This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 3_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push: new e2e12a9282 [SYNCOPE-1737] Managing releaseAttrs via DefaultAttrReleasePolicyConf (#418) e2e12a9282 is described below commit e2e12a9282a22bca1899335e65832561699223aa Author: Francesco Chicchiriccò <ilgro...@users.noreply.github.com> AuthorDate: Fri Mar 3 13:59:19 2023 +0100 [SYNCOPE-1737] Managing releaseAttrs via DefaultAttrReleasePolicyConf (#418) --- .../policies/AccessPolicyAttrsDirectoryPanel.java | 142 --------------------- .../policies/AccessPolicyAttrsWizardBuilder.java | 61 --------- .../console/policies/AccessPolicyModalPanel.java | 1 - .../policies/AttrReleasePolicyModalPanel.java | 5 + .../policies/AttrReleasePolicyModalPanel.html | 3 + .../console/commons/ConnectorDataProvider.java | 5 +- .../console/commons/ResourceDataProvider.java | 11 +- .../markup/html/form/AjaxGridFieldPanel.java | 14 +- .../client/console/panels/ListViewPanel.java | 10 +- .../policies/PolicyDirectoryPanel.properties | 1 + .../policies/PolicyDirectoryPanel_fr_CA.properties | 1 + .../policies/PolicyDirectoryPanel_it.properties | 1 + .../policies/PolicyDirectoryPanel_ja.properties | 1 + .../policies/PolicyDirectoryPanel_pt_BR.properties | 1 + .../policies/PolicyDirectoryPanel_ru.properties | 1 + .../syncope/common/lib/attr/JDBCAttrRepoConf.java | 14 -- .../syncope/common/lib/attr/LDAPAttrRepoConf.java | 14 -- .../common/lib/auth/JDBCAuthModuleConf.java | 11 -- .../common/lib/auth/LDAPAuthModuleConf.java | 11 -- .../common/lib/policy/AttrReleasePolicyTO.java | 4 +- .../lib/policy/DefaultAttrReleasePolicyConf.java | 8 ++ .../apache/syncope/common/lib/wa/WAClientApp.java | 8 -- .../api/entity/policy/AttrReleasePolicy.java | 2 +- .../src/test/resources/domains/MasterContent.xml | 14 +- .../jpa/entity/policy/JPAAttrReleasePolicy.java | 4 +- .../core/persistence/jpa/inner/AuthModuleTest.java | 1 - .../src/test/resources/domains/MasterContent.xml | 14 +- .../provisioning/java/ProvisioningContext.java | 9 +- .../java/data/wa/WAClientAppDataBinderImpl.java | 53 +------- .../org/apache/syncope/fit/AbstractITCase.java | 2 + .../apache/syncope/fit/core/AuthModuleITCase.java | 2 - .../org/apache/syncope/fit/core/GroupITCase.java | 2 +- .../syncope/fit/core/wa/WAClientAppITCase.java | 50 +------- .../org/apache/syncope/fit/AbstractITCase.java | 3 + .../apache/syncope/fit/sra/AbstractSRAITCase.java | 33 +++++ .../org/apache/syncope/fit/sra/OIDCSRAITCase.java | 3 +- .../apache/syncope/fit/ui/AbstractUIITCase.java | 5 + .../apache/syncope/fit/ui/SAML2SP4UIITCase.java | 4 + pom.xml | 4 +- .../wa/bootstrap/AttrRepoPropertySourceMapper.java | 10 +- .../bootstrap/AuthModulePropertySourceMapper.java | 13 +- .../wa/starter/mapping/AttrReleaseMapper.java | 3 +- .../starter/mapping/DefaultAttrReleaseMapper.java | 13 +- .../starter/mapping/OIDCRPClientAppTOMapper.java | 25 +++- .../starter/mapping/RegisteredServiceMapper.java | 2 +- .../syncope/wa/starter/WAServiceRegistryTest.java | 17 +-- 46 files changed, 170 insertions(+), 446 deletions(-) diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java deleted file mode 100644 index 72a9bf6592..0000000000 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsDirectoryPanel.java +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.client.console.policies; - -import java.util.List; -import org.apache.syncope.client.console.SyncopeConsoleSession; -import org.apache.syncope.client.console.commons.AMConstants; -import org.apache.syncope.client.console.panels.AttrListDirectoryPanel; -import org.apache.syncope.client.console.rest.PolicyRestClient; -import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal; -import org.apache.syncope.client.console.wicket.markup.html.form.ActionLink; -import org.apache.syncope.client.console.wicket.markup.html.form.ActionsPanel; -import org.apache.syncope.client.ui.commons.Constants; -import org.apache.syncope.client.ui.commons.pages.BaseWebPage; -import org.apache.syncope.client.ui.commons.wizards.AjaxWizard; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.SyncopeClientException; -import org.apache.syncope.common.lib.policy.AccessPolicyTO; -import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; -import org.apache.syncope.common.lib.types.IdRepoEntitlement; -import org.apache.syncope.common.lib.types.PolicyType; -import org.apache.wicket.PageReference; -import org.apache.wicket.ajax.AjaxRequestTarget; -import org.apache.wicket.event.IEvent; -import org.apache.wicket.model.IModel; -import org.danekja.java.util.function.serializable.SerializableFunction; - -public class AccessPolicyAttrsDirectoryPanel extends AttrListDirectoryPanel { - - private static final long serialVersionUID = 33604877627114L; - - private final BaseModal<AccessPolicyTO> wizardModal; - - private final IModel<AccessPolicyTO> accessPolicyModel; - - private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor; - - public AccessPolicyAttrsDirectoryPanel( - final String id, - final BaseModal<AccessPolicyTO> wizardModal, - final IModel<AccessPolicyTO> model, - final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor, - final PageReference pageRef) { - - super(id, pageRef, false); - - this.wizardModal = wizardModal; - this.accessPolicyModel = model; - this.attrsAccessor = attrsAccessor; - - setOutputMarkupId(true); - - enableUtilityButton(); - setFooterVisibility(false); - - addNewItemPanelBuilder( - new AccessPolicyAttrsWizardBuilder(model.getObject(), attrsAccessor, new Attr(), pageRef), true); - - initResultTable(); - } - - @Override - protected ActionsPanel<Attr> getActions(final IModel<Attr> model) { - ActionsPanel<Attr> panel = super.getActions(model); - - panel.add(new ActionLink<>() { - - private static final long serialVersionUID = -3722207913631435501L; - - @Override - public void onClick(final AjaxRequestTarget target, final Attr ignore) { - try { - attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicyModel.getObject().getConf()). - remove(model.getObject()); - PolicyRestClient.update(PolicyType.ACCESS, accessPolicyModel.getObject()); - - SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED)); - target.add(container); - } catch (SyncopeClientException e) { - LOG.error("While updating {}", accessPolicyModel.getObject().getKey(), e); - SyncopeConsoleSession.get().onException(e); - } - ((BaseWebPage) pageRef.getPage()).getNotificationPanel().refresh(target); - } - }, ActionLink.ActionType.DELETE, IdRepoEntitlement.POLICY_UPDATE, true); - - return panel; - } - - @Override - public void onEvent(final IEvent<?> event) { - if (event.getPayload() instanceof ExitEvent) { - AjaxRequestTarget target = ExitEvent.class.cast(event.getPayload()).getTarget(); - wizardModal.close(target); - } else if (event.getPayload() instanceof AjaxWizard.EditItemActionEvent) { - @SuppressWarnings("unchecked") - AjaxWizard.EditItemActionEvent<?> payload = (AjaxWizard.EditItemActionEvent<?>) event.getPayload(); - payload.getTarget().ifPresent(actionTogglePanel::close); - } - super.onEvent(event); - } - - @Override - protected AttrListProvider dataProvider() { - return new AccessPolicyAttrsProvider(rows); - } - - @Override - protected String paginatorRowsKey() { - return AMConstants.PREF_ACCESS_POLICY_CONF_ATTRS_PAGINATOR_ROWS; - } - - protected final class AccessPolicyAttrsProvider extends AttrListProvider { - - private static final long serialVersionUID = -185944053385660794L; - - private AccessPolicyAttrsProvider(final int paginatorRows) { - super(paginatorRows); - } - - @Override - protected List<Attr> list() { - return attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicyModel.getObject().getConf()); - } - } -} diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java deleted file mode 100644 index a9029e9008..0000000000 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyAttrsWizardBuilder.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.client.console.policies; - -import java.io.Serializable; -import java.util.List; -import org.apache.syncope.client.console.rest.PolicyRestClient; -import org.apache.syncope.client.console.wizards.AttrWizardBuilder; -import org.apache.syncope.common.lib.Attr; -import org.apache.syncope.common.lib.policy.AccessPolicyTO; -import org.apache.syncope.common.lib.policy.DefaultAccessPolicyConf; -import org.apache.syncope.common.lib.types.PolicyType; -import org.apache.wicket.PageReference; -import org.danekja.java.util.function.serializable.SerializableFunction; - -public class AccessPolicyAttrsWizardBuilder extends AttrWizardBuilder { - - private static final long serialVersionUID = 33625775269155L; - - private final AccessPolicyTO accessPolicy; - - private final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor; - - public AccessPolicyAttrsWizardBuilder( - final AccessPolicyTO accessPolicy, - final SerializableFunction<DefaultAccessPolicyConf, List<Attr>> attrsAccessor, - final Attr attr, - final PageReference pageRef) { - - super(attr, pageRef); - this.accessPolicy = accessPolicy; - this.attrsAccessor = attrsAccessor; - } - - @Override - protected Serializable onApplyInternal(final Attr modelObject) { - attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicy.getConf()). - removeIf(p -> modelObject.getSchema().equals(p.getSchema())); - attrsAccessor.apply((DefaultAccessPolicyConf) accessPolicy.getConf()).add(modelObject); - - PolicyRestClient.update(PolicyType.ACCESS, accessPolicy); - - return null; - } -} diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java index f64256fe00..abb8ec28f5 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AccessPolicyModalPanel.java @@ -38,7 +38,6 @@ public class AccessPolicyModalPanel extends AbstractModalPanel<AccessPolicyTO> { private final IModel<AccessPolicyTO> model; - @SuppressWarnings({ "unchecked", "rawtypes" }) public AccessPolicyModalPanel( final BaseModal<AccessPolicyTO> modal, final IModel<AccessPolicyTO> model, diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java index fd02a70995..a3a7ae2ebe 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.java @@ -30,6 +30,7 @@ import org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel import org.apache.syncope.client.ui.commons.Constants; import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel; import org.apache.syncope.client.ui.commons.markup.html.form.AjaxDropDownChoicePanel; +import org.apache.syncope.client.ui.commons.markup.html.form.AjaxGridFieldPanel; import org.apache.syncope.client.ui.commons.markup.html.form.AjaxPalettePanel; import org.apache.syncope.client.ui.commons.markup.html.form.AjaxSpinnerFieldPanel; import org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel; @@ -69,6 +70,10 @@ public class AttrReleasePolicyModalPanel extends AbstractModalPanel<AttrReleaseP super(modal, pageRef); this.model = model; + add(new AjaxGridFieldPanel<>( + "releaseAttrs", "releaseAttrs", + new PropertyModel<>(model.getObject().getConf(), "releaseAttrs"))); + AjaxTextFieldPanel allowedAttr = new AjaxTextFieldPanel("panel", "allowedAttrs", new Model<>()); add(new MultiFieldPanel.Builder<String>( new PropertyModel<>(model.getObject().getConf(), "allowedAttrs")).build( diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html index aa0da3f6f6..38daa422e4 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AttrReleasePolicyModalPanel.html @@ -18,6 +18,9 @@ under the License. --> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:wicket="http://wicket.apache.org"> <wicket:extend> + <div class="form-group"> + <span wicket:id="releaseAttrs"/> + </div> <div class="form-group"> <span wicket:id="allowedAttrs"/> </div> diff --git a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java index 8d7f7cb388..c175b20213 100644 --- a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java +++ b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ConnectorDataProvider.java @@ -23,7 +23,6 @@ import java.util.Collections; import java.util.Comparator; import java.util.Iterator; import java.util.List; -import java.util.Optional; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.client.console.SyncopeConsoleSession; @@ -85,8 +84,8 @@ public class ConnectorDataProvider extends DirectoryDataProvider<Serializable> { LOG.error("While searching", e); SyncopeConsoleSession.get().onException(e); - Optional<AjaxRequestTarget> target = RequestCycle.get().find(AjaxRequestTarget.class); - target.ifPresent(t -> ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(t)); + RequestCycle.get().find(AjaxRequestTarget.class). + ifPresent(t -> ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(t)); } SortParam<String> sortParam = getSort(); diff --git a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java index b19c8c1173..bd59e2b2c8 100644 --- a/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java +++ b/client/idm/console/src/main/java/org/apache/syncope/client/console/commons/ResourceDataProvider.java @@ -19,11 +19,9 @@ package org.apache.syncope.client.console.commons; import java.io.Serializable; -import java.util.Collections; import java.util.Comparator; import java.util.Iterator; import java.util.List; -import java.util.Optional; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.client.console.SyncopeConsoleSession; @@ -67,7 +65,7 @@ public class ResourceDataProvider extends DirectoryDataProvider<Serializable> { @Override public Iterator<ResourceTO> iterator(final long first, final long count) { - List<ResourceTO> result = Collections.emptyList(); + List<ResourceTO> result = List.of(); try { currentPage = ((int) first / paginatorRows); @@ -85,9 +83,8 @@ public class ResourceDataProvider extends DirectoryDataProvider<Serializable> { LOG.error("While searching", e); SyncopeConsoleSession.get().onException(e); - Optional<AjaxRequestTarget> target = RequestCycle.get().find(AjaxRequestTarget.class); - target.ifPresent(ajaxRequestTarget - -> ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(ajaxRequestTarget)); + RequestCycle.get().find(AjaxRequestTarget.class). + ifPresent(t -> ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(t)); } SortParam<String> sortParam = getSort(); @@ -137,7 +134,7 @@ public class ResourceDataProvider extends DirectoryDataProvider<Serializable> { SyncopeConsoleSession.get().onException(e); RequestCycle.get().find(AjaxRequestTarget.class). - ifPresent(target -> ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target)); + ifPresent(t -> ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(t)); } return result; diff --git a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java index fbf9ecf12a..2d62d4c347 100644 --- a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java +++ b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxGridFieldPanel.java @@ -37,7 +37,7 @@ import org.wicketstuff.egrid.provider.EditableListDataProvider; public class AjaxGridFieldPanel<K, V, S> extends Panel { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 7589570522964677729L; public AjaxGridFieldPanel(final String id, final String name, final IModel<Map<K, V>> model) { super(id, model); @@ -45,13 +45,13 @@ public class AjaxGridFieldPanel<K, V, S> extends Panel { add(new Label(AbstractFieldPanel.LABEL, new ResourceModel(name, name))); add(new AjaxGrid<>( - "grid", - getColumns(), - new EditableListDataProvider<>(model.getObject().entrySet().stream(). - map(entry -> MutablePair.of(entry.getKey(), entry.getValue())). - collect(Collectors.toList())), 10) { + "grid", + getColumns(), + new EditableListDataProvider<>(model.getObject().entrySet().stream(). + map(entry -> MutablePair.of(entry.getKey(), entry.getValue())). + collect(Collectors.toList())), 10) { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = -1315456128897492459L; @Override protected boolean displayHeader() { diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java index db77482b24..c44531d1c4 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/ListViewPanel.java @@ -250,14 +250,12 @@ public abstract class ListViewPanel<T extends Serializable> extends WizardMgtPan // used to perform selectable enabling check condition this.check.setObject(check); - Optional<AjaxRequestTarget> target = RequestCycle.get().find(AjaxRequestTarget.class); - if (target.isPresent()) { + RequestCycle.get().find(AjaxRequestTarget.class).ifPresent(t -> { // reload group selector - target.get().add( - groupSelector.setVisible(check == CheckAvailability.AVAILABLE), groupSelector.getMarkupId()); + t.add(groupSelector.setVisible(check == CheckAvailability.AVAILABLE), groupSelector.getMarkupId()); // reload the list view panel - target.get().add(ListViewPanel.this, getMarkupId()); - } + t.add(ListViewPanel.this, getMarkupId()); + }); } protected abstract Component getValueComponent(String key, T bean); diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties index 8db5446b72..0c4e2d0c6c 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties @@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta conf=Configuration accessPolicyConf.title=Access Policy Configuration +releaseAttrs=Attributes to Release diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties index edf43897f9..3775e15689 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties @@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta conf=Configuration accessPolicyConf.title=Access Policy Configuration +releaseAttrs=Attributes to Release diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties index 3f3b8a2c31..05615626b7 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties @@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta conf=Configurazione accessPolicyConf.title=Configurazione Accesso +releaseAttrs=Attributi da Rilasciare diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties index 5ac2d6e170..7e799cd8a9 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties @@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta conf=Configuration accessPolicyConf.title=Access Policy Configuration +releaseAttrs=Attributes to Release diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties index e12adf4376..32740d406a 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties @@ -48,3 +48,4 @@ fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta conf=Configuration accessPolicyConf.title=Access Policy Configuration +releaseAttrs=Attributes to Release diff --git a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties index c8a3c08e24..895e24d1ff 100644 --- a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties +++ b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties @@ -49,3 +49,4 @@ fetchAroundProvisioning=Fetch Around Provisioning updateDelta=Update Delta conf=Configuration accessPolicyConf.title=Access Policy Configuration +releaseAttrs=Attributes to Release diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java index 1c25e5fe51..e99b36a7cf 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/JDBCAttrRepoConf.java @@ -76,16 +76,6 @@ public class JDBCAttrRepoConf extends AbstractJDBCConf implements AttrRepoConf { */ private final List<String> username = new ArrayList<>(0); - /** - * Map of attributes to fetch from the database. - * Attributes are defined using a key-value structure - * where CAS allows the attribute name/key to be renamed virtually - * to a different attribute. The key is the attribute fetched - * from the data source and the value is the attribute name CAS should - * use for virtual renames. - */ - private final Map<String, String> attributes = new HashMap<>(0); - /** * Collection of attributes, used to build the SQL query, that should go through * a case canonicalization process defined as {@code key->value}. @@ -139,10 +129,6 @@ public class JDBCAttrRepoConf extends AbstractJDBCConf implements AttrRepoConf { return username; } - public Map<String, String> getAttributes() { - return attributes; - } - public List<String> getCaseInsensitiveQueryAttributes() { return caseInsensitiveQueryAttributes; } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java index 6819a53b12..d1528a4e51 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/attr/LDAPAttrRepoConf.java @@ -27,16 +27,6 @@ public class LDAPAttrRepoConf extends AbstractLDAPConf implements AttrRepoConf { private static final long serialVersionUID = -471527731042579422L; - /** - * Map of attributes to fetch from the database. - * Attributes are defined using a key-value structure - * where CAS allows the attribute name/key to be renamed virtually - * to a different attribute. The key is the attribute fetched - * from the data source and the value is the attribute name CAS should - * use for virtual renames. - */ - private final Map<String, String> attributes = new HashMap<>(0); - /** * Whether all existing attributes should be passed * down to the query builder map and be used in the construction @@ -59,10 +49,6 @@ public class LDAPAttrRepoConf extends AbstractLDAPConf implements AttrRepoConf { this.useAllQueryAttributes = useAllQueryAttributes; } - public Map<String, String> getAttributes() { - return attributes; - } - public Map<String, String> getQueryAttributes() { return queryAttributes; } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java index 6b2d750b09..628a659fbd 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java @@ -18,8 +18,6 @@ */ package org.apache.syncope.common.lib.auth; -import java.util.ArrayList; -import java.util.List; import java.util.Map; import org.apache.syncope.common.lib.AbstractJDBCConf; import org.apache.syncope.common.lib.to.AuthModuleTO; @@ -43,11 +41,6 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf implements AuthModuleCo */ private String fieldDisabled; - /** - * List of column names to fetch as user attributes. - */ - private final List<String> principalAttributeList = new ArrayList<>(); - public String getFieldPassword() { return fieldPassword; } @@ -72,10 +65,6 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf implements AuthModuleCo this.fieldDisabled = fieldDisabled; } - public List<String> getPrincipalAttributeList() { - return principalAttributeList; - } - @Override public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) { return mapper.map(authModule, this); diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java index a3233d75df..2f131b7c47 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java @@ -18,8 +18,6 @@ */ package org.apache.syncope.common.lib.auth; -import java.util.ArrayList; -import java.util.List; import java.util.Map; import org.apache.syncope.common.lib.AbstractLDAPConf; import org.apache.syncope.common.lib.to.AuthModuleTO; @@ -35,11 +33,6 @@ public class LDAPAuthModuleConf extends AbstractLDAPConf implements AuthModuleCo */ private String userIdAttribute; - /** - * List of attribute names to fetch as user attributes. - */ - private final List<String> principalAttributeList = new ArrayList<>(); - public String getUserIdAttribute() { return userIdAttribute; } @@ -48,10 +41,6 @@ public class LDAPAuthModuleConf extends AbstractLDAPConf implements AuthModuleCo this.userIdAttribute = userIdAttribute; } - public List<String> getPrincipalAttributeList() { - return principalAttributeList; - } - @Override public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) { return mapper.map(authModule, this); diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java index 4d37215fde..35d3765f0a 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/AttrReleasePolicyTO.java @@ -29,7 +29,7 @@ public class AttrReleasePolicyTO extends PolicyTO { private int order; - private Boolean status; + private boolean status = true; private AttrReleasePolicyConf conf; @@ -50,7 +50,7 @@ public class AttrReleasePolicyTO extends PolicyTO { this.order = order; } - public Boolean getStatus() { + public boolean getStatus() { return status; } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java index 0c65f46dbf..6bc299092f 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAttrReleasePolicyConf.java @@ -22,7 +22,9 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import java.io.Serializable; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.concurrent.TimeUnit; public class DefaultAttrReleasePolicyConf implements AttrReleasePolicyConf { @@ -105,6 +107,8 @@ public class DefaultAttrReleasePolicyConf implements AttrReleasePolicyConf { } } + private final Map<String, Object> releaseAttrs = new HashMap<>(); + /** * Specify the list of allowed attribute to release. * Use the special {@code *} to release everything. @@ -119,6 +123,10 @@ public class DefaultAttrReleasePolicyConf implements AttrReleasePolicyConf { private final PrincipalAttrRepoConf principalAttrRepoConf = new PrincipalAttrRepoConf(); + public Map<String, Object> getReleaseAttrs() { + return releaseAttrs; + } + @JacksonXmlElementWrapper(localName = "allowedAttrs") @JacksonXmlProperty(localName = "allowedAttr") public List<String> getAllowedAttrs() { diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java index ab30e9d5a0..a27e7dfa0c 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/wa/WAClientApp.java @@ -21,9 +21,7 @@ package org.apache.syncope.common.lib.wa; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Map; import org.apache.syncope.common.lib.BaseBean; import org.apache.syncope.common.lib.policy.AccessPolicyTO; import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO; @@ -45,8 +43,6 @@ public class WAClientApp implements BaseBean { private AttrReleasePolicyTO attrReleasePolicy; - private final Map<String, Object> releaseAttrs = new HashMap<>(); - public ClientAppTO getClientAppTO() { return clientAppTO; } @@ -84,8 +80,4 @@ public class WAClientApp implements BaseBean { public void setAttrReleasePolicy(final AttrReleasePolicyTO attrReleasePolicy) { this.attrReleasePolicy = attrReleasePolicy; } - - public Map<String, Object> getReleaseAttrs() { - return releaseAttrs; - } } diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java index ce4f635677..46e520c327 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/policy/AttrReleasePolicy.java @@ -26,7 +26,7 @@ public interface AttrReleasePolicy extends Policy { void setOrder(int order); - Boolean getStatus(); + boolean getStatus(); void setStatus(Boolean status); diff --git a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml index d778a528c7..d44dfc76c7 100644 --- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml @@ -58,14 +58,14 @@ under the License. <!-- Attr Release Policies --> <AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy" id="219935c7-deb3-40b3-8a9a-683037e523a2" - jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> + jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> <AttrReleasePolicy arporder="0" name="AllowedAttrReleasePolicy" id="319935c7-deb3-40b3-8a9a-683037e523a2" - jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> + jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> <!-- Authentication modules --> <AuthModule id="DefaultLDAPAuthModule" authModuleState="ACTIVE" - description="LDAP auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn": "${testds.bindDn}", "bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true,"principalAttributeList":["sn","givenName","mail","cn"]}' - items='[{"intAttrName":"mail","extAttrName":"mail","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"givenName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"sn","conn [...] + description="LDAP auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn": "${testds.bindDn}", "bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true}' + items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"firstname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"surname" [...] <AuthModule id="DefaultJDBCAuthModule" authModuleState="ACTIVE" description="JDBC auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT * FROM users_table WHERE name=?", "fieldPassword": "password"}'/> <AuthModule id="DefaultGoogleMfaAuthModule" authModuleState="ACTIVE" @@ -84,7 +84,7 @@ under the License. description="Static auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","users":{"syncope1": "$cynop3"}}'/> <AuthModule id="DefaultSyncopeAuthModule" authModuleState="ACTIVE" description="Syncope auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","domain":"Master"}' - items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt [...] + items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt [...] <AuthModule id="DefaultU2FAuthModule" authModuleState="ACTIVE" description="U2F auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","expireDevices":40}'/> <AuthModule id="DefaultOAuth20AuthModule" description="OAuth20 auth module" authModuleOrder="0" @@ -93,9 +93,9 @@ under the License. <!-- Attribute repositories --> <AttrRepo id="DefaultLDAPAttrRepo" attrRepoState="ACTIVE" - description="LDAP attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","attributes":{},"useAllQueryAttributes":true,"queryAttributes":{}}'/> + description="LDAP attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","useAllQueryAttributes":true,"queryAttributes":{}}'/> <AttrRepo id="DefaultJDBCAttrRepo" attrRepoState="ACTIVE" - description="JDBC attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT * FROM table WHERE name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"attributes":{},"caseInsensitiveQueryAttributes [...] + description="JDBC attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT * FROM table WHERE name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"caseInsensitiveQueryAttributes":[],"queryAttri [...] <AttrRepo id="DefaultStubAttrRepo" attrRepoState="ACTIVE" description="Stub attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.StubAttrRepoConf","attributes":{"attr1":"value1"}}' items='[{"intAttrName":"attr1","extAttrName":"identifier","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/> diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java index 72fbeb9953..de3ccd1492 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/JPAAttrReleasePolicy.java @@ -54,8 +54,8 @@ public class JPAAttrReleasePolicy extends AbstractPolicy implements AttrReleaseP } @Override - public Boolean getStatus() { - return status; + public boolean getStatus() { + return status == null ? true : status; } @Override diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java index 0670556a26..e15996ff0f 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java @@ -217,7 +217,6 @@ public class AuthModuleTest extends AbstractTest { JDBCAuthModuleConf conf = new JDBCAuthModuleConf(); conf.setSql("SELECT * FROM table WHERE name=?"); conf.setFieldPassword("password"); - conf.getPrincipalAttributeList().addAll(List.of("sn", "cn:commonName", "givenName")); saveAuthModule("JDBCAuthModuleTest", conf); } diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml index f804bf8eda..6d56bc1698 100644 --- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml @@ -58,14 +58,14 @@ under the License. <!-- Attr Release Policies --> <AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy" id="219935c7-deb3-40b3-8a9a-683037e523a2" - jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> + jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> <AttrReleasePolicy arporder="0" name="AllowedAttrReleasePolicy" id="319935c7-deb3-40b3-8a9a-683037e523a2" - jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> + jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/> <!-- Authentication modules --> <AuthModule id="DefaultLDAPAuthModule" authModuleState="ACTIVE" - description="LDAP auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn": "${testds.bindDn}", "bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true,"principalAttributeList":["sn","givenName","mail","cn"]}' - items='[{"intAttrName":"mail","extAttrName":"mail","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"givenName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"sn","conn [...] + description="LDAP auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","userIdAttribute":"cn","bindDn": "${testds.bindDn}", "bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true}' + items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"firstname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"surname" [...] <AuthModule id="DefaultJDBCAuthModule" authModuleState="ACTIVE" description="JDBC auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT * FROM users_table WHERE name=?", "fieldPassword": "password"}'/> <AuthModule id="DefaultGoogleMfaAuthModule" authModuleState="ACTIVE" @@ -84,7 +84,7 @@ under the License. description="Static auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","users":{"syncope1": "$cynop3"}}'/> <AuthModule id="DefaultSyncopeAuthModule" authModuleState="ACTIVE" description="Syncope auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","domain":"Master"}' - items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt [...] + items='[{"intAttrName":"syncopeUserAttr_surname","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"syncopeUserAttr_fullname","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAtt [...] <AuthModule id="DefaultU2FAuthModule" authModuleState="ACTIVE" description="U2F auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","expireDevices":40}'/> <AuthModule id="DefaultOAuth20AuthModule" description="OAuth20 auth module" authModuleOrder="0" @@ -92,9 +92,9 @@ under the License. <!-- Attribute repositories --> <AttrRepo id="DefaultLDAPAttrRepo" attrRepoState="ACTIVE" - description="LDAP attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","attributes":{},"useAllQueryAttributes":true,"queryAttributes":{}}'/> + description="LDAP attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.LDAPAttrRepoConf","searchFilter":"cn={user}","subtreeSearch":true,"ldapUrl":"ldap://localhost:${testds.port}","bindDn":"${testds.bindDn}","bindCredential":"${testds.password}","baseDn":"ou=People,${testds.rootDn}","useAllQueryAttributes":true,"queryAttributes":{}}'/> <AttrRepo id="DefaultJDBCAttrRepo" attrRepoState="ACTIVE" - description="JDBC attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT * FROM table WHERE name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"attributes":{},"caseInsensitiveQueryAttributes [...] + description="JDBC attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.JDBCAttrRepoConf","sql":"SELECT * FROM table WHERE name=?","dialect":"org.hibernate.dialect.H2Dialect","driverClass":"org.h2.Driver","url":"jdbc:h2:mem:syncopedb;DB_CLOSE_DELAY=-1","user":"username","password":"password","singleRow":true,"requireAllAttributes":true,"caseCanonicalization":"NONE","queryType":"AND","columnMappings":{},"username":[],"caseInsensitiveQueryAttributes":[],"queryAttri [...] <AttrRepo id="DefaultStubAttrRepo" attrRepoState="ACTIVE" description="Stub attr repo" jsonConf='{"_class":"org.apache.syncope.common.lib.attr.StubAttrRepoConf","attributes":{"attr1":"value1"}}' items='[{"intAttrName":"attr1","extAttrName":"identifier","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/> diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java index 253723deb5..0d632c9348 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/ProvisioningContext.java @@ -35,9 +35,7 @@ import org.apache.syncope.core.persistence.api.dao.AnySearchDAO; import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO; import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; import org.apache.syncope.core.persistence.api.dao.ApplicationDAO; -import org.apache.syncope.core.persistence.api.dao.AttrRepoDAO; import org.apache.syncope.core.persistence.api.dao.AuditConfDAO; -import org.apache.syncope.core.persistence.api.dao.AuthModuleDAO; import org.apache.syncope.core.persistence.api.dao.ConnInstanceDAO; import org.apache.syncope.core.persistence.api.dao.DelegationDAO; import org.apache.syncope.core.persistence.api.dao.DerSchemaDAO; @@ -1241,11 +1239,8 @@ public class ProvisioningContext { public WAClientAppDataBinder waClientAppDataBinder( final ClientAppDataBinder clientAppDataBinder, final PolicyDataBinder policyDataBinder, - final AuthModuleDataBinder authModuleDataBinder, - final AuthModuleDAO authModuleDAO, - final AttrRepoDAO attrRepoDAO) { + final AuthModuleDataBinder authModuleDataBinder) { - return new WAClientAppDataBinderImpl( - clientAppDataBinder, policyDataBinder, authModuleDataBinder, authModuleDAO, attrRepoDAO); + return new WAClientAppDataBinderImpl(clientAppDataBinder, policyDataBinder, authModuleDataBinder); } } diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java index 7012ab1a91..c43678ace8 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/wa/WAClientAppDataBinderImpl.java @@ -18,15 +18,7 @@ */ package org.apache.syncope.core.provisioning.java.data.wa; -import org.apache.syncope.common.lib.policy.AttrReleasePolicyConf; -import org.apache.syncope.common.lib.policy.AuthPolicyConf; -import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf; -import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf; import org.apache.syncope.common.lib.wa.WAClientApp; -import org.apache.syncope.core.persistence.api.dao.AttrRepoDAO; -import org.apache.syncope.core.persistence.api.dao.AuthModuleDAO; -import org.apache.syncope.core.persistence.api.entity.am.AttrRepo; -import org.apache.syncope.core.persistence.api.entity.am.AuthModule; import org.apache.syncope.core.persistence.api.entity.am.ClientApp; import org.apache.syncope.core.provisioning.api.data.AuthModuleDataBinder; import org.apache.syncope.core.provisioning.api.data.ClientAppDataBinder; @@ -45,22 +37,14 @@ public class WAClientAppDataBinderImpl implements WAClientAppDataBinder { protected final AuthModuleDataBinder authModuleDataBinder; - protected final AuthModuleDAO authModuleDAO; - - protected final AttrRepoDAO attrRepoDAO; - public WAClientAppDataBinderImpl( final ClientAppDataBinder clientAppDataBinder, final PolicyDataBinder policyDataBinder, - final AuthModuleDataBinder authModuleDataBinder, - final AuthModuleDAO authModuleDAO, - final AttrRepoDAO attrRepoDAO) { + final AuthModuleDataBinder authModuleDataBinder) { this.clientAppDataBinder = clientAppDataBinder; this.policyDataBinder = policyDataBinder; this.authModuleDataBinder = authModuleDataBinder; - this.authModuleDAO = authModuleDAO; - this.attrRepoDAO = attrRepoDAO; } @Override @@ -69,28 +53,11 @@ public class WAClientAppDataBinderImpl implements WAClientAppDataBinder { waClientApp.setClientAppTO(clientAppDataBinder.getClientAppTO(clientApp)); try { - AuthPolicyConf authPolicyConf = null; if (clientApp.getAuthPolicy() != null) { - authPolicyConf = clientApp.getAuthPolicy().getConf(); waClientApp.setAuthPolicy(policyDataBinder.getPolicyTO(clientApp.getAuthPolicy())); } else if (clientApp.getRealm() != null && clientApp.getRealm().getAuthPolicy() != null) { - authPolicyConf = clientApp.getRealm().getAuthPolicy().getConf(); waClientApp.setAuthPolicy(policyDataBinder.getPolicyTO(clientApp.getRealm().getAuthPolicy())); } - if (authPolicyConf instanceof DefaultAuthPolicyConf) { - ((DefaultAuthPolicyConf) authPolicyConf).getAuthModules().forEach(key -> { - AuthModule authModule = authModuleDAO.find(key); - if (authModule == null) { - LOG.warn("AuthModule " + authModule + " not found"); - } else { - waClientApp.getAuthModules().add(authModuleDataBinder.getAuthModuleTO(authModule)); - - authModule.getItems(). - forEach(item -> waClientApp.getReleaseAttrs().put( - item.getIntAttrName(), item.getExtAttrName())); - } - }); - } if (clientApp.getAccessPolicy() != null) { waClientApp.setAccessPolicy(policyDataBinder.getPolicyTO(clientApp.getAccessPolicy())); @@ -98,31 +65,13 @@ public class WAClientAppDataBinderImpl implements WAClientAppDataBinder { waClientApp.setAccessPolicy(policyDataBinder.getPolicyTO(clientApp.getRealm().getAccessPolicy())); } - AttrReleasePolicyConf attrReleasePolicyConf = null; if (clientApp.getAttrReleasePolicy() != null) { - attrReleasePolicyConf = clientApp.getAttrReleasePolicy().getConf(); waClientApp.setAttrReleasePolicy( policyDataBinder.getPolicyTO(clientApp.getAttrReleasePolicy())); } else if (clientApp.getRealm() != null && clientApp.getRealm().getAttrReleasePolicy() != null) { - attrReleasePolicyConf = clientApp.getRealm().getAttrReleasePolicy().getConf(); waClientApp.setAttrReleasePolicy( policyDataBinder.getPolicyTO(clientApp.getRealm().getAttrReleasePolicy())); } - if (attrReleasePolicyConf instanceof DefaultAttrReleasePolicyConf - && ((DefaultAttrReleasePolicyConf) attrReleasePolicyConf).getPrincipalAttrRepoConf() != null) { - - (((DefaultAttrReleasePolicyConf) attrReleasePolicyConf).getPrincipalAttrRepoConf()). - getAttrRepos().forEach(key -> { - AttrRepo attrRepo = attrRepoDAO.find(key); - if (attrRepo == null) { - LOG.warn("AttrRepo " + attrRepo + " not found"); - } else { - attrRepo.getItems(). - forEach(item -> waClientApp.getReleaseAttrs().put( - item.getIntAttrName(), item.getExtAttrName())); - } - }); - } } catch (Exception e) { LOG.error("While building the configuration from an application's policy ", e); } diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java index d32c8baa49..c2d14891cd 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java @@ -943,6 +943,8 @@ public abstract class AbstractITCase { policy.setStatus(Boolean.TRUE); DefaultAttrReleasePolicyConf conf = new DefaultAttrReleasePolicyConf(); + conf.getReleaseAttrs().put("uid", "username"); + conf.getReleaseAttrs().put("cn", "fullname"); conf.getAllowedAttrs().addAll(List.of("cn", "givenName")); conf.getIncludeOnlyAttrs().add("cn"); diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java index 0785f8d3cb..58f1f70439 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthModuleITCase.java @@ -128,8 +128,6 @@ public class AuthModuleITCase extends AbstractITCase { conf = new JDBCAuthModuleConf(); JDBCAuthModuleConf.class.cast(conf).setSql("SELECT * FROM table WHERE name=?"); JDBCAuthModuleConf.class.cast(conf).setFieldPassword("password"); - JDBCAuthModuleConf.class.cast(conf).getPrincipalAttributeList().addAll( - List.of("sn", "cn:commonName", "givenName")); break; case OIDC: diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java index d2e6760f05..a6da6138c9 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java @@ -304,7 +304,7 @@ public class GroupITCase extends AbstractITCase { try { groupService2.update(groupUR); fail("This should not happen"); - } catch (ForbiddenException e) { + } catch (Exception e) { assertNotNull(e); } diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java index 24f801b281..9ef5a4389e 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java @@ -31,8 +31,7 @@ import org.apache.syncope.client.lib.SyncopeClientFactoryBean; import org.apache.syncope.common.lib.policy.AccessPolicyTO; import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO; import org.apache.syncope.common.lib.policy.AuthPolicyTO; -import org.apache.syncope.common.lib.to.AuthModuleTO; -import org.apache.syncope.common.lib.to.Item; +import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf; import org.apache.syncope.common.lib.to.OIDCRPClientAppTO; import org.apache.syncope.common.lib.to.SAML2SPClientAppTO; import org.apache.syncope.common.lib.types.ClientAppType; @@ -113,47 +112,12 @@ public class WAClientAppITCase extends AbstractITCase { WAClientApp waClientApp = WA_CLIENT_APP_SERVICE.read(oidcrpto.getClientAppId(), null); assertNotNull(waClientApp); - assertTrue(waClientApp.getReleaseAttrs().isEmpty()); - - // add items to the authentication module - addItems(); - try { - waClientApp = WA_CLIENT_APP_SERVICE.read(oidcrpto.getClientAppId(), null); - assertNotNull(waClientApp); - assertFalse(waClientApp.getReleaseAttrs().isEmpty()); - assertEquals("username", waClientApp.getReleaseAttrs().get("uid")); - assertEquals("fullname", waClientApp.getReleaseAttrs().get("cn")); - } finally { - removeItems(); - } - } - - private void addItems() { - AuthModuleTO authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE); - - Item keyMapping = new Item(); - keyMapping.setIntAttrName("uid"); - keyMapping.setExtAttrName("username"); - authModuleTO.getItems().add(keyMapping); - - Item fullnameMapping = new Item(); - fullnameMapping.setIntAttrName("cn"); - fullnameMapping.setExtAttrName("fullname"); - authModuleTO.getItems().add(fullnameMapping); - - AUTH_MODULE_SERVICE.update(authModuleTO); - - authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE); - assertFalse(authModuleTO.getItems().isEmpty()); - } - - private void removeItems() { - AuthModuleTO authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE); - authModuleTO.getItems().clear(); - - AUTH_MODULE_SERVICE.update(authModuleTO); + assertTrue(waClientApp.getAttrReleasePolicy().getConf() instanceof DefaultAttrReleasePolicyConf); - authModuleTO = AUTH_MODULE_SERVICE.read(AUTH_MODULE); - assertTrue(authModuleTO.getItems().isEmpty()); + DefaultAttrReleasePolicyConf attrReleasePolicyConf = + (DefaultAttrReleasePolicyConf) waClientApp.getAttrReleasePolicy().getConf(); + assertFalse(attrReleasePolicyConf.getReleaseAttrs().isEmpty()); + assertEquals("username", attrReleasePolicyConf.getReleaseAttrs().get("uid")); + assertEquals("fullname", attrReleasePolicyConf.getReleaseAttrs().get("cn")); } } diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java index 3959370575..b596f3c9c7 100644 --- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java +++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java @@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import org.apache.commons.lang3.tuple.Triple; +import org.apache.cxf.jaxrs.client.WebClient; import org.apache.http.Consts; import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; @@ -109,6 +110,8 @@ public abstract class AbstractITCase { await().atMost(50, TimeUnit.SECONDS).pollInterval(1, TimeUnit.SECONDS).until(() -> { boolean refreshed = false; try { + WebClient.create(WA_ADDRESS + "/idp/metadata").get(); + samlIdPEntityService.get(SAML2IdPEntityService.DEFAULT_OWNER); refreshed = true; } catch (Exception e) { diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java index 51758a9b5b..f4eec00fe4 100644 --- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java +++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java @@ -46,7 +46,9 @@ import org.apache.cxf.jaxrs.client.WebClient; import org.apache.http.HttpStatus; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.util.EntityUtils; +import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO; import org.apache.syncope.common.lib.policy.AuthPolicyTO; +import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf; import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf; import org.apache.syncope.common.lib.to.SRARouteTO; import org.apache.syncope.common.lib.types.PolicyType; @@ -238,6 +240,37 @@ public abstract class AbstractSRAITCase extends AbstractITCase { }); } + protected static AttrReleasePolicyTO getAttrReleasePolicy() { + String description = "SRA attr release policy"; + + return POLICY_SERVICE.list(PolicyType.ATTR_RELEASE).stream(). + map(AttrReleasePolicyTO.class::cast). + filter(policy -> description.equals(policy.getName()) + && policy.getConf() instanceof DefaultAttrReleasePolicyConf). + findFirst(). + orElseGet(() -> { + DefaultAttrReleasePolicyConf policyConf = new DefaultAttrReleasePolicyConf(); + policyConf.getAllowedAttrs().add("family_name"); + policyConf.getAllowedAttrs().add("name"); + policyConf.getAllowedAttrs().add("given_name"); + policyConf.getAllowedAttrs().add("email"); + policyConf.getAllowedAttrs().add("groups"); + + AttrReleasePolicyTO policy = new AttrReleasePolicyTO(); + policy.setName(description); + policy.setConf(policyConf); + + Response response = POLICY_SERVICE.create(PolicyType.ATTR_RELEASE, policy); + if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) { + fail("Could not create Test Attr Release Policy"); + } + + return POLICY_SERVICE.read( + PolicyType.ATTR_RELEASE, + response.getHeaderString(RESTHeaders.RESOURCE_KEY)); + }); + } + protected static ObjectNode checkGetResponse( final CloseableHttpResponse response, final String originalRequestURI) throws IOException { diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java index 5cb2c39e49..4203b0a5e0 100644 --- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java +++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java @@ -113,9 +113,10 @@ public class OIDCSRAITCase extends AbstractSRAITCase { clientApp.setSubjectType(OIDCSubjectType.PUBLIC); clientApp.getRedirectUris().clear(); clientApp.getRedirectUris().add(SRA_ADDRESS + "/login/oauth2/code/" + sraRegistrationId); - clientApp.setAuthPolicy(getAuthPolicy().getKey()); clientApp.setSignIdToken(true); clientApp.setLogoutUri(SRA_ADDRESS + "/logout"); + clientApp.setAuthPolicy(getAuthPolicy().getKey()); + clientApp.setAttrReleasePolicy(getAttrReleasePolicy().getKey()); CLIENT_APP_SERVICE.update(ClientAppType.OIDCRP, clientApp); CLIENT_APP_SERVICE.pushToWA(); diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java index 4d1db40dea..bdbf909069 100644 --- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java +++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/AbstractUIITCase.java @@ -83,6 +83,11 @@ public abstract class AbstractUIITCase extends AbstractITCase { orElseGet(() -> { DefaultAttrReleasePolicyConf policyConf = new DefaultAttrReleasePolicyConf(); policyConf.getPrincipalAttrRepoConf().getAttrRepos().add(stubAttrRepo); + policyConf.getReleaseAttrs().put("attr1", "identifier"); + policyConf.getReleaseAttrs().put("firstname", "givenName"); + policyConf.getReleaseAttrs().put("surname", "sn"); + policyConf.getReleaseAttrs().put("fullname", "cn"); + policyConf.getReleaseAttrs().put("email", "mail"); AttrReleasePolicyTO policy = new AttrReleasePolicyTO(); policy.setName(description); diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java index dc2217e73a..2e10162a17 100644 --- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java +++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/SAML2SP4UIITCase.java @@ -262,6 +262,10 @@ public class SAML2SP4UIITCase extends AbstractUIITCase { } } + if (location.startsWith("http://localhost:8080/syncope-wa")) { + location = WA_ADDRESS + StringUtils.substringAfter(location, "http://localhost:8080/syncope-wa"); + } + get = new HttpGet(location); get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML); get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE); diff --git a/pom.xml b/pom.xml index 71d729e5ee..1644372351 100644 --- a/pom.xml +++ b/pom.xml @@ -413,7 +413,7 @@ under the License. <cxf.version>3.5.5</cxf.version> <bouncycastle.version>1.70</bouncycastle.version> - <nimbus-jose-jwt.version>9.30.1</nimbus-jose-jwt.version> + <nimbus-jose-jwt.version>9.31</nimbus-jose-jwt.version> <spring-boot.version>2.7.9</spring-boot.version> <spring-cloud-gateway.version>3.1.5</spring-cloud-gateway.version> @@ -443,7 +443,7 @@ under the License. <pac4j.version>5.5.0</pac4j.version> - <cas.version>6.6.6</cas.version> + <cas.version>6.6.7-SNAPSHOT</cas.version> <cas-client.version>3.6.4</cas-client.version> <h2.version>2.1.214</h2.version> diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java index e42ee01dba..28e0e239ea 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AttrRepoPropertySourceMapper.java @@ -19,6 +19,7 @@ package org.apache.syncope.wa.bootstrap; import java.util.Map; +import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.attr.AttrRepoConf; @@ -27,6 +28,7 @@ import org.apache.syncope.common.lib.attr.LDAPAttrRepoConf; import org.apache.syncope.common.lib.attr.StubAttrRepoConf; import org.apache.syncope.common.lib.attr.SyncopeAttrRepoConf; import org.apache.syncope.common.lib.to.AttrRepoTO; +import org.apache.syncope.common.lib.to.Item; import org.apereo.cas.configuration.CasCoreConfigurationUtils; import org.apereo.cas.configuration.model.core.authentication.AttributeRepositoryStates; import org.apereo.cas.configuration.model.core.authentication.StubPrincipalAttributesProperties; @@ -59,9 +61,10 @@ public class AttrRepoPropertySourceMapper extends PropertySourceMapper implement props.setId(attrRepoTO.getKey()); props.setState(AttributeRepositoryStates.valueOf(attrRepoTO.getState().name())); props.setOrder(attrRepoTO.getOrder()); - props.setAttributes(conf.getAttributes()); props.setUseAllQueryAttributes(conf.isUseAllQueryAttributes()); props.setQueryAttributes(conf.getQueryAttributes()); + props.setAttributes(attrRepoTO.getItems().stream(). + collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName))); fill(props, conf); return prefix("cas.authn.attribute-repository.ldap[].", CasCoreConfigurationUtils.asMap(props)); @@ -80,9 +83,10 @@ public class AttrRepoPropertySourceMapper extends PropertySourceMapper implement props.setQueryType(conf.getQueryType().name()); props.setColumnMappings(conf.getColumnMappings()); props.setUsername(conf.getUsername()); - props.setAttributes(conf.getAttributes()); props.setCaseInsensitiveQueryAttributes(conf.getCaseInsensitiveQueryAttributes()); props.setQueryAttributes(conf.getQueryAttributes()); + props.setAttributes(attrRepoTO.getItems().stream(). + collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName))); fill(props, conf); return prefix("cas.authn.attribute-repository.jdbc[].", CasCoreConfigurationUtils.asMap(props)); @@ -106,6 +110,8 @@ public class AttrRepoPropertySourceMapper extends PropertySourceMapper implement props.setBasicAuthUsername(conf.getBasicAuthUsername()); props.setBasicAuthPassword(conf.getBasicAuthPassword()); props.setHeaders(props.getHeaders()); + props.setAttributeMappings(attrRepoTO.getItems(). + stream().collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName))); return prefix("cas.authn.attribute-repository.syncope.", CasCoreConfigurationUtils.asMap(props)); } diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java index 395a5d08bd..3b124dd4a9 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java @@ -38,6 +38,7 @@ import org.apache.syncope.common.lib.auth.StaticAuthModuleConf; import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf; import org.apache.syncope.common.lib.auth.U2FAuthModuleConf; import org.apache.syncope.common.lib.to.AuthModuleTO; +import org.apache.syncope.common.lib.to.Item; import org.apache.syncope.common.lib.types.AuthModuleState; import org.apereo.cas.configuration.CasCoreConfigurationUtils; import org.apereo.cas.configuration.model.core.authentication.AuthenticationHandlerStates; @@ -91,7 +92,8 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.AUTHENTICATED); } props.setPrincipalAttributeId(conf.getUserIdAttribute()); - props.setPrincipalAttributeList(conf.getPrincipalAttributeList()); + props.setPrincipalAttributeList(authModuleTO.getItems().stream(). + map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList())); fill(props, conf); return prefix("cas.authn.ldap[].", CasCoreConfigurationUtils.asMap(props)); @@ -107,7 +109,8 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setFieldDisabled(conf.getFieldDisabled()); props.setFieldExpired(conf.getFieldExpired()); props.setFieldPassword(conf.getFieldPassword()); - props.setPrincipalAttributeList(conf.getPrincipalAttributeList()); + props.setPrincipalAttributeList(authModuleTO.getItems().stream(). + map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList())); fill(props, conf); return prefix("cas.authn.jdbc.query[].", CasCoreConfigurationUtils.asMap(props)); @@ -167,7 +170,9 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setScope(conf.getScope()); props.setPrincipalAttributeId(conf.getUserIdAttribute()); props.setWithState(conf.isWithState()); - + props.setProfileAttrs(authModuleTO.getItems().stream(). + collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName))); + return prefix("cas.authn.pac4j.oauth2[].", CasCoreConfigurationUtils.asMap(props)); } @@ -215,6 +220,8 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name())); props.setDomain(conf.getDomain()); props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(), "/rest")); + props.setAttributeMappings(authModuleTO.getItems().stream(). + collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName))); return prefix("cas.authn.syncope.", CasCoreConfigurationUtils.asMap(props)); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java index 8517c46c5e..8a63943fac 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AttrReleaseMapper.java @@ -18,12 +18,11 @@ */ package org.apache.syncope.wa.starter.mapping; -import java.util.Map; import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO; import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy; @FunctionalInterface public interface AttrReleaseMapper { - RegisteredServiceAttributeReleasePolicy build(AttrReleasePolicyTO policy, Map<String, Object> releaseAttrs); + RegisteredServiceAttributeReleasePolicy build(AttrReleasePolicyTO policy); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java index 0a8334cbf9..ecca60f82c 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAttrReleaseMapper.java @@ -19,7 +19,6 @@ package org.apache.syncope.wa.starter.mapping; import java.util.HashSet; -import java.util.Map; import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO; import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf; import org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository; @@ -39,15 +38,13 @@ import org.apereo.cas.util.model.TriStateBoolean; public class DefaultAttrReleaseMapper implements AttrReleaseMapper { @Override - public RegisteredServiceAttributeReleasePolicy build( - final AttrReleasePolicyTO policy, final Map<String, Object> releaseAttrs) { - + public RegisteredServiceAttributeReleasePolicy build(final AttrReleasePolicyTO policy) { DefaultAttrReleasePolicyConf conf = (DefaultAttrReleasePolicyConf) policy.getConf(); ReturnMappedAttributeReleasePolicy returnMapped = null; - if (!releaseAttrs.isEmpty()) { + if (!conf.getReleaseAttrs().isEmpty()) { returnMapped = new ReturnMappedAttributeReleasePolicy(); - returnMapped.setAllowedAttributes(releaseAttrs); + returnMapped.setAllowedAttributes(conf.getReleaseAttrs()); } ReturnAllowedAttributeReleasePolicy returnAllowed = null; @@ -68,9 +65,7 @@ public class DefaultAttrReleaseMapper implements AttrReleaseMapper { DefaultRegisteredServiceConsentPolicy consentPolicy = new DefaultRegisteredServiceConsentPolicy( new HashSet<>(conf.getExcludedAttrs()), new HashSet<>(conf.getIncludeOnlyAttrs())); consentPolicy.setOrder(policy.getOrder()); - consentPolicy.setStatus(policy.getStatus() == null - ? TriStateBoolean.UNDEFINED - : TriStateBoolean.fromBoolean(policy.getStatus())); + consentPolicy.setStatus(TriStateBoolean.fromBoolean(policy.getStatus())); attributeReleasePolicy.setConsentPolicy(consentPolicy); if (conf.getPrincipalIdAttr() != null) { diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java index 913999d849..290e9762c5 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java @@ -34,6 +34,7 @@ import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy; +import org.apereo.cas.services.BaseMappedAttributeReleasePolicy; import org.apereo.cas.services.ChainingAttributeReleasePolicy; import org.apereo.cas.services.OidcRegisteredService; import org.apereo.cas.services.RegisteredService; @@ -41,6 +42,7 @@ import org.apereo.cas.services.RegisteredServiceAccessStrategy; import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy; import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy; import org.apereo.cas.services.RegisteredServiceMultifactorPolicy; +import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy; import org.springframework.context.ConfigurableApplicationContext; @ClientAppMapFor(clientAppClass = OIDCRPClientAppTO.class) @@ -91,12 +93,25 @@ public class OIDCRPClientAppTOMapper extends AbstractClientAppMapper { } chain.addPolicies(new OidcProfileScopeAttributeReleasePolicy(), - new OidcEmailScopeAttributeReleasePolicy(), - new OidcAddressScopeAttributeReleasePolicy(), - new OidcPhoneScopeAttributeReleasePolicy()); + new OidcEmailScopeAttributeReleasePolicy(), + new OidcAddressScopeAttributeReleasePolicy(), + new OidcPhoneScopeAttributeReleasePolicy()); - Set<String> customClaims = clientApp.getReleaseAttrs().values().stream(). - map(Objects::toString).collect(Collectors.toCollection(HashSet::new)); + Set<String> customClaims = new HashSet<>(); + if (attributeReleasePolicy instanceof BaseMappedAttributeReleasePolicy) { + customClaims.addAll(((BaseMappedAttributeReleasePolicy) attributeReleasePolicy). + getAllowedAttributes().values().stream(). + map(Objects::toString).collect(Collectors.toSet())); + } else if (attributeReleasePolicy instanceof ReturnAllowedAttributeReleasePolicy) { + customClaims.addAll(((ReturnAllowedAttributeReleasePolicy) attributeReleasePolicy). + getAllowedAttributes().stream().collect(Collectors.toSet())); + } else if (attributeReleasePolicy instanceof ChainingAttributeReleasePolicy) { + ((ChainingAttributeReleasePolicy) attributeReleasePolicy).getPolicies().stream(). + filter(ReturnAllowedAttributeReleasePolicy.class::isInstance). + findFirst().map(ReturnAllowedAttributeReleasePolicy.class::cast). + map(p -> p.getAllowedAttributes().stream().collect(Collectors.toSet())). + ifPresent(customClaims::addAll); + } customClaims.removeAll(OidcProfileScopeAttributeReleasePolicy.ALLOWED_CLAIMS); customClaims.removeAll(OidcEmailScopeAttributeReleasePolicy.ALLOWED_CLAIMS); customClaims.removeAll(OidcAddressScopeAttributeReleasePolicy.ALLOWED_CLAIMS); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java index 954d7c8fc5..b8000e536f 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/RegisteredServiceMapper.java @@ -125,7 +125,7 @@ public class RegisteredServiceMapper { attrReleasePolicyTO.getConf().getClass().getName()); RegisteredServiceAttributeReleasePolicy attributeReleasePolicy = Optional.ofNullable(attrReleasePolicyConfMapper). - map(mapper -> mapper.build(attrReleasePolicyTO, clientApp.getReleaseAttrs())). + map(mapper -> mapper.build(attrReleasePolicyTO)). orElse(null); return clientAppMapper.map(ctx, clientApp, authPolicy, mfaPolicy, accessStrategy, attributeReleasePolicy); diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java index 9e94aa2a10..d4733ed0af 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/WAServiceRegistryTest.java @@ -53,7 +53,6 @@ import org.apereo.cas.services.OidcRegisteredService; import org.apereo.cas.services.RegisteredService; import org.apereo.cas.services.RegisteredServiceAccessStrategy; import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy; -import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy; import org.apereo.cas.services.ServicesManager; import org.apereo.cas.support.saml.services.SamlRegisteredService; import org.apereo.cas.util.RandomUtils; @@ -95,7 +94,6 @@ public class WAServiceRegistryTest extends AbstractTest { private static void addPolicies( final WAClientApp waClientApp, - final boolean withReleaseAttributes, final boolean withAttrReleasePolicy) { DefaultAuthPolicyConf authPolicyConf = new DefaultAuthPolicyConf(); @@ -106,10 +104,6 @@ public class WAServiceRegistryTest extends AbstractTest { waClientApp.setAuthPolicy(authPolicy); - if (withReleaseAttributes) { - waClientApp.getReleaseAttrs().putAll(Map.of("uid", "username", "cn", "fullname")); - } - AccessPolicyTO accessPolicy = new AccessPolicyTO(); DefaultAccessPolicyConf accessPolicyConf = new DefaultAccessPolicyConf(); accessPolicyConf.setEnabled(true); @@ -121,6 +115,7 @@ public class WAServiceRegistryTest extends AbstractTest { DefaultAttrReleasePolicyConf attrReleasePolicyConf = new DefaultAttrReleasePolicyConf(); attrReleasePolicyConf.getAllowedAttrs().add("cn"); attrReleasePolicyConf.getPrincipalAttrRepoConf().getAttrRepos().add("TestAttrRepo"); + attrReleasePolicyConf.getReleaseAttrs().putAll(Map.of("uid", "username", "cn", "fullname")); AttrReleasePolicyTO attrReleasePolicy = new AttrReleasePolicyTO(); attrReleasePolicy.setConf(attrReleasePolicyConf); @@ -155,7 +150,7 @@ public class WAServiceRegistryTest extends AbstractTest { WAClientApp waClientApp = new WAClientApp(); waClientApp.setClientAppTO(buildOIDCRP()); Long clientAppId = waClientApp.getClientAppTO().getClientAppId(); - addPolicies(waClientApp, false, false); + addPolicies(waClientApp, false); SyncopeCoreTestingServer.CLIENT_APPS.add(waClientApp); List<WAClientApp> apps = service.list(); @@ -185,7 +180,7 @@ public class WAServiceRegistryTest extends AbstractTest { waClientApp = new WAClientApp(); waClientApp.setClientAppTO(buildSAML2SP()); clientAppId = waClientApp.getClientAppTO().getClientAppId(); - addPolicies(waClientApp, false, true); + addPolicies(waClientApp, true); SyncopeCoreTestingServer.CLIENT_APPS.add(waClientApp); apps = service.list(); @@ -202,12 +197,12 @@ public class WAServiceRegistryTest extends AbstractTest { assertEquals(samlspto.getEntityId(), saml.getServiceId()); assertTrue(saml.getAuthenticationPolicy().getRequiredAuthenticationHandlers().contains("TestAuthModule")); assertNotNull(found.getAccessStrategy()); - assertTrue(saml.getAttributeReleasePolicy() instanceof ReturnAllowedAttributeReleasePolicy); + assertTrue(saml.getAttributeReleasePolicy() instanceof ChainingAttributeReleasePolicy); waClientApp = new WAClientApp(); waClientApp.setClientAppTO(buildSAML2SP()); clientAppId = waClientApp.getClientAppTO().getClientAppId(); - addPolicies(waClientApp, false, false); + addPolicies(waClientApp, false); SyncopeCoreTestingServer.CLIENT_APPS.add(waClientApp); apps = service.list(); @@ -246,7 +241,7 @@ public class WAServiceRegistryTest extends AbstractTest { waClientApp.setClientAppTO(buildOIDCRP()); waClientApp.getAuthModules().add(0, authModuleTO); Long clientAppId = waClientApp.getClientAppTO().getClientAppId(); - addPolicies(waClientApp, false, false); + addPolicies(waClientApp, false); DefaultAuthPolicyConf authPolicyConf = (DefaultAuthPolicyConf) waClientApp.getAuthPolicy().getConf(); authPolicyConf.getAuthModules().clear(); authPolicyConf.getAuthModules().add(authModuleTO.getKey());