This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 4018a109cf425f7d884508e884ce09b5faeb7216
Author: Francesco Chicchiriccò <ilgro...@apache.org>
AuthorDate: Wed Jan 11 17:13:20 2023 +0100
[SYNCOPE-1721] Supporting more ServiceAccessStrategy classes
---
...AMConsoleContext.java => AMConsoleContext.java} | 9 +-
.../commons/AMAccessPolicyConfProvider.java | 19 ++-
.../AMClassPathScanImplementationContributor.java | 15 ++
.../panels/SAML2IdPEntityDirectoryPanel.java | 20 ++-
.../panels/SAML2SPEntityDirectoryPanel.java | 20 ++-
.../policies/AccessPolicyAttrsDirectoryPanel.java | 11 +-
.../policies/AccessPolicyAttrsWizardBuilder.java | 11 +-
.../policies/AccessPolicyDirectoryPanel.java | 108 ++++++++------
.../console/policies/AccessPolicyModalPanel.java | 164 +++++++++++++++++++++
.../policies/AttrReleasePolicyModalPanel.java | 2 +-
.../console/policies/AccessPolicyModalPanel.html | 27 ++++
.../policies/AccessPolicyModalPanel.properties} | 14 +-
.../policies/AccessPolicyModalPanel_fr.properties} | 14 +-
.../policies/AccessPolicyModalPanel_it.properties} | 14 +-
.../policies/AccessPolicyModalPanel_ja.properties} | 14 +-
.../AccessPolicyModalPanel_pt_BR.properties} | 14 +-
.../policies/AccessPolicyModalPanel_ru.properties} | 14 +-
...MConsoleContext.java => IdMConsoleContext.java} | 2 +-
...nsoleContext.java => IdRepoConsoleContext.java} | 10 +-
.../client/console/SyncopeConsoleApplication.java | 6 +-
.../client/console/SyncopeWebApplication.java | 9 ++
.../console/commons/AccessPolicyConfProvider.java | 14 +-
.../commons/IdRepoAccessPolicyConfProvider.java | 15 +-
.../init/ClassPathScanImplementationLookup.java | 6 +-
.../console/policies/PolicyModalPanelBuilder.java | 70 ++++-----
.../src/main/resources/META-INF/spring.factories | 2 +-
.../policies/PolicyDirectoryPanel.properties | 5 +-
.../policies/PolicyDirectoryPanel_fr_CA.properties | 5 +-
.../policies/PolicyDirectoryPanel_it.properties | 5 +-
.../policies/PolicyDirectoryPanel_ja.properties | 5 +-
.../policies/PolicyDirectoryPanel_pt_BR.properties | 5 +-
.../policies/PolicyDirectoryPanel_ru.properties | 5 +-
.../syncope/client/console/AbstractTest.java | 10 +-
.../common/lib/policy/AccessPolicyConf.java | 6 -
.../syncope/common/lib/policy/AccessPolicyTO.java | 61 --------
.../common/lib/policy/DefaultAccessPolicyConf.java | 63 +++++++-
...yConf.java => HttpRequestAccessPolicyConf.java} | 28 +++-
...nf.java => RemoteEndpointAccessPolicyConf.java} | 29 ++--
...icyConf.java => TimeBasedAccessPolicyConf.java} | 21 ++-
.../syncope/common/lib/SerializationTest.java | 6 +-
.../api/entity/policy/AccessPolicy.java | 25 ----
.../src/test/resources/domains/MasterContent.xml | 3 +-
.../jpa/entity/policy/JPAAccessPolicy.java | 82 -----------
.../jpa/inner/AbstractClientAppTest.java | 4 +-
.../src/test/resources/domains/MasterContent.xml | 3 +-
.../java/data/PolicyDataBinderImpl.java | 13 --
.../org/apache/syncope/fit/AbstractITCase.java | 2 +-
.../syncope/fit/console/AbstractConsoleITCase.java | 8 +-
.../reference-guide/concepts/policies.adoc | 53 ++++++-
.../wa/starter/mapping/DefaultAccessMapper.java | 16 +-
...essMapper.java => HttpRequestAccessMapper.java} | 28 ++--
...Mapper.java => RemoteEndpointAccessMapper.java} | 27 ++--
...ccessMapper.java => TimeBasedAccessMapper.java} | 31 ++--
.../syncope/wa/starter/WAServiceRegistryTest.java | 2 +-
54 files changed, 694 insertions(+), 481 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/SyncopeAMConsoleContext.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java
similarity index 85%
rename from
client/am/console/src/main/java/org/apache/syncope/client/console/SyncopeAMConsoleContext.java
rename to
client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java
index b5b35524d8..82f09ad40d 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/SyncopeAMConsoleContext.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java
@@ -18,8 +18,10 @@
*/
package org.apache.syncope.client.console;
+import org.apache.syncope.client.console.commons.AMAccessPolicyConfProvider;
import org.apache.syncope.client.console.commons.AMPolicyTabProvider;
import org.apache.syncope.client.console.commons.AMRealmPolicyProvider;
+import org.apache.syncope.client.console.commons.AccessPolicyConfProvider;
import org.apache.syncope.client.console.commons.PolicyTabProvider;
import org.apache.syncope.client.console.commons.RealmPolicyProvider;
import
org.apache.syncope.client.console.init.AMClassPathScanImplementationContributor;
@@ -28,7 +30,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration(proxyBeanMethods = false)
-public class SyncopeAMConsoleContext {
+public class AMConsoleContext {
@Bean
public ClassPathScanImplementationContributor
amClassPathScanImplementationContributor() {
@@ -44,4 +46,9 @@ public class SyncopeAMConsoleContext {
public PolicyTabProvider amPolicyTabProvider() {
return new AMPolicyTabProvider();
}
+
+ @Bean
+ public AccessPolicyConfProvider accessPolicyConfProvider() {
+ return new AMAccessPolicyConfProvider();
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMAccessPolicyConfProvider.java
similarity index 58%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
copy to
client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMAccessPolicyConfProvider.java
index 24025d2774..78a66df4a0 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMAccessPolicyConfProvider.java
@@ -16,17 +16,20 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.syncope.common.lib.policy;
+package org.apache.syncope.client.console.commons;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.util.List;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.BaseBean;
+import java.util.stream.Collectors;
+import org.apache.syncope.client.console.SyncopeWebApplication;
+import org.apache.syncope.common.lib.policy.AccessPolicyConf;
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY,
property = "_class")
-public interface AccessPolicyConf extends BaseBean {
+public class AMAccessPolicyConfProvider implements AccessPolicyConfProvider {
- List<Attr> getRequiredAttrs();
+ private static final long serialVersionUID = 5657864541765007494L;
- List<Attr> getRejectedAttrs();
+ @Override
+ public List<String> get() {
+ return
SyncopeWebApplication.get().getLookup().getClasses(AccessPolicyConf.class).stream().
+ map(Class::getName).sorted().collect(Collectors.toList());
+ }
}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java
index e7ca032553..dfa9349ac4 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/init/AMClassPathScanImplementationContributor.java
@@ -21,6 +21,9 @@ package org.apache.syncope.client.console.init;
import java.util.Optional;
import org.apache.syncope.common.lib.attr.AttrRepoConf;
import org.apache.syncope.common.lib.auth.AuthModuleConf;
+import org.apache.syncope.common.lib.policy.AccessPolicyConf;
+import org.apache.syncope.common.lib.policy.AttrReleasePolicyConf;
+import org.apache.syncope.common.lib.policy.AuthPolicyConf;
import
org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.core.type.filter.AssignableTypeFilter;
@@ -30,6 +33,9 @@ public class AMClassPathScanImplementationContributor
implements ClassPathScanIm
public void extend(final ClassPathScanningCandidateComponentProvider
scanner) {
scanner.addIncludeFilter(new
AssignableTypeFilter(AuthModuleConf.class));
scanner.addIncludeFilter(new AssignableTypeFilter(AttrRepoConf.class));
+ scanner.addIncludeFilter(new
AssignableTypeFilter(AccessPolicyConf.class));
+ scanner.addIncludeFilter(new
AssignableTypeFilter(AttrReleasePolicyConf.class));
+ scanner.addIncludeFilter(new
AssignableTypeFilter(AuthPolicyConf.class));
}
@Override
@@ -40,6 +46,15 @@ public class AMClassPathScanImplementationContributor
implements ClassPathScanIm
if (AttrRepoConf.class.isAssignableFrom(clazz)) {
return Optional.of(AttrRepoConf.class.getName());
}
+ if (AccessPolicyConf.class.isAssignableFrom(clazz)) {
+ return Optional.of(AccessPolicyConf.class.getName());
+ }
+ if (AttrReleasePolicyConf.class.isAssignableFrom(clazz)) {
+ return Optional.of(AttrReleasePolicyConf.class.getName());
+ }
+ if (AuthPolicyConf.class.isAssignableFrom(clazz)) {
+ return Optional.of(AuthPolicyConf.class.getName());
+ }
return Optional.empty();
}
}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java
index 9523053a71..b8487037c1 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPEntityDirectoryPanel.java
@@ -86,16 +86,20 @@ public class SAML2IdPEntityDirectoryPanel extends
DirectoryPanel<
Constants.KEY_FIELD_NAME, Constants.KEY_FIELD_NAME));
columns.add(new AbstractColumn<>(Model.of("URL")) {
+ private static final long serialVersionUID = -7226955670801277153L;
+
@Override
public void populateItem(
- final Item<ICellPopulator<SAML2IdPEntityTO>> cellItem,
- final String componentId,
- final IModel<SAML2IdPEntityTO> rowModel) {
+ final Item<ICellPopulator<SAML2IdPEntityTO>> cellItem,
+ final String componentId,
+ final IModel<SAML2IdPEntityTO> rowModel) {
cellItem.add(new ExternalLink(
- componentId,
- Model.of(metadataURL),
- Model.of(metadataURL)) {
+ componentId,
+ Model.of(metadataURL),
+ Model.of(metadataURL)) {
+
+ private static final long serialVersionUID =
-1919646533527005367L;
@Override
protected void onComponentTag(final ComponentTag tag) {
@@ -125,8 +129,8 @@ public class SAML2IdPEntityDirectoryPanel extends
DirectoryPanel<
@Override
public void onClick(final AjaxRequestTarget target, final
SAML2IdPEntityTO ignore) {
send(SAML2IdPEntityDirectoryPanel.this, Broadcast.EXACT,
- new AjaxWizard.EditItemActionEvent<>(
-
SAML2IdPEntityRestClient.get(model.getObject().getKey()), target));
+ new AjaxWizard.EditItemActionEvent<>(
+
SAML2IdPEntityRestClient.get(model.getObject().getKey()), target));
}
}, ActionLink.ActionType.EDIT, AMEntitlement.SAML2_IDP_ENTITY_SET);
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java
index ad2ffee7d9..6ac5f77c42 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/SAML2SPEntityDirectoryPanel.java
@@ -92,17 +92,21 @@ public class SAML2SPEntityDirectoryPanel extends
DirectoryPanel<
columns.add(new AbstractColumn<>(Model.of("URL")) {
+ private static final long serialVersionUID = -7226955670801277153L;
+
@Override
public void populateItem(
- final Item<ICellPopulator<SAML2SPEntityTO>> cellItem,
- final String componentId,
- final IModel<SAML2SPEntityTO> rowModel) {
+ final Item<ICellPopulator<SAML2SPEntityTO>> cellItem,
+ final String componentId,
+ final IModel<SAML2SPEntityTO> rowModel) {
String metadataURL = waPrefix + "/sp/" +
rowModel.getObject().getKey() + "/metadata";
cellItem.add(new ExternalLink(
- componentId,
- Model.of(metadataURL),
- Model.of(metadataURL)) {
+ componentId,
+ Model.of(metadataURL),
+ Model.of(metadataURL)) {
+
+ private static final long serialVersionUID =
-1919646533527005367L;
@Override
protected void onComponentTag(final ComponentTag tag) {
@@ -132,8 +136,8 @@ public class SAML2SPEntityDirectoryPanel extends
DirectoryPanel<
@Override
public void onClick(final AjaxRequestTarget target, final
SAML2SPEntityTO ignore) {
send(SAML2SPEntityDirectoryPanel.this, Broadcast.EXACT,
- new AjaxWizard.EditItemActionEvent<>(
-
SAML2SPEntityRestClient.get(model.getObject().getKey()), target));
+ new AjaxWizard.EditItemActionEvent<>(
+
SAML2SPEntityRestClient.get(model.getObject().getKey()), target));
}
}, ActionLink.ActionType.EDIT, AMEntitlement.SAML2_SP_ENTITY_SET);
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
index e7c1c0720a..72a9bf6592 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
@@ -31,8 +31,8 @@ import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
import org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.SyncopeClientException;
-import org.apache.syncope.common.lib.policy.AccessPolicyConf;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
+import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.wicket.PageReference;
@@ -49,13 +49,13 @@ public class AccessPolicyAttrsDirectoryPanel extends
AttrListDirectoryPanel {
private final IModel<AccessPolicyTO> accessPolicyModel;
- private final SerializableFunction<AccessPolicyConf, List<Attr>>
attrsAccessor;
+ private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor;
public AccessPolicyAttrsDirectoryPanel(
final String id,
final BaseModal<AccessPolicyTO> wizardModal,
final IModel<AccessPolicyTO> model,
- final SerializableFunction<AccessPolicyConf, List<Attr>>
attrsAccessor,
+ final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor,
final PageReference pageRef) {
super(id, pageRef, false);
@@ -86,7 +86,8 @@ public class AccessPolicyAttrsDirectoryPanel extends
AttrListDirectoryPanel {
@Override
public void onClick(final AjaxRequestTarget target, final Attr
ignore) {
try {
-
attrsAccessor.apply(accessPolicyModel.getObject().getConf()).remove(model.getObject());
+ attrsAccessor.apply((DefaultAccessPolicyConf)
accessPolicyModel.getObject().getConf()).
+ remove(model.getObject());
PolicyRestClient.update(PolicyType.ACCESS,
accessPolicyModel.getObject());
SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED));
@@ -135,7 +136,7 @@ public class AccessPolicyAttrsDirectoryPanel extends
AttrListDirectoryPanel {
@Override
protected List<Attr> list() {
- return
attrsAccessor.apply(accessPolicyModel.getObject().getConf());
+ return attrsAccessor.apply((DefaultAccessPolicyConf)
accessPolicyModel.getObject().getConf());
}
}
}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
index a371e0328c..a9029e9008 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
@@ -23,8 +23,8 @@ import java.util.List;
import org.apache.syncope.client.console.rest.PolicyRestClient;
import org.apache.syncope.client.console.wizards.AttrWizardBuilder;
import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.policy.AccessPolicyConf;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
+import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.wicket.PageReference;
import org.danekja.java.util.function.serializable.SerializableFunction;
@@ -35,11 +35,11 @@ public class AccessPolicyAttrsWizardBuilder extends
AttrWizardBuilder {
private final AccessPolicyTO accessPolicy;
- private final SerializableFunction<AccessPolicyConf, List<Attr>>
attrsAccessor;
+ private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor;
public AccessPolicyAttrsWizardBuilder(
final AccessPolicyTO accessPolicy,
- final SerializableFunction<AccessPolicyConf, List<Attr>>
attrsAccessor,
+ final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor,
final Attr attr,
final PageReference pageRef) {
@@ -50,8 +50,9 @@ public class AccessPolicyAttrsWizardBuilder extends
AttrWizardBuilder {
@Override
protected Serializable onApplyInternal(final Attr modelObject) {
- attrsAccessor.apply(accessPolicy.getConf()).removeIf(p ->
modelObject.getSchema().equals(p.getSchema()));
- attrsAccessor.apply(accessPolicy.getConf()).add(modelObject);
+ attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicy.getConf()).
+ removeIf(p -> modelObject.getSchema().equals(p.getSchema()));
+ attrsAccessor.apply((DefaultAccessPolicyConf)
accessPolicy.getConf()).add(modelObject);
PolicyRestClient.update(PolicyType.ACCESS, accessPolicy);
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
index 86fe8f4147..4261ad8236 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
@@ -21,10 +21,8 @@ package org.apache.syncope.client.console.policies;
import java.util.List;
import org.apache.syncope.client.console.panels.ModalDirectoryPanel;
import org.apache.syncope.client.console.rest.PolicyRestClient;
-import
org.apache.syncope.client.console.wicket.extensions.markup.html.repeater.data.table.BooleanPropertyColumn;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel;
-import org.apache.syncope.common.lib.policy.AccessPolicyConf;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
@@ -32,8 +30,11 @@ import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
import
org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
+import
org.apache.wicket.extensions.markup.html.repeater.data.grid.ICellPopulator;
+import
org.apache.wicket.extensions.markup.html.repeater.data.table.AbstractColumn;
import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
-import
org.apache.wicket.extensions.markup.html.repeater.data.table.PropertyColumn;
+import org.apache.wicket.markup.html.basic.Label;
+import org.apache.wicket.markup.repeater.Item;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.StringResourceModel;
@@ -56,15 +57,21 @@ public class AccessPolicyDirectoryPanel extends
PolicyDirectoryPanel<AccessPolic
@Override
protected void addCustomColumnFields(final List<IColumn<AccessPolicyTO,
String>> columns) {
- columns.add(new PropertyColumn<>(new StringResourceModel("order",
this), "order", "order"));
- columns.add(new BooleanPropertyColumn<>(
- new StringResourceModel("enabled", this), "enabled",
"enabled"));
- columns.add(new BooleanPropertyColumn<>(
- new StringResourceModel("ssoEnabled", this), "ssoEnabled",
"ssoEnabled"));
- columns.add(new BooleanPropertyColumn<>(
- new StringResourceModel("requireAllAttributes", this),
"requireAllAttributes", "requireAllAttributes"));
- columns.add(new BooleanPropertyColumn<>(
- new StringResourceModel("caseInsensitive", this),
"caseInsensitive", "caseInsensitive"));
+ columns.add(new AbstractColumn<AccessPolicyTO, String>(new
StringResourceModel("conf", this)) {
+
+ private static final long serialVersionUID = -7226955670801277153L;
+
+ @Override
+ public void populateItem(
+ final Item<ICellPopulator<AccessPolicyTO>> cellItem,
+ final String componentId,
+ final IModel<AccessPolicyTO> rowModel) {
+
+ cellItem.add(new Label(componentId,
rowModel.getObject().getConf() == null
+ ? ""
+ :
rowModel.getObject().getConf().getClass().getName()));
+ }
+ });
}
@Override
@@ -79,42 +86,55 @@ public class AccessPolicyDirectoryPanel extends
PolicyDirectoryPanel<AccessPolic
if (model.getObject().getConf() == null) {
model.getObject().setConf(new DefaultAccessPolicyConf());
}
- target.add(ruleCompositionModal.setContent(new
ModalDirectoryPanel<>(
- ruleCompositionModal,
- new AccessPolicyAttrsDirectoryPanel(
- "panel",
- ruleCompositionModal,
- model,
- AccessPolicyConf::getRequiredAttrs,
- pageRef),
- pageRef)));
- ruleCompositionModal.header(new
Model<>(getString("requiredAttrs.title", model)));
- ruleCompositionModal.show(true);
+ target.add(policySpecModal.setContent(
+ new AccessPolicyModalPanel(policySpecModal, model,
pageRef)));
+ policySpecModal.header(new
Model<>(getString("accessPolicyConf.title", model)));
+ policySpecModal.show(true);
}
- }, ActionLink.ActionType.TYPE_EXTENSIONS,
IdRepoEntitlement.POLICY_UPDATE);
+ }, ActionLink.ActionType.CHANGE_VIEW, IdRepoEntitlement.POLICY_UPDATE);
- panel.add(new ActionLink<>() {
+ if (model.getObject().getConf() instanceof DefaultAccessPolicyConf) {
+ panel.add(new ActionLink<>() {
- private static final long serialVersionUID = -3722207913631435501L;
+ private static final long serialVersionUID =
-3722207913631435501L;
- @Override
- public void onClick(final AjaxRequestTarget target, final
AccessPolicyTO ignore) {
- model.setObject(PolicyRestClient.read(type,
model.getObject().getKey()));
- if (model.getObject().getConf() == null) {
- model.getObject().setConf(new DefaultAccessPolicyConf());
+ @Override
+ public void onClick(final AjaxRequestTarget target, final
AccessPolicyTO ignore) {
+ model.setObject(PolicyRestClient.read(type,
model.getObject().getKey()));
+ target.add(ruleCompositionModal.setContent(new
ModalDirectoryPanel<>(
+ ruleCompositionModal,
+ new AccessPolicyAttrsDirectoryPanel(
+ "panel",
+ ruleCompositionModal,
+ model,
+ DefaultAccessPolicyConf::getRequiredAttrs,
+ pageRef),
+ pageRef)));
+ ruleCompositionModal.header(new
Model<>(getString("requiredAttrs.title", model)));
+ ruleCompositionModal.show(true);
}
- target.add(ruleCompositionModal.setContent(new
ModalDirectoryPanel<>(
- ruleCompositionModal,
- new AccessPolicyAttrsDirectoryPanel(
- "panel",
- ruleCompositionModal,
- model,
- AccessPolicyConf::getRejectedAttrs,
- pageRef),
- pageRef)));
- ruleCompositionModal.header(new
Model<>(getString("rejectedAttrs.title", model)));
- ruleCompositionModal.show(true);
- }
- }, ActionLink.ActionType.CLAIM, IdRepoEntitlement.POLICY_UPDATE);
+ }, ActionLink.ActionType.TYPE_EXTENSIONS,
IdRepoEntitlement.POLICY_UPDATE);
+
+ panel.add(new ActionLink<>() {
+
+ private static final long serialVersionUID =
-3722207913631435501L;
+
+ @Override
+ public void onClick(final AjaxRequestTarget target, final
AccessPolicyTO ignore) {
+ model.setObject(PolicyRestClient.read(type,
model.getObject().getKey()));
+ target.add(ruleCompositionModal.setContent(new
ModalDirectoryPanel<>(
+ ruleCompositionModal,
+ new AccessPolicyAttrsDirectoryPanel(
+ "panel",
+ ruleCompositionModal,
+ model,
+ DefaultAccessPolicyConf::getRejectedAttrs,
+ pageRef),
+ pageRef)));
+ ruleCompositionModal.header(new
Model<>(getString("rejectedAttrs.title", model)));
+ ruleCompositionModal.show(true);
+ }
+ }, ActionLink.ActionType.CLAIM, IdRepoEntitlement.POLICY_UPDATE);
+ }
}
}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
new file mode 100644
index 0000000000..e71d36e90c
--- /dev/null
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
@@ -0,0 +1,164 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.console.policies;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.commons.lang3.time.DateFormatUtils;
+import org.apache.syncope.client.console.SyncopeConsoleSession;
+import org.apache.syncope.client.console.panels.AbstractModalPanel;
+import org.apache.syncope.client.console.rest.PolicyRestClient;
+import
org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
+import
org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel;
+import org.apache.syncope.client.ui.commons.Constants;
+import org.apache.syncope.client.ui.commons.DateOps;
+import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel;
+import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxDateTimeFieldPanel;
+import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxSpinnerFieldPanel;
+import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
+import org.apache.syncope.client.ui.commons.markup.html.form.FieldPanel;
+import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
+import org.apache.syncope.common.lib.policy.AccessPolicyTO;
+import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
+import org.apache.syncope.common.lib.policy.HttpRequestAccessPolicyConf;
+import org.apache.syncope.common.lib.policy.RemoteEndpointAccessPolicyConf;
+import org.apache.syncope.common.lib.policy.TimeBasedAccessPolicyConf;
+import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.wicket.Component;
+import org.apache.wicket.PageReference;
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.markup.html.list.ListItem;
+import org.apache.wicket.markup.html.list.ListView;
+import org.apache.wicket.model.IModel;
+import org.apache.wicket.model.PropertyModel;
+import org.apache.wicket.validation.validator.UrlValidator;
+
+public class AccessPolicyModalPanel extends AbstractModalPanel<AccessPolicyTO>
{
+
+ private static final long serialVersionUID = -6446551344059681908L;
+
+ private final IModel<AccessPolicyTO> model;
+
+ @SuppressWarnings({ "unchecked", "rawtypes" })
+ public AccessPolicyModalPanel(
+ final BaseModal<AccessPolicyTO> modal,
+ final IModel<AccessPolicyTO> model,
+ final PageReference pageRef) {
+
+ super(modal, pageRef);
+ this.model = model;
+
+ List<Component> fields = new ArrayList<>();
+
+ if (model.getObject().getConf() instanceof DefaultAccessPolicyConf) {
+ fields.add(new AjaxSpinnerFieldPanel.Builder<Integer>().build(
+ "field",
+ "order",
+ Integer.class,
+ new PropertyModel<>(model.getObject().getConf(),
"order")));
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
+ "enabled",
+ new PropertyModel<>(model.getObject().getConf(),
"enabled"),
+ false));
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
+ "ssoEnabled",
+ new PropertyModel<>(model.getObject().getConf(),
"ssoEnabled"),
+ false));
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
+ "requireAllAttributes",
+ new PropertyModel<>(model.getObject().getConf(),
"requireAllAttributes"),
+ false));
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
+ "caseInsensitive",
+ new PropertyModel<>(model.getObject().getConf(),
"caseInsensitive"),
+ false));
+ AjaxTextFieldPanel unauthorizedRedirectUrl = new
AjaxTextFieldPanel(
+ "field",
+ "unauthorizedRedirectUrl",
+ new PropertyModel<>(model.getObject().getConf(),
"unauthorizedRedirectUrl"),
+ false);
+ unauthorizedRedirectUrl.getField().add(new UrlValidator(new
String[] { "http", "https" }));
+ fields.add(unauthorizedRedirectUrl);
+ } else if (model.getObject().getConf() instanceof
HttpRequestAccessPolicyConf) {
+ fields.add(new AjaxTextFieldPanel("field", "ipAddress",
+ new PropertyModel<>(model.getObject().getConf(),
"ipAddress"), false));
+ fields.add(new AjaxTextFieldPanel("field", "userAgent",
+ new PropertyModel<>(model.getObject().getConf(),
"userAgent"), false));
+ } else if (model.getObject().getConf() instanceof
RemoteEndpointAccessPolicyConf) {
+ AjaxTextFieldPanel endpointUrl = new AjaxTextFieldPanel(
+ "field",
+ "endpointUrl",
+ new PropertyModel<>(model.getObject().getConf(),
"endpointUrl"),
+ false);
+ endpointUrl.getField().add(new UrlValidator(new String[] { "http",
"https" }));
+ fields.add(endpointUrl.setRequired(true));
+
+ FieldPanel panel = new AjaxTextFieldPanel(
+ "panel",
+ "acceptableResponseCodes",
+ new PropertyModel<>(model.getObject().getConf(),
"acceptableResponseCodes"));
+ fields.add(new MultiFieldPanel.Builder<>(
+ new PropertyModel<>(model.getObject().getConf(),
"acceptableResponseCodes")).build(
+ "field",
+ "acceptableResponseCodes",
+ panel));
+ } else if (model.getObject().getConf() instanceof
TimeBasedAccessPolicyConf) {
+ fields.add(new AjaxDateTimeFieldPanel(
+ "field",
+ "start",
+ new DateOps.WrappedDateModel(new
PropertyModel<>(model.getObject().getConf(), "start")),
+
DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT));
+ fields.add(new AjaxDateTimeFieldPanel(
+ "field",
+ "end",
+ new DateOps.WrappedDateModel(new
PropertyModel<>(model.getObject().getConf(), "end")),
+
DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT));
+ fields.add(new AjaxTextFieldPanel("field", "zoneId",
+ new PropertyModel<>(model.getObject().getConf(),
"zoneId"), false));
+ }
+
+ add(new ListView<>("fields", fields) {
+
+ private static final long serialVersionUID = -9180479401817023838L;
+
+ @Override
+ protected void populateItem(final ListItem<Component> item) {
+ item.add(item.getModelObject());
+ }
+ });
+ }
+
+ @Override
+ public void onSubmit(final AjaxRequestTarget target) {
+ try {
+ PolicyRestClient.update(PolicyType.ACCESS, model.getObject());
+
+
SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED));
+ modal.close(target);
+ } catch (Exception e) {
+ LOG.error("While updating Access Policy {}",
model.getObject().getKey(), e);
+ SyncopeConsoleSession.get().onException(e);
+ }
+ ((BaseWebPage)
pageRef.getPage()).getNotificationPanel().refresh(target);
+ }
+}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
index fcc98316b4..fd02a70995 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
@@ -47,7 +47,7 @@ import org.apache.wicket.model.PropertyModel;
public class AttrReleasePolicyModalPanel extends
AbstractModalPanel<AttrReleasePolicyTO> {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2668291404983623500L;
private final IModel<List<String>> allAttrRepos = new
LoadableDetachableModel<>() {
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
new file mode 100644
index 0000000000..b1fcbd9eac
--- /dev/null
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
@@ -0,0 +1,27 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml";
xmlns:wicket="http://wicket.apache.org";>
+ <wicket:extend>
+ <div wicket:id="fields">
+ <div class="form-group">
+ <span wicket:id="field"/>
+ </div>
+ </div>
+ </wicket:extend>
+</html>
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.properties
similarity index 77%
copy from client/idrepo/console/src/main/resources/META-INF/spring.factories
copy to
client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.properties
index 6357f8ae6c..a3d82caf88 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.properties
@@ -14,6 +14,14 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+order=Order
+ssoEnabled=SSO Enabled
+enabled=Enabled
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+ipAddress=IP Address
+userAgent=User Agent
+endpointUrl=Endpoint URL
+start=Start
+end=End
+zoneId=Zone Id
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_fr.properties
similarity index 77%
copy from client/idrepo/console/src/main/resources/META-INF/spring.factories
copy to
client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_fr.properties
index 6357f8ae6c..a3d82caf88 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_fr.properties
@@ -14,6 +14,14 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+order=Order
+ssoEnabled=SSO Enabled
+enabled=Enabled
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+ipAddress=IP Address
+userAgent=User Agent
+endpointUrl=Endpoint URL
+start=Start
+end=End
+zoneId=Zone Id
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_it.properties
similarity index 75%
copy from client/idrepo/console/src/main/resources/META-INF/spring.factories
copy to
client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_it.properties
index 6357f8ae6c..e5acdd4de1 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_it.properties
@@ -14,6 +14,14 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+order=Ordinamento
+ssoEnabled=SSO Abilitato
+enabled=Abilitata
+requireAllAttributes=Richiedi Tutti gli Attributi
+caseInsensitive=Case Insensitive
+ipAddress=Indirizzo IP
+userAgent=User Agent
+endpointUrl=URL Endpoint
+start=Inizio
+end=Fine
+zoneId=Zone Id
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ja.properties
similarity index 77%
copy from client/idrepo/console/src/main/resources/META-INF/spring.factories
copy to
client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ja.properties
index 6357f8ae6c..a3d82caf88 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ja.properties
@@ -14,6 +14,14 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+order=Order
+ssoEnabled=SSO Enabled
+enabled=Enabled
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+ipAddress=IP Address
+userAgent=User Agent
+endpointUrl=Endpoint URL
+start=Start
+end=End
+zoneId=Zone Id
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_pt_BR.properties
similarity index 77%
copy from client/idrepo/console/src/main/resources/META-INF/spring.factories
copy to
client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_pt_BR.properties
index 6357f8ae6c..a3d82caf88 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_pt_BR.properties
@@ -14,6 +14,14 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+order=Order
+ssoEnabled=SSO Enabled
+enabled=Enabled
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+ipAddress=IP Address
+userAgent=User Agent
+endpointUrl=Endpoint URL
+start=Start
+end=End
+zoneId=Zone Id
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ru.properties
similarity index 77%
copy from client/idrepo/console/src/main/resources/META-INF/spring.factories
copy to
client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ru.properties
index 6357f8ae6c..a3d82caf88 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel_ru.properties
@@ -14,6 +14,14 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+order=Order
+ssoEnabled=SSO Enabled
+enabled=Enabled
+requireAllAttributes=Require All Attributes
+caseInsensitive=Case Insensitive
+ipAddress=IP Address
+userAgent=User Agent
+endpointUrl=Endpoint URL
+start=Start
+end=End
+zoneId=Zone Id
diff --git
a/client/idm/console/src/main/java/org/apache/syncope/client/console/SyncopeIdMConsoleContext.java
b/client/idm/console/src/main/java/org/apache/syncope/client/console/IdMConsoleContext.java
similarity index 98%
rename from
client/idm/console/src/main/java/org/apache/syncope/client/console/SyncopeIdMConsoleContext.java
rename to
client/idm/console/src/main/java/org/apache/syncope/client/console/IdMConsoleContext.java
index 38d8681e37..553bb14ea0 100644
---
a/client/idm/console/src/main/java/org/apache/syncope/client/console/SyncopeIdMConsoleContext.java
+++
b/client/idm/console/src/main/java/org/apache/syncope/client/console/IdMConsoleContext.java
@@ -40,7 +40,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration(proxyBeanMethods = false)
-public class SyncopeIdMConsoleContext {
+public class IdMConsoleContext {
@Bean
public ClassPathScanImplementationContributor
idmClassPathScanImplementationContributor() {
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleContext.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/IdRepoConsoleContext.java
similarity index 93%
rename from
client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleContext.java
rename to
client/idrepo/console/src/main/java/org/apache/syncope/client/console/IdRepoConsoleContext.java
index 6c6d741876..61f24eb15e 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleContext.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/IdRepoConsoleContext.java
@@ -18,10 +18,12 @@
*/
package org.apache.syncope.client.console;
+import org.apache.syncope.client.console.commons.AccessPolicyConfProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider;
import
org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps;
import org.apache.syncope.client.console.commons.ExternalResourceProvider;
+import
org.apache.syncope.client.console.commons.IdRepoAccessPolicyConfProvider;
import
org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionLinksProvider;
import
org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionsProvider;
import
org.apache.syncope.client.console.commons.IdRepoAnyWizardBuilderAdditionalSteps;
@@ -46,7 +48,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration(proxyBeanMethods = false)
-public class ConsoleContext {
+public class IdRepoConsoleContext {
@ConditionalOnMissingBean
@Bean
@@ -125,4 +127,10 @@ public class ConsoleContext {
public PolicyTabProvider idRepoPolicyTabProvider() {
return new IdRepoPolicyTabProvider();
}
+
+ @ConditionalOnMissingBean
+ @Bean
+ public AccessPolicyConfProvider accessPolicyConfProvider() {
+ return new IdRepoAccessPolicyConfProvider();
+ }
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
index d3ee8b5cf0..141e017a08 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
@@ -21,6 +21,7 @@ package org.apache.syncope.client.console;
import
com.giffing.wicket.spring.boot.starter.web.config.WicketWebInitializerAutoConfig.WebSocketWicketWebInitializerAutoConfiguration;
import java.util.Map;
import org.apache.syncope.client.console.actuate.SyncopeConsoleInfoContributor;
+import org.apache.syncope.client.console.commons.AccessPolicyConfProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider;
import
org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps;
@@ -77,6 +78,7 @@ public class SyncopeConsoleApplication extends
SpringBootServletInitializer {
final StatusProvider statusProvider,
final VirSchemaDetailsPanelProvider virSchemaDetailsPanelProvider,
final ImplementationInfoProvider implementationInfoProvider,
+ final AccessPolicyConfProvider accessPolicyConfProvider,
final ApplicationContext ctx) {
return new SyncopeWebApplication(
@@ -88,7 +90,9 @@ public class SyncopeConsoleApplication extends
SpringBootServletInitializer {
anyDirectoryPanelAdditionalActionLinksProvider,
anyWizardBuilderAdditionalSteps, statusProvider,
virSchemaDetailsPanelProvider,
- implementationInfoProvider, ctx);
+ implementationInfoProvider,
+ accessPolicyConfProvider,
+ ctx);
}
@ConditionalOnMissingBean
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
index 23dfe3178a..3a4f55e061 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
@@ -26,6 +26,7 @@ import
de.agilecoders.wicket.core.settings.SingleThemeProvider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import org.apache.syncope.client.console.commons.AccessPolicyConfProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider;
import
org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps;
@@ -101,6 +102,8 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
protected final ImplementationInfoProvider implementationInfoProvider;
+ protected final AccessPolicyConfProvider accessPolicyConfProvider;
+
protected final ApplicationContext ctx;
public SyncopeWebApplication(
@@ -114,6 +117,7 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
final StatusProvider statusProvider,
final VirSchemaDetailsPanelProvider virSchemaDetailsPanelProvider,
final ImplementationInfoProvider implementationInfoProvider,
+ final AccessPolicyConfProvider accessPolicyConfProvider,
final ApplicationContext ctx) {
this.props = props;
@@ -126,6 +130,7 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
this.statusProvider = statusProvider;
this.virSchemaDetailsPanelProvider = virSchemaDetailsPanelProvider;
this.implementationInfoProvider = implementationInfoProvider;
+ this.accessPolicyConfProvider = accessPolicyConfProvider;
this.ctx = ctx;
}
@@ -349,4 +354,8 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
return finalizers;
}
+
+ public AccessPolicyConfProvider getAccessPolicyConfProvider() {
+ return accessPolicyConfProvider;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/AccessPolicyConfProvider.java
similarity index 66%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
copy to
client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/AccessPolicyConfProvider.java
index 24025d2774..d8aca69cca 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/AccessPolicyConfProvider.java
@@ -16,17 +16,13 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.syncope.common.lib.policy;
+package org.apache.syncope.client.console.commons;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import java.io.Serializable;
import java.util.List;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.BaseBean;
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY,
property = "_class")
-public interface AccessPolicyConf extends BaseBean {
+@FunctionalInterface
+public interface AccessPolicyConfProvider extends Serializable {
- List<Attr> getRequiredAttrs();
-
- List<Attr> getRejectedAttrs();
+ List<String> get();
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/IdRepoAccessPolicyConfProvider.java
similarity index 66%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
copy to
client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/IdRepoAccessPolicyConfProvider.java
index 24025d2774..b3dcd2b40e 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/commons/IdRepoAccessPolicyConfProvider.java
@@ -16,17 +16,16 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.syncope.common.lib.policy;
+package org.apache.syncope.client.console.commons;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.util.List;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.BaseBean;
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY,
property = "_class")
-public interface AccessPolicyConf extends BaseBean {
+public class IdRepoAccessPolicyConfProvider implements
AccessPolicyConfProvider {
- List<Attr> getRequiredAttrs();
+ private static final long serialVersionUID = 3002474783308961295L;
- List<Attr> getRejectedAttrs();
+ @Override
+ public List<String> get() {
+ return List.of();
+ }
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
index 1ef8e216a8..bc7bfc0efe 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/init/ClassPathScanImplementationLookup.java
@@ -115,8 +115,10 @@ public class ClassPathScanImplementationLookup {
private final ConsoleProperties props;
- public ClassPathScanImplementationLookup(final
Collection<ClassPathScanImplementationContributor> contributors,
- final ConsoleProperties props) {
+ public ClassPathScanImplementationLookup(
+ final Collection<ClassPathScanImplementationContributor>
contributors,
+ final ConsoleProperties props) {
+
this.contributors = contributors;
this.props = props;
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
index 3afafc6537..82dff84e4f 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyModalPanelBuilder.java
@@ -19,7 +19,6 @@
package org.apache.syncope.client.console.policies;
import java.io.Serializable;
-import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -57,7 +56,6 @@ import org.apache.wicket.model.IModel;
import org.apache.wicket.model.LoadableDetachableModel;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.model.util.ListModel;
-import org.apache.wicket.validation.validator.UrlValidator;
public class PolicyModalPanelBuilder<T extends PolicyTO> extends
AbstractModalPanelBuilder<T> {
@@ -132,6 +130,16 @@ public class PolicyModalPanelBuilder<T extends PolicyTO>
extends AbstractModalPa
}
};
+ private final LoadableDetachableModel<List<String>>
accessPolicyConfClasses = new LoadableDetachableModel<>() {
+
+ private static final long serialVersionUID = 5275935387613157437L;
+
+ @Override
+ protected List<String> load() {
+ return
SyncopeWebApplication.get().getAccessPolicyConfProvider().get();
+ }
+ };
+
Profile(final T policyTO, final BaseModal<T> modal, final
PageReference pageRef) {
super(modal, pageRef);
modal.setFormModel(policyTO);
@@ -256,59 +264,41 @@ public class PolicyModalPanelBuilder<T extends PolicyTO>
extends AbstractModalPa
break;
case ACCESS:
- fields.add(new
AjaxSpinnerFieldPanel.Builder<Integer>().build(
- "field",
- "order",
- Integer.class,
- new PropertyModel<>(policyTO, "order")));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "enabled",
- new PropertyModel<>(policyTO, "enabled"),
- false));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "ssoEnabled",
- new PropertyModel<>(policyTO, "ssoEnabled"),
- false));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "requireAllAttributes",
- new PropertyModel<>(policyTO,
"requireAllAttributes"),
- false));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "caseInsensitive",
- new PropertyModel<>(policyTO, "caseInsensitive"),
- false));
- AjaxTextFieldPanel unauthorizedRedirectUrl = new
AjaxTextFieldPanel(
+ fields.add(new AjaxDropDownChoicePanel<>(
"field",
- "unauthorizedRedirectUrl",
+ "conf",
new IModel<>() {
- private static final long serialVersionUID =
1015030402166681242L;
+ private static final long serialVersionUID =
-6515946495655944432L;
@Override
- public String getObject() {
- return Optional.ofNullable(
- (URI)
PropertyResolver.getValue("unauthorizedRedirectUrl", policyTO)).
- map(URI::toASCIIString).orElse(null);
+ public Serializable getObject() {
+ return
Optional.ofNullable(PropertyResolver.getValue("conf", policyTO)).
+ map(obj -> obj.getClass().getName()).
+ orElse(null);
}
@Override
- public void setObject(final String object) {
+ public void setObject(final Serializable object) {
+ Object conf = Optional.ofNullable(object).map(o ->
{
+ try {
+ return
Class.forName(object.toString()).getDeclaredConstructor().newInstance();
+ } catch (Exception e) {
+ LOG.error("Could not instantiate {}",
object, e);
+ return null;
+ }
+ }).orElse(null);
+
PropertyResolverConverter prc = new
PropertyResolverConverter(
Application.get().getConverterLocator(),
SyncopeConsoleSession.get().getLocale());
PropertyResolver.setValue(
- "unauthorizedRedirectUrl",
+ "conf",
policyTO,
-
Optional.ofNullable(object).map(URI::create).orElse(null),
+ Optional.ofNullable(conf).orElse(null),
prc);
}
- }, false);
- unauthorizedRedirectUrl.getField().add(new
UrlValidator(new String[] { "http", "https" }));
- fields.add(unauthorizedRedirectUrl);
+ }).setChoices(accessPolicyConfClasses).setRequired(true));
break;
case ATTR_RELEASE:
diff --git a/client/idrepo/console/src/main/resources/META-INF/spring.factories
b/client/idrepo/console/src/main/resources/META-INF/spring.factories
index 6357f8ae6c..7ebfcf603d 100644
--- a/client/idrepo/console/src/main/resources/META-INF/spring.factories
+++ b/client/idrepo/console/src/main/resources/META-INF/spring.factories
@@ -16,4 +16,4 @@
# under the License.
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- org.apache.syncope.client.console.ConsoleContext
+ org.apache.syncope.client.console.IdRepoConsoleContext
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
index 8965959032..d3ba8cea8d 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
@@ -30,7 +30,6 @@ any.cancel=Cancel ${name}
compose.title=rules
conflictResolutionAction=Conflict Resolution Action
enabled=Enabled
-ssoEnabled=SSO Enabled
change_view.title=configuration
change_view.class=fa fa-expand
requiredAttrs.title=Required Attributes
@@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
-requireAllAttributes=Require All Attributes
-caseInsensitive=Case Insensitive
order=Order
rejectedAttrs.title=Rejected Attributes
unauthorizedRedirectUrl=Unauthorized Redirect URL
@@ -55,3 +52,5 @@ maxAttempts=Max Attempts
backOffStrategy=BackOff Strategy
fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
+conf=Configuration
+accessPolicyConf.title=Access Policy Configuration
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
index 02cf30d40a..ef600f1ff2 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
@@ -30,7 +30,6 @@ any.cancel=Annuler ${name}
compose.title=r\u00e8glements
conflictResolutionAction=Action de r\u00e9solution des conflits
enabled=Enabled
-ssoEnabled=SSO Enabled
change_view.title=configuration
change_view.class=fa fa-expand
requiredAttrs.title=Required Attributes
@@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
-requireAllAttributes=Require All Attributes
-caseInsensitive=Case Insensitive
order=Order
rejectedAttrs.title=Rejected Attributes
unauthorizedRedirectUrl=Unauthorized Redirect URL
@@ -55,3 +52,5 @@ maxAttempts=Max Attempts
backOffStrategy=BackOff Strategy
fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
+conf=Configuration
+accessPolicyConf.title=Access Policy Configuration
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
index 79a83653a0..a7d05a668d 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
@@ -30,7 +30,6 @@ any.cancel=Annulla ${name}
compose.title=regole
conflictResolutionAction=Azione di Risoluzione Conflitti
enabled=Abilitata
-ssoEnabled=SSO Abilitato
change_view.title=configurazione
change_view.class=fa fa-expand
requiredAttrs.title=Attributi Richiesti
@@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Configurazione Rilascio Attributi
authPolicyConf.title=Configurazione Autenticazione
tryAll=Prova Tutti
authModules=Moduli di Authenticazione
-requireAllAttributes=Attributi Obbligatori
-caseInsensitive=Case Insensitive
order=Ordinamento
rejectedAttrs.title=Attributi Rifiutati
unauthorizedRedirectUrl=URL di Ridirezione Per Mancata Autorizzazione
@@ -55,3 +52,5 @@ maxAttempts=Tentativi Massimi
backOffStrategy=Strategia di BackOff
fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
+conf=Configurazione
+accessPolicyConf.title=Configurazione Accesso
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
index ac9abd3438..2a5e1ad609 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
@@ -30,7 +30,6 @@ any.cancel=${name} \u3092\u30ad\u30e3\u30f3\u30bb\u30eb
compose.title=\u30eb\u30fc\u30eb
conflictResolutionAction=\u7af6\u5408\u89e3\u6c7a\u30a2\u30af\u30b7\u30e7\u30f3
enabled=Enabled
-ssoEnabled=SSO Enabled
change_view.title=configuration
change_view.class=fa fa-expand
requiredAttrs.title=Required Attributes
@@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
-requireAllAttributes=Require All Attributes
-caseInsensitive=Case Insensitive
order=Order
rejectedAttrs.title=Rejected Attributes
unauthorizedRedirectUrl=Unauthorized Redirect URL
@@ -55,3 +52,5 @@ maxAttempts=Max Attempts
backOffStrategy=BackOff Strategy
fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
+conf=Configuration
+accessPolicyConf.title=Access Policy Configuration
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
index c1cc1ab1d8..3cfc47de41 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
@@ -30,7 +30,6 @@ any.cancel=Cancel ${name}
compose.title=rules
conflictResolutionAction=Conflict Resolution Action
enabled=Enabled
-ssoEnabled=SSO Enabled
change_view.title=configuration
change_view.class=fa fa-expand
requiredAttrs.title=Required Attributes
@@ -46,8 +45,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
-requireAllAttributes=Require All Attributes
-caseInsensitive=Case Insensitive
order=Order
rejectedAttrs.title=Rejected Attributes
unauthorizedRedirectUrl=Unauthorized Redirect URL
@@ -55,3 +52,5 @@ maxAttempts=Max Attempts
backOffStrategy=BackOff Strategy
fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
+conf=Configuration
+accessPolicyConf.title=Access Policy Configuration
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
index d305ca624a..9bc0f705f6 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
@@ -31,7 +31,6 @@ any.cancel=\u041e\u0442\u043c\u0435\u043d\u0438\u0442\u044c
${name}
compose.title=rules
conflictResolutionAction=Conflict Resolution Action
enabled=Enabled
-ssoEnabled=SSO Enabled
change_view.title=configuration
change_view.class=fa fa-expand
requiredAttrs.title=Required Attributes
@@ -47,8 +46,6 @@ attrReleasePolicyConf.title=Attribute Release Configuration
authPolicyConf.title=Authentication Configuration
tryAll=Try All
authModules=Authentication Modules
-requireAllAttributes=Require All Attributes
-caseInsensitive=Case Insensitive
order=Order
rejectedAttrs.title=Rejected Attributes
unauthorizedRedirectUrl=Unauthorized Redirect URL
@@ -56,3 +53,5 @@ maxAttempts=Max Attempts
backOffStrategy=BackOff Strategy
fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
+conf=Configuration
+accessPolicyConf.title=Access Policy Configuration
diff --git
a/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
b/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
index 861d54cabe..8b61bb5190 100644
---
a/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
+++
b/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
@@ -35,10 +35,12 @@ import java.util.Set;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.cxf.jaxrs.client.Client;
+import org.apache.syncope.client.console.commons.AccessPolicyConfProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionLinksProvider;
import
org.apache.syncope.client.console.commons.AnyDirectoryPanelAdditionalActionsProvider;
import
org.apache.syncope.client.console.commons.AnyWizardBuilderAdditionalSteps;
import org.apache.syncope.client.console.commons.ExternalResourceProvider;
+import
org.apache.syncope.client.console.commons.IdRepoAccessPolicyConfProvider;
import
org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionLinksProvider;
import
org.apache.syncope.client.console.commons.IdRepoAnyDirectoryPanelAdditionalActionsProvider;
import
org.apache.syncope.client.console.commons.IdRepoAnyWizardBuilderAdditionalSteps;
@@ -194,6 +196,11 @@ public abstract class AbstractTest {
public PolicyTabProvider policyTabProvider() {
return new IdRepoPolicyTabProvider();
}
+
+ @Bean
+ public AccessPolicyConfProvider accessPolicyConfProvider() {
+ return new IdRepoAccessPolicyConfProvider();
+ }
}
public static class TestSyncopeWebApplication extends
SyncopeWebApplication {
@@ -209,11 +216,12 @@ public abstract class AbstractTest {
final StatusProvider statusProvider,
final VirSchemaDetailsPanelProvider
virSchemaDetailsPanelProvider,
final ImplementationInfoProvider implementationInfoProvider,
+ final AccessPolicyConfProvider accessPolicyConfProvider,
final ApplicationContext ctx) {
super(props, lookup, serviceOps, resourceProvider,
anyDirectoryPanelAdditionalActionsProvider,
anyDirectoryPanelAdditionalActionLinksProvider,
anyWizardBuilderAdditionalSteps, statusProvider,
- virSchemaDetailsPanelProvider, implementationInfoProvider,
ctx);
+ virSchemaDetailsPanelProvider, implementationInfoProvider,
accessPolicyConfProvider, ctx);
}
public interface SyncopeServiceClient extends SyncopeService, Client {
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
index 24025d2774..8801e4c2e2 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
@@ -19,14 +19,8 @@
package org.apache.syncope.common.lib.policy;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import java.util.List;
-import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.BaseBean;
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY,
property = "_class")
public interface AccessPolicyConf extends BaseBean {
-
- List<Attr> getRequiredAttrs();
-
- List<Attr> getRejectedAttrs();
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
index b988657e71..733b4e92a1 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyTO.java
@@ -22,25 +22,12 @@ package org.apache.syncope.common.lib.policy;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import io.swagger.v3.oas.annotations.media.Schema;
-import java.net.URI;
@Schema(allOf = { PolicyTO.class })
public class AccessPolicyTO extends PolicyTO {
private static final long serialVersionUID = -6711411162433533300L;
- private int order;
-
- private boolean enabled = true;
-
- private boolean ssoEnabled = true;
-
- private boolean requireAllAttributes = true;
-
- private boolean caseInsensitive;
-
- private URI unauthorizedRedirectUrl;
-
private AccessPolicyConf conf;
@JacksonXmlProperty(localName = "_class", isAttribute = true)
@@ -52,54 +39,6 @@ public class AccessPolicyTO extends PolicyTO {
return getClass().getName();
}
- public int getOrder() {
- return order;
- }
-
- public void setOrder(final int order) {
- this.order = order;
- }
-
- public boolean isEnabled() {
- return enabled;
- }
-
- public void setEnabled(final boolean enabled) {
- this.enabled = enabled;
- }
-
- public boolean isSsoEnabled() {
- return this.ssoEnabled;
- }
-
- public void setSsoEnabled(final boolean ssoEnabled) {
- this.ssoEnabled = ssoEnabled;
- }
-
- public boolean isRequireAllAttributes() {
- return requireAllAttributes;
- }
-
- public void setRequireAllAttributes(final boolean requireAllAttributes) {
- this.requireAllAttributes = requireAllAttributes;
- }
-
- public boolean isCaseInsensitive() {
- return caseInsensitive;
- }
-
- public void setCaseInsensitive(final boolean caseInsensitive) {
- this.caseInsensitive = caseInsensitive;
- }
-
- public URI getUnauthorizedRedirectUrl() {
- return unauthorizedRedirectUrl;
- }
-
- public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) {
- this.unauthorizedRedirectUrl = unauthorizedRedirectUrl;
- }
-
public AccessPolicyConf getConf() {
return conf;
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
index 83685c6f4e..6e04eb8495 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
@@ -20,6 +20,7 @@ package org.apache.syncope.common.lib.policy;
import
com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import org.apache.syncope.common.lib.Attr;
@@ -28,20 +29,78 @@ public class DefaultAccessPolicyConf implements
AccessPolicyConf {
private static final long serialVersionUID = 1153200197344709778L;
+ private int order;
+
+ private boolean enabled = true;
+
+ private boolean ssoEnabled = true;
+
+ private boolean requireAllAttributes = true;
+
+ private boolean caseInsensitive;
+
+ private URI unauthorizedRedirectUrl;
+
private final List<Attr> requiredAttrs = new ArrayList<>();
private final List<Attr> rejectedAttrs = new ArrayList<>();
+ public int getOrder() {
+ return order;
+ }
+
+ public void setOrder(final int order) {
+ this.order = order;
+ }
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(final boolean enabled) {
+ this.enabled = enabled;
+ }
+
+ public boolean isSsoEnabled() {
+ return this.ssoEnabled;
+ }
+
+ public void setSsoEnabled(final boolean ssoEnabled) {
+ this.ssoEnabled = ssoEnabled;
+ }
+
+ public boolean isRequireAllAttributes() {
+ return requireAllAttributes;
+ }
+
+ public void setRequireAllAttributes(final boolean requireAllAttributes) {
+ this.requireAllAttributes = requireAllAttributes;
+ }
+
+ public boolean isCaseInsensitive() {
+ return caseInsensitive;
+ }
+
+ public void setCaseInsensitive(final boolean caseInsensitive) {
+ this.caseInsensitive = caseInsensitive;
+ }
+
+ public URI getUnauthorizedRedirectUrl() {
+ return unauthorizedRedirectUrl;
+ }
+
+ public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) {
+ this.unauthorizedRedirectUrl = unauthorizedRedirectUrl;
+ }
+
@JacksonXmlElementWrapper(localName = "requiredAttrs")
@JacksonXmlProperty(localName = "requiredAttr")
- @Override
public List<Attr> getRequiredAttrs() {
return requiredAttrs;
}
@JacksonXmlElementWrapper(localName = "rejectedAttrs")
@JacksonXmlProperty(localName = "rejectedAttr")
- @Override
public List<Attr> getRejectedAttrs() {
return rejectedAttrs;
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java
similarity index 61%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java
index 24025d2774..9192f9a3d9 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java
@@ -18,15 +18,27 @@
*/
package org.apache.syncope.common.lib.policy;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import java.util.List;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.BaseBean;
+public class HttpRequestAccessPolicyConf implements AccessPolicyConf {
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY,
property = "_class")
-public interface AccessPolicyConf extends BaseBean {
+ private static final long serialVersionUID = 4511220098152435547L;
- List<Attr> getRequiredAttrs();
+ private String ipAddress;
- List<Attr> getRejectedAttrs();
+ private String userAgent;
+
+ public String getIpAddress() {
+ return ipAddress;
+ }
+
+ public void setIpAddress(final String ipAddress) {
+ this.ipAddress = ipAddress;
+ }
+
+ public String getUserAgent() {
+ return userAgent;
+ }
+
+ public void setUserAgent(final String userAgent) {
+ this.userAgent = userAgent;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java
similarity index 60%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java
index 83685c6f4e..c63959faef 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java
@@ -22,27 +22,26 @@ import
com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import java.util.ArrayList;
import java.util.List;
-import org.apache.syncope.common.lib.Attr;
-public class DefaultAccessPolicyConf implements AccessPolicyConf {
+public class RemoteEndpointAccessPolicyConf implements AccessPolicyConf {
- private static final long serialVersionUID = 1153200197344709778L;
+ private static final long serialVersionUID = -1573476136969750601L;
- private final List<Attr> requiredAttrs = new ArrayList<>();
+ private String endpointUrl;
- private final List<Attr> rejectedAttrs = new ArrayList<>();
+ private final List<String> acceptableResponseCodes = new ArrayList<>();
- @JacksonXmlElementWrapper(localName = "requiredAttrs")
- @JacksonXmlProperty(localName = "requiredAttr")
- @Override
- public List<Attr> getRequiredAttrs() {
- return requiredAttrs;
+ public String getEndpointUrl() {
+ return endpointUrl;
}
- @JacksonXmlElementWrapper(localName = "rejectedAttrs")
- @JacksonXmlProperty(localName = "rejectedAttr")
- @Override
- public List<Attr> getRejectedAttrs() {
- return rejectedAttrs;
+ public void setEndpointUrl(final String endpointUrl) {
+ this.endpointUrl = endpointUrl;
+ }
+
+ @JacksonXmlElementWrapper(localName = "acceptableResponseCodes")
+ @JacksonXmlProperty(localName = "acceptableResponseCode")
+ public List<String> getAcceptableResponseCodes() {
+ return acceptableResponseCodes;
}
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java
similarity index 65%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java
index 24025d2774..002327339c 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AccessPolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java
@@ -18,15 +18,20 @@
*/
package org.apache.syncope.common.lib.policy;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import java.util.List;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.BaseBean;
+import java.time.ZoneOffset;
+import org.apache.syncope.common.lib.to.AbstractStartEndBean;
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY,
property = "_class")
-public interface AccessPolicyConf extends BaseBean {
+public class TimeBasedAccessPolicyConf extends AbstractStartEndBean implements
AccessPolicyConf {
- List<Attr> getRequiredAttrs();
+ private static final long serialVersionUID = 9092023809646651011L;
- List<Attr> getRejectedAttrs();
+ private String zoneId = ZoneOffset.UTC.getId();
+
+ public String getZoneId() {
+ return zoneId;
+ }
+
+ public void setZoneId(final String zoneId) {
+ this.zoneId = zoneId;
+ }
}
diff --git
a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
index a3839aca64..ee0a2e81ce 100644
---
a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
+++
b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
@@ -36,11 +36,11 @@ public abstract class SerializationTest {
public void accessPolicyConf() throws IOException {
AccessPolicyTO policy = new AccessPolicyTO();
policy.setName("Test Access policy");
- policy.setOrder(11);
- policy.setEnabled(true);
-
policy.setUnauthorizedRedirectUrl(URI.create("https://syncope.apache.org";));
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
+ conf.setOrder(11);
+ conf.setEnabled(true);
+
conf.setUnauthorizedRedirectUrl(URI.create("https://syncope.apache.org";));
conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin",
"Admin", "TheAdmin").build());
conf.getRejectedAttrs().add(new
Attr.Builder("uid").values("plain").build());
policy.setConf(conf);
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
index 1dffe8508b..1509722f4c 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AccessPolicy.java
@@ -18,35 +18,10 @@
*/
package org.apache.syncope.core.persistence.api.entity.policy;
-import java.net.URI;
import org.apache.syncope.common.lib.policy.AccessPolicyConf;
public interface AccessPolicy extends Policy {
- int getOrder();
-
- void setOrder(int order);
-
- boolean isEnabled();
-
- void setEnabled(boolean enabled);
-
- boolean isSsoEnabled();
-
- void setSsoEnabled(boolean ssoEnabled);
-
- boolean isRequireAllAttributes();
-
- void setRequireAllAttributes(boolean requireAllAttributes);
-
- boolean isCaseInsensitive();
-
- void setCaseInsensitive(boolean caseInsensitive);
-
- URI getUnauthorizedRedirectUrl();
-
- void setUnauthorizedRedirectUrl(URI unauthorizedRedirectUrl);
-
AccessPolicyConf getConf();
void setConf(AccessPolicyConf conf);
diff --git
a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
index 6c3558479d..d752c340cb 100644
--- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
@@ -53,7 +53,8 @@ under the License.
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf","authModules":["LdapAuthenticationTest"]}'/>
<!-- Access policies -->
- <AccessPolicy aporder="0" ssoEnabled="1" name="MyDefaultAccessPolicyConf"
caseInsensitive="1" id="419935c7-deb3-40b3-8a9a-683037e523a2" enabled="1"
requireAllAttributes="1"/>
+ <AccessPolicy name="DefaultAccessPolicy"
id="419935c7-deb3-40b3-8a9a-683037e523a2"
+
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf","order":0,"ssoEnabled":true,"caseInsensitive":true,"enabled":true,"requireAllAttributes":true}'/>
<!-- Attr Release Policies -->
<AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy"
id="219935c7-deb3-40b3-8a9a-683037e523a2"
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
index 7159f52e44..eb7056adb8 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAccessPolicy.java
@@ -18,13 +18,10 @@
*/
package org.apache.syncope.core.persistence.jpa.entity.policy;
-import java.net.URI;
import java.util.Optional;
-import javax.persistence.Basic;
import javax.persistence.Entity;
import javax.persistence.Lob;
import javax.persistence.Table;
-import org.apache.commons.lang3.BooleanUtils;
import org.apache.syncope.common.lib.policy.AccessPolicyConf;
import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
@@ -37,88 +34,9 @@ public class JPAAccessPolicy extends AbstractPolicy
implements AccessPolicy {
public static final String TABLE = "AccessPolicy";
- @Basic
- private Integer aporder = 0;
-
- @Basic
- private Boolean enabled = true;
-
- @Basic
- private Boolean ssoEnabled = true;
-
- @Basic
- private Boolean requireAllAttributes = true;
-
- @Basic
- private Boolean caseInsensitive;
-
- private String unauthorizedRedirectUrl;
-
@Lob
private String jsonConf;
- @Override
- public int getOrder() {
- return Optional.ofNullable(aporder).orElse(0);
- }
-
- @Override
- public void setOrder(final int order) {
- this.aporder = order;
- }
-
- @Override
- public boolean isEnabled() {
- return BooleanUtils.isNotFalse(enabled);
- }
-
- @Override
- public void setEnabled(final boolean enabled) {
- this.enabled = enabled;
- }
-
- @Override
- public boolean isSsoEnabled() {
- return BooleanUtils.isNotFalse(ssoEnabled);
- }
-
- @Override
- public void setSsoEnabled(final boolean ssoEnabled) {
- this.ssoEnabled = ssoEnabled;
- }
-
- @Override
- public boolean isRequireAllAttributes() {
- return BooleanUtils.isNotFalse(requireAllAttributes);
- }
-
- @Override
- public void setRequireAllAttributes(final boolean requireAllAttributes) {
- this.requireAllAttributes = requireAllAttributes;
- }
-
- @Override
- public boolean isCaseInsensitive() {
- return BooleanUtils.isNotFalse(caseInsensitive);
- }
-
- @Override
- public void setCaseInsensitive(final boolean caseInsensitive) {
- this.caseInsensitive = caseInsensitive;
- }
-
- @Override
- public URI getUnauthorizedRedirectUrl() {
- return Optional.ofNullable(unauthorizedRedirectUrl).
- map(URI::create).orElse(null);
- }
-
- @Override
- public void setUnauthorizedRedirectUrl(final URI unauthorizedRedirectUrl) {
- this.unauthorizedRedirectUrl =
Optional.ofNullable(unauthorizedRedirectUrl).
- map(URI::toASCIIString).orElse(null);
- }
-
@Override
public AccessPolicyConf getConf() {
return Optional.ofNullable(jsonConf).map(c ->
POJOHelper.deserialize(c, AccessPolicyConf.class)).orElse(null);
diff --git
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
index fc98da5a24..d07ea3e676 100644
---
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
+++
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
@@ -53,10 +53,10 @@ public class AbstractClientAppTest extends AbstractTest {
protected AccessPolicy buildAndSaveAccessPolicy() {
AccessPolicy accessPolicy =
entityFactory.newEntity(AccessPolicy.class);
accessPolicy.setName("AccessPolicyTest");
- accessPolicy.setEnabled(true);
- accessPolicy.setSsoEnabled(false);
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
+ conf.setEnabled(true);
+ conf.setSsoEnabled(false);
conf.getRequiredAttrs().add(new
Attr.Builder("attribute1").values("value1", "value2").build());
accessPolicy.setConf(conf);
diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
index 1a11e11471..21ff82ca72 100644
--- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
@@ -53,7 +53,8 @@ under the License.
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf","authModules":["LdapAuthenticationTest"]}'/>
<!-- Access policies -->
- <AccessPolicy aporder="0" ssoEnabled="1" name="MyDefaultAccessPolicyConf"
caseInsensitive="1" id="419935c7-deb3-40b3-8a9a-683037e523a2" enabled="1"
requireAllAttributes="1"/>
+ <AccessPolicy name="DefaultAccessPolicy"
id="419935c7-deb3-40b3-8a9a-683037e523a2"
+
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf","order":0,"ssoEnabled":true,"caseInsensitive":true,"enabled":true,"requireAllAttributes":true}'/>
<!-- Attr Release Policies -->
<AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy"
id="219935c7-deb3-40b3-8a9a-683037e523a2"
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
index fdf1c3c1bc..c137355c22 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/PolicyDataBinderImpl.java
@@ -239,12 +239,6 @@ public class PolicyDataBinderImpl implements
PolicyDataBinder {
AccessPolicyTO accessPolicyTO =
AccessPolicyTO.class.cast(policyTO);
accessPolicy.setName(accessPolicyTO.getKey());
- accessPolicy.setOrder(accessPolicyTO.getOrder());
- accessPolicy.setEnabled(accessPolicyTO.isEnabled());
- accessPolicy.setSsoEnabled(accessPolicyTO.isSsoEnabled());
-
accessPolicy.setRequireAllAttributes(accessPolicyTO.isRequireAllAttributes());
-
accessPolicy.setCaseInsensitive(accessPolicyTO.isCaseInsensitive());
-
accessPolicy.setUnauthorizedRedirectUrl(accessPolicyTO.getUnauthorizedRedirectUrl());
accessPolicy.setConf(accessPolicyTO.getConf());
} else if (policyTO instanceof AttrReleasePolicyTO) {
if (result == null) {
@@ -339,16 +333,9 @@ public class PolicyDataBinderImpl implements
PolicyDataBinder {
authPolicyTO.setConf(((AuthPolicy) policy).getConf());
} else if (policy instanceof AccessPolicy) {
- AccessPolicy accessPolicy = AccessPolicy.class.cast(policy);
AccessPolicyTO accessPolicyTO = new AccessPolicyTO();
policyTO = (T) accessPolicyTO;
- accessPolicyTO.setOrder(accessPolicy.getOrder());
- accessPolicyTO.setEnabled(accessPolicy.isEnabled());
- accessPolicyTO.setSsoEnabled(accessPolicy.isSsoEnabled());
-
accessPolicyTO.setRequireAllAttributes(accessPolicy.isRequireAllAttributes());
-
accessPolicyTO.setCaseInsensitive(accessPolicy.isCaseInsensitive());
-
accessPolicyTO.setUnauthorizedRedirectUrl(accessPolicy.getUnauthorizedRedirectUrl());
accessPolicyTO.setConf(((AccessPolicy) policy).getConf());
} else if (policy instanceof AttrReleasePolicy) {
AttrReleasePolicy attrReleasePolicy =
AttrReleasePolicy.class.cast(policy);
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index 511d0c1d5e..59dda15f92 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -952,9 +952,9 @@ public abstract class AbstractITCase {
protected static AccessPolicyTO buildAccessPolicyTO() {
AccessPolicyTO policy = new AccessPolicyTO();
policy.setName("Test Access policy");
- policy.setEnabled(true);
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
+ conf.setEnabled(true);
conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin",
"Admin", "TheAdmin").build());
policy.setConf(conf);
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java
index 11b2b64758..1f5828b66d 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java
@@ -31,8 +31,8 @@ import java.util.Locale;
import java.util.Properties;
import java.util.Set;
import org.apache.syncope.client.console.ConsoleProperties;
-import org.apache.syncope.client.console.SyncopeAMConsoleContext;
-import org.apache.syncope.client.console.SyncopeIdMConsoleContext;
+import org.apache.syncope.client.console.AMConsoleContext;
+import org.apache.syncope.client.console.IdMConsoleContext;
import org.apache.syncope.client.console.SyncopeWebApplication;
import org.apache.syncope.client.console.commons.IdRepoPolicyTabProvider;
import org.apache.syncope.client.console.commons.PolicyTabProvider;
@@ -135,8 +135,8 @@ public abstract class AbstractConsoleITCase extends
AbstractUIITCase {
ctx.register(SyncopeConsoleWebApplicationTestConfig.class);
ctx.register(SyncopeWebApplication.class);
- ctx.register(SyncopeAMConsoleContext.class);
- ctx.register(SyncopeIdMConsoleContext.class);
+ ctx.register(AMConsoleContext.class);
+ ctx.register(IdMConsoleContext.class);
String springActiveProfiles = null;
try (InputStream propStream =
AbstractConsoleITCase.class.getResourceAsStream("/test.properties")) {
diff --git a/src/main/asciidoc/reference-guide/concepts/policies.adoc
b/src/main/asciidoc/reference-guide/concepts/policies.adoc
index dbb7d8193e..c3c1b6e923 100644
--- a/src/main/asciidoc/reference-guide/concepts/policies.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/policies.adoc
@@ -268,14 +268,55 @@ a `JAVA` `PASSWORD_RULE`
<<implementations,implementation>> for the
[[policies-access]]
==== Access
-Access policies provide fine-grained control over the authorization rules to
apply to
+Access policies provide fine-grained control over the access rules to apply to
<<client-applications,client applications>>.
-An access policy describes whether the client application is allowed to use
WA, allowed to participate in
-single sign-on authentication, etc. Additionally, it may be configured to
require a certain set of principal attributes
-that must exist before access can be granted to the client application. This
behavior allows one to configure various
-attributes in terms of access roles for the application and define rules that
would be enacted and validated when an
-authentication request from the application arrives.
+The following access policy configurations are available by default:
+
+[cols="1,2"]
+|===
+
+|
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java[DefaultAccessPolicyConf^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java[DefaultAccessPolicyConf^]
+endif::[]
+| It describes whether the client application is allowed to use WA, allowed to
participate in single sign-on
+authentication, etc; additionally, it may be configured to require a certain
set of principal attributes that must exist
+before access can be granted.
+
+|
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java[HttpRequestAccessPolicyConf^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/HttpRequestAccessPolicyConf.java[HttpRequestAccessPolicyConf^]
+endif::[]
+| Make access decisions based on HTTP request properties as client IP address
and user-agent.
+
+|
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java[RemoteEndpointAccessPolicyConf^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/RemoteEndpointAccessPolicyConf.java[RemoteEndpointAccessPolicyConf^]
+endif::[]
+| Delegate access decisions to a remote endpoint by receiving the
authenticated principal as url parameter of a `GET`
+request; the response code that the endpoint returns is then compared against
the policy setting and if a match is
+found, access is granted.
+
+|
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java[TimeBasedAccessPolicyConf^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/3_0_X/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/TimeBasedAccessPolicyConf.java[TimeBasedAccessPolicyConf^]
+endif::[]
+| Access is only allowed within the configured timeframe.
+
+|===
[NOTE]
Access Policy instances are dynamically translated into
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
index 6c24e5eb03..237cb11b90 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
@@ -29,21 +29,23 @@ public class DefaultAccessMapper implements AccessMapper {
@Override
public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) {
+ DefaultAccessPolicyConf conf = (DefaultAccessPolicyConf)
policy.getConf();
+
DefaultRegisteredServiceAccessStrategy accessStrategy =
- new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(),
policy.isSsoEnabled());
+ new DefaultRegisteredServiceAccessStrategy(conf.isEnabled(),
conf.isSsoEnabled());
- accessStrategy.setOrder(policy.getOrder());
+ accessStrategy.setOrder(conf.getOrder());
-
accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes());
+ accessStrategy.setRequireAllAttributes(conf.isRequireAllAttributes());
- accessStrategy.setCaseInsensitive(policy.isCaseInsensitive());
+ accessStrategy.setCaseInsensitive(conf.isCaseInsensitive());
-
accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl());
+
accessStrategy.setUnauthorizedRedirectUrl(conf.getUnauthorizedRedirectUrl());
- policy.getConf().getRequiredAttrs().forEach(
+ conf.getRequiredAttrs().forEach(
attr ->
accessStrategy.getRequiredAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
- policy.getConf().getRejectedAttrs().forEach(
+ conf.getRejectedAttrs().forEach(
attr ->
accessStrategy.getRejectedAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
return accessStrategy;
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/HttpRequestAccessMapper.java
similarity index 50%
copy from
wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
copy to
wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/HttpRequestAccessMapper.java
index 6c24e5eb03..ea034f1586 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/HttpRequestAccessMapper.java
@@ -18,33 +18,23 @@
*/
package org.apache.syncope.wa.starter.mapping;
-import java.util.HashSet;
+import java.util.Optional;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
-import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
-import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
+import org.apache.syncope.common.lib.policy.HttpRequestAccessPolicyConf;
+import org.apereo.cas.services.HttpRequestRegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
-@AccessMapFor(accessPolicyConfClass = DefaultAccessPolicyConf.class)
-public class DefaultAccessMapper implements AccessMapper {
+@AccessMapFor(accessPolicyConfClass = HttpRequestAccessPolicyConf.class)
+public class HttpRequestAccessMapper implements AccessMapper {
@Override
public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) {
- DefaultRegisteredServiceAccessStrategy accessStrategy =
- new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(),
policy.isSsoEnabled());
+ HttpRequestAccessPolicyConf conf = (HttpRequestAccessPolicyConf)
policy.getConf();
- accessStrategy.setOrder(policy.getOrder());
+ HttpRequestRegisteredServiceAccessStrategy accessStrategy = new
HttpRequestRegisteredServiceAccessStrategy();
-
accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes());
-
- accessStrategy.setCaseInsensitive(policy.isCaseInsensitive());
-
-
accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl());
-
- policy.getConf().getRequiredAttrs().forEach(
- attr ->
accessStrategy.getRequiredAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
-
- policy.getConf().getRejectedAttrs().forEach(
- attr ->
accessStrategy.getRejectedAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
+
Optional.ofNullable(conf.getIpAddress()).ifPresent(accessStrategy::setIpAddress);
+
Optional.ofNullable(conf.getUserAgent()).ifPresent(accessStrategy::setUserAgent);
return accessStrategy;
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RemoteEndpointAccessMapper.java
similarity index 50%
copy from
wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
copy to
wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RemoteEndpointAccessMapper.java
index 6c24e5eb03..595a593039 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RemoteEndpointAccessMapper.java
@@ -18,33 +18,24 @@
*/
package org.apache.syncope.wa.starter.mapping;
-import java.util.HashSet;
+import java.util.Optional;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
-import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
-import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
+import org.apache.syncope.common.lib.policy.RemoteEndpointAccessPolicyConf;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
+import org.apereo.cas.services.RemoteEndpointServiceAccessStrategy;
-@AccessMapFor(accessPolicyConfClass = DefaultAccessPolicyConf.class)
-public class DefaultAccessMapper implements AccessMapper {
+@AccessMapFor(accessPolicyConfClass = RemoteEndpointAccessPolicyConf.class)
+public class RemoteEndpointAccessMapper implements AccessMapper {
@Override
public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) {
- DefaultRegisteredServiceAccessStrategy accessStrategy =
- new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(),
policy.isSsoEnabled());
+ RemoteEndpointAccessPolicyConf conf = (RemoteEndpointAccessPolicyConf)
policy.getConf();
- accessStrategy.setOrder(policy.getOrder());
+ RemoteEndpointServiceAccessStrategy accessStrategy = new
RemoteEndpointServiceAccessStrategy();
-
accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes());
+
Optional.ofNullable(conf.getEndpointUrl()).ifPresent(accessStrategy::setEndpointUrl);
- accessStrategy.setCaseInsensitive(policy.isCaseInsensitive());
-
-
accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl());
-
- policy.getConf().getRequiredAttrs().forEach(
- attr ->
accessStrategy.getRequiredAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
-
- policy.getConf().getRejectedAttrs().forEach(
- attr ->
accessStrategy.getRejectedAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
+ accessStrategy.setAcceptableResponseCodes(String.join(",",
conf.getAcceptableResponseCodes()));
return accessStrategy;
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/TimeBasedAccessMapper.java
similarity index 50%
copy from
wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
copy to
wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/TimeBasedAccessMapper.java
index 6c24e5eb03..f4cd0f2e34 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/TimeBasedAccessMapper.java
@@ -18,33 +18,28 @@
*/
package org.apache.syncope.wa.starter.mapping;
-import java.util.HashSet;
+import java.time.format.DateTimeFormatter;
+import java.util.Optional;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
-import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
-import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
+import org.apache.syncope.common.lib.policy.TimeBasedAccessPolicyConf;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
+import org.apereo.cas.services.TimeBasedRegisteredServiceAccessStrategy;
-@AccessMapFor(accessPolicyConfClass = DefaultAccessPolicyConf.class)
-public class DefaultAccessMapper implements AccessMapper {
+@AccessMapFor(accessPolicyConfClass = TimeBasedAccessPolicyConf.class)
+public class TimeBasedAccessMapper implements AccessMapper {
@Override
public RegisteredServiceAccessStrategy build(final AccessPolicyTO policy) {
- DefaultRegisteredServiceAccessStrategy accessStrategy =
- new DefaultRegisteredServiceAccessStrategy(policy.isEnabled(),
policy.isSsoEnabled());
+ TimeBasedAccessPolicyConf conf = (TimeBasedAccessPolicyConf)
policy.getConf();
- accessStrategy.setOrder(policy.getOrder());
+ TimeBasedRegisteredServiceAccessStrategy accessStrategy = new
TimeBasedRegisteredServiceAccessStrategy();
-
accessStrategy.setRequireAllAttributes(policy.isRequireAllAttributes());
+ Optional.ofNullable(conf.getStart()).
+
map(DateTimeFormatter.ISO_OFFSET_DATE_TIME::format).ifPresent(accessStrategy::setStartingDateTime);
+ Optional.ofNullable(conf.getEnd()).
+
map(DateTimeFormatter.ISO_OFFSET_DATE_TIME::format).ifPresent(accessStrategy::setEndingDateTime);
- accessStrategy.setCaseInsensitive(policy.isCaseInsensitive());
-
-
accessStrategy.setUnauthorizedRedirectUrl(policy.getUnauthorizedRedirectUrl());
-
- policy.getConf().getRequiredAttrs().forEach(
- attr ->
accessStrategy.getRequiredAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
-
- policy.getConf().getRejectedAttrs().forEach(
- attr ->
accessStrategy.getRejectedAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
+
Optional.ofNullable(conf.getZoneId()).ifPresent(accessStrategy::setZoneId);
return accessStrategy;
}
diff --git
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
index 2b74bd1661..f133f5253b 100644
---
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
+++
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
@@ -112,8 +112,8 @@ public class WAServiceRegistryTest extends AbstractTest {
}
AccessPolicyTO accessPolicy = new AccessPolicyTO();
- accessPolicy.setEnabled(true);
DefaultAccessPolicyConf accessPolicyConf = new
DefaultAccessPolicyConf();
+ accessPolicyConf.setEnabled(true);
accessPolicyConf.getRequiredAttrs().add(new
Attr.Builder("cn").values("admin", "Admin", "TheAdmin").build());
accessPolicy.setConf(accessPolicyConf);
waClientApp.setAccessPolicy(accessPolicy);
