Repository: syncope Updated Branches: refs/heads/2_0_X 077edf874 -> 767c30307 refs/heads/master b49453765 -> a70efed4c
http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java index 05a48ba..74a8924 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java @@ -38,6 +38,8 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.lang3.tuple.Pair; +import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; +import org.apache.syncope.client.lib.BasicAuthenticationHandler; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.EntityTOUtils; import org.apache.syncope.common.lib.SyncopeClientException; @@ -98,15 +100,6 @@ public class AuthenticationITCase extends AbstractITCase { return readUserTO.getFailedLogins(); } - private void assertReadFails(final SyncopeClient client) { - try { - client.self(); - fail("access should not work"); - } catch (Exception e) { - assertNotNull(e); - } - } - @Test public void testReadEntitlements() { // 1. as not authenticated (not allowed) @@ -118,7 +111,8 @@ public class AuthenticationITCase extends AbstractITCase { } // 2. as anonymous - Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).self(); + Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create( + new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)).self(); assertEquals(1, self.getKey().size()); assertTrue(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS)); assertEquals(ANONYMOUS_UNAME, self.getValue().getUsername()); @@ -342,10 +336,18 @@ public class AuthenticationITCase extends AbstractITCase { assertEquals(0, getFailedLogins(userService2, userKey)); // authentications failed ... - SyncopeClient badPwdClient = clientFactory.create(userTO.getUsername(), "wrongpwd1"); - assertReadFails(badPwdClient); - assertReadFails(badPwdClient); - + try { + clientFactory.create(userTO.getUsername(), "wrongpwd1"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } + try { + clientFactory.create(userTO.getUsername(), "wrongpwd1"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } assertEquals(2, getFailedLogins(userService, userKey)); UserService userService4 = clientFactory.create(userTO.getUsername(), "password123"). @@ -366,15 +368,34 @@ public class AuthenticationITCase extends AbstractITCase { assertEquals(0, getFailedLogins(userService, userKey)); // authentications failed ... - SyncopeClient badPwdClient = clientFactory.create(userTO.getUsername(), "wrongpwd1"); - assertReadFails(badPwdClient); - assertReadFails(badPwdClient); - assertReadFails(badPwdClient); + try { + clientFactory.create(userTO.getUsername(), "wrongpwd1"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } + try { + clientFactory.create(userTO.getUsername(), "wrongpwd1"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } + try { + clientFactory.create(userTO.getUsername(), "wrongpwd1"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } assertEquals(3, getFailedLogins(userService, userKey)); // last authentication before suspension - assertReadFails(badPwdClient); + try { + clientFactory.create(userTO.getUsername(), "wrongpwd1"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } userTO = userService.read(userTO.getKey()); assertNotNull(userTO); @@ -383,8 +404,12 @@ public class AuthenticationITCase extends AbstractITCase { assertEquals("suspended", userTO.getStatus()); // Access with correct credentials should fail as user is suspended - SyncopeClient goodPwdClient = clientFactory.create(userTO.getUsername(), "password123"); - assertReadFails(goodPwdClient); + try { + clientFactory.create(userTO.getUsername(), "password123"); + fail(); + } catch (AccessControlException e) { + assertNotNull(e); + } StatusPatch reactivate = new StatusPatch(); reactivate.setKey(userTO.getKey()); @@ -394,6 +419,7 @@ public class AuthenticationITCase extends AbstractITCase { assertNotNull(userTO); assertEquals("active", userTO.getStatus()); + SyncopeClient goodPwdClient = clientFactory.create(userTO.getUsername(), "password123"); assertEquals(0, goodPwdClient.self().getValue().getFailedLogins(), 0); } @@ -468,6 +494,8 @@ public class AuthenticationITCase extends AbstractITCase { assertTrue(bellini.getRoles().contains(role.getKey())); // 5. now the instance of the type above can be created successfully + belliniClient.logout(); + belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD)); belliniClient.getService(AnyObjectService.class).create(folder); } http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java index 2295fc8..1d8c528 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java @@ -41,6 +41,7 @@ import javax.ws.rs.core.Response; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.lang3.SerializationUtils; +import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.AnyOperations; import org.apache.syncope.common.lib.SyncopeClientException; @@ -624,7 +625,9 @@ public class GroupITCase extends AbstractITCase { assertNotNull(e); } - GroupService anonymous = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).getService(GroupService.class); + GroupService anonymous = clientFactory.create( + new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)). + getService(GroupService.class); assertFalse(anonymous.search(new AnyQuery.Builder().realm(SyncopeConstants.ROOT_REALM).build()). getResult().isEmpty()); } http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java index dcacbeb..8c11fb7 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java @@ -100,7 +100,7 @@ public class MultitenancyITCase extends AbstractITCase { @Test public void readPlainSchemas() { - assertEquals(11, adminClient.getService(SchemaService.class). + assertEquals(13, adminClient.getService(SchemaService.class). list(new SchemaQuery.Builder().type(SchemaType.PLAIN).build()).size()); } http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RESTITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RESTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RESTITCase.java index 9d8d920..b98dc53 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RESTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RESTITCase.java @@ -38,6 +38,7 @@ import javax.ws.rs.core.Response; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.syncope.client.lib.BasicAuthenticationHandler; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.client.lib.SyncopeClientFactoryBean; import org.apache.syncope.common.lib.SyncopeClientException; @@ -69,9 +70,8 @@ public class RESTITCase extends AbstractITCase { assertFalse(connectors.isEmpty()); // service with bad password: 401 unauthorized - SyncopeClient badClient = clientFactory.create("bellini", "passwor"); try { - badClient.getService(ConnectorService.class).list(null); + clientFactory.create("bellini", "passwor"); fail(); } catch (AccessControlException e) { assertNotNull(e); @@ -90,7 +90,8 @@ public class RESTITCase extends AbstractITCase { @Test public void noContent() throws IOException { SyncopeClient noContentclient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); - GroupService noContentService = noContentclient.prefer(GroupService.class, Preference.RETURN_NO_CONTENT); + GroupService noContentService = noContentclient.prefer( + noContentclient.getService(GroupService.class), Preference.RETURN_NO_CONTENT); GroupTO group = GroupITCase.getSampleTO("noContent"); @@ -144,7 +145,7 @@ public class RESTITCase extends AbstractITCase { EntityTag etag1 = adminClient.getLatestEntityTag(userService); assertFalse(etag.getValue().equals(etag1.getValue())); - UserService ifMatchService = adminClient.ifMatch(UserService.class, etag); + UserService ifMatchService = adminClient.ifMatch(adminClient.getService(UserService.class), etag); userPatch.setUsername(new StringReplacePatchItem.Builder().value(userTO.getUsername() + "YY").build()); try { ifMatchService.update(userPatch); @@ -165,8 +166,7 @@ public class RESTITCase extends AbstractITCase { MediaType.WILDCARD_TYPE, factory.getRestClientFactoryBean(), factory.getExceptionMapper(), - ADMIN_UNAME, - ADMIN_PWD, + new BasicAuthenticationHandler(ADMIN_UNAME, ADMIN_PWD), false); // perform operation http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java index ca568da..370cf52 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java @@ -35,6 +35,7 @@ import java.util.Set; import javax.ws.rs.core.Response; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; +import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.AnyObjectTO; import org.apache.syncope.common.lib.to.ConnObjectTO; @@ -528,7 +529,8 @@ public class ResourceITCase extends AbstractITCase { assertNotNull(e); } - ResourceService anonymous = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY). + ResourceService anonymous = clientFactory.create( + new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)). getService(ResourceService.class); assertFalse(anonymous.list().isEmpty()); } http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java index 9cea62a..21e9fe6 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java @@ -42,6 +42,7 @@ import org.apache.commons.lang3.time.DateFormatUtils; import org.apache.commons.lang3.time.FastDateFormat; import org.apache.commons.lang3.tuple.Pair; import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.patch.AssociationPatch; @@ -325,10 +326,8 @@ public class UserITCase extends AbstractITCase { fail("Credentials should be valid and not cause AccessControlException"); } - UserSelfService userSelfService2 = clientFactory.create( - newUserTO.getUsername(), "passwordXX").getService(UserSelfService.class); try { - userSelfService2.read(); + clientFactory.create(newUserTO.getUsername(), "passwordXX").getService(UserSelfService.class); fail("Credentials are invalid, thus request should raise AccessControlException"); } catch (AccessControlException e) { assertNotNull(e); @@ -879,8 +878,8 @@ public class UserITCase extends AbstractITCase { @Test public void async() { - UserService asyncService = - clientFactory.create(ADMIN_UNAME, ADMIN_PWD).nullPriorityAsync(UserService.class, true); + SyncopeClient asyncClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); + UserService asyncService = asyncClient.nullPriorityAsync(asyncClient.getService(UserService.class), true); UserTO user = getUniqueSampleTO("as...@syncope.apache.org"); user.getResources().add(RESOURCE_NAME_TESTDB); http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java index 15faa01..faf1a0d 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java @@ -27,6 +27,7 @@ import static org.junit.Assert.fail; import java.security.AccessControlException; import java.util.List; import javax.ws.rs.core.Response; +import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.ResourceTO; import org.apache.syncope.common.lib.to.VirSchemaTO; @@ -99,7 +100,9 @@ public class VirSchemaITCase extends AbstractITCase { assertNotNull(e); } - SchemaService anonymous = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).getService(SchemaService.class); + SchemaService anonymous = clientFactory.create( + new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)). + getService(SchemaService.class); assertFalse(anonymous.list(new SchemaQuery.Builder().type(SchemaType.VIRTUAL).build()).isEmpty()); } http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index a6f6d3c..7fa2bd2 100644 --- a/pom.xml +++ b/pom.xml @@ -551,6 +551,11 @@ under the License. </dependency> <dependency> <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-rs-security-jose</artifactId> + <version>${cxf.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-rs-service-description</artifactId> <version>${cxf.version}</version> </dependency> @@ -768,7 +773,11 @@ under the License. <exclusions> <exclusion> <groupId>org.springframework</groupId> - <artifactId>spring-aop</artifactId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> @@ -780,6 +789,16 @@ under the License. <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring-security.version}</version> + <exclusions> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> http://git-wip-us.apache.org/repos/asf/syncope/blob/521f51a9/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc b/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc index 07be49c..ad0cff6 100644 --- a/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc +++ b/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc @@ -72,7 +72,7 @@ Sometimes it is useful to obtain values as arbitrary combinations of other attri concatenation of `firstname` 's and `surname` 's values, separated by a blank space. Derived schemas are always read-only and require a http://commons.apache.org/proper/commons-jexl/[JEXL^] -expression to be specified that reference plain schema types. + +expression to be specified that references plain schema types. + For the sample above, it would be firstname + ' ' + surname
