This is an automated email from the ASF dual-hosted git repository.
andreapatricelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 34a9c8c0ef [SYNCOPE-1732] Support generic access policy configuration
through BeanPanel (#413)
34a9c8c0ef is described below
commit 34a9c8c0ef8efa1f4fe28625afca3600d95a9557
Author: Andrea Patricelli <andreapatrice...@apache.org>
AuthorDate: Thu Feb 23 14:11:57 2023 +0100
[SYNCOPE-1732] Support generic access policy configuration through
BeanPanel (#413)
* [SYNCOPE-1732] support generic access policy configuration through bean
panel
---
.../policies/AccessPolicyDirectoryPanel.java | 45 ---------
.../console/policies/AccessPolicyModalPanel.java | 102 +--------------------
.../console/policies/AccessPolicyModalPanel.html | 6 +-
.../syncope/client/ui/commons/Constants.java | 4 +-
.../syncope/client/console/panels/BeanPanel.java | 6 +-
.../common/lib/policy/DefaultAccessPolicyConf.java | 24 +++--
.../syncope/common/lib/SerializationTest.java | 4 +-
.../jpa/inner/AbstractClientAppTest.java | 3 +-
.../core/persistence/jpa/inner/PolicyTest.java | 3 +-
.../org/apache/syncope/fit/AbstractITCase.java | 2 +-
.../org/apache/syncope/fit/core/PolicyITCase.java | 11 +--
.../org/apache/syncope/fit/core/RealmITCase.java | 3 +-
.../wa/starter/mapping/DefaultAccessMapper.java | 10 +-
.../syncope/wa/starter/WAServiceRegistryTest.java | 3 +-
14 files changed, 39 insertions(+), 187 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
index 4261ad8236..a9e2232450 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyDirectoryPanel.java
@@ -19,7 +19,6 @@
package org.apache.syncope.client.console.policies;
import java.util.List;
-import org.apache.syncope.client.console.panels.ModalDirectoryPanel;
import org.apache.syncope.client.console.rest.PolicyRestClient;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink;
import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel;
@@ -92,49 +91,5 @@ public class AccessPolicyDirectoryPanel extends
PolicyDirectoryPanel<AccessPolic
policySpecModal.show(true);
}
}, ActionLink.ActionType.CHANGE_VIEW, IdRepoEntitlement.POLICY_UPDATE);
-
- if (model.getObject().getConf() instanceof DefaultAccessPolicyConf) {
- panel.add(new ActionLink<>() {
-
- private static final long serialVersionUID =
-3722207913631435501L;
-
- @Override
- public void onClick(final AjaxRequestTarget target, final
AccessPolicyTO ignore) {
- model.setObject(PolicyRestClient.read(type,
model.getObject().getKey()));
- target.add(ruleCompositionModal.setContent(new
ModalDirectoryPanel<>(
- ruleCompositionModal,
- new AccessPolicyAttrsDirectoryPanel(
- "panel",
- ruleCompositionModal,
- model,
- DefaultAccessPolicyConf::getRequiredAttrs,
- pageRef),
- pageRef)));
- ruleCompositionModal.header(new
Model<>(getString("requiredAttrs.title", model)));
- ruleCompositionModal.show(true);
- }
- }, ActionLink.ActionType.TYPE_EXTENSIONS,
IdRepoEntitlement.POLICY_UPDATE);
-
- panel.add(new ActionLink<>() {
-
- private static final long serialVersionUID =
-3722207913631435501L;
-
- @Override
- public void onClick(final AjaxRequestTarget target, final
AccessPolicyTO ignore) {
- model.setObject(PolicyRestClient.read(type,
model.getObject().getKey()));
- target.add(ruleCompositionModal.setContent(new
ModalDirectoryPanel<>(
- ruleCompositionModal,
- new AccessPolicyAttrsDirectoryPanel(
- "panel",
- ruleCompositionModal,
- model,
- DefaultAccessPolicyConf::getRejectedAttrs,
- pageRef),
- pageRef)));
- ruleCompositionModal.header(new
Model<>(getString("rejectedAttrs.title", model)));
- ruleCompositionModal.show(true);
- }
- }, ActionLink.ActionType.CLAIM, IdRepoEntitlement.POLICY_UPDATE);
- }
}
}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
index e71d36e90c..f64256fe00 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
@@ -18,36 +18,19 @@
*/
package org.apache.syncope.client.console.policies;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.commons.lang3.time.DateFormatUtils;
import org.apache.syncope.client.console.SyncopeConsoleSession;
import org.apache.syncope.client.console.panels.AbstractModalPanel;
+import org.apache.syncope.client.console.panels.BeanPanel;
import org.apache.syncope.client.console.rest.PolicyRestClient;
import
org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
-import
org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel;
import org.apache.syncope.client.ui.commons.Constants;
-import org.apache.syncope.client.ui.commons.DateOps;
-import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel;
-import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxDateTimeFieldPanel;
-import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxSpinnerFieldPanel;
-import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
-import org.apache.syncope.client.ui.commons.markup.html.form.FieldPanel;
import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
-import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
-import org.apache.syncope.common.lib.policy.HttpRequestAccessPolicyConf;
-import org.apache.syncope.common.lib.policy.RemoteEndpointAccessPolicyConf;
-import org.apache.syncope.common.lib.policy.TimeBasedAccessPolicyConf;
import org.apache.syncope.common.lib.types.PolicyType;
-import org.apache.wicket.Component;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
-import org.apache.wicket.markup.html.list.ListItem;
-import org.apache.wicket.markup.html.list.ListView;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.PropertyModel;
-import org.apache.wicket.validation.validator.UrlValidator;
public class AccessPolicyModalPanel extends AbstractModalPanel<AccessPolicyTO>
{
@@ -64,88 +47,7 @@ public class AccessPolicyModalPanel extends
AbstractModalPanel<AccessPolicyTO> {
super(modal, pageRef);
this.model = model;
- List<Component> fields = new ArrayList<>();
-
- if (model.getObject().getConf() instanceof DefaultAccessPolicyConf) {
- fields.add(new AjaxSpinnerFieldPanel.Builder<Integer>().build(
- "field",
- "order",
- Integer.class,
- new PropertyModel<>(model.getObject().getConf(),
"order")));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "enabled",
- new PropertyModel<>(model.getObject().getConf(),
"enabled"),
- false));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "ssoEnabled",
- new PropertyModel<>(model.getObject().getConf(),
"ssoEnabled"),
- false));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "requireAllAttributes",
- new PropertyModel<>(model.getObject().getConf(),
"requireAllAttributes"),
- false));
- fields.add(new AjaxCheckBoxPanel(
- "field",
- "caseInsensitive",
- new PropertyModel<>(model.getObject().getConf(),
"caseInsensitive"),
- false));
- AjaxTextFieldPanel unauthorizedRedirectUrl = new
AjaxTextFieldPanel(
- "field",
- "unauthorizedRedirectUrl",
- new PropertyModel<>(model.getObject().getConf(),
"unauthorizedRedirectUrl"),
- false);
- unauthorizedRedirectUrl.getField().add(new UrlValidator(new
String[] { "http", "https" }));
- fields.add(unauthorizedRedirectUrl);
- } else if (model.getObject().getConf() instanceof
HttpRequestAccessPolicyConf) {
- fields.add(new AjaxTextFieldPanel("field", "ipAddress",
- new PropertyModel<>(model.getObject().getConf(),
"ipAddress"), false));
- fields.add(new AjaxTextFieldPanel("field", "userAgent",
- new PropertyModel<>(model.getObject().getConf(),
"userAgent"), false));
- } else if (model.getObject().getConf() instanceof
RemoteEndpointAccessPolicyConf) {
- AjaxTextFieldPanel endpointUrl = new AjaxTextFieldPanel(
- "field",
- "endpointUrl",
- new PropertyModel<>(model.getObject().getConf(),
"endpointUrl"),
- false);
- endpointUrl.getField().add(new UrlValidator(new String[] { "http",
"https" }));
- fields.add(endpointUrl.setRequired(true));
-
- FieldPanel panel = new AjaxTextFieldPanel(
- "panel",
- "acceptableResponseCodes",
- new PropertyModel<>(model.getObject().getConf(),
"acceptableResponseCodes"));
- fields.add(new MultiFieldPanel.Builder<>(
- new PropertyModel<>(model.getObject().getConf(),
"acceptableResponseCodes")).build(
- "field",
- "acceptableResponseCodes",
- panel));
- } else if (model.getObject().getConf() instanceof
TimeBasedAccessPolicyConf) {
- fields.add(new AjaxDateTimeFieldPanel(
- "field",
- "start",
- new DateOps.WrappedDateModel(new
PropertyModel<>(model.getObject().getConf(), "start")),
-
DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT));
- fields.add(new AjaxDateTimeFieldPanel(
- "field",
- "end",
- new DateOps.WrappedDateModel(new
PropertyModel<>(model.getObject().getConf(), "end")),
-
DateFormatUtils.ISO_8601_EXTENDED_DATETIME_TIME_ZONE_FORMAT));
- fields.add(new AjaxTextFieldPanel("field", "zoneId",
- new PropertyModel<>(model.getObject().getConf(),
"zoneId"), false));
- }
-
- add(new ListView<>("fields", fields) {
-
- private static final long serialVersionUID = -9180479401817023838L;
-
- @Override
- protected void populateItem(final ListItem<Component> item) {
- item.add(item.getModelObject());
- }
- });
+ add(new BeanPanel<>("bean", new PropertyModel<>(model, "conf"),
pageRef).setRenderBodyOnly(true));
}
@Override
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
index b1fcbd9eac..793de99af0 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.html
@@ -18,10 +18,6 @@ under the License.
-->
<html xmlns="http://www.w3.org/1999/xhtml";
xmlns:wicket="http://wicket.apache.org";>
<wicket:extend>
- <div wicket:id="fields">
- <div class="form-group">
- <span wicket:id="field"/>
- </div>
- </div>
+ <span wicket:id="bean"/>
</wicket:extend>
</html>
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/Constants.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/Constants.java
index 789fa41872..644ce96cdb 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/Constants.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/Constants.java
@@ -108,7 +108,7 @@ public final class Constants {
public static final String UNDEFINED_ICON = "fas fa-question-circle";
public static final String NOT_FOUND_ICON = "fas fa-minus-circle";
-
+
public static final String WARNING_ICON = "fas fa-exclamation-circle";
public static final int MAX_GROUP_LIST_SIZE = 30;
@@ -122,7 +122,7 @@ public final class Constants {
public static final String NOTIFICATION_LEVEL_PARAM = "notificationLevel";
public static final String ENDUSER_ANYLAYOUT = "enduser.anylayout";
-
+
public static final String CONTENT_ID = "content";
public static Component getJEXLPopover(final Component caller, final
TooltipConfig.Placement placement) {
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/BeanPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/BeanPanel.java
index bc3e8079a3..40eee868fd 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/BeanPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/BeanPanel.java
@@ -157,7 +157,7 @@ public class BeanPanel<T extends Serializable> extends
Panel {
item.replace(fragment);
}
- @SuppressWarnings({ "unchecked", "rawtypes" })
+ @SuppressWarnings({"unchecked", "rawtypes"})
@Override
protected void populateItem(final ListItem<String> item) {
item.add(new Fragment("required", "emptyFragment", this));
@@ -263,6 +263,8 @@ public class BeanPanel<T extends Serializable> extends
Panel {
} else if (Map.class.equals(field.getType())) {
panel = new AjaxGridFieldPanel(
"value", fieldName, new PropertyModel<>(bean,
fieldName)).hideLabel();
+
Optional.ofNullable(field.getAnnotation(io.swagger.v3.oas.annotations.media.Schema.class))
+ .ifPresent(annot -> setDescription(item,
annot.description()));
} else {
Triple<FieldPanel, Boolean, Optional<String>> single =
buildSinglePanel(bean.getObject(),
field.getType(), field.getName(),
@@ -279,7 +281,7 @@ public class BeanPanel<T extends Serializable> extends
Panel {
}.setReuseItems(true).setOutputMarkupId(true));
}
- @SuppressWarnings({"unchecked", "rawtypes"})
+ @SuppressWarnings({ "unchecked", "rawtypes" })
private Triple<FieldPanel, Boolean, Optional<String>> buildSinglePanel(
final Serializable bean, final Class<?> type, final String
fieldName,
final io.swagger.v3.oas.annotations.media.Schema schema, final
String id) {
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
index 6e04eb8495..c1ad289106 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAccessPolicyConf.java
@@ -18,12 +18,10 @@
*/
package org.apache.syncope.common.lib.policy;
-import
com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
import java.net.URI;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.syncope.common.lib.Attr;
+import java.util.HashMap;
+import java.util.Map;
public class DefaultAccessPolicyConf implements AccessPolicyConf {
@@ -41,9 +39,13 @@ public class DefaultAccessPolicyConf implements
AccessPolicyConf {
private URI unauthorizedRedirectUrl;
- private final List<Attr> requiredAttrs = new ArrayList<>();
+ @Schema(description =
+ "Insert comma-separated values in the right input field if you
like to specify more than one value")
+ private final Map<String, String> requiredAttrs = new HashMap<>();
- private final List<Attr> rejectedAttrs = new ArrayList<>();
+ @Schema(description =
+ "Insert comma-separated values in the right input field if you
like to specify more than one value")
+ private final Map<String, String> rejectedAttrs = new HashMap<>();
public int getOrder() {
return order;
@@ -93,15 +95,11 @@ public class DefaultAccessPolicyConf implements
AccessPolicyConf {
this.unauthorizedRedirectUrl = unauthorizedRedirectUrl;
}
- @JacksonXmlElementWrapper(localName = "requiredAttrs")
- @JacksonXmlProperty(localName = "requiredAttr")
- public List<Attr> getRequiredAttrs() {
+ public Map<String, String> getRequiredAttrs() {
return requiredAttrs;
}
- @JacksonXmlElementWrapper(localName = "rejectedAttrs")
- @JacksonXmlProperty(localName = "rejectedAttr")
- public List<Attr> getRejectedAttrs() {
+ public Map<String, String> getRejectedAttrs() {
return rejectedAttrs;
}
}
diff --git
a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
index ee0a2e81ce..60627a628a 100644
---
a/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
+++
b/common/am/lib/src/test/java/org/apache/syncope/common/lib/SerializationTest.java
@@ -41,8 +41,8 @@ public abstract class SerializationTest {
conf.setOrder(11);
conf.setEnabled(true);
conf.setUnauthorizedRedirectUrl(URI.create("https://syncope.apache.org";));
- conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin",
"Admin", "TheAdmin").build());
- conf.getRejectedAttrs().add(new
Attr.Builder("uid").values("plain").build());
+ conf.getRequiredAttrs().put("cn", "admin,Admin,TheAdmin");
+ conf.getRejectedAttrs().put("uid", "plain");
policy.setConf(conf);
StringWriter writer = new StringWriter();
diff --git
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
index d07ea3e676..dc601a64f6 100644
---
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
+++
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AbstractClientAppTest.java
@@ -19,7 +19,6 @@
package org.apache.syncope.core.persistence.jpa.inner;
import java.util.List;
-import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
@@ -57,7 +56,7 @@ public class AbstractClientAppTest extends AbstractTest {
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
conf.setEnabled(true);
conf.setSsoEnabled(false);
- conf.getRequiredAttrs().add(new
Attr.Builder("attribute1").values("value1", "value2").build());
+ conf.getRequiredAttrs().put("attribute1", "value1,value2");
accessPolicy.setConf(conf);
return policyDAO.save(accessPolicy);
diff --git
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PolicyTest.java
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PolicyTest.java
index 190b55817a..39e3b0355e 100644
---
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PolicyTest.java
+++
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PolicyTest.java
@@ -26,7 +26,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import java.util.List;
import java.util.UUID;
-import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
@@ -272,7 +271,7 @@ public class PolicyTest extends AbstractTest {
accessPolicy.setName("AttrReleasePolicyAllowEverything");
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
- conf.getRequiredAttrs().add(new
Attr.Builder("cn").value("syncope").build());
+ conf.getRequiredAttrs().put("cn", "syncope");
accessPolicy.setConf(conf);
accessPolicy = policyDAO.save(accessPolicy);
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index 97010ee0b5..af0ffbf340 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -957,7 +957,7 @@ public abstract class AbstractITCase {
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
conf.setEnabled(true);
- conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin",
"Admin", "TheAdmin").build());
+ conf.getRequiredAttrs().put("cn", "admin,Admin,TheAdmin");
policy.setConf(conf);
return policy;
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
index 495e96f908..dfc5ea1083 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
@@ -32,7 +32,6 @@ import java.util.List;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.SerializationUtils;
-import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.AccountPolicyTO;
@@ -273,9 +272,9 @@ public class PolicyITCase extends AbstractITCase {
assertNotNull(newAccessPolicyTO);
DefaultAccessPolicyConf accessPolicyConf = (DefaultAccessPolicyConf)
newAccessPolicyTO.getConf();
- accessPolicyConf.getRequiredAttrs().add(new
Attr.Builder("ou").value("test").build());
- accessPolicyConf.getRequiredAttrs().removeIf(attr ->
"cn".equals(attr.getSchema()));
- accessPolicyConf.getRequiredAttrs().add(new
Attr.Builder("cn").values("admin", "Admin").build());
+ accessPolicyConf.getRequiredAttrs().put("ou", "test");
+ accessPolicyConf.getRequiredAttrs().remove("cn");
+ accessPolicyConf.getRequiredAttrs().put("cn", "admin,Admin");
// update new authentication policy
POLICY_SERVICE.update(PolicyType.ACCESS, newAccessPolicyTO);
@@ -284,8 +283,8 @@ public class PolicyITCase extends AbstractITCase {
accessPolicyConf = (DefaultAccessPolicyConf)
newAccessPolicyTO.getConf();
assertEquals(2, accessPolicyConf.getRequiredAttrs().size());
- assertTrue(accessPolicyConf.getRequiredAttrs().stream().anyMatch(attr
-> "cn".equals(attr.getSchema())));
- assertTrue(accessPolicyConf.getRequiredAttrs().stream().anyMatch(attr
-> "ou".equals(attr.getSchema())));
+ assertTrue(accessPolicyConf.getRequiredAttrs().containsKey("cn"));
+ assertTrue(accessPolicyConf.getRequiredAttrs().containsKey("ou"));
}
@Test
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
index 3c61f69260..681cfbd8f6 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/RealmITCase.java
@@ -29,7 +29,6 @@ import jakarta.ws.rs.core.GenericType;
import jakarta.ws.rs.core.Response;
import java.util.List;
import java.util.UUID;
-import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
@@ -250,7 +249,7 @@ public class RealmITCase extends AbstractITCase {
public void deletingAccessPolicy() {
// 1. create access policy
DefaultAccessPolicyConf conf = new DefaultAccessPolicyConf();
- conf.getRequiredAttrs().add(new Attr.Builder("cn").values("admin",
"Admin", "TheAdmin").build());
+ conf.getRequiredAttrs().put("cn", "admin,Admin,TheAdmin");
AccessPolicyTO policy = new AccessPolicyTO();
policy.setName("Test Access policy");
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
index 237cb11b90..aef2e4ee59 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAccessMapper.java
@@ -18,7 +18,9 @@
*/
package org.apache.syncope.wa.starter.mapping;
-import java.util.HashSet;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
@@ -43,10 +45,12 @@ public class DefaultAccessMapper implements AccessMapper {
accessStrategy.setUnauthorizedRedirectUrl(conf.getUnauthorizedRedirectUrl());
conf.getRequiredAttrs().forEach(
- attr ->
accessStrategy.getRequiredAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
+ (k, v) -> accessStrategy.getRequiredAttributes().put(k,
+ Stream.of(StringUtils.split(v,
",")).map(String::trim).collect(Collectors.toSet())));
conf.getRejectedAttrs().forEach(
- attr ->
accessStrategy.getRejectedAttributes().put(attr.getSchema(), new
HashSet<>(attr.getValues())));
+ (k, v) -> accessStrategy.getRejectedAttributes().put(k,
+ Stream.of(StringUtils.split(v,
",")).map(String::trim).collect(Collectors.toSet())));
return accessStrategy;
}
diff --git
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
index f133f5253b..9e94aa2a10 100644
---
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
+++
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
@@ -27,7 +27,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.syncope.client.lib.SyncopeClient;
-import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
@@ -114,7 +113,7 @@ public class WAServiceRegistryTest extends AbstractTest {
AccessPolicyTO accessPolicy = new AccessPolicyTO();
DefaultAccessPolicyConf accessPolicyConf = new
DefaultAccessPolicyConf();
accessPolicyConf.setEnabled(true);
- accessPolicyConf.getRequiredAttrs().add(new
Attr.Builder("cn").values("admin", "Admin", "TheAdmin").build());
+ accessPolicyConf.getRequiredAttrs().put("cn", "admin,Admin,TheAdmin");
accessPolicy.setConf(accessPolicyConf);
waClientApp.setAccessPolicy(accessPolicy);
