This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new e2e12a9282 [SYNCOPE-1737] Managing releaseAttrs via
DefaultAttrReleasePolicyConf (#418)
e2e12a9282 is described below
commit e2e12a9282a22bca1899335e65832561699223aa
Author: Francesco Chicchiriccò <ilgro...@users.noreply.github.com>
AuthorDate: Fri Mar 3 13:59:19 2023 +0100
[SYNCOPE-1737] Managing releaseAttrs via DefaultAttrReleasePolicyConf (#418)
---
.../policies/AccessPolicyAttrsDirectoryPanel.java | 142 ---------------------
.../policies/AccessPolicyAttrsWizardBuilder.java | 61 ---------
.../console/policies/AccessPolicyModalPanel.java | 1 -
.../policies/AttrReleasePolicyModalPanel.java | 5 +
.../policies/AttrReleasePolicyModalPanel.html | 3 +
.../console/commons/ConnectorDataProvider.java | 5 +-
.../console/commons/ResourceDataProvider.java | 11 +-
.../markup/html/form/AjaxGridFieldPanel.java | 14 +-
.../client/console/panels/ListViewPanel.java | 10 +-
.../policies/PolicyDirectoryPanel.properties | 1 +
.../policies/PolicyDirectoryPanel_fr_CA.properties | 1 +
.../policies/PolicyDirectoryPanel_it.properties | 1 +
.../policies/PolicyDirectoryPanel_ja.properties | 1 +
.../policies/PolicyDirectoryPanel_pt_BR.properties | 1 +
.../policies/PolicyDirectoryPanel_ru.properties | 1 +
.../syncope/common/lib/attr/JDBCAttrRepoConf.java | 14 --
.../syncope/common/lib/attr/LDAPAttrRepoConf.java | 14 --
.../common/lib/auth/JDBCAuthModuleConf.java | 11 --
.../common/lib/auth/LDAPAuthModuleConf.java | 11 --
.../common/lib/policy/AttrReleasePolicyTO.java | 4 +-
.../lib/policy/DefaultAttrReleasePolicyConf.java | 8 ++
.../apache/syncope/common/lib/wa/WAClientApp.java | 8 --
.../api/entity/policy/AttrReleasePolicy.java | 2 +-
.../src/test/resources/domains/MasterContent.xml | 14 +-
.../jpa/entity/policy/JPAAttrReleasePolicy.java | 4 +-
.../core/persistence/jpa/inner/AuthModuleTest.java | 1 -
.../src/test/resources/domains/MasterContent.xml | 14 +-
.../provisioning/java/ProvisioningContext.java | 9 +-
.../java/data/wa/WAClientAppDataBinderImpl.java | 53 +-------
.../org/apache/syncope/fit/AbstractITCase.java | 2 +
.../apache/syncope/fit/core/AuthModuleITCase.java | 2 -
.../org/apache/syncope/fit/core/GroupITCase.java | 2 +-
.../syncope/fit/core/wa/WAClientAppITCase.java | 50 +-------
.../org/apache/syncope/fit/AbstractITCase.java | 3 +
.../apache/syncope/fit/sra/AbstractSRAITCase.java | 33 +++++
.../org/apache/syncope/fit/sra/OIDCSRAITCase.java | 3 +-
.../apache/syncope/fit/ui/AbstractUIITCase.java | 5 +
.../apache/syncope/fit/ui/SAML2SP4UIITCase.java | 4 +
pom.xml | 4 +-
.../wa/bootstrap/AttrRepoPropertySourceMapper.java | 10 +-
.../bootstrap/AuthModulePropertySourceMapper.java | 13 +-
.../wa/starter/mapping/AttrReleaseMapper.java | 3 +-
.../starter/mapping/DefaultAttrReleaseMapper.java | 13 +-
.../starter/mapping/OIDCRPClientAppTOMapper.java | 25 +++-
.../starter/mapping/RegisteredServiceMapper.java | 2 +-
.../syncope/wa/starter/WAServiceRegistryTest.java | 17 +--
46 files changed, 170 insertions(+), 446 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
deleted file mode 100644
index 72a9bf6592..0000000000
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.console.policies;
-
-import java.util.List;
-import org.apache.syncope.client.console.SyncopeConsoleSession;
-import org.apache.syncope.client.console.commons.AMConstants;
-import org.apache.syncope.client.console.panels.AttrListDirectoryPanel;
-import org.apache.syncope.client.console.rest.PolicyRestClient;
-import
org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
-import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink;
-import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel;
-import org.apache.syncope.client.ui.commons.Constants;
-import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
-import org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.SyncopeClientException;
-import org.apache.syncope.common.lib.policy.AccessPolicyTO;
-import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
-import org.apache.syncope.common.lib.types.IdRepoEntitlement;
-import org.apache.syncope.common.lib.types.PolicyType;
-import org.apache.wicket.PageReference;
-import org.apache.wicket.ajax.AjaxRequestTarget;
-import org.apache.wicket.event.IEvent;
-import org.apache.wicket.model.IModel;
-import org.danekja.java.util.function.serializable.SerializableFunction;
-
-public class AccessPolicyAttrsDirectoryPanel extends AttrListDirectoryPanel {
-
- private static final long serialVersionUID = 33604877627114L;
-
- private final BaseModal<AccessPolicyTO> wizardModal;
-
- private final IModel<AccessPolicyTO> accessPolicyModel;
-
- private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor;
-
- public AccessPolicyAttrsDirectoryPanel(
- final String id,
- final BaseModal<AccessPolicyTO> wizardModal,
- final IModel<AccessPolicyTO> model,
- final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor,
- final PageReference pageRef) {
-
- super(id, pageRef, false);
-
- this.wizardModal = wizardModal;
- this.accessPolicyModel = model;
- this.attrsAccessor = attrsAccessor;
-
- setOutputMarkupId(true);
-
- enableUtilityButton();
- setFooterVisibility(false);
-
- addNewItemPanelBuilder(
- new AccessPolicyAttrsWizardBuilder(model.getObject(),
attrsAccessor, new Attr(), pageRef), true);
-
- initResultTable();
- }
-
- @Override
- protected ActionsPanel<Attr> getActions(final IModel<Attr> model) {
- ActionsPanel<Attr> panel = super.getActions(model);
-
- panel.add(new ActionLink<>() {
-
- private static final long serialVersionUID = -3722207913631435501L;
-
- @Override
- public void onClick(final AjaxRequestTarget target, final Attr
ignore) {
- try {
- attrsAccessor.apply((DefaultAccessPolicyConf)
accessPolicyModel.getObject().getConf()).
- remove(model.getObject());
- PolicyRestClient.update(PolicyType.ACCESS,
accessPolicyModel.getObject());
-
-
SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED));
- target.add(container);
- } catch (SyncopeClientException e) {
- LOG.error("While updating {}",
accessPolicyModel.getObject().getKey(), e);
- SyncopeConsoleSession.get().onException(e);
- }
- ((BaseWebPage)
pageRef.getPage()).getNotificationPanel().refresh(target);
- }
- }, ActionLink.ActionType.DELETE, IdRepoEntitlement.POLICY_UPDATE,
true);
-
- return panel;
- }
-
- @Override
- public void onEvent(final IEvent<?> event) {
- if (event.getPayload() instanceof ExitEvent) {
- AjaxRequestTarget target =
ExitEvent.class.cast(event.getPayload()).getTarget();
- wizardModal.close(target);
- } else if (event.getPayload() instanceof
AjaxWizard.EditItemActionEvent) {
- @SuppressWarnings("unchecked")
- AjaxWizard.EditItemActionEvent<?> payload =
(AjaxWizard.EditItemActionEvent<?>) event.getPayload();
- payload.getTarget().ifPresent(actionTogglePanel::close);
- }
- super.onEvent(event);
- }
-
- @Override
- protected AttrListProvider dataProvider() {
- return new AccessPolicyAttrsProvider(rows);
- }
-
- @Override
- protected String paginatorRowsKey() {
- return AMConstants.PREF_ACCESS_POLICY_CONF_ATTRS_PAGINATOR_ROWS;
- }
-
- protected final class AccessPolicyAttrsProvider extends AttrListProvider {
-
- private static final long serialVersionUID = -185944053385660794L;
-
- private AccessPolicyAttrsProvider(final int paginatorRows) {
- super(paginatorRows);
- }
-
- @Override
- protected List<Attr> list() {
- return attrsAccessor.apply((DefaultAccessPolicyConf)
accessPolicyModel.getObject().getConf());
- }
- }
-}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
deleted file mode 100644
index a9029e9008..0000000000
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.console.policies;
-
-import java.io.Serializable;
-import java.util.List;
-import org.apache.syncope.client.console.rest.PolicyRestClient;
-import org.apache.syncope.client.console.wizards.AttrWizardBuilder;
-import org.apache.syncope.common.lib.Attr;
-import org.apache.syncope.common.lib.policy.AccessPolicyTO;
-import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf;
-import org.apache.syncope.common.lib.types.PolicyType;
-import org.apache.wicket.PageReference;
-import org.danekja.java.util.function.serializable.SerializableFunction;
-
-public class AccessPolicyAttrsWizardBuilder extends AttrWizardBuilder {
-
- private static final long serialVersionUID = 33625775269155L;
-
- private final AccessPolicyTO accessPolicy;
-
- private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor;
-
- public AccessPolicyAttrsWizardBuilder(
- final AccessPolicyTO accessPolicy,
- final SerializableFunction<DefaultAccessPolicyConf, List<Attr>>
attrsAccessor,
- final Attr attr,
- final PageReference pageRef) {
-
- super(attr, pageRef);
- this.accessPolicy = accessPolicy;
- this.attrsAccessor = attrsAccessor;
- }
-
- @Override
- protected Serializable onApplyInternal(final Attr modelObject) {
- attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicy.getConf()).
- removeIf(p -> modelObject.getSchema().equals(p.getSchema()));
- attrsAccessor.apply((DefaultAccessPolicyConf)
accessPolicy.getConf()).add(modelObject);
-
- PolicyRestClient.update(PolicyType.ACCESS, accessPolicy);
-
- return null;
- }
-}
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
index f64256fe00..abb8ec28f5 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java
@@ -38,7 +38,6 @@ public class AccessPolicyModalPanel extends
AbstractModalPanel<AccessPolicyTO> {
private final IModel<AccessPolicyTO> model;
- @SuppressWarnings({ "unchecked", "rawtypes" })
public AccessPolicyModalPanel(
final BaseModal<AccessPolicyTO> modal,
final IModel<AccessPolicyTO> model,
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
index fd02a70995..a3a7ae2ebe 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java
@@ -30,6 +30,7 @@ import
org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel
import org.apache.syncope.client.ui.commons.Constants;
import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel;
import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxDropDownChoicePanel;
+import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxGridFieldPanel;
import org.apache.syncope.client.ui.commons.markup.html.form.AjaxPalettePanel;
import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxSpinnerFieldPanel;
import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
@@ -69,6 +70,10 @@ public class AttrReleasePolicyModalPanel extends
AbstractModalPanel<AttrReleaseP
super(modal, pageRef);
this.model = model;
+ add(new AjaxGridFieldPanel<>(
+ "releaseAttrs", "releaseAttrs",
+ new PropertyModel<>(model.getObject().getConf(),
"releaseAttrs")));
+
AjaxTextFieldPanel allowedAttr = new AjaxTextFieldPanel("panel",
"allowedAttrs", new Model<>());
add(new MultiFieldPanel.Builder<String>(
new PropertyModel<>(model.getObject().getConf(),
"allowedAttrs")).build(
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html
index aa0da3f6f6..38daa422e4 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html
@@ -18,6 +18,9 @@ under the License.
-->
<html xmlns="http://www.w3.org/1999/xhtml";
xmlns:wicket="http://wicket.apache.org";>
<wicket:extend>
+ <div class="form-group">
+ <span wicket:id="releaseAttrs"/>
+ </div>
<div class="form-group">
<span wicket:id="allowedAttrs"/>
</div>
diff --git
a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java
b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java
index 8d7f7cb388..c175b20213 100644
---
a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java
+++
b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java
@@ -23,7 +23,6 @@ import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
-import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.console.SyncopeConsoleSession;
@@ -85,8 +84,8 @@ public class ConnectorDataProvider extends
DirectoryDataProvider<Serializable> {
LOG.error("While searching", e);
SyncopeConsoleSession.get().onException(e);
- Optional<AjaxRequestTarget> target =
RequestCycle.get().find(AjaxRequestTarget.class);
- target.ifPresent(t -> ((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(t));
+ RequestCycle.get().find(AjaxRequestTarget.class).
+ ifPresent(t -> ((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(t));
}
SortParam<String> sortParam = getSort();
diff --git
a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java
b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java
index b19c8c1173..bd59e2b2c8 100644
---
a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java
+++
b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java
@@ -19,11 +19,9 @@
package org.apache.syncope.client.console.commons;
import java.io.Serializable;
-import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
-import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.console.SyncopeConsoleSession;
@@ -67,7 +65,7 @@ public class ResourceDataProvider extends
DirectoryDataProvider<Serializable> {
@Override
public Iterator<ResourceTO> iterator(final long first, final long count) {
- List<ResourceTO> result = Collections.emptyList();
+ List<ResourceTO> result = List.of();
try {
currentPage = ((int) first / paginatorRows);
@@ -85,9 +83,8 @@ public class ResourceDataProvider extends
DirectoryDataProvider<Serializable> {
LOG.error("While searching", e);
SyncopeConsoleSession.get().onException(e);
- Optional<AjaxRequestTarget> target =
RequestCycle.get().find(AjaxRequestTarget.class);
- target.ifPresent(ajaxRequestTarget
- -> ((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(ajaxRequestTarget));
+ RequestCycle.get().find(AjaxRequestTarget.class).
+ ifPresent(t -> ((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(t));
}
SortParam<String> sortParam = getSort();
@@ -137,7 +134,7 @@ public class ResourceDataProvider extends
DirectoryDataProvider<Serializable> {
SyncopeConsoleSession.get().onException(e);
RequestCycle.get().find(AjaxRequestTarget.class).
- ifPresent(target -> ((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(target));
+ ifPresent(t -> ((BasePage)
pageRef.getPage()).getNotificationPanel().refresh(t));
}
return result;
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java
index fbf9ecf12a..2d62d4c347 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java
@@ -37,7 +37,7 @@ import
org.wicketstuff.egrid.provider.EditableListDataProvider;
public class AjaxGridFieldPanel<K, V, S> extends Panel {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 7589570522964677729L;
public AjaxGridFieldPanel(final String id, final String name, final
IModel<Map<K, V>> model) {
super(id, model);
@@ -45,13 +45,13 @@ public class AjaxGridFieldPanel<K, V, S> extends Panel {
add(new Label(AbstractFieldPanel.LABEL, new ResourceModel(name,
name)));
add(new AjaxGrid<>(
- "grid",
- getColumns(),
- new
EditableListDataProvider<>(model.getObject().entrySet().stream().
- map(entry -> MutablePair.of(entry.getKey(), entry.getValue())).
- collect(Collectors.toList())), 10) {
+ "grid",
+ getColumns(),
+ new
EditableListDataProvider<>(model.getObject().entrySet().stream().
+ map(entry -> MutablePair.of(entry.getKey(),
entry.getValue())).
+ collect(Collectors.toList())), 10) {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = -1315456128897492459L;
@Override
protected boolean displayHeader() {
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java
index db77482b24..c44531d1c4 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java
@@ -250,14 +250,12 @@ public abstract class ListViewPanel<T extends
Serializable> extends WizardMgtPan
// used to perform selectable enabling check condition
this.check.setObject(check);
- Optional<AjaxRequestTarget> target =
RequestCycle.get().find(AjaxRequestTarget.class);
- if (target.isPresent()) {
+ RequestCycle.get().find(AjaxRequestTarget.class).ifPresent(t -> {
// reload group selector
- target.get().add(
- groupSelector.setVisible(check ==
CheckAvailability.AVAILABLE), groupSelector.getMarkupId());
+ t.add(groupSelector.setVisible(check ==
CheckAvailability.AVAILABLE), groupSelector.getMarkupId());
// reload the list view panel
- target.get().add(ListViewPanel.this, getMarkupId());
- }
+ t.add(ListViewPanel.this, getMarkupId());
+ });
}
protected abstract Component getValueComponent(String key, T bean);
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
index 8db5446b72..0c4e2d0c6c 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
@@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
conf=Configuration
accessPolicyConf.title=Access Policy Configuration
+releaseAttrs=Attributes to Release
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
index edf43897f9..3775e15689 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
@@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
conf=Configuration
accessPolicyConf.title=Access Policy Configuration
+releaseAttrs=Attributes to Release
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
index 3f3b8a2c31..05615626b7 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
@@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
conf=Configurazione
accessPolicyConf.title=Configurazione Accesso
+releaseAttrs=Attributi da Rilasciare
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
index 5ac2d6e170..7e799cd8a9 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
@@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
conf=Configuration
accessPolicyConf.title=Access Policy Configuration
+releaseAttrs=Attributes to Release
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
index e12adf4376..32740d406a 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
@@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
conf=Configuration
accessPolicyConf.title=Access Policy Configuration
+releaseAttrs=Attributes to Release
diff --git
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
index c8a3c08e24..895e24d1ff 100644
---
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
+++
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
@@ -49,3 +49,4 @@ fetchAroundProvisioning=Fetch Around Provisioning
updateDelta=Update Delta
conf=Configuration
accessPolicyConf.title=Access Policy Configuration
+releaseAttrs=Attributes to Release
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java
index 1c25e5fe51..e99b36a7cf 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java
@@ -76,16 +76,6 @@ public class JDBCAttrRepoConf extends AbstractJDBCConf
implements AttrRepoConf {
*/
private final List<String> username = new ArrayList<>(0);
- /**
- * Map of attributes to fetch from the database.
- * Attributes are defined using a key-value structure
- * where CAS allows the attribute name/key to be renamed virtually
- * to a different attribute. The key is the attribute fetched
- * from the data source and the value is the attribute name CAS should
- * use for virtual renames.
- */
- private final Map<String, String> attributes = new HashMap<>(0);
-
/**
* Collection of attributes, used to build the SQL query, that should go
through
* a case canonicalization process defined as {@code key->value}.
@@ -139,10 +129,6 @@ public class JDBCAttrRepoConf extends AbstractJDBCConf
implements AttrRepoConf {
return username;
}
- public Map<String, String> getAttributes() {
- return attributes;
- }
-
public List<String> getCaseInsensitiveQueryAttributes() {
return caseInsensitiveQueryAttributes;
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java
index 6819a53b12..d1528a4e51 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java
@@ -27,16 +27,6 @@ public class LDAPAttrRepoConf extends AbstractLDAPConf
implements AttrRepoConf {
private static final long serialVersionUID = -471527731042579422L;
- /**
- * Map of attributes to fetch from the database.
- * Attributes are defined using a key-value structure
- * where CAS allows the attribute name/key to be renamed virtually
- * to a different attribute. The key is the attribute fetched
- * from the data source and the value is the attribute name CAS should
- * use for virtual renames.
- */
- private final Map<String, String> attributes = new HashMap<>(0);
-
/**
* Whether all existing attributes should be passed
* down to the query builder map and be used in the construction
@@ -59,10 +49,6 @@ public class LDAPAttrRepoConf extends AbstractLDAPConf
implements AttrRepoConf {
this.useAllQueryAttributes = useAllQueryAttributes;
}
- public Map<String, String> getAttributes() {
- return attributes;
- }
-
public Map<String, String> getQueryAttributes() {
return queryAttributes;
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
index 6b2d750b09..628a659fbd 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
@@ -18,8 +18,6 @@
*/
package org.apache.syncope.common.lib.auth;
-import java.util.ArrayList;
-import java.util.List;
import java.util.Map;
import org.apache.syncope.common.lib.AbstractJDBCConf;
import org.apache.syncope.common.lib.to.AuthModuleTO;
@@ -43,11 +41,6 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf
implements AuthModuleCo
*/
private String fieldDisabled;
- /**
- * List of column names to fetch as user attributes.
- */
- private final List<String> principalAttributeList = new ArrayList<>();
-
public String getFieldPassword() {
return fieldPassword;
}
@@ -72,10 +65,6 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf
implements AuthModuleCo
this.fieldDisabled = fieldDisabled;
}
- public List<String> getPrincipalAttributeList() {
- return principalAttributeList;
- }
-
@Override
public Map<String, Object> map(final AuthModuleTO authModule, final Mapper
mapper) {
return mapper.map(authModule, this);
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
index a3233d75df..2f131b7c47 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
@@ -18,8 +18,6 @@
*/
package org.apache.syncope.common.lib.auth;
-import java.util.ArrayList;
-import java.util.List;
import java.util.Map;
import org.apache.syncope.common.lib.AbstractLDAPConf;
import org.apache.syncope.common.lib.to.AuthModuleTO;
@@ -35,11 +33,6 @@ public class LDAPAuthModuleConf extends AbstractLDAPConf
implements AuthModuleCo
*/
private String userIdAttribute;
- /**
- * List of attribute names to fetch as user attributes.
- */
- private final List<String> principalAttributeList = new ArrayList<>();
-
public String getUserIdAttribute() {
return userIdAttribute;
}
@@ -48,10 +41,6 @@ public class LDAPAuthModuleConf extends AbstractLDAPConf
implements AuthModuleCo
this.userIdAttribute = userIdAttribute;
}
- public List<String> getPrincipalAttributeList() {
- return principalAttributeList;
- }
-
@Override
public Map<String, Object> map(final AuthModuleTO authModule, final Mapper
mapper) {
return mapper.map(authModule, this);
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java
index 4d37215fde..35d3765f0a 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java
@@ -29,7 +29,7 @@ public class AttrReleasePolicyTO extends PolicyTO {
private int order;
- private Boolean status;
+ private boolean status = true;
private AttrReleasePolicyConf conf;
@@ -50,7 +50,7 @@ public class AttrReleasePolicyTO extends PolicyTO {
this.order = order;
}
- public Boolean getStatus() {
+ public boolean getStatus() {
return status;
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java
index 0c65f46dbf..6bc299092f 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java
@@ -22,7 +22,9 @@ import
com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import java.io.Serializable;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.concurrent.TimeUnit;
public class DefaultAttrReleasePolicyConf implements AttrReleasePolicyConf {
@@ -105,6 +107,8 @@ public class DefaultAttrReleasePolicyConf implements
AttrReleasePolicyConf {
}
}
+ private final Map<String, Object> releaseAttrs = new HashMap<>();
+
/**
* Specify the list of allowed attribute to release.
* Use the special {@code *} to release everything.
@@ -119,6 +123,10 @@ public class DefaultAttrReleasePolicyConf implements
AttrReleasePolicyConf {
private final PrincipalAttrRepoConf principalAttrRepoConf = new
PrincipalAttrRepoConf();
+ public Map<String, Object> getReleaseAttrs() {
+ return releaseAttrs;
+ }
+
@JacksonXmlElementWrapper(localName = "allowedAttrs")
@JacksonXmlProperty(localName = "allowedAttr")
public List<String> getAllowedAttrs() {
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java
index ab30e9d5a0..a27e7dfa0c 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java
@@ -21,9 +21,7 @@ package org.apache.syncope.common.lib.wa;
import
com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import org.apache.syncope.common.lib.BaseBean;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
@@ -45,8 +43,6 @@ public class WAClientApp implements BaseBean {
private AttrReleasePolicyTO attrReleasePolicy;
- private final Map<String, Object> releaseAttrs = new HashMap<>();
-
public ClientAppTO getClientAppTO() {
return clientAppTO;
}
@@ -84,8 +80,4 @@ public class WAClientApp implements BaseBean {
public void setAttrReleasePolicy(final AttrReleasePolicyTO
attrReleasePolicy) {
this.attrReleasePolicy = attrReleasePolicy;
}
-
- public Map<String, Object> getReleaseAttrs() {
- return releaseAttrs;
- }
}
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java
index ce4f635677..46e520c327 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java
@@ -26,7 +26,7 @@ public interface AttrReleasePolicy extends Policy {
void setOrder(int order);
- Boolean getStatus();
+ boolean getStatus();
void setStatus(Boolean status);
diff --git
a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
index d778a528c7..d44dfc76c7 100644
--- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
@@ -58,14 +58,14 @@ under the License.
<!-- Attr Release Policies -->
<AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy"
id="219935c7-deb3-40b3-8a9a-683037e523a2"
-
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
+
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
<AttrReleasePolicy arporder="0" name="AllowedAttrReleasePolicy"
id="319935c7-deb3-40b3-8a9a-683037e523a2"
-
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
+
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
<!-- Authentication modules -->
<AuthModule id="DefaultLDAPAuthModule" authModuleState="ACTIVE"
- description="LDAP auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn":
"${testds.bindDn}",
"bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true,"principalAttributeList":["sn","givenName","mail","cn"]}'
-
items='[{"intAttrName":"mail","extAttrName":"mail","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"givenName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"sn","conn
[...]
+ description="LDAP auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn":
"${testds.bindDn}",
"bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true}'
+
items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"firstname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"surname"
[...]
<AuthModule id="DefaultJDBCAuthModule" authModuleState="ACTIVE"
description="JDBC auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT
* FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="DefaultGoogleMfaAuthModule" authModuleState="ACTIVE"
@@ -84,7 +84,7 @@ under the License.
description="Static auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","users":{"syncope1":
"$cynop3"}}'/>
<AuthModule id="DefaultSyncopeAuthModule" authModuleState="ACTIVE"
description="Syncope auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","domain":"Master"}'
-
items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt
[...]
+
items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt
[...]
<AuthModule id="DefaultU2FAuthModule" authModuleState="ACTIVE"
description="U2F auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","expireDevices":40}'/>
<AuthModule id="DefaultOAuth20AuthModule" description="OAuth20 auth module"
authModuleOrder="0"
@@ -93,9 +93,9 @@ under the License.
<!-- Attribute repositories -->
<AttrRepo id="DefaultLDAPAttrRepo" attrRepoState="ACTIVE"
- description="LDAP attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","attributes":{},"useAllQueryAttributes":true,"queryAttributes":{}}'/>
+ description="LDAP attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","useAllQueryAttributes":true,"queryAttributes":{}}'/>
<AttrRepo id="DefaultJDBCAttrRepo" attrRepoState="ACTIVE"
- description="JDBC attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT
* FROM table WHERE
name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"attributes":{},"caseInsensitiveQueryAttributes
[...]
+ description="JDBC attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT
* FROM table WHERE
name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"caseInsensitiveQueryAttributes":[],"queryAttri
[...]
<AttrRepo id="DefaultStubAttrRepo" attrRepoState="ACTIVE"
description="Stub attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.StubAttrRepoConf","attributes":{"attr1":"value1"}}'
items='[{"intAttrName":"attr1","extAttrName":"identifier","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/>
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java
index 72fbeb9953..de3ccd1492 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java
@@ -54,8 +54,8 @@ public class JPAAttrReleasePolicy extends AbstractPolicy
implements AttrReleaseP
}
@Override
- public Boolean getStatus() {
- return status;
+ public boolean getStatus() {
+ return status == null ? true : status;
}
@Override
diff --git
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
index 0670556a26..e15996ff0f 100644
---
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
+++
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
@@ -217,7 +217,6 @@ public class AuthModuleTest extends AbstractTest {
JDBCAuthModuleConf conf = new JDBCAuthModuleConf();
conf.setSql("SELECT * FROM table WHERE name=?");
conf.setFieldPassword("password");
- conf.getPrincipalAttributeList().addAll(List.of("sn", "cn:commonName",
"givenName"));
saveAuthModule("JDBCAuthModuleTest", conf);
}
diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
index f804bf8eda..6d56bc1698 100644
--- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
@@ -58,14 +58,14 @@ under the License.
<!-- Attr Release Policies -->
<AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy"
id="219935c7-deb3-40b3-8a9a-683037e523a2"
-
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
+
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
<AttrReleasePolicy arporder="0" name="AllowedAttrReleasePolicy"
id="319935c7-deb3-40b3-8a9a-683037e523a2"
-
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
+
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
<!-- Authentication modules -->
<AuthModule id="DefaultLDAPAuthModule" authModuleState="ACTIVE"
- description="LDAP auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn":
"${testds.bindDn}",
"bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true,"principalAttributeList":["sn","givenName","mail","cn"]}'
-
items='[{"intAttrName":"mail","extAttrName":"mail","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"givenName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"sn","conn
[...]
+ description="LDAP auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn":
"${testds.bindDn}",
"bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true}'
+
items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"firstname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"surname"
[...]
<AuthModule id="DefaultJDBCAuthModule" authModuleState="ACTIVE"
description="JDBC auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT
* FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="DefaultGoogleMfaAuthModule" authModuleState="ACTIVE"
@@ -84,7 +84,7 @@ under the License.
description="Static auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","users":{"syncope1":
"$cynop3"}}'/>
<AuthModule id="DefaultSyncopeAuthModule" authModuleState="ACTIVE"
description="Syncope auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","domain":"Master"}'
-
items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt
[...]
+
items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt
[...]
<AuthModule id="DefaultU2FAuthModule" authModuleState="ACTIVE"
description="U2F auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","expireDevices":40}'/>
<AuthModule id="DefaultOAuth20AuthModule" description="OAuth20 auth module"
authModuleOrder="0"
@@ -92,9 +92,9 @@ under the License.
<!-- Attribute repositories -->
<AttrRepo id="DefaultLDAPAttrRepo" attrRepoState="ACTIVE"
- description="LDAP attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","attributes":{},"useAllQueryAttributes":true,"queryAttributes":{}}'/>
+ description="LDAP attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","useAllQueryAttributes":true,"queryAttributes":{}}'/>
<AttrRepo id="DefaultJDBCAttrRepo" attrRepoState="ACTIVE"
- description="JDBC attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT
* FROM table WHERE
name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"attributes":{},"caseInsensitiveQueryAttributes
[...]
+ description="JDBC attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT
* FROM table WHERE
name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"caseInsensitiveQueryAttributes":[],"queryAttri
[...]
<AttrRepo id="DefaultStubAttrRepo" attrRepoState="ACTIVE"
description="Stub attr repo"
jsonConf='{"_class":"org.apache.syncope.common.lib.attr.StubAttrRepoConf","attributes":{"attr1":"value1"}}'
items='[{"intAttrName":"attr1","extAttrName":"identifier","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/>
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java
index 253723deb5..0d632c9348 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java
@@ -35,9 +35,7 @@ import
org.apache.syncope.core.persistence.api.dao.AnySearchDAO;
import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO;
import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO;
import org.apache.syncope.core.persistence.api.dao.ApplicationDAO;
-import org.apache.syncope.core.persistence.api.dao.AttrRepoDAO;
import org.apache.syncope.core.persistence.api.dao.AuditConfDAO;
-import org.apache.syncope.core.persistence.api.dao.AuthModuleDAO;
import org.apache.syncope.core.persistence.api.dao.ConnInstanceDAO;
import org.apache.syncope.core.persistence.api.dao.DelegationDAO;
import org.apache.syncope.core.persistence.api.dao.DerSchemaDAO;
@@ -1241,11 +1239,8 @@ public class ProvisioningContext {
public WAClientAppDataBinder waClientAppDataBinder(
final ClientAppDataBinder clientAppDataBinder,
final PolicyDataBinder policyDataBinder,
- final AuthModuleDataBinder authModuleDataBinder,
- final AuthModuleDAO authModuleDAO,
- final AttrRepoDAO attrRepoDAO) {
+ final AuthModuleDataBinder authModuleDataBinder) {
- return new WAClientAppDataBinderImpl(
- clientAppDataBinder, policyDataBinder, authModuleDataBinder,
authModuleDAO, attrRepoDAO);
+ return new WAClientAppDataBinderImpl(clientAppDataBinder,
policyDataBinder, authModuleDataBinder);
}
}
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java
index 7012ab1a91..c43678ace8 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java
@@ -18,15 +18,7 @@
*/
package org.apache.syncope.core.provisioning.java.data.wa;
-import org.apache.syncope.common.lib.policy.AttrReleasePolicyConf;
-import org.apache.syncope.common.lib.policy.AuthPolicyConf;
-import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
-import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
import org.apache.syncope.common.lib.wa.WAClientApp;
-import org.apache.syncope.core.persistence.api.dao.AttrRepoDAO;
-import org.apache.syncope.core.persistence.api.dao.AuthModuleDAO;
-import org.apache.syncope.core.persistence.api.entity.am.AttrRepo;
-import org.apache.syncope.core.persistence.api.entity.am.AuthModule;
import org.apache.syncope.core.persistence.api.entity.am.ClientApp;
import org.apache.syncope.core.provisioning.api.data.AuthModuleDataBinder;
import org.apache.syncope.core.provisioning.api.data.ClientAppDataBinder;
@@ -45,22 +37,14 @@ public class WAClientAppDataBinderImpl implements
WAClientAppDataBinder {
protected final AuthModuleDataBinder authModuleDataBinder;
- protected final AuthModuleDAO authModuleDAO;
-
- protected final AttrRepoDAO attrRepoDAO;
-
public WAClientAppDataBinderImpl(
final ClientAppDataBinder clientAppDataBinder,
final PolicyDataBinder policyDataBinder,
- final AuthModuleDataBinder authModuleDataBinder,
- final AuthModuleDAO authModuleDAO,
- final AttrRepoDAO attrRepoDAO) {
+ final AuthModuleDataBinder authModuleDataBinder) {
this.clientAppDataBinder = clientAppDataBinder;
this.policyDataBinder = policyDataBinder;
this.authModuleDataBinder = authModuleDataBinder;
- this.authModuleDAO = authModuleDAO;
- this.attrRepoDAO = attrRepoDAO;
}
@Override
@@ -69,28 +53,11 @@ public class WAClientAppDataBinderImpl implements
WAClientAppDataBinder {
waClientApp.setClientAppTO(clientAppDataBinder.getClientAppTO(clientApp));
try {
- AuthPolicyConf authPolicyConf = null;
if (clientApp.getAuthPolicy() != null) {
- authPolicyConf = clientApp.getAuthPolicy().getConf();
waClientApp.setAuthPolicy(policyDataBinder.getPolicyTO(clientApp.getAuthPolicy()));
} else if (clientApp.getRealm() != null &&
clientApp.getRealm().getAuthPolicy() != null) {
- authPolicyConf =
clientApp.getRealm().getAuthPolicy().getConf();
waClientApp.setAuthPolicy(policyDataBinder.getPolicyTO(clientApp.getRealm().getAuthPolicy()));
}
- if (authPolicyConf instanceof DefaultAuthPolicyConf) {
- ((DefaultAuthPolicyConf)
authPolicyConf).getAuthModules().forEach(key -> {
- AuthModule authModule = authModuleDAO.find(key);
- if (authModule == null) {
- LOG.warn("AuthModule " + authModule + " not found");
- } else {
-
waClientApp.getAuthModules().add(authModuleDataBinder.getAuthModuleTO(authModule));
-
- authModule.getItems().
- forEach(item ->
waClientApp.getReleaseAttrs().put(
- item.getIntAttrName(), item.getExtAttrName()));
- }
- });
- }
if (clientApp.getAccessPolicy() != null) {
waClientApp.setAccessPolicy(policyDataBinder.getPolicyTO(clientApp.getAccessPolicy()));
@@ -98,31 +65,13 @@ public class WAClientAppDataBinderImpl implements
WAClientAppDataBinder {
waClientApp.setAccessPolicy(policyDataBinder.getPolicyTO(clientApp.getRealm().getAccessPolicy()));
}
- AttrReleasePolicyConf attrReleasePolicyConf = null;
if (clientApp.getAttrReleasePolicy() != null) {
- attrReleasePolicyConf =
clientApp.getAttrReleasePolicy().getConf();
waClientApp.setAttrReleasePolicy(
policyDataBinder.getPolicyTO(clientApp.getAttrReleasePolicy()));
} else if (clientApp.getRealm() != null &&
clientApp.getRealm().getAttrReleasePolicy() != null) {
- attrReleasePolicyConf =
clientApp.getRealm().getAttrReleasePolicy().getConf();
waClientApp.setAttrReleasePolicy(
policyDataBinder.getPolicyTO(clientApp.getRealm().getAttrReleasePolicy()));
}
- if (attrReleasePolicyConf instanceof DefaultAttrReleasePolicyConf
- && ((DefaultAttrReleasePolicyConf)
attrReleasePolicyConf).getPrincipalAttrRepoConf() != null) {
-
- (((DefaultAttrReleasePolicyConf)
attrReleasePolicyConf).getPrincipalAttrRepoConf()).
- getAttrRepos().forEach(key -> {
- AttrRepo attrRepo = attrRepoDAO.find(key);
- if (attrRepo == null) {
- LOG.warn("AttrRepo " + attrRepo + " not
found");
- } else {
- attrRepo.getItems().
- forEach(item ->
waClientApp.getReleaseAttrs().put(
- item.getIntAttrName(),
item.getExtAttrName()));
- }
- });
- }
} catch (Exception e) {
LOG.error("While building the configuration from an application's
policy ", e);
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index d32c8baa49..c2d14891cd 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -943,6 +943,8 @@ public abstract class AbstractITCase {
policy.setStatus(Boolean.TRUE);
DefaultAttrReleasePolicyConf conf = new DefaultAttrReleasePolicyConf();
+ conf.getReleaseAttrs().put("uid", "username");
+ conf.getReleaseAttrs().put("cn", "fullname");
conf.getAllowedAttrs().addAll(List.of("cn", "givenName"));
conf.getIncludeOnlyAttrs().add("cn");
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java
index 0785f8d3cb..58f1f70439 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java
@@ -128,8 +128,6 @@ public class AuthModuleITCase extends AbstractITCase {
conf = new JDBCAuthModuleConf();
JDBCAuthModuleConf.class.cast(conf).setSql("SELECT * FROM
table WHERE name=?");
JDBCAuthModuleConf.class.cast(conf).setFieldPassword("password");
-
JDBCAuthModuleConf.class.cast(conf).getPrincipalAttributeList().addAll(
- List.of("sn", "cn:commonName", "givenName"));
break;
case OIDC:
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
index d2e6760f05..a6da6138c9 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
@@ -304,7 +304,7 @@ public class GroupITCase extends AbstractITCase {
try {
groupService2.update(groupUR);
fail("This should not happen");
- } catch (ForbiddenException e) {
+ } catch (Exception e) {
assertNotNull(e);
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
index 24f801b281..9ef5a4389e 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
@@ -31,8 +31,7 @@ import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
import org.apache.syncope.common.lib.policy.AuthPolicyTO;
-import org.apache.syncope.common.lib.to.AuthModuleTO;
-import org.apache.syncope.common.lib.to.Item;
+import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.to.SAML2SPClientAppTO;
import org.apache.syncope.common.lib.types.ClientAppType;
@@ -113,47 +112,12 @@ public class WAClientAppITCase extends AbstractITCase {
WAClientApp waClientApp =
WA_CLIENT_APP_SERVICE.read(oidcrpto.getClientAppId(), null);
assertNotNull(waClientApp);
- assertTrue(waClientApp.getReleaseAttrs().isEmpty());
-
- // add items to the authentication module
- addItems();
- try {
- waClientApp =
WA_CLIENT_APP_SERVICE.read(oidcrpto.getClientAppId(), null);
- assertNotNull(waClientApp);
- assertFalse(waClientApp.getReleaseAttrs().isEmpty());
- assertEquals("username", waClientApp.getReleaseAttrs().get("uid"));
- assertEquals("fullname", waClientApp.getReleaseAttrs().get("cn"));
- } finally {
- removeItems();
- }
- }
-
- private void addItems() {
- AuthModuleTO authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE);
-
- Item keyMapping = new Item();
- keyMapping.setIntAttrName("uid");
- keyMapping.setExtAttrName("username");
- authModuleTO.getItems().add(keyMapping);
-
- Item fullnameMapping = new Item();
- fullnameMapping.setIntAttrName("cn");
- fullnameMapping.setExtAttrName("fullname");
- authModuleTO.getItems().add(fullnameMapping);
-
- AUTH_MODULE_SERVICE.update(authModuleTO);
-
- authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE);
- assertFalse(authModuleTO.getItems().isEmpty());
- }
-
- private void removeItems() {
- AuthModuleTO authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE);
- authModuleTO.getItems().clear();
-
- AUTH_MODULE_SERVICE.update(authModuleTO);
+ assertTrue(waClientApp.getAttrReleasePolicy().getConf() instanceof
DefaultAttrReleasePolicyConf);
- authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE);
- assertTrue(authModuleTO.getItems().isEmpty());
+ DefaultAttrReleasePolicyConf attrReleasePolicyConf =
+ (DefaultAttrReleasePolicyConf)
waClientApp.getAttrReleasePolicy().getConf();
+ assertFalse(attrReleasePolicyConf.getReleaseAttrs().isEmpty());
+ assertEquals("username",
attrReleasePolicyConf.getReleaseAttrs().get("uid"));
+ assertEquals("fullname",
attrReleasePolicyConf.getReleaseAttrs().get("cn"));
}
}
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index 3959370575..b596f3c9c7 100644
--- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import org.apache.commons.lang3.tuple.Triple;
+import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.http.Consts;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
@@ -109,6 +110,8 @@ public abstract class AbstractITCase {
await().atMost(50, TimeUnit.SECONDS).pollInterval(1,
TimeUnit.SECONDS).until(() -> {
boolean refreshed = false;
try {
+ WebClient.create(WA_ADDRESS + "/idp/metadata").get();
+
samlIdPEntityService.get(SAML2IdPEntityService.DEFAULT_OWNER);
refreshed = true;
} catch (Exception e) {
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
index 51758a9b5b..f4eec00fe4 100644
---
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
+++
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
@@ -46,7 +46,9 @@ import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.util.EntityUtils;
+import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
import org.apache.syncope.common.lib.policy.AuthPolicyTO;
+import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
import org.apache.syncope.common.lib.to.SRARouteTO;
import org.apache.syncope.common.lib.types.PolicyType;
@@ -238,6 +240,37 @@ public abstract class AbstractSRAITCase extends
AbstractITCase {
});
}
+ protected static AttrReleasePolicyTO getAttrReleasePolicy() {
+ String description = "SRA attr release policy";
+
+ return POLICY_SERVICE.list(PolicyType.ATTR_RELEASE).stream().
+ map(AttrReleasePolicyTO.class::cast).
+ filter(policy -> description.equals(policy.getName())
+ && policy.getConf() instanceof DefaultAttrReleasePolicyConf).
+ findFirst().
+ orElseGet(() -> {
+ DefaultAttrReleasePolicyConf policyConf = new
DefaultAttrReleasePolicyConf();
+ policyConf.getAllowedAttrs().add("family_name");
+ policyConf.getAllowedAttrs().add("name");
+ policyConf.getAllowedAttrs().add("given_name");
+ policyConf.getAllowedAttrs().add("email");
+ policyConf.getAllowedAttrs().add("groups");
+
+ AttrReleasePolicyTO policy = new AttrReleasePolicyTO();
+ policy.setName(description);
+ policy.setConf(policyConf);
+
+ Response response =
POLICY_SERVICE.create(PolicyType.ATTR_RELEASE, policy);
+ if (response.getStatusInfo().getStatusCode() !=
Response.Status.CREATED.getStatusCode()) {
+ fail("Could not create Test Attr Release Policy");
+ }
+
+ return POLICY_SERVICE.read(
+ PolicyType.ATTR_RELEASE,
+
response.getHeaderString(RESTHeaders.RESOURCE_KEY));
+ });
+ }
+
protected static ObjectNode checkGetResponse(
final CloseableHttpResponse response, final String
originalRequestURI) throws IOException {
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
index 5cb2c39e49..4203b0a5e0 100644
---
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
+++
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
@@ -113,9 +113,10 @@ public class OIDCSRAITCase extends AbstractSRAITCase {
clientApp.setSubjectType(OIDCSubjectType.PUBLIC);
clientApp.getRedirectUris().clear();
clientApp.getRedirectUris().add(SRA_ADDRESS + "/login/oauth2/code/" +
sraRegistrationId);
- clientApp.setAuthPolicy(getAuthPolicy().getKey());
clientApp.setSignIdToken(true);
clientApp.setLogoutUri(SRA_ADDRESS + "/logout");
+ clientApp.setAuthPolicy(getAuthPolicy().getKey());
+ clientApp.setAttrReleasePolicy(getAttrReleasePolicy().getKey());
CLIENT_APP_SERVICE.update(ClientAppType.OIDCRP, clientApp);
CLIENT_APP_SERVICE.pushToWA();
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java
index 4d1db40dea..bdbf909069 100644
---
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java
+++
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java
@@ -83,6 +83,11 @@ public abstract class AbstractUIITCase extends
AbstractITCase {
orElseGet(() -> {
DefaultAttrReleasePolicyConf policyConf = new
DefaultAttrReleasePolicyConf();
policyConf.getPrincipalAttrRepoConf().getAttrRepos().add(stubAttrRepo);
+ policyConf.getReleaseAttrs().put("attr1", "identifier");
+ policyConf.getReleaseAttrs().put("firstname", "givenName");
+ policyConf.getReleaseAttrs().put("surname", "sn");
+ policyConf.getReleaseAttrs().put("fullname", "cn");
+ policyConf.getReleaseAttrs().put("email", "mail");
AttrReleasePolicyTO policy = new AttrReleasePolicyTO();
policy.setName(description);
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java
index dc2217e73a..2e10162a17 100644
---
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java
+++
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java
@@ -262,6 +262,10 @@ public class SAML2SP4UIITCase extends AbstractUIITCase {
}
}
+ if (location.startsWith("http://localhost:8080/syncope-wa";)) {
+ location = WA_ADDRESS + StringUtils.substringAfter(location,
"http://localhost:8080/syncope-wa";);
+ }
+
get = new HttpGet(location);
get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
diff --git a/pom.xml b/pom.xml
index 71d729e5ee..1644372351 100644
--- a/pom.xml
+++ b/pom.xml
@@ -413,7 +413,7 @@ under the License.
<cxf.version>3.5.5</cxf.version>
<bouncycastle.version>1.70</bouncycastle.version>
- <nimbus-jose-jwt.version>9.30.1</nimbus-jose-jwt.version>
+ <nimbus-jose-jwt.version>9.31</nimbus-jose-jwt.version>
<spring-boot.version>2.7.9</spring-boot.version>
<spring-cloud-gateway.version>3.1.5</spring-cloud-gateway.version>
@@ -443,7 +443,7 @@ under the License.
<pac4j.version>5.5.0</pac4j.version>
- <cas.version>6.6.6</cas.version>
+ <cas.version>6.6.7-SNAPSHOT</cas.version>
<cas-client.version>3.6.4</cas-client.version>
<h2.version>2.1.214</h2.version>
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java
index e42ee01dba..28e0e239ea 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java
@@ -19,6 +19,7 @@
package org.apache.syncope.wa.bootstrap;
import java.util.Map;
+import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.attr.AttrRepoConf;
@@ -27,6 +28,7 @@ import org.apache.syncope.common.lib.attr.LDAPAttrRepoConf;
import org.apache.syncope.common.lib.attr.StubAttrRepoConf;
import org.apache.syncope.common.lib.attr.SyncopeAttrRepoConf;
import org.apache.syncope.common.lib.to.AttrRepoTO;
+import org.apache.syncope.common.lib.to.Item;
import org.apereo.cas.configuration.CasCoreConfigurationUtils;
import
org.apereo.cas.configuration.model.core.authentication.AttributeRepositoryStates;
import
org.apereo.cas.configuration.model.core.authentication.StubPrincipalAttributesProperties;
@@ -59,9 +61,10 @@ public class AttrRepoPropertySourceMapper extends
PropertySourceMapper implement
props.setId(attrRepoTO.getKey());
props.setState(AttributeRepositoryStates.valueOf(attrRepoTO.getState().name()));
props.setOrder(attrRepoTO.getOrder());
- props.setAttributes(conf.getAttributes());
props.setUseAllQueryAttributes(conf.isUseAllQueryAttributes());
props.setQueryAttributes(conf.getQueryAttributes());
+ props.setAttributes(attrRepoTO.getItems().stream().
+ collect(Collectors.toMap(Item::getIntAttrName,
Item::getExtAttrName)));
fill(props, conf);
return prefix("cas.authn.attribute-repository.ldap[].",
CasCoreConfigurationUtils.asMap(props));
@@ -80,9 +83,10 @@ public class AttrRepoPropertySourceMapper extends
PropertySourceMapper implement
props.setQueryType(conf.getQueryType().name());
props.setColumnMappings(conf.getColumnMappings());
props.setUsername(conf.getUsername());
- props.setAttributes(conf.getAttributes());
props.setCaseInsensitiveQueryAttributes(conf.getCaseInsensitiveQueryAttributes());
props.setQueryAttributes(conf.getQueryAttributes());
+ props.setAttributes(attrRepoTO.getItems().stream().
+ collect(Collectors.toMap(Item::getIntAttrName,
Item::getExtAttrName)));
fill(props, conf);
return prefix("cas.authn.attribute-repository.jdbc[].",
CasCoreConfigurationUtils.asMap(props));
@@ -106,6 +110,8 @@ public class AttrRepoPropertySourceMapper extends
PropertySourceMapper implement
props.setBasicAuthUsername(conf.getBasicAuthUsername());
props.setBasicAuthPassword(conf.getBasicAuthPassword());
props.setHeaders(props.getHeaders());
+ props.setAttributeMappings(attrRepoTO.getItems().
+ stream().collect(Collectors.toMap(Item::getIntAttrName,
Item::getExtAttrName)));
return prefix("cas.authn.attribute-repository.syncope.",
CasCoreConfigurationUtils.asMap(props));
}
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
index 395a5d08bd..3b124dd4a9 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
@@ -38,6 +38,7 @@ import
org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
import org.apache.syncope.common.lib.to.AuthModuleTO;
+import org.apache.syncope.common.lib.to.Item;
import org.apache.syncope.common.lib.types.AuthModuleState;
import org.apereo.cas.configuration.CasCoreConfigurationUtils;
import
org.apereo.cas.configuration.model.core.authentication.AuthenticationHandlerStates;
@@ -91,7 +92,8 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.AUTHENTICATED);
}
props.setPrincipalAttributeId(conf.getUserIdAttribute());
- props.setPrincipalAttributeList(conf.getPrincipalAttributeList());
+ props.setPrincipalAttributeList(authModuleTO.getItems().stream().
+ map(item -> item.getIntAttrName() + ":" +
item.getExtAttrName()).collect(Collectors.toList()));
fill(props, conf);
return prefix("cas.authn.ldap[].",
CasCoreConfigurationUtils.asMap(props));
@@ -107,7 +109,8 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setFieldDisabled(conf.getFieldDisabled());
props.setFieldExpired(conf.getFieldExpired());
props.setFieldPassword(conf.getFieldPassword());
- props.setPrincipalAttributeList(conf.getPrincipalAttributeList());
+ props.setPrincipalAttributeList(authModuleTO.getItems().stream().
+ map(item -> item.getIntAttrName() + ":" +
item.getExtAttrName()).collect(Collectors.toList()));
fill(props, conf);
return prefix("cas.authn.jdbc.query[].",
CasCoreConfigurationUtils.asMap(props));
@@ -167,7 +170,9 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setScope(conf.getScope());
props.setPrincipalAttributeId(conf.getUserIdAttribute());
props.setWithState(conf.isWithState());
-
+ props.setProfileAttrs(authModuleTO.getItems().stream().
+ collect(Collectors.toMap(Item::getIntAttrName,
Item::getExtAttrName)));
+
return prefix("cas.authn.pac4j.oauth2[].",
CasCoreConfigurationUtils.asMap(props));
}
@@ -215,6 +220,8 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setDomain(conf.getDomain());
props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(),
"/rest"));
+ props.setAttributeMappings(authModuleTO.getItems().stream().
+ collect(Collectors.toMap(Item::getIntAttrName,
Item::getExtAttrName)));
return prefix("cas.authn.syncope.",
CasCoreConfigurationUtils.asMap(props));
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java
index 8517c46c5e..8a63943fac 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java
@@ -18,12 +18,11 @@
*/
package org.apache.syncope.wa.starter.mapping;
-import java.util.Map;
import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
@FunctionalInterface
public interface AttrReleaseMapper {
- RegisteredServiceAttributeReleasePolicy build(AttrReleasePolicyTO policy,
Map<String, Object> releaseAttrs);
+ RegisteredServiceAttributeReleasePolicy build(AttrReleasePolicyTO policy);
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java
index 0a8334cbf9..ecca60f82c 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java
@@ -19,7 +19,6 @@
package org.apache.syncope.wa.starter.mapping;
import java.util.HashSet;
-import java.util.Map;
import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
import
org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository;
@@ -39,15 +38,13 @@ import org.apereo.cas.util.model.TriStateBoolean;
public class DefaultAttrReleaseMapper implements AttrReleaseMapper {
@Override
- public RegisteredServiceAttributeReleasePolicy build(
- final AttrReleasePolicyTO policy, final Map<String, Object>
releaseAttrs) {
-
+ public RegisteredServiceAttributeReleasePolicy build(final
AttrReleasePolicyTO policy) {
DefaultAttrReleasePolicyConf conf = (DefaultAttrReleasePolicyConf)
policy.getConf();
ReturnMappedAttributeReleasePolicy returnMapped = null;
- if (!releaseAttrs.isEmpty()) {
+ if (!conf.getReleaseAttrs().isEmpty()) {
returnMapped = new ReturnMappedAttributeReleasePolicy();
- returnMapped.setAllowedAttributes(releaseAttrs);
+ returnMapped.setAllowedAttributes(conf.getReleaseAttrs());
}
ReturnAllowedAttributeReleasePolicy returnAllowed = null;
@@ -68,9 +65,7 @@ public class DefaultAttrReleaseMapper implements
AttrReleaseMapper {
DefaultRegisteredServiceConsentPolicy consentPolicy = new
DefaultRegisteredServiceConsentPolicy(
new HashSet<>(conf.getExcludedAttrs()), new
HashSet<>(conf.getIncludeOnlyAttrs()));
consentPolicy.setOrder(policy.getOrder());
- consentPolicy.setStatus(policy.getStatus() == null
- ? TriStateBoolean.UNDEFINED
- : TriStateBoolean.fromBoolean(policy.getStatus()));
+
consentPolicy.setStatus(TriStateBoolean.fromBoolean(policy.getStatus()));
attributeReleasePolicy.setConsentPolicy(consentPolicy);
if (conf.getPrincipalIdAttr() != null) {
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index 913999d849..290e9762c5 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -34,6 +34,7 @@ import
org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy;
+import org.apereo.cas.services.BaseMappedAttributeReleasePolicy;
import org.apereo.cas.services.ChainingAttributeReleasePolicy;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredService;
@@ -41,6 +42,7 @@ import
org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
+import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.springframework.context.ConfigurableApplicationContext;
@ClientAppMapFor(clientAppClass = OIDCRPClientAppTO.class)
@@ -91,12 +93,25 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
}
chain.addPolicies(new OidcProfileScopeAttributeReleasePolicy(),
- new OidcEmailScopeAttributeReleasePolicy(),
- new OidcAddressScopeAttributeReleasePolicy(),
- new OidcPhoneScopeAttributeReleasePolicy());
+ new OidcEmailScopeAttributeReleasePolicy(),
+ new OidcAddressScopeAttributeReleasePolicy(),
+ new OidcPhoneScopeAttributeReleasePolicy());
- Set<String> customClaims =
clientApp.getReleaseAttrs().values().stream().
-
map(Objects::toString).collect(Collectors.toCollection(HashSet::new));
+ Set<String> customClaims = new HashSet<>();
+ if (attributeReleasePolicy instanceof
BaseMappedAttributeReleasePolicy) {
+ customClaims.addAll(((BaseMappedAttributeReleasePolicy)
attributeReleasePolicy).
+ getAllowedAttributes().values().stream().
+ map(Objects::toString).collect(Collectors.toSet()));
+ } else if (attributeReleasePolicy instanceof
ReturnAllowedAttributeReleasePolicy) {
+ customClaims.addAll(((ReturnAllowedAttributeReleasePolicy)
attributeReleasePolicy).
+
getAllowedAttributes().stream().collect(Collectors.toSet()));
+ } else if (attributeReleasePolicy instanceof
ChainingAttributeReleasePolicy) {
+ ((ChainingAttributeReleasePolicy)
attributeReleasePolicy).getPolicies().stream().
+
filter(ReturnAllowedAttributeReleasePolicy.class::isInstance).
+
findFirst().map(ReturnAllowedAttributeReleasePolicy.class::cast).
+ map(p ->
p.getAllowedAttributes().stream().collect(Collectors.toSet())).
+ ifPresent(customClaims::addAll);
+ }
customClaims.removeAll(OidcProfileScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
customClaims.removeAll(OidcEmailScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
customClaims.removeAll(OidcAddressScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java
index 954d7c8fc5..b8000e536f 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java
@@ -125,7 +125,7 @@ public class RegisteredServiceMapper {
attrReleasePolicyTO.getConf().getClass().getName());
RegisteredServiceAttributeReleasePolicy attributeReleasePolicy =
Optional.ofNullable(attrReleasePolicyConfMapper).
- map(mapper -> mapper.build(attrReleasePolicyTO,
clientApp.getReleaseAttrs())).
+ map(mapper -> mapper.build(attrReleasePolicyTO)).
orElse(null);
return clientAppMapper.map(ctx, clientApp, authPolicy, mfaPolicy,
accessStrategy, attributeReleasePolicy);
diff --git
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
index 9e94aa2a10..d4733ed0af 100644
---
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
+++
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java
@@ -53,7 +53,6 @@ import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
-import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.RandomUtils;
@@ -95,7 +94,6 @@ public class WAServiceRegistryTest extends AbstractTest {
private static void addPolicies(
final WAClientApp waClientApp,
- final boolean withReleaseAttributes,
final boolean withAttrReleasePolicy) {
DefaultAuthPolicyConf authPolicyConf = new DefaultAuthPolicyConf();
@@ -106,10 +104,6 @@ public class WAServiceRegistryTest extends AbstractTest {
waClientApp.setAuthPolicy(authPolicy);
- if (withReleaseAttributes) {
- waClientApp.getReleaseAttrs().putAll(Map.of("uid", "username",
"cn", "fullname"));
- }
-
AccessPolicyTO accessPolicy = new AccessPolicyTO();
DefaultAccessPolicyConf accessPolicyConf = new
DefaultAccessPolicyConf();
accessPolicyConf.setEnabled(true);
@@ -121,6 +115,7 @@ public class WAServiceRegistryTest extends AbstractTest {
DefaultAttrReleasePolicyConf attrReleasePolicyConf = new
DefaultAttrReleasePolicyConf();
attrReleasePolicyConf.getAllowedAttrs().add("cn");
attrReleasePolicyConf.getPrincipalAttrRepoConf().getAttrRepos().add("TestAttrRepo");
+ attrReleasePolicyConf.getReleaseAttrs().putAll(Map.of("uid",
"username", "cn", "fullname"));
AttrReleasePolicyTO attrReleasePolicy = new AttrReleasePolicyTO();
attrReleasePolicy.setConf(attrReleasePolicyConf);
@@ -155,7 +150,7 @@ public class WAServiceRegistryTest extends AbstractTest {
WAClientApp waClientApp = new WAClientApp();
waClientApp.setClientAppTO(buildOIDCRP());
Long clientAppId = waClientApp.getClientAppTO().getClientAppId();
- addPolicies(waClientApp, false, false);
+ addPolicies(waClientApp, false);
SyncopeCoreTestingServer.CLIENT_APPS.add(waClientApp);
List<WAClientApp> apps = service.list();
@@ -185,7 +180,7 @@ public class WAServiceRegistryTest extends AbstractTest {
waClientApp = new WAClientApp();
waClientApp.setClientAppTO(buildSAML2SP());
clientAppId = waClientApp.getClientAppTO().getClientAppId();
- addPolicies(waClientApp, false, true);
+ addPolicies(waClientApp, true);
SyncopeCoreTestingServer.CLIENT_APPS.add(waClientApp);
apps = service.list();
@@ -202,12 +197,12 @@ public class WAServiceRegistryTest extends AbstractTest {
assertEquals(samlspto.getEntityId(), saml.getServiceId());
assertTrue(saml.getAuthenticationPolicy().getRequiredAuthenticationHandlers().contains("TestAuthModule"));
assertNotNull(found.getAccessStrategy());
- assertTrue(saml.getAttributeReleasePolicy() instanceof
ReturnAllowedAttributeReleasePolicy);
+ assertTrue(saml.getAttributeReleasePolicy() instanceof
ChainingAttributeReleasePolicy);
waClientApp = new WAClientApp();
waClientApp.setClientAppTO(buildSAML2SP());
clientAppId = waClientApp.getClientAppTO().getClientAppId();
- addPolicies(waClientApp, false, false);
+ addPolicies(waClientApp, false);
SyncopeCoreTestingServer.CLIENT_APPS.add(waClientApp);
apps = service.list();
@@ -246,7 +241,7 @@ public class WAServiceRegistryTest extends AbstractTest {
waClientApp.setClientAppTO(buildOIDCRP());
waClientApp.getAuthModules().add(0, authModuleTO);
Long clientAppId = waClientApp.getClientAppTO().getClientAppId();
- addPolicies(waClientApp, false, false);
+ addPolicies(waClientApp, false);
DefaultAuthPolicyConf authPolicyConf = (DefaultAuthPolicyConf)
waClientApp.getAuthPolicy().getConf();
authPolicyConf.getAuthModules().clear();
authPolicyConf.getAuthModules().add(authModuleTO.getKey());
