolicyAttrsDirectoryPanel( + "panel", + ruleCompositionModal, + model, + DefaultAccessPolicyConf::getRequiredAttrs, + pageRef), + pageRef))); + ruleCompositionModal.header(new Model<>(getString("requiredAttrs.title", model))); + ruleCompositionModal.show(true); } - target.add(ruleCompositionModal.setContent(new ModalDirectoryPanel<>( - ruleCompositionModal, - new AccessPolicyAttrsDirectoryPanel( - "panel", - ruleCompositionModal, - model, - AccessPolicyConf::getRejectedAttrs, - pageRef), - pageRef))); - ruleCompositionModal.header(new Model<>(getString("rejectedAttrs.title", model))); - ruleCompositionModal.show(true); - } - }, ActionLink.ActionType.CLAIM, IdRepoEntitlement.POLICY_UPDATE); + }, ActionLink.ActionType.TYPE_EXTENSIONS, IdRepoEntitlement.POLICY_UPDATE); + + panel.add(new ActionLink<>() { + + private static final long serialVersionUID = -3722207913631435501L; + + @Override + public void onClick(final AjaxRequestTarget target, final AccessPolicyTO ignore) { + model.setObject(PolicyRestClient.read(type, model.getObject().getKey())); + target.add(ruleCompositionModal.setContent(new ModalDirectoryPanel<>( + ruleCompositionModal, + new AccessPolicyAttrsDirectoryPanel( + "panel", + ruleCompositionModal, + model, + DefaultAccessPolicyConf::getRejectedAttrs, + pageRef), + pageRef))); + ruleCompositionModal.header(new Model<>(getString("rejectedAttrs.title", model))); + ruleCompositionModal.show(true); + } + }, ActionLink.ActionType.CLAIM, IdRepoEntitlement.POLICY_UPDATE); + } } } diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java new file mode 100644 index 0000000000..e71d36e90c --- /dev/null +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java @@ -0,0 +1,164 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.client.console.policies; + +import java.util.ArrayList; +import java.util.List; +import org.apache.commons.lang3.time.DateFormatUtils; +import org.apache.syncope.client.console.SyncopeConsoleSession; +import org.apache.syncope.client.console.panels.AbstractModalPanel; +import org.apache.syncope.client.console.rest.PolicyRestClient; +import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal; +import org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel; +import org.apache.syncope.client.ui.commons.Constants; +import org.apache.syncope.client.ui.commons.DateOps; +import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel; +import org.apache.syncope.client.ui.commons.markup.html.form.AjaxDateTimeFieldPanel; +import org.apache.syncope.client.ui.commons.markup.html.form.AjaxSpinnerFieldPanel; +import org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel; +import org.apache.syncope.client.ui.commons.markup.html.form.FieldPanel; +import org.apache.syncope.client.ui.commons.pages.BaseWebPage; +import org.apache.syncope.common.lib.policy.AccessPolicyTO; +import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; +import org.apache.syncope.common.lib.policy.HttpRequestAccessPolicyConf; +import org.apache.syncope.common.lib.policy.RemoteEndpointAccessPolicyConf; +import org.apache.syncope.common.lib.policy.TimeBasedAccessPolicyConf; +import org.apache.syncope.common.lib.types.PolicyType; +import org.apache.wicket.Component; +import org.apache.wicket.PageReference; +import org.apache.wicket.ajax.AjaxRequestTarget; +import org.apache.wicket.markup.html.list.ListItem; +import org.apache.wicket.markup.html.list.ListView; +import org.apache.wicket.model.IModel; +import org.apache.wicket.model.PropertyModel; +import org.apache.wicket.validation.validator.UrlValidator; + +public class AccessPolicyModalPanel extends AbstractModalPanel<AccessPolicyTO> { + + private static final long serialVersionUID = -6446551344059681908L; + + private final IModel<AccessPolicyTO> model; + + @SuppressWarnings({ "unchecked", "rawtypes" }) + public AccessPolicyModalPanel( + final BaseModal<AccessPolicyTO> modal, + final IModel<AccessPolicyTO> model, + final PageReference pageRef) { + + super(modal, pageRef); + this.model = model; + + List<Component> fields = new ArrayList<>(); + + if (model.getObject().getConf() instanceof DefaultAccessPolicyConf) { + fields.add(new AjaxSpinnerFieldPanel.Builder<Integer>().build( + "field", + "order", + Integer.class, + new PropertyModel<>(model.getObject().getConf(), "order"))); + fields.add(new AjaxCheckBoxPanel( + "field", + "enabled", + new PropertyModel<>(model.getObject().getConf(), "enabled"), + false)); + fields.add(new AjaxCheckBoxPanel( + "field", + "ssoEnabled", + new PropertyModel<>(model.getObject().getConf(), "ssoEnabled"), + false)); + fields.add(new AjaxCheckBoxPanel( + "field", + "requireAllAttributes", + new PropertyModel<>(model.getObject().getConf(), "requireAllAttributes"), + false)); + fields.add(new AjaxCheckBoxPanel( + "field", + "caseInsensitive", + new PropertyModel<>(model.getObject().getConf(), "caseInsensitive"), + false)); + AjaxTextFieldPanel unauthorizedRedirectUrl = new AjaxTextFieldPanel( + "field", + "unauthorizedRedirectUrl", + new PropertyModel<>(model.getObject().getConf(), "unauthorizedRedirectUrl"), + false); + unauthorizedRedirectUrl.getField().add(new UrlValidator(new String[] { "http", "https" })); + fields.add(unauthorizedRedirectUrl); + } else if (model.getObject().getConf() instanceof HttpRequestAccessPolicyConf) { + fields.add(new AjaxTextFieldPanel("field", "ipAddress", + new PropertyModel<>(model.getObject().getConf(), "ipAddress"), false)); + fields.add(new AjaxTextFieldPanel("field", "userAgent", + new PropertyModel<>(model.getObject().getConf(), "userAgent"), false)); + } else if (model.getObject().getConf() instanceof RemoteEndpointAccessPolicyConf) { + AjaxTextFieldPanel endpointUrl = new AjaxTextFieldPanel( + "field", + "endpointUrl", + new PropertyModel<>(model.getObject().getConf(), "endpointUrl"), + false); + endpointUrl.getField().add(new UrlValidator(new String[] { "http", "https" })); + fields.add(endpointUrl.setRequired(true)); + + FieldPanel panel = new AjaxTextFieldPanel( + "panel", + "acceptableResponseCodes", + new PropertyModel<>(model.getObject().getConf(), "acceptableResponseCodes")); + fields.add(new MultiFieldPanel.Builder<>( + new PropertyModel<>(model.getObject().getConf(), "acceptableResponseCodes")).build( + "field", + "acceptableResponseCodes", + panel)); + } else if (model.getObject().getConf() instanceof TimeBasedAccessPolicyConf) { + fields.add(new AjaxDateTimeFieldPanel( + "field", + "start", + new DateOps.WrappedDateModel(new PropertyModel<>(model.getObject().getConf(), "start")), + DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT)); + fields.add(new AjaxDateTimeFieldPanel( + "field", + "end", + new DateOps.WrappedDateModel(new PropertyModel<>(model.getObject().getConf(), "end")), + DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT)); + fields.add(new AjaxTextFieldPanel("field", "zoneId", + new PropertyModel<>(model.getObject().getConf(), "zoneId"), false)); + } + + add(new ListView<>("fields", fields) { + + private static final long serialVersionUID = -9180479401817023838L; + + @Override + protected void populateItem(final ListItem<Component> item) { + item.add(item.getModelObject()); + } + }); + } + + @Override + public void onSubmit(final AjaxRequestTarget target) { + try { + PolicyRestClient.update(PolicyType.ACCESS, model.getObject()); + + SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED)); + modal.close(target); + } catch (Exception e) { + LOG.error("While updating Access Policy {}", model.getObject().getKey(), e); + SyncopeConsoleSession.get().onException(e); + } + ((BaseWebPage) pageRef.getPage()).getNotificationPanel().refresh(target); + } +} diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java index fcc98316b4..fd02a70995 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java @@ -47,7 +47,7 @@ import org.apache.wicket.model.PropertyModel; public class AttrReleasePolicyModalPanel extends AbstractModalPanel<AttrReleasePolicyTO> { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 2668291404983623500L; private final IModel<List<String>> allAttrRepos = new LoadableDetachableModel<>() { diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html new file mode 100644 index 0000000000..b1fcbd9eac --- /dev/null +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html @@ -0,0 +1,27 @@ +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<html xmlns="http://www.w3.org/1999/xhtml" xmlns:wicket="http://wicket.apache.org"> + <wicket:extend> + <div wicket:id="fields"> + <div class="form-group"> + <span wicket:id="field"/> + </div> + </div> + </wicket:extend> +</html> diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.properties similarity index 77% copy from client/idrepo/console/src/main/resources/META-INF/spring.factories copy to client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.properties index 6357f8ae6c..a3d82caf88 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.properties @@ -14,6 +14,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext +order=Order +ssoEnabled=SSO Enabled +enabled=Enabled +requireAllAttributes=Require All Attributes +caseInsensitive=Case Insensitive +ipAddress=IP Address +userAgent=User Agent +endpointUrl=Endpoint URL +start=Start +end=End +zoneId=Zone Id diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_fr.properties similarity index 77% copy from client/idrepo/console/src/main/resources/META-INF/spring.factories copy to client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_fr.properties index 6357f8ae6c..a3d82caf88 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_fr.properties @@ -14,6 +14,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext +order=Order +ssoEnabled=SSO Enabled +enabled=Enabled +requireAllAttributes=Require All Attributes +caseInsensitive=Case Insensitive +ipAddress=IP Address +userAgent=User Agent +endpointUrl=Endpoint URL +start=Start +end=End +zoneId=Zone Id diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_it.properties similarity index 75% copy from client/idrepo/console/src/main/resources/META-INF/spring.factories copy to client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_it.properties index 6357f8ae6c..e5acdd4de1 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_it.properties @@ -14,6 +14,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext +order=Ordinamento +ssoEnabled=SSO Abilitato +enabled=Abilitata +requireAllAttributes=Richiedi Tutti gli Attributi +caseInsensitive=Case Insensitive +ipAddress=Indirizzo IP +userAgent=User Agent +endpointUrl=URL Endpoint +start=Inizio +end=Fine +zoneId=Zone Id diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ja.properties similarity index 77% copy from client/idrepo/console/src/main/resources/META-INF/spring.factories copy to client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ja.properties index 6357f8ae6c..a3d82caf88 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ja.properties @@ -14,6 +14,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext +order=Order +ssoEnabled=SSO Enabled +enabled=Enabled +requireAllAttributes=Require All Attributes +caseInsensitive=Case Insensitive +ipAddress=IP Address +userAgent=User Agent +endpointUrl=Endpoint URL +start=Start +end=End +zoneId=Zone Id diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_pt_BR.properties similarity index 77% copy from client/idrepo/console/src/main/resources/META-INF/spring.factories copy to client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_pt_BR.properties index 6357f8ae6c..a3d82caf88 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_pt_BR.properties @@ -14,6 +14,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext +order=Order +ssoEnabled=SSO Enabled +enabled=Enabled +requireAllAttributes=Require All Attributes +caseInsensitive=Case Insensitive +ipAddress=IP Address +userAgent=User Agent +endpointUrl=Endpoint URL +start=Start +end=End +zoneId=Zone Id diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ru.properties similarity index 77% copy from client/idrepo/console/src/main/resources/META-INF/spring.factories copy to client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ru.properties index 6357f8ae6c..a3d82caf88 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ru.properties @@ -14,6 +14,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - -org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext +order=Order +ssoEnabled=SSO Enabled +enabled=Enabled +requireAllAttributes=Require All Attributes +caseInsensitive=Case Insensitive +ipAddress=IP Address +userAgent=User Agent +endpointUrl=Endpoint URL +start=Start +end=End +zoneId=Zone Id diff --git a/client/idm/console/src/main/java/org/apache/syncope/client/console/SyncopeIdMConsoleContext.java b/client/idm/console/src/main/java/org/apache/syncope/client/console/IdMConsoleContext.java similarity index 98% rename from client/idm/console/src/main/java/org/apache/syncope/client/console/SyncopeIdMConsoleContext.java rename to client/idm/console/src/main/java/org/apache/syncope/client/console/IdMConsoleContext.java index 38d8681e37..553bb14ea0 100644 --- a/client/idm/console/src/main/java/org/apache/syncope/client/console/SyncopeIdMConsoleContext.java +++ b/client/idm/console/src/main/java/org/apache/syncope/client/console/IdMConsoleContext.java @@ -40,7 +40,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration(proxyBeanMethods = false) -public class SyncopeIdMConsoleContext { +public class IdMConsoleContext { @Bean public ClassPathScanImplementationContributor idmClassPathScanImplementationContributor() { diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleContext.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/IdRepoConsoleContext.java similarity index 93% rename from client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleContext.java rename to client/idrepo/console/src/main/java/org/apache/syncope/client/console/IdRepoConsoleContext.java index 6c6d741876..61f24eb15e 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleContext.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/IdRepoConsoleContext.java @@ -18,10 +18,12 @@ */ package org.apache.syncope.client.console; +import org.apache.syncope.client.console.commons.AccessPolicyConfProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider; import org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps; import org.apache.syncope.client.console.commons.ExternalResourceProvider; +import org.apache.syncope.client.console.commons.IdRepoAccessPolicyConfProvider; import org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionLinksProvider; import org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionsProvider; import org.apache.syncope.client.console.commons.IdRepoAnyWizardBuilderAdditionalSteps; @@ -46,7 +48,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration(proxyBeanMethods = false) -public class ConsoleContext { +public class IdRepoConsoleContext { @ConditionalOnMissingBean @Bean @@ -125,4 +127,10 @@ public class ConsoleContext { public PolicyTabProvider idRepoPolicyTabProvider() { return new IdRepoPolicyTabProvider(); } + + @ConditionalOnMissingBean + @Bean + public AccessPolicyConfProvider accessPolicyConfProvider() { + return new IdRepoAccessPolicyConfProvider(); + } } diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java index d3ee8b5cf0..141e017a08 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java @@ -21,6 +21,7 @@ package org.apache.syncope.client.console; import com.giffing.wicket.spring.boot.starter.web.config.WicketWebInitializerAutoConfig.WebSocketWicketWebInitializerAutoConfiguration; import java.util.Map; import org.apache.syncope.client.console.actuate.SyncopeConsoleInfoContributor; +import org.apache.syncope.client.console.commons.AccessPolicyConfProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider; import org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps; @@ -77,6 +78,7 @@ public class SyncopeConsoleApplication extends SpringBootServletInitializer { final StatusProvider statusProvider, final VirSchemaDetailsPanelProvider virSchemaDetailsPanelProvider, final ImplementationInfoProvider implementationInfoProvider, + final AccessPolicyConfProvider accessPolicyConfProvider, final ApplicationContext ctx) { return new SyncopeWebApplication( @@ -88,7 +90,9 @@ public class SyncopeConsoleApplication extends SpringBootServletInitializer { anyDirectoryPanelAdditionalActionLinksProvider, anyWizardBuilderAdditionalSteps, statusProvider, virSchemaDetailsPanelProvider, - implementationInfoProvider, ctx); + implementationInfoProvider, + accessPolicyConfProvider, + ctx); } @ConditionalOnMissingBean diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java index 23dfe3178a..3a4f55e061 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java @@ -26,6 +26,7 @@ import de.agilecoders.wicket.core.settings.SingleThemeProvider; import java.util.ArrayList; import java.util.Collection; import java.util.List; +import org.apache.syncope.client.console.commons.AccessPolicyConfProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider; import org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps; @@ -101,6 +102,8 @@ public class SyncopeWebApplication extends WicketBootSecuredWebApplication { protected final ImplementationInfoProvider implementationInfoProvider; + protected final AccessPolicyConfProvider accessPolicyConfProvider; + protected final ApplicationContext ctx; public SyncopeWebApplication( @@ -114,6 +117,7 @@ public class SyncopeWebApplication extends WicketBootSecuredWebApplication { final StatusProvider statusProvider, final VirSchemaDetailsPanelProvider virSchemaDetailsPanelProvider, final ImplementationInfoProvider implementationInfoProvider, + final AccessPolicyConfProvider accessPolicyConfProvider, final ApplicationContext ctx) { this.props = props; @@ -126,6 +130,7 @@ public class SyncopeWebApplication extends WicketBootSecuredWebApplication { this.statusProvider = statusProvider; this.virSchemaDetailsPanelProvider = virSchemaDetailsPanelProvider; this.implementationInfoProvider = implementationInfoProvider; + this.accessPolicyConfProvider = accessPolicyConfProvider; this.ctx = ctx; } @@ -349,4 +354,8 @@ public class SyncopeWebApplication extends WicketBootSecuredWebApplication { return finalizers; } + + public AccessPolicyConfProvider getAccessPolicyConfProvider() { + return accessPolicyConfProvider; + } } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/AccessPolicyConfProvider.java similarity index 66% copy from common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java copy to client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/AccessPolicyConfProvider.java index 24025d2774..d8aca69cca 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/AccessPolicyConfProvider.java @@ -16,17 +16,13 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.syncope.common.lib.policy; +package org.apache.syncope.client.console.commons; -import com.fasterxml.jackson.annotation.JsonTypeInfo; +import java.io.Serializable; import java.util.List; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.BaseBean; -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "_class") -public interface AccessPolicyConf extends BaseBean { +@FunctionalInterface +public interface AccessPolicyConfProvider extends Serializable { - List<Attr> getRequiredAttrs(); - - List<Attr> getRejectedAttrs(); + List<String> get(); } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/IdRepoAccessPolicyConfProvider.java similarity index 66% copy from common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java copy to client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/IdRepoAccessPolicyConfProvider.java index 24025d2774..b3dcd2b40e 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/IdRepoAccessPolicyConfProvider.java @@ -16,17 +16,16 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.syncope.common.lib.policy; +package org.apache.syncope.client.console.commons; -import com.fasterxml.jackson.annotation.JsonTypeInfo; import java.util.List; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.BaseBean; -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "_class") -public interface AccessPolicyConf extends BaseBean { +public class IdRepoAccessPolicyConfProvider implements AccessPolicyConfProvider { - List<Attr> getRequiredAttrs(); + private static final long serialVersionUID = 3002474783308961295L; - List<Attr> getRejectedAttrs(); + @Override + public List<String> get() { + return List.of(); + } } diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java index 1ef8e216a8..bc7bfc0efe 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java @@ -115,8 +115,10 @@ public class ClassPathScanImplementationLookup { private final ConsoleProperties props; - public ClassPathScanImplementationLookup(final Collection<ClassPathScanImplementationContributor> contributors, - final ConsoleProperties props) { + public ClassPathScanImplementationLookup( + final Collection<ClassPathScanImplementationContributor> contributors, + final ConsoleProperties props) { + this.contributors = contributors; this.props = props; } diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java index 3afafc6537..82dff84e4f 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java @@ -19,7 +19,6 @@ package org.apache.syncope.client.console.policies; import java.io.Serializable; -import java.net.URI; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -57,7 +56,6 @@ import org.apache.wicket.model.IModel; import org.apache.wicket.model.LoadableDetachableModel; import org.apache.wicket.model.PropertyModel; import org.apache.wicket.model.util.ListModel; -import org.apache.wicket.validation.validator.UrlValidator; public class PolicyModalPanelBuilder<T extends PolicyTO> extends AbstractModalPanelBuilder<T> { @@ -132,6 +130,16 @@ public class PolicyModalPanelBuilder<T extends PolicyTO> extends AbstractModalPa } }; + private final LoadableDetachableModel<List<String>> accessPolicyConfClasses = new LoadableDetachableModel<>() { + + private static final long serialVersionUID = 5275935387613157437L; + + @Override + protected List<String> load() { + return SyncopeWebApplication.get().getAccessPolicyConfProvider().get(); + } + }; + Profile(final T policyTO, final BaseModal<T> modal, final PageReference pageRef) { super(modal, pageRef); modal.setFormModel(policyTO); @@ -256,59 +264,41 @@ public class PolicyModalPanelBuilder<T extends PolicyTO> extends AbstractModalPa break; case ACCESS: - fields.add(new AjaxSpinnerFieldPanel.Builder<Integer>().build( - "field", - "order", - Integer.class, - new PropertyModel<>(policyTO, "order"))); - fields.add(new AjaxCheckBoxPanel( - "field", - "enabled", - new PropertyModel<>(policyTO, "enabled"), - false)); - fields.add(new AjaxCheckBoxPanel( - "field", - "ssoEnabled", - new PropertyModel<>(policyTO, "ssoEnabled"), - false)); - fields.add(new AjaxCheckBoxPanel( - "field", - "requireAllAttributes", - new PropertyModel<>(policyTO, "requireAllAttributes"), - false)); - fields.add(new AjaxCheckBoxPanel( - "field", - "caseInsensitive", - new PropertyModel<>(policyTO, "caseInsensitive"), - false)); - AjaxTextFieldPanel unauthorizedRedirectUrl = new AjaxTextFieldPanel( + fields.add(new AjaxDropDownChoicePanel<>( "field", - "unauthorizedRedirectUrl", + "conf", new IModel<>() { - private static final long serialVersionUID = 1015030402166681242L; + private static final long serialVersionUID = -6515946495655944432L; @Override - public String getObject() { - return Optional.ofNullable( - (URI) PropertyResolver.getValue("unauthorizedRedirectUrl", policyTO)). - map(URI::toASCIIString).orElse(null); + public Serializable getObject() { + return Optional.ofNullable(PropertyResolver.getValue("conf", policyTO)). + map(obj -> obj.getClass().getName()). + orElse(null); } @Override - public void setObject(final String object) { + public void setObject(final Serializable object) { + Object conf = Optional.ofNullable(object).map(o -> { + try { + return Class.forName(object.toString()).getDeclaredConstructor().newInstance(); + } catch (Exception e) { + LOG.error("Could not instantiate {}", object, e); + return null; + } + }).orElse(null); + PropertyResolverConverter prc = new PropertyResolverConverter( Application.get().getConverterLocator(), SyncopeConsoleSession.get().getLocale()); PropertyResolver.setValue( - "unauthorizedRedirectUrl", + "conf", policyTO, - Optional.ofNullable(object).map(URI::create).orElse(null), + Optional.ofNullable(conf).orElse(null), prc); } - }, false); - unauthorizedRedirectUrl.getField().add(new UrlValidator(new String[] { "http", "https" })); - fields.add(unauthorizedRedirectUrl); + }).setChoices(accessPolicyConfClasses).setRequired(true)); break; case ATTR_RELEASE: diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories b/client/idrepo/console/src/main/resources/META-INF/spring.factories index 6357f8ae6c..7ebfcf603d 100644 --- a/client/idrepo/console/src/main/resources/META-INF/spring.factories +++ b/client/idrepo/console/src/main/resources/META-INF/spring.factories @@ -16,4 +16,4 @@ # under the License. org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - org.apache.syncope.client.console.ConsoleContext + org.apache.syncope.client.console.IdRepoConsoleContext diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties index 8965959032..d3ba8cea8d 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties @@ -30,7 +30,6 @@ any.cancel=Cancel ${name} compose.title=rules conflictResolutionAction=Conflict Resolution Action enabled=Enabled -ssoEnabled=SSO Enabled change_view.title=configuration change_view.class=fa fa-expand requiredAttrs.title=Required Attributes @@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration authPolicyConf.title=Authentication Configuration tryAll=Try All authModules=Authentication Modules -requireAllAttributes=Require All Attributes -caseInsensitive=Case Insensitive order=Order rejectedAttrs.title=Rejected Attributes unauthorizedRedirectUrl=Unauthorized Redirect URL @@ -55,3 +52,5 @@ maxAttempts=Max Attempts backOffStrategy=BackOff Strategy fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta +conf=Configuration +accessPolicyConf.title=Access Policy Configuration diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties index 02cf30d40a..ef600f1ff2 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties @@ -30,7 +30,6 @@ any.cancel=Annuler ${name} compose.title=r\u00e8glements conflictResolutionAction=Action de r\u00e9solution des conflits enabled=Enabled -ssoEnabled=SSO Enabled change_view.title=configuration change_view.class=fa fa-expand requiredAttrs.title=Required Attributes @@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration authPolicyConf.title=Authentication Configuration tryAll=Try All authModules=Authentication Modules -requireAllAttributes=Require All Attributes -caseInsensitive=Case Insensitive order=Order rejectedAttrs.title=Rejected Attributes unauthorizedRedirectUrl=Unauthorized Redirect URL @@ -55,3 +52,5 @@ maxAttempts=Max Attempts backOffStrategy=BackOff Strategy fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta +conf=Configuration +accessPolicyConf.title=Access Policy Configuration diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties index 79a83653a0..a7d05a668d 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties @@ -30,7 +30,6 @@ any.cancel=Annulla ${name} compose.title=regole conflictResolutionAction=Azione di Risoluzione Conflitti enabled=Abilitata -ssoEnabled=SSO Abilitato change_view.title=configurazione change_view.class=fa fa-expand requiredAttrs.title=Attributi Richiesti @@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Configurazione Rilascio Attributi authPolicyConf.title=Configurazione Autenticazione tryAll=Prova Tutti authModules=Moduli di Authenticazione -requireAllAttributes=Attributi Obbligatori -caseInsensitive=Case Insensitive order=Ordinamento rejectedAttrs.title=Attributi Rifiutati unauthorizedRedirectUrl=URL di Ridirezione Per Mancata Autorizzazione @@ -55,3 +52,5 @@ maxAttempts=Tentativi Massimi backOffStrategy=Strategia di BackOff fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta +conf=Configurazione +accessPolicyConf.title=Configurazione Accesso diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties index ac9abd3438..2a5e1ad609 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties @@ -30,7 +30,6 @@ any.cancel=${name} \u3092\u30ad\u30e3\u30f3\u30bb\u30eb compose.title=\u30eb\u30fc\u30eb conflictResolutionAction=\u7af6\u5408\u89e3\u6c7a\u30a2\u30af\u30b7\u30e7\u30f3 enabled=Enabled -ssoEnabled=SSO Enabled change_view.title=configuration change_view.class=fa fa-expand requiredAttrs.title=Required Attributes @@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration authPolicyConf.title=Authentication Configuration tryAll=Try All authModules=Authentication Modules -requireAllAttributes=Require All Attributes -caseInsensitive=Case Insensitive order=Order rejectedAttrs.title=Rejected Attributes unauthorizedRedirectUrl=Unauthorized Redirect URL @@ -55,3 +52,5 @@ maxAttempts=Max Attempts backOffStrategy=BackOff Strategy fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta +conf=Configuration +accessPolicyConf.title=Access Policy Configuration diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties index c1cc1ab1d8..3cfc47de41 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties @@ -30,7 +30,6 @@ any.cancel=Cancel ${name} compose.title=rules conflictResolutionAction=Conflict Resolution Action enabled=Enabled -ssoEnabled=SSO Enabled change_view.title=configuration change_view.class=fa fa-expand requiredAttrs.title=Required Attributes @@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration authPolicyConf.title=Authentication Configuration tryAll=Try All authModules=Authentication Modules -requireAllAttributes=Require All Attributes -caseInsensitive=Case Insensitive order=Order rejectedAttrs.title=Rejected Attributes unauthorizedRedirectUrl=Unauthorized Redirect URL @@ -55,3 +52,5 @@ maxAttempts=Max Attempts backOffStrategy=BackOff Strategy fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta +conf=Configuration +accessPolicyConf.title=Access Policy Configuration diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties index d305ca624a..9bc0f705f6 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties @@ -31,7 +31,6 @@ any.cancel=\u041e\u0442\u043c\u0435\u043d\u0438\u0442\u044c ${name} compose.title=rules conflictResolutionAction=Conflict Resolution Action enabled=Enabled -ssoEnabled=SSO Enabled change_view.title=configuration change_view.class=fa fa-expand requiredAttrs.title=Required Attributes @@ -47,8 +46,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration authPolicyConf.title=Authentication Configuration tryAll=Try All authModules=Authentication Modules -requireAllAttributes=Require All Attributes -caseInsensitive=Case Insensitive order=Order rejectedAttrs.title=Rejected Attributes unauthorizedRedirectUrl=Unauthorized Redirect URL @@ -56,3 +53,5 @@ maxAttempts=Max Attempts backOffStrategy=BackOff Strategy fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta +conf=Configuration +accessPolicyConf.title=Access Policy Configuration diff --git a/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java b/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java index 861d54cabe..8b61bb5190 100644 --- a/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java +++ b/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java @@ -35,10 +35,12 @@ import java.util.Set; import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Triple; import org.apache.cxf.jaxrs.client.Client; +import org.apache.syncope.client.console.commons.AccessPolicyConfProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider; import org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider; import org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps; import org.apache.syncope.client.console.commons.ExternalResourceProvider; +import org.apache.syncope.client.console.commons.IdRepoAccessPolicyConfProvider; import org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionLinksProvider; import org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionsProvider; import org.apache.syncope.client.console.commons.IdRepoAnyWizardBuilderAdditionalSteps; @@ -194,6 +196,11 @@ public abstract class AbstractTest { public PolicyTabProvider policyTabProvider() { return new IdRepoPolicyTabProvider(); } + + @Bean + public AccessPolicyConfProvider accessPolicyConfProvider() { + return new IdRepoAccessPolicyConfProvider(); + } } public static class TestSyncopeWebApplication extends SyncopeWebApplication { @@ -209,11 +216,12 @@ public abstract class AbstractTest { final StatusProvider statusProvider, final VirSchemaDetailsPanelProvider virSchemaDetailsPanelProvider, final ImplementationInfoProvider implementationInfoProvider, + final AccessPolicyConfProvider accessPolicyConfProvider, final ApplicationContext ctx) { super(props, lookup, serviceOps, resourceProvider, anyDirectoryPanelAdditionalActionsProvider, anyDirectoryPanelAdditionalActionLinksProvider, anyWizardBuilderAdditionalSteps, statusProvider, - virSchemaDetailsPanelProvider, implementationInfoProvider, ctx); + virSchemaDetailsPanelProvider, implementationInfoProvider, accessPolicyConfProvider, ctx); } public interface SyncopeServiceClient extends SyncopeService, Client { diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java index 24025d2774..8801e4c2e2 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java @@ -19,14 +19,8 @@ package org.apache.syncope.common.lib.policy; import com.fasterxml.jackson.annotation.JsonTypeInfo; -import java.util.List; -import org.apache.syncope.common.lib.Attr; import org.apache.syncope.common.lib.BaseBean; @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "_class") public interface AccessPolicyConf extends BaseBean { - - List<Attr> getRequiredAttrs(); - - List<Attr> getRejectedAttrs(); } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java index b988657e71..733b4e92a1 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java @@ -22,25 +22,12 @@ package org.apache.syncope.common.lib.policy; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import io.swagger.v3.oas.annotations.media.Schema; -import java.net.URI; @Schema(allOf = { PolicyTO.class }) public class AccessPolicyTO extends PolicyTO { private static final long serialVersionUID = -6711411162433533300L; - private int order; - - private boolean enabled = true; - - private boolean ssoEnabled = true; - - private boolean requireAllAttributes = true; - - private boolean caseInsensitive; - - private URI unauthorizedRedirectUrl; - private AccessPolicyConf conf; @JacksonXmlProperty(localName = "_class", isAttribute = true) @@ -52,54 +39,6 @@ public class AccessPolicyTO extends PolicyTO { return getClass().getName(); } - public int getOrder() { - return order; - } - - public void setOrder(final int order) { - this.order = order; - } - - public boolean isEnabled() { - return enabled; - } - - public void setEnabled(final boolean enabled) { - this.enabled = enabled; - } - - public boolean isSsoEnabled() { - return this.ssoEnabled; - } - - public void setSsoEnabled(final boolean ssoEnabled) { - this.ssoEnabled = ssoEnabled; - } - - public boolean isRequireAllAttributes() { - return requireAllAttributes; - } - - public void setRequireAllAttributes(final boolean requireAllAttributes) { - this.requireAllAttributes = requireAllAttributes; - } - - public boolean isCaseInsensitive() { - return caseInsensitive; - } - - public void setCaseInsensitive(final boolean caseInsensitive) { - this.caseInsensitive = caseInsensitive; - } - - public URI getUnauthorizedRedirectUrl() { - return unauthorizedRedirectUrl; - } - - public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) { - this.unauthorizedRedirectUrl = unauthorizedRedirectUrl; - } - public AccessPolicyConf getConf() { return conf; } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java index 83685c6f4e..6e04eb8495 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java @@ -20,6 +20,7 @@ package org.apache.syncope.common.lib.policy; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import java.net.URI; import java.util.ArrayList; import java.util.List; import org.apache.syncope.common.lib.Attr; @@ -28,20 +29,78 @@ public class DefaultAccessPolicyConf implements AccessPolicyConf { private static final long serialVersionUID = 1153200197344709778L; + private int order; + + private boolean enabled = true; + + private boolean ssoEnabled = true; + + private boolean requireAllAttributes = true; + + private boolean caseInsensitive; + + private URI unauthorizedRedirectUrl; + private final List<Attr> requiredAttrs = new ArrayList<>(); private final List<Attr> rejectedAttrs = new ArrayList<>(); + public int getOrder() { + return order; + } + + public void setOrder(final int order) { + this.order = order; + } + + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(final boolean enabled) { + this.enabled = enabled; + } + + public boolean isSsoEnabled() { + return this.ssoEnabled; + } + + public void setSsoEnabled(final boolean ssoEnabled) { + this.ssoEnabled = ssoEnabled; + } + + public boolean isRequireAllAttributes() { + return requireAllAttributes; + } + + public void setRequireAllAttributes(final boolean requireAllAttributes) { + this.requireAllAttributes = requireAllAttributes; + } + + public boolean isCaseInsensitive() { + return caseInsensitive; + } + + public void setCaseInsensitive(final boolean caseInsensitive) { + this.caseInsensitive = caseInsensitive; + } + + public URI getUnauthorizedRedirectUrl() { + return unauthorizedRedirectUrl; + } + + public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) { + this.unauthorizedRedirectUrl = unauthorizedRedirectUrl; + } + @JacksonXmlElementWrapper(localName = "requiredAttrs") @JacksonXmlProperty(localName = "requiredAttr") - @Override public List<Attr> getRequiredAttrs() { return requiredAttrs; } @JacksonXmlElementWrapper(localName = "rejectedAttrs") @JacksonXmlProperty(localName = "rejectedAttr") - @Override public List<Attr> getRejectedAttrs() { return rejectedAttrs; } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java similarity index 61% copy from common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java copy to common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java index 24025d2774..9192f9a3d9 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java @@ -18,15 +18,27 @@ */ package org.apache.syncope.common.lib.policy; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import java.util.List; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.BaseBean; +public class HttpRequestAccessPolicyConf implements AccessPolicyConf { -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "_class") -public interface AccessPolicyConf extends BaseBean { + private static final long serialVersionUID = 4511220098152435547L; - List<Attr> getRequiredAttrs(); + private String ipAddress; - List<Attr> getRejectedAttrs(); + private String userAgent; + + public String getIpAddress() { + return ipAddress; + } + + public void setIpAddress(final String ipAddress) { + this.ipAddress = ipAddress; + } + + public String getUserAgent() { + return userAgent; + } + + public void setUserAgent(final String userAgent) { + this.userAgent = userAgent; + } } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java similarity index 60% copy from common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java copy to common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java index 83685c6f4e..c63959faef 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java @@ -22,27 +22,26 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import java.util.ArrayList; import java.util.List; -import org.apache.syncope.common.lib.Attr; -public class DefaultAccessPolicyConf implements AccessPolicyConf { +public class RemoteEndpointAccessPolicyConf implements AccessPolicyConf { - private static final long serialVersionUID = 1153200197344709778L; + private static final long serialVersionUID = -1573476136969750601L; - private final List<Attr> requiredAttrs = new ArrayList<>(); + private String endpointUrl; - private final List<Attr> rejectedAttrs = new ArrayList<>(); + private final List<String> acceptableResponseCodes = new ArrayList<>(); - @JacksonXmlElementWrapper(localName = "requiredAttrs") - @JacksonXmlProperty(localName = "requiredAttr") - @Override - public List<Attr> getRequiredAttrs() { - return requiredAttrs; + public String getEndpointUrl() { + return endpointUrl; } - @JacksonXmlElementWrapper(localName = "rejectedAttrs") - @JacksonXmlProperty(localName = "rejectedAttr") - @Override - public List<Attr> getRejectedAttrs() { - return rejectedAttrs; + public void setEndpointUrl(final String endpointUrl) { + this.endpointUrl = endpointUrl; + } + + @JacksonXmlElementWrapper(localName = "acceptableResponseCodes") + @JacksonXmlProperty(localName = "acceptableResponseCode") + public List<String> getAcceptableResponseCodes() { + return acceptableResponseCodes; } } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java similarity index 65% copy from common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java copy to common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java index 24025d2774..002327339c 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java @@ -18,15 +18,20 @@ */ package org.apache.syncope.common.lib.policy; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import java.util.List; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.BaseBean; +import java.time.ZoneOffset; +import org.apache.syncope.common.lib.to.AbstractStartEndBean; -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "_class") -public interface AccessPolicyConf extends BaseBean { +public class TimeBasedAccessPolicyConf extends AbstractStartEndBean implements AccessPolicyConf { - List<Attr> getRequiredAttrs(); + private static final long serialVersionUID = 9092023809646651011L; - List<Attr> getRejectedAttrs(); + private String zoneId = ZoneOffset.UTC.getId(); + + public String getZoneId() { + return zoneId; + } + + public void setZoneId(final String zoneId) { + this.zoneId = zoneId; + } } diff --git a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java index a3839aca64..ee0a2e81ce 100644 --- a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java +++ b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java @@ -36,11 +36,11 @@ public abstract class SerializationTest { public void accessPolicyConf() throws IOException { AccessPolicyTO policy = new AccessPolicyTO(); policy.setName("Test Access policy"); - policy.setOrder(11); - policy.setEnabled(true); - policy.setUnauthorizedRedirectUrl(URI.create("https://syncope.apache.org")); DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf(); + conf.setOrder(11); + conf.setEnabled(true); + conf.setUnauthorizedRedirectUrl(URI.create("https://syncope.apache.org")); conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin", "Admin", "TheAdmin").build()); conf.getRejectedAttrs().add(new Attr.Builder("uid").values("plain").build()); policy.setConf(conf); diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java index 1dffe8508b..1509722f4c 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java @@ -18,35 +18,10 @@ */ package org.apache.syncope.core.persistence.api.entity.policy; -import java.net.URI; import org.apache.syncope.common.lib.policy.AccessPolicyConf; public interface AccessPolicy extends Policy { - int getOrder(); - - void setOrder(int order); - - boolean isEnabled(); - - void setEnabled(boolean enabled); - - boolean isSsoEnabled(); - - void setSsoEnabled(boolean ssoEnabled); - - boolean isRequireAllAttributes(); - - void setRequireAllAttributes(boolean requireAllAttributes); - - boolean isCaseInsensitive(); - - void setCaseInsensitive(boolean caseInsensitive); - - URI getUnauthorizedRedirectUrl(); - - void setUnauthorizedRedirectUrl(URI unauthorizedRedirectUrl); - AccessPolicyConf getConf(); void setConf(AccessPolicyConf conf); diff --git a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml index 6c3558479d..d752c340cb 100644 --- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml @@ -53,7 +53,8 @@ under the License. jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf","authModules":["LdapAuthenticationTest"]}'/> <!-- Access policies --> - <AccessPolicy aporder="0" ssoEnabled="1" name="MyDefaultAccessPolicyConf" caseInsensitive="1" id="419935c7-deb3-40b3-8a9a-683037e523a2" enabled="1" requireAllAttributes="1"/> + <AccessPolicy name="DefaultAccessPolicy" id="419935c7-deb3-40b3-8a9a-683037e523a2" + jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf","order":0,"ssoEnabled":true,"caseInsensitive":true,"enabled":true,"requireAllAttributes":true}'/> <!-- Attr Release Policies --> <AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy" id="219935c7-deb3-40b3-8a9a-683037e523a2" diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java index 7159f52e44..eb7056adb8 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java @@ -18,13 +18,10 @@ */ package org.apache.syncope.core.persistence.jpa.entity.policy; -import java.net.URI; import java.util.Optional; -import javax.persistence.Basic; import javax.persistence.Entity; import javax.persistence.Lob; import javax.persistence.Table; -import org.apache.commons.lang3.BooleanUtils; import org.apache.syncope.common.lib.policy.AccessPolicyConf; import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; @@ -37,88 +34,9 @@ public class JPAAccessPolicy extends AbstractPolicy implements AccessPolicy { public static final String TABLE = "AccessPolicy"; - @Basic - private Integer aporder = 0; - - @Basic - private Boolean enabled = true; - - @Basic - private Boolean ssoEnabled = true; - - @Basic - private Boolean requireAllAttributes = true; - - @Basic - private Boolean caseInsensitive; - - private String unauthorizedRedirectUrl; - @Lob private String jsonConf; - @Override - public int getOrder() { - return Optional.ofNullable(aporder).orElse(0); - } - - @Override - public void setOrder(final int order) { - this.aporder = order; - } - - @Override - public boolean isEnabled() { - return BooleanUtils.isNotFalse(enabled); - } - - @Override - public void setEnabled(final boolean enabled) { - this.enabled = enabled; - } - - @Override - public boolean isSsoEnabled() { - return BooleanUtils.isNotFalse(ssoEnabled); - } - - @Override - public void setSsoEnabled(final boolean ssoEnabled) { - this.ssoEnabled = ssoEnabled; - } - - @Override - public boolean isRequireAllAttributes() { - return BooleanUtils.isNotFalse(requireAllAttributes); - } - - @Override - public void setRequireAllAttributes(final boolean requireAllAttributes) { - this.requireAllAttributes = requireAllAttributes; - } - - @Override - public boolean isCaseInsensitive() { - return BooleanUtils.isNotFalse(caseInsensitive); - } - - @Override - public void setCaseInsensitive(final boolean caseInsensitive) { - this.caseInsensitive = caseInsensitive; - } - - @Override - public URI getUnauthorizedRedirectUrl() { - return Optional.ofNullable(unauthorizedRedirectUrl). - map(URI::create).orElse(null); - } - - @Override - public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) { - this.unauthorizedRedirectUrl = Optional.ofNullable(unauthorizedRedirectUrl). - map(URI::toASCIIString).orElse(null); - } - @Override public AccessPolicyConf getConf() { return Optional.ofNullable(jsonConf).map(c -> POJOHelper.deserialize(c, AccessPolicyConf.class)).orElse(null); diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java index fc98da5a24..d07ea3e676 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java @@ -53,10 +53,10 @@ public class AbstractClientAppTest extends AbstractTest { protected AccessPolicy buildAndSaveAccessPolicy() { AccessPolicy accessPolicy = entityFactory.newEntity(AccessPolicy.class); accessPolicy.setName("AccessPolicyTest"); - accessPolicy.setEnabled(true); - accessPolicy.setSsoEnabled(false); DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf(); + conf.setEnabled(true); + conf.setSsoEnabled(false); conf.getRequiredAttrs().add(new Attr.Builder("attribute1").values("value1", "value2").build()); accessPolicy.setConf(conf); diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml index 1a11e11471..21ff82ca72 100644 --- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml @@ -53,7 +53,8 @@ under the License. jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf","authModules":["LdapAuthenticationTest"]}'/> <!-- Access policies --> - <AccessPolicy aporder="0" ssoEnabled="1" name="MyDefaultAccessPolicyConf" caseInsensitive="1" id="419935c7-deb3-40b3-8a9a-683037e523a2" enabled="1" requireAllAttributes="1"/> + <AccessPolicy name="DefaultAccessPolicy" id="419935c7-deb3-40b3-8a9a-683037e523a2" + jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf","order":0,"ssoEnabled":true,"caseInsensitive":true,"enabled":true,"requireAllAttributes":true}'/> <!-- Attr Release Policies --> <AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy" id="219935c7-deb3-40b3-8a9a-683037e523a2" diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java index fdf1c3c1bc..c137355c22 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java @@ -239,12 +239,6 @@ public class PolicyDataBinderImpl implements PolicyDataBinder { AccessPolicyTO accessPolicyTO = AccessPolicyTO.class.cast(policyTO); accessPolicy.setName(accessPolicyTO.getKey()); - accessPolicy.setOrder(accessPolicyTO.getOrder()); - accessPolicy.setEnabled(accessPolicyTO.isEnabled()); - accessPolicy.setSsoEnabled(accessPolicyTO.isSsoEnabled()); - accessPolicy.setRequireAllAttributes(accessPolicyTO.isRequireAllAttributes()); - accessPolicy.setCaseInsensitive(accessPolicyTO.isCaseInsensitive()); - accessPolicy.setUnauthorizedRedirectUrl(accessPolicyTO.getUnauthorizedRedirectUrl()); accessPolicy.setConf(accessPolicyTO.getConf()); } else if (policyTO instanceof AttrReleasePolicyTO) { if (result == null) { @@ -339,16 +333,9 @@ public class PolicyDataBinderImpl implements PolicyDataBinder { authPolicyTO.setConf(((AuthPolicy) policy).getConf()); } else if (policy instanceof AccessPolicy) { - AccessPolicy accessPolicy = AccessPolicy.class.cast(policy); AccessPolicyTO accessPolicyTO = new AccessPolicyTO(); policyTO = (T) accessPolicyTO; - accessPolicyTO.setOrder(accessPolicy.getOrder()); - accessPolicyTO.setEnabled(accessPolicy.isEnabled()); - accessPolicyTO.setSsoEnabled(accessPolicy.isSsoEnabled()); - accessPolicyTO.setRequireAllAttributes(accessPolicy.isRequireAllAttributes()); - accessPolicyTO.setCaseInsensitive(accessPolicy.isCaseInsensitive()); - accessPolicyTO.setUnauthorizedRedirectUrl(accessPolicy.getUnauthorizedRedirectUrl()); accessPolicyTO.setConf(((AccessPolicy) policy).getConf()); } else if (policy instanceof AttrReleasePolicy) { AttrReleasePolicy attrReleasePolicy = AttrReleasePolicy.class.cast(policy); diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java index 511d0c1d5e..59dda15f92 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java @@ -952,9 +952,9 @@ public abstract class AbstractITCase { protected static AccessPolicyTO buildAccessPolicyTO() { AccessPolicyTO policy = new AccessPolicyTO(); policy.setName("Test Access policy"); - policy.setEnabled(true); DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf(); + conf.setEnabled(true); conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin", "Admin", "TheAdmin").build()); policy.setConf(conf); diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java index 11b2b64758..1f5828b66d 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java @@ -31,8 +31,8 @@ import java.util.Locale; import java.util.Properties; import java.util.Set; import org.apache.syncope.client.console.ConsoleProperties; -import org.apache.syncope.client.console.SyncopeAMConsoleContext; -import org.apache.syncope.client.console.SyncopeIdMConsoleContext; +import org.apache.syncope.client.console.AMConsoleContext; +import org.apache.syncope.client.console.IdMConsoleContext; import org.apache.syncope.client.console.SyncopeWebApplication; import org.apache.syncope.client.console.commons.IdRepoPolicyTabProvider; import org.apache.syncope.client.console.commons.PolicyTabProvider; @@ -135,8 +135,8 @@ public abstract class AbstractConsoleITCase extends AbstractUIITCase { ctx.register(SyncopeConsoleWebApplicationTestConfig.class); ctx.register(SyncopeWebApplication.class); - ctx.register(SyncopeAMConsoleContext.class); - ctx.register(SyncopeIdMConsoleContext.class); + ctx.register(AMConsoleContext.class); + ctx.register(IdMConsoleContext.class); String springActiveProfiles = null; try (InputStream propStream = AbstractConsoleITCase.class.getResourceAsStream("/test.properties")) { diff --git a/src/main/asciidoc/reference-guide/concepts/policies.adoc b/src/main/asciidoc/reference-guide/concepts/policies.adoc index dbb7d8193e..c3c1b6e923 100644 --- a/src/main/asciidoc/reference-guide/concepts/policies.adoc +++ b/src/main/asciidoc/reference-guide/concepts/policies.adoc @@ -268,14 +268,55 @@ a `JAVA` `PASSWORD_RULE` <<implementations,implementation>> for the [[policies-access]] ==== Access -Access policies provide fine-grained control over the authorization rules to apply to +Access policies provide fine-grained control over the access rules to apply to <<client-applications,client applications>>. -An access policy describes whether the client application is allowed to use WA, allowed to participate in -single sign-on authentication, etc. Additionally, it may be configured to require a certain set of principal attributes -that must exist before access can be granted to the client application. This behavior allows one to configure various -attributes in terms of access roles for the application and define rules that would be enacted and validated when an -authentication request from the application arrives. +The following access policy configurations are available by default: + +[cols="1,2"] +|=== + +| +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java[DefaultAccessPolicyConf^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java[DefaultAccessPolicyConf^] +endif::[] +| It describes whether the client application is allowed to use WA, allowed to participate in single sign-on +authentication, etc; additionally, it may be configured to require a certain set of principal attributes that must exist +before access can be granted. + +| +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java[HttpRequestAccessPolicyConf^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java[HttpRequestAccessPolicyConf^] +endif::[] +| Make access decisions based on HTTP request properties as client IP address and user-agent. + +| +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java[RemoteEndpointAccessPolicyConf^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java[RemoteEndpointAccessPolicyConf^] +endif::[] +| Delegate access decisions to a remote endpoint by receiving the authenticated principal as url parameter of a `GET` +request; the response code that the endpoint returns is then compared against the policy setting and if a match is +found, access is granted. + +| +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java[TimeBasedAccessPolicyConf^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java[TimeBasedAccessPolicyConf^] +endif::[] +| Access is only allowed within the configured timeframe. + +|=== [NOTE] Access Policy instances are dynamically translated into diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java index 6c24e5eb03..237cb11b90 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java @@ -29,21 +29,23 @@ public class DefaultAccessMapper implements AccessMapper { @Override public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) { + DefaultAccessPolicyConf conf = (DefaultAccessPolicyConf) policy.getConf(); + DefaultRegisteredServiceAccessStrategy accessStrategy = - new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(), policy.isSsoEnabled()); + new DefaultRegisteredServiceAccessStrategy(conf.isEnabled(), conf.isSsoEnabled()); - accessStrategy.setOrder(policy.getOrder()); + accessStrategy.setOrder(conf.getOrder()); - accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes()); + accessStrategy.setRequireAllAttributes(conf.isRequireAllAttributes()); - accessStrategy.setCaseInsensitive(policy.isCaseInsensitive()); + accessStrategy.setCaseInsensitive(conf.isCaseInsensitive()); - accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl()); + accessStrategy.setUnauthorizedRedirectUrl(conf.getUnauthorizedRedirectUrl()); - policy.getConf().getRequiredAttrs().forEach( + conf.getRequiredAttrs().forEach( attr -> accessStrategy.getRequiredAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); - policy.getConf().getRejectedAttrs().forEach( + conf.getRejectedAttrs().forEach( attr -> accessStrategy.getRejectedAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); return accessStrategy; diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/HttpRequestAccessMapper.java similarity index 50% copy from wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java copy to wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/HttpRequestAccessMapper.java index 6c24e5eb03..ea034f1586 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/HttpRequestAccessMapper.java @@ -18,33 +18,23 @@ */ package org.apache.syncope.wa.starter.mapping; -import java.util.HashSet; +import java.util.Optional; import org.apache.syncope.common.lib.policy.AccessPolicyTO; -import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; -import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy; +import org.apache.syncope.common.lib.policy.HttpRequestAccessPolicyConf; +import org.apereo.cas.services.HttpRequestRegisteredServiceAccessStrategy; import org.apereo.cas.services.RegisteredServiceAccessStrategy; -@AccessMapFor(accessPolicyConfClass = DefaultAccessPolicyConf.class) -public class DefaultAccessMapper implements AccessMapper { +@AccessMapFor(accessPolicyConfClass = HttpRequestAccessPolicyConf.class) +public class HttpRequestAccessMapper implements AccessMapper { @Override public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) { - DefaultRegisteredServiceAccessStrategy accessStrategy = - new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(), policy.isSsoEnabled()); + HttpRequestAccessPolicyConf conf = (HttpRequestAccessPolicyConf) policy.getConf(); - accessStrategy.setOrder(policy.getOrder()); + HttpRequestRegisteredServiceAccessStrategy accessStrategy = new HttpRequestRegisteredServiceAccessStrategy(); - accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes()); - - accessStrategy.setCaseInsensitive(policy.isCaseInsensitive()); - - accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl()); - - policy.getConf().getRequiredAttrs().forEach( - attr -> accessStrategy.getRequiredAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); - - policy.getConf().getRejectedAttrs().forEach( - attr -> accessStrategy.getRejectedAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); + Optional.ofNullable(conf.getIpAddress()).ifPresent(accessStrategy::setIpAddress); + Optional.ofNullable(conf.getUserAgent()).ifPresent(accessStrategy::setUserAgent); return accessStrategy; } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RemoteEndpointAccessMapper.java similarity index 50% copy from wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java copy to wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RemoteEndpointAccessMapper.java index 6c24e5eb03..595a593039 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RemoteEndpointAccessMapper.java @@ -18,33 +18,24 @@ */ package org.apache.syncope.wa.starter.mapping; -import java.util.HashSet; +import java.util.Optional; import org.apache.syncope.common.lib.policy.AccessPolicyTO; -import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; -import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy; +import org.apache.syncope.common.lib.policy.RemoteEndpointAccessPolicyConf; import org.apereo.cas.services.RegisteredServiceAccessStrategy; +import org.apereo.cas.services.RemoteEndpointServiceAccessStrategy; -@AccessMapFor(accessPolicyConfClass = DefaultAccessPolicyConf.class) -public class DefaultAccessMapper implements AccessMapper { +@AccessMapFor(accessPolicyConfClass = RemoteEndpointAccessPolicyConf.class) +public class RemoteEndpointAccessMapper implements AccessMapper { @Override public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) { - DefaultRegisteredServiceAccessStrategy accessStrategy = - new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(), policy.isSsoEnabled()); + RemoteEndpointAccessPolicyConf conf = (RemoteEndpointAccessPolicyConf) policy.getConf(); - accessStrategy.setOrder(policy.getOrder()); + RemoteEndpointServiceAccessStrategy accessStrategy = new RemoteEndpointServiceAccessStrategy(); - accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes()); + Optional.ofNullable(conf.getEndpointUrl()).ifPresent(accessStrategy::setEndpointUrl); - accessStrategy.setCaseInsensitive(policy.isCaseInsensitive()); - - accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl()); - - policy.getConf().getRequiredAttrs().forEach( - attr -> accessStrategy.getRequiredAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); - - policy.getConf().getRejectedAttrs().forEach( - attr -> accessStrategy.getRejectedAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); + accessStrategy.setAcceptableResponseCodes(String.join(",", conf.getAcceptableResponseCodes())); return accessStrategy; } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/TimeBasedAccessMapper.java similarity index 50% copy from wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java copy to wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/TimeBasedAccessMapper.java index 6c24e5eb03..f4cd0f2e34 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/TimeBasedAccessMapper.java @@ -18,33 +18,28 @@ */ package org.apache.syncope.wa.starter.mapping; -import java.util.HashSet; +import java.time.format.DateTimeFormatter; +import java.util.Optional; import org.apache.syncope.common.lib.policy.AccessPolicyTO; -import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; -import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy; +import org.apache.syncope.common.lib.policy.TimeBasedAccessPolicyConf; import org.apereo.cas.services.RegisteredServiceAccessStrategy; +import org.apereo.cas.services.TimeBasedRegisteredServiceAccessStrategy; -@AccessMapFor(accessPolicyConfClass = DefaultAccessPolicyConf.class) -public class DefaultAccessMapper implements AccessMapper { +@AccessMapFor(accessPolicyConfClass = TimeBasedAccessPolicyConf.class) +public class TimeBasedAccessMapper implements AccessMapper { @Override public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) { - DefaultRegisteredServiceAccessStrategy accessStrategy = - new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(), policy.isSsoEnabled()); + TimeBasedAccessPolicyConf conf = (TimeBasedAccessPolicyConf) policy.getConf(); - accessStrategy.setOrder(policy.getOrder()); + TimeBasedRegisteredServiceAccessStrategy accessStrategy = new TimeBasedRegisteredServiceAccessStrategy(); - accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes()); + Optional.ofNullable(conf.getStart()). + map(DateTimeFormatter.ISO_OFFSET_DATE_TIME::format).ifPresent(accessStrategy::setStartingDateTime); + Optional.ofNullable(conf.getEnd()). + map(DateTimeFormatter.ISO_OFFSET_DATE_TIME::format).ifPresent(accessStrategy::setEndingDateTime); - accessStrategy.setCaseInsensitive(policy.isCaseInsensitive()); - - accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl()); - - policy.getConf().getRequiredAttrs().forEach( - attr -> accessStrategy.getRequiredAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); - - policy.getConf().getRejectedAttrs().forEach( - attr -> accessStrategy.getRejectedAttributes().put(attr.getSchema(), new HashSet<>(attr.getValues()))); + Optional.ofNullable(conf.getZoneId()).ifPresent(accessStrategy::setZoneId); return accessStrategy; } diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java index 2b74bd1661..f133f5253b 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java @@ -112,8 +112,8 @@ public class WAServiceRegistryTest extends AbstractTest { } AccessPolicyTO accessPolicy = new AccessPolicyTO(); - accessPolicy.setEnabled(true); DefaultAccessPolicyConf accessPolicyConf = new DefaultAccessPolicyConf(); + accessPolicyConf.setEnabled(true); accessPolicyConf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin", "Admin", "TheAdmin").build()); accessPolicy.setConf(accessPolicyConf); waClientApp.setAccessPolicy(accessPolicy);