http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleCheck.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleCheck.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleCheck.java new file mode 100644 index 0000000..04cfd63 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleCheck.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import javax.validation.Constraint; +import javax.validation.Payload; + +@Target({ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +@Constraint(validatedBy = RoleValidator.class) +@Documented +public @interface RoleCheck { + + String message() default "{org.apache.syncope.core.persistence.validation.role}"; + + Class<?>[] groups() default {}; + + Class<? extends Payload>[] payload() default {}; +}
http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleValidator.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleValidator.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleValidator.java new file mode 100644 index 0000000..2f46ca0 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RoleValidator.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import javax.validation.ConstraintValidatorContext; +import org.apache.syncope.common.lib.types.EntityViolationType; +import org.apache.syncope.core.persistence.api.entity.role.Role; + +public class RoleValidator extends AbstractValidator<RoleCheck, Role> { + + @Override + public boolean isValid(final Role object, final ConstraintValidatorContext context) { + context.disableDefaultConstraintViolation(); + + boolean isValid = true; + + if (object.getUserOwner() != null && object.getRoleOwner() != null) { + isValid = false; + + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidRoleOwner, + "A role must either be owned by an user or a role, not both")). + addPropertyNode("owner").addConstraintViolation(); + } + + return isValid; + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskCheck.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskCheck.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskCheck.java new file mode 100644 index 0000000..5e1c535 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskCheck.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import javax.validation.Constraint; +import javax.validation.Payload; + +@Target({ ElementType.TYPE }) +@Retention(RetentionPolicy.RUNTIME) +@Constraint(validatedBy = SchedTaskValidator.class) +@Documented +public @interface SchedTaskCheck { + + String message() default "{org.apache.syncope.core.persistence.validation.schedtask}"; + + Class<?>[] groups() default {}; + + Class<? extends Payload>[] payload() default {}; +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskValidator.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskValidator.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskValidator.java new file mode 100644 index 0000000..50a6d5d --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchedTaskValidator.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.text.ParseException; + +import javax.validation.ConstraintValidatorContext; +import org.apache.syncope.common.lib.types.EntityViolationType; +import org.apache.syncope.core.persistence.api.entity.task.SchedTask; +import org.quartz.CronExpression; +import org.quartz.Job; + +public class SchedTaskValidator extends AbstractValidator<SchedTaskCheck, SchedTask> { + + @Override + public boolean isValid(final SchedTask object, final ConstraintValidatorContext context) { + boolean isValid; + + Class<?> jobClass = null; + try { + jobClass = Class.forName(object.getJobClassName()); + isValid = Job.class.isAssignableFrom(jobClass); + } catch (Exception e) { + LOG.error("Invalid Job class specified", e); + isValid = false; + } + if (jobClass == null || !isValid) { + isValid = false; + + context.disableDefaultConstraintViolation(); + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidSchedTask, "Invalid job class name")). + addPropertyNode("jobClassName").addConstraintViolation(); + } + + if (isValid && object.getCronExpression() != null) { + try { + new CronExpression(object.getCronExpression()); + } catch (ParseException e) { + LOG.error("Invalid cron expression '" + object.getCronExpression() + "'", e); + isValid = false; + + context.disableDefaultConstraintViolation(); + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidSchedTask, "Invalid cron expression")). + addPropertyNode("cronExpression").addConstraintViolation(); + } + } + + return isValid; + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameCheck.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameCheck.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameCheck.java new file mode 100644 index 0000000..3217f1e --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameCheck.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import javax.validation.Constraint; +import javax.validation.Payload; + +@Target({ ElementType.TYPE }) +@Retention(RetentionPolicy.RUNTIME) +@Constraint(validatedBy = SchemaNameValidator.class) +@Documented +public @interface SchemaNameCheck { + + String message() default "{org.apache.syncope.core.persistence.validation.schema}"; + + Class<?>[] groups() default {}; + + Class<? extends Payload>[] payload() default {}; +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameValidator.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameValidator.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameValidator.java new file mode 100644 index 0000000..216c891 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SchemaNameValidator.java @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.lang.reflect.Field; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import javax.validation.ConstraintValidatorContext; +import org.apache.commons.lang3.ClassUtils; +import org.apache.syncope.common.lib.types.EntityViolationType; +import org.apache.syncope.core.persistence.api.entity.conf.CPlainSchema; +import org.apache.syncope.core.persistence.api.entity.membership.MDerSchema; +import org.apache.syncope.core.persistence.api.entity.membership.MPlainSchema; +import org.apache.syncope.core.persistence.api.entity.membership.MVirSchema; +import org.apache.syncope.core.persistence.api.entity.role.RDerSchema; +import org.apache.syncope.core.persistence.api.entity.role.RPlainSchema; +import org.apache.syncope.core.persistence.api.entity.role.RVirSchema; +import org.apache.syncope.core.persistence.api.entity.user.UDerSchema; +import org.apache.syncope.core.persistence.api.entity.user.UPlainSchema; +import org.apache.syncope.core.persistence.api.entity.user.UVirSchema; +import org.apache.syncope.core.persistence.jpa.entity.conf.JPAConf; +import org.apache.syncope.core.persistence.jpa.entity.membership.JPAMembership; +import org.apache.syncope.core.persistence.jpa.entity.role.JPARole; +import org.apache.syncope.core.persistence.jpa.entity.user.JPAUser; + +public class SchemaNameValidator extends AbstractValidator<SchemaNameCheck, Object> { + + private static final List<String> UNALLOWED_USCHEMA_NAMES = new ArrayList<>(); + + private static final List<String> UNALLOWED_MSCHEMA_NAMES = new ArrayList<>(); + + private static final List<String> UNALLOWED_RSCHEMA_NAMES = new ArrayList<>(); + + private static final List<String> UNALLOWED_CSCHEMA_NAMES = new ArrayList<>(); + + static { + initUnallowedSchemaNames(JPAUser.class, UNALLOWED_USCHEMA_NAMES); + initUnallowedSchemaNames(JPAMembership.class, UNALLOWED_MSCHEMA_NAMES); + initUnallowedSchemaNames(JPARole.class, UNALLOWED_RSCHEMA_NAMES); + initUnallowedSchemaNames(JPAConf.class, UNALLOWED_CSCHEMA_NAMES); + } + + private static void initUnallowedSchemaNames(final Class<?> entityClass, final List<String> names) { + List<Class<?>> classes = ClassUtils.getAllSuperclasses(entityClass); + classes.add(JPAUser.class); + for (Class<?> clazz : classes) { + for (Field field : clazz.getDeclaredFields()) { + if (!Collection.class.isAssignableFrom(field.getType()) + && !Map.class.isAssignableFrom(field.getType())) { + + names.add(field.getName()); + } + } + } + } + + @Override + public boolean isValid(final Object object, final ConstraintValidatorContext context) { + final String schemaName; + final List<String> unallowedNames; + + if (object instanceof UPlainSchema) { + schemaName = ((UPlainSchema) object).getKey(); + unallowedNames = UNALLOWED_USCHEMA_NAMES; + } else if (object instanceof UDerSchema) { + schemaName = ((UDerSchema) object).getKey(); + unallowedNames = UNALLOWED_USCHEMA_NAMES; + } else if (object instanceof UVirSchema) { + schemaName = ((UVirSchema) object).getKey(); + unallowedNames = UNALLOWED_USCHEMA_NAMES; + } else if (object instanceof MPlainSchema) { + schemaName = ((MPlainSchema) object).getKey(); + unallowedNames = UNALLOWED_MSCHEMA_NAMES; + } else if (object instanceof MDerSchema) { + schemaName = ((MDerSchema) object).getKey(); + unallowedNames = UNALLOWED_MSCHEMA_NAMES; + } else if (object instanceof MVirSchema) { + schemaName = ((MVirSchema) object).getKey(); + unallowedNames = UNALLOWED_MSCHEMA_NAMES; + } else if (object instanceof RPlainSchema) { + schemaName = ((RPlainSchema) object).getKey(); + unallowedNames = UNALLOWED_RSCHEMA_NAMES; + } else if (object instanceof RDerSchema) { + schemaName = ((RDerSchema) object).getKey(); + unallowedNames = UNALLOWED_RSCHEMA_NAMES; + } else if (object instanceof RVirSchema) { + schemaName = ((RVirSchema) object).getKey(); + unallowedNames = UNALLOWED_RSCHEMA_NAMES; + } else if (object instanceof CPlainSchema) { + schemaName = ((CPlainSchema) object).getKey(); + unallowedNames = UNALLOWED_CSCHEMA_NAMES; + } else { + schemaName = null; + unallowedNames = Collections.emptyList(); + } + + boolean isValid = NAME_PATTERN.matcher(schemaName).matches(); + if (!isValid) { + context.disableDefaultConstraintViolation(); + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidName, "Invalid Schema name")). + addPropertyNode("name").addConstraintViolation(); + } else if (unallowedNames.contains(schemaName)) { + context.disableDefaultConstraintViolation(); + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidName, "Schema name not allowed: " + schemaName)). + addPropertyNode("name").addConstraintViolation(); + + return false; + } + + return isValid; + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserCheck.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserCheck.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserCheck.java new file mode 100644 index 0000000..0df3b86 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserCheck.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import javax.validation.Constraint; +import javax.validation.Payload; + + +@Target( { ElementType.TYPE }) +@Retention(RetentionPolicy.RUNTIME) +@Constraint(validatedBy = UserValidator.class) +@Documented +public @interface UserCheck { + + String message() default "{org.apache.syncope.core.persistence.validation.user}"; + + Class<?>[] groups() default {}; + + Class<? extends Payload>[] payload() default {}; +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java new file mode 100644 index 0000000..2790a12 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java @@ -0,0 +1,194 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.persistence.jpa.validation.entity; + +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Resource; +import javax.validation.ConstraintValidatorContext; +import org.apache.syncope.common.lib.types.AccountPolicySpec; +import org.apache.syncope.common.lib.types.EntityViolationType; +import org.apache.syncope.common.lib.types.PasswordPolicySpec; +import org.apache.syncope.core.persistence.api.dao.PolicyDAO; +import org.apache.syncope.core.persistence.api.entity.AccountPolicy; +import org.apache.syncope.core.persistence.api.entity.ExternalResource; +import org.apache.syncope.core.persistence.api.entity.PasswordPolicy; +import org.apache.syncope.core.persistence.api.entity.Policy; +import org.apache.syncope.core.persistence.api.entity.role.Role; +import org.apache.syncope.core.persistence.api.entity.user.User; +import org.apache.syncope.core.misc.policy.AccountPolicyEnforcer; +import org.apache.syncope.core.misc.policy.AccountPolicyException; +import org.apache.syncope.core.misc.policy.PasswordPolicyEnforcer; +import org.apache.syncope.core.misc.policy.PolicyEvaluator; +import org.springframework.beans.factory.annotation.Autowired; + +public class UserValidator extends AbstractValidator<UserCheck, User> { + + @Resource(name = "adminUser") + private String adminUser; + + @Resource(name = "anonymousUser") + private String anonymousUser; + + @Autowired + private PolicyDAO policyDAO; + + @Autowired + private PolicyEvaluator evaluator; + + @Autowired + private PasswordPolicyEnforcer ppEnforcer; + + @Autowired + private AccountPolicyEnforcer apEnforcer; + + @Override + public boolean isValid(final User user, final ConstraintValidatorContext context) { + context.disableDefaultConstraintViolation(); + + // ------------------------------ + // Verify password policies + // ------------------------------ + LOG.debug("Password Policy enforcement"); + + try { + int maxPPSpecHistory = 0; + for (Policy policy : getPasswordPolicies(user)) { + // evaluate policy + final PasswordPolicySpec ppSpec = evaluator.evaluate(policy, user); + // enforce policy + ppEnforcer.enforce(ppSpec, policy.getType(), user); + + if (ppSpec.getHistoryLength() > maxPPSpecHistory) { + maxPPSpecHistory = ppSpec.getHistoryLength(); + } + } + + // update user's password history with encrypted password + if (maxPPSpecHistory > 0 && user.getPassword() != null) { + user.getPasswordHistory().add(user.getPassword()); + } + // keep only the last maxPPSpecHistory items in user's password history + if (maxPPSpecHistory < user.getPasswordHistory().size()) { + for (int i = 0; i < user.getPasswordHistory().size() - maxPPSpecHistory; i++) { + user.getPasswordHistory().remove(i); + } + } + } catch (Exception e) { + LOG.debug("Invalid password"); + + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidPassword, e.getMessage())). + addPropertyNode("password").addConstraintViolation(); + + return false; + } finally { + // password has been validated, let's remove its clear version + user.removeClearPassword(); + } + // ------------------------------ + + // ------------------------------ + // Verify account policies + // ------------------------------ + LOG.debug("Account Policy enforcement"); + + try { + if (adminUser.equals(user.getUsername()) || anonymousUser.equals(user.getUsername())) { + throw new AccountPolicyException("Not allowed: " + user.getUsername()); + } + + // invalid username + for (Policy policy : getAccountPolicies(user)) { + // evaluate policy + final AccountPolicySpec accountPolicy = evaluator.evaluate(policy, user); + + // enforce policy + apEnforcer.enforce(accountPolicy, policy.getType(), user); + } + } catch (Exception e) { + LOG.debug("Invalid username"); + + context.buildConstraintViolationWithTemplate( + getTemplate(EntityViolationType.InvalidUsername, e.getMessage())). + addPropertyNode("username").addConstraintViolation(); + + return false; + } + // ------------------------------ + + return true; + } + + private List<PasswordPolicy> getPasswordPolicies(final User user) { + final List<PasswordPolicy> policies = new ArrayList<>(); + + // Add global policy + PasswordPolicy policy = policyDAO.getGlobalPasswordPolicy(); + if (policy != null) { + policies.add(policy); + } + + // add resource policies + for (ExternalResource resource : user.getResources()) { + policy = resource.getPasswordPolicy(); + if (policy != null) { + policies.add(policy); + } + } + + // add role policies + for (Role role : user.getRoles()) { + policy = role.getPasswordPolicy(); + if (policy != null) { + policies.add(policy); + } + } + + return policies; + } + + private List<AccountPolicy> getAccountPolicies(final User user) { + final List<AccountPolicy> policies = new ArrayList<>(); + + // add global policy + AccountPolicy policy = policyDAO.getGlobalAccountPolicy(); + if (policy != null) { + policies.add(policy); + } + + // add resource policies + for (ExternalResource resource : user.getResources()) { + policy = resource.getAccountPolicy(); + if (policy != null) { + policies.add(policy); + } + } + + // add role policies + for (Role role : user.getRoles()) { + policy = role.getAccountPolicy(); + if (policy != null) { + policies.add(policy); + } + } + + return policies; + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-oracle.xml ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-oracle.xml b/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-oracle.xml new file mode 100644 index 0000000..a4b949d --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-oracle.xml @@ -0,0 +1,323 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<entity-mappings xmlns="http://java.sun.com/xml/ns/persistence/orm"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/persistence/orm + http://java.sun.com/xml/ns/persistence/orm_2_0.xsd"; + version="2.0"> + + <persistence-unit-metadata> + <persistence-unit-defaults> + <entity-listeners> + <entity-listener class="org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener"> + <pre-persist method-name="validate"/> + <pre-update method-name="validate"/> + </entity-listener> + </entity-listeners> + </persistence-unit-defaults> + </persistence-unit-metadata> + + <table-generator name="SEQ_UPlainAttrValue" pk-column-value="SEQ_UPlainAttrValue" initial-value="100"/> + <table-generator name="SEQ_RPlainAttrValue" pk-column-value="SEQ_RPlainAttrValue" initial-value="100"/> + <table-generator name="SEQ_MAttrPlainValue" pk-column-value="SEQ_MAttrPlainValue" initial-value="100"/> + <table-generator name="SEQ_CAttrPlainValue" pk-column-value="SEQ_CAttrPlainValue" initial-value="100"/> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUser"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_User" strategy="TABLE"/> + <table-generator name="SEQ_User" pk-column-value="SEQ_User" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARole"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Role" strategy="TABLE"/> + <table-generator name="SEQ_Role" pk-column-value="SEQ_Role" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMembership"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Membership" strategy="TABLE"/> + <table-generator name="SEQ_Membership" pk-column-value="SEQ_Membership" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUMapping"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UMapping" strategy="TABLE"/> + <table-generator name="SEQ_UMapping" pk-column-value="SEQ_UMapping" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARMapping"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RMapping" strategy="TABLE"/> + <table-generator name="SEQ_RMapping" pk-column-value="SEQ_RMapping" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUMappingItem"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UMappingItem" strategy="TABLE"/> + <table-generator name="SEQ_UMappingItem" pk-column-value="SEQ_UMappingItem" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARMappingItem"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RMappingItem" strategy="TABLE"/> + <table-generator name="SEQ_RMappingItem" pk-column-value="SEQ_RMappingItem" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAConnInstance"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ConnInstance" strategy="TABLE"/> + <table-generator name="SEQ_ConnInstance" pk-column-value="SEQ_ConnInstance" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_UPlainAttr" pk-column-value="SEQ_UPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_RPlainAttr" pk-column-value="SEQ_RPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrTemplate"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrTemplate" strategy="TABLE"/> + <table-generator name="SEQ_RPlainAttrTemplate" pk-column-value="SEQ_RPlainAttrTemplate" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_MPlainAttr" pk-column-value="SEQ_MPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrTemplate"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MPlainAttrTemplate" strategy="TABLE"/> + <table-generator name="SEQ_MPlainAttrTemplate" pk-column-value="SEQ_MPlainAttrTemplate" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlain" strategy="TABLE"/> + <table-generator name="SEQ_CAttrPlain" pk-column-value="SEQ_CAttrPlain" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.task.JPATask"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Task" strategy="TABLE"/> + <table-generator name="SEQ_Task" pk-column-value="SEQ_Task" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.task.JPATaskExec"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_TaskExec" strategy="TABLE"/> + <table-generator name="SEQ_TaskExec" pk-column-value="SEQ_TaskExec" initial-value="10"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAPolicy"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Policy" strategy="TABLE"/> + <table-generator name="SEQ_Policy" pk-column-value="SEQ_Policy" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReport"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Report" strategy="TABLE"/> + <table-generator name="SEQ_Report" pk-column-value="SEQ_Report" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReportExec"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ReportExec" strategy="TABLE"/> + <table-generator name="SEQ_ReportExec" pk-column-value="SEQ_ReportExec" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReportletConfInstance"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ReportletConfInstance" strategy="TABLE"/> + <table-generator name="SEQ_ReportletConfInstance" pk-column-value="SEQ_ReportletConfInstance" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPANotification"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Notification" strategy="TABLE"/> + <table-generator name="SEQ_Notification" pk-column-value="SEQ_Notification" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPASecurityQuestion"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_SecurityQuestion" strategy="TABLE"/> + <table-generator name="SEQ_SecurityQuestion" pk-column-value="SEQ_SecurityQuestion" initial-value="100"/> + </id> + </attributes> + </entity> +</entity-mappings> http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-sqlserver.xml ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-sqlserver.xml b/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-sqlserver.xml new file mode 100644 index 0000000..a4b949d --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm-sqlserver.xml @@ -0,0 +1,323 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<entity-mappings xmlns="http://java.sun.com/xml/ns/persistence/orm"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/persistence/orm + http://java.sun.com/xml/ns/persistence/orm_2_0.xsd"; + version="2.0"> + + <persistence-unit-metadata> + <persistence-unit-defaults> + <entity-listeners> + <entity-listener class="org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener"> + <pre-persist method-name="validate"/> + <pre-update method-name="validate"/> + </entity-listener> + </entity-listeners> + </persistence-unit-defaults> + </persistence-unit-metadata> + + <table-generator name="SEQ_UPlainAttrValue" pk-column-value="SEQ_UPlainAttrValue" initial-value="100"/> + <table-generator name="SEQ_RPlainAttrValue" pk-column-value="SEQ_RPlainAttrValue" initial-value="100"/> + <table-generator name="SEQ_MAttrPlainValue" pk-column-value="SEQ_MAttrPlainValue" initial-value="100"/> + <table-generator name="SEQ_CAttrPlainValue" pk-column-value="SEQ_CAttrPlainValue" initial-value="100"/> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUser"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_User" strategy="TABLE"/> + <table-generator name="SEQ_User" pk-column-value="SEQ_User" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARole"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Role" strategy="TABLE"/> + <table-generator name="SEQ_Role" pk-column-value="SEQ_Role" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMembership"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Membership" strategy="TABLE"/> + <table-generator name="SEQ_Membership" pk-column-value="SEQ_Membership" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUMapping"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UMapping" strategy="TABLE"/> + <table-generator name="SEQ_UMapping" pk-column-value="SEQ_UMapping" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARMapping"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RMapping" strategy="TABLE"/> + <table-generator name="SEQ_RMapping" pk-column-value="SEQ_RMapping" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUMappingItem"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UMappingItem" strategy="TABLE"/> + <table-generator name="SEQ_UMappingItem" pk-column-value="SEQ_UMappingItem" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARMappingItem"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RMappingItem" strategy="TABLE"/> + <table-generator name="SEQ_RMappingItem" pk-column-value="SEQ_RMappingItem" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAConnInstance"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ConnInstance" strategy="TABLE"/> + <table-generator name="SEQ_ConnInstance" pk-column-value="SEQ_ConnInstance" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_UPlainAttr" pk-column-value="SEQ_UPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_RPlainAttr" pk-column-value="SEQ_RPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrTemplate"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrTemplate" strategy="TABLE"/> + <table-generator name="SEQ_RPlainAttrTemplate" pk-column-value="SEQ_RPlainAttrTemplate" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_MPlainAttr" pk-column-value="SEQ_MPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrTemplate"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MPlainAttrTemplate" strategy="TABLE"/> + <table-generator name="SEQ_MPlainAttrTemplate" pk-column-value="SEQ_MPlainAttrTemplate" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlain" strategy="TABLE"/> + <table-generator name="SEQ_CAttrPlain" pk-column-value="SEQ_CAttrPlain" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>dateValue</column-name> + <column-name>stringValue</column-name> + <column-name>doubleValue</column-name> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.task.JPATask"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Task" strategy="TABLE"/> + <table-generator name="SEQ_Task" pk-column-value="SEQ_Task" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.task.JPATaskExec"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_TaskExec" strategy="TABLE"/> + <table-generator name="SEQ_TaskExec" pk-column-value="SEQ_TaskExec" initial-value="10"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAPolicy"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Policy" strategy="TABLE"/> + <table-generator name="SEQ_Policy" pk-column-value="SEQ_Policy" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReport"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Report" strategy="TABLE"/> + <table-generator name="SEQ_Report" pk-column-value="SEQ_Report" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReportExec"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ReportExec" strategy="TABLE"/> + <table-generator name="SEQ_ReportExec" pk-column-value="SEQ_ReportExec" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReportletConfInstance"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ReportletConfInstance" strategy="TABLE"/> + <table-generator name="SEQ_ReportletConfInstance" pk-column-value="SEQ_ReportletConfInstance" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPANotification"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Notification" strategy="TABLE"/> + <table-generator name="SEQ_Notification" pk-column-value="SEQ_Notification" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPASecurityQuestion"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_SecurityQuestion" strategy="TABLE"/> + <table-generator name="SEQ_SecurityQuestion" pk-column-value="SEQ_SecurityQuestion" initial-value="100"/> + </id> + </attributes> + </entity> +</entity-mappings> http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm.xml ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm.xml b/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm.xml new file mode 100644 index 0000000..7217d68 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/META-INF/spring-orm.xml @@ -0,0 +1,371 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<entity-mappings xmlns="http://java.sun.com/xml/ns/persistence/orm"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/persistence/orm + http://java.sun.com/xml/ns/persistence/orm_2_0.xsd"; + version="2.0"> + + <persistence-unit-metadata> + <persistence-unit-defaults> + <entity-listeners> + <entity-listener class="org.apache.syncope.core.persistence.jpa.validation.entity.EntityValidationListener"> + <pre-persist method-name="validate"/> + <pre-update method-name="validate"/> + </entity-listener> + </entity-listeners> + </persistence-unit-defaults> + </persistence-unit-metadata> + + <table-generator name="SEQ_UPlainAttrValue" pk-column-value="SEQ_UPlainAttrValue" initial-value="100"/> + <table-generator name="SEQ_RPlainAttrValue" pk-column-value="SEQ_RPlainAttrValue" initial-value="100"/> + <table-generator name="SEQ_MAttrPlainValue" pk-column-value="SEQ_MAttrPlainValue" initial-value="100"/> + <table-generator name="SEQ_CAttrPlainValue" pk-column-value="SEQ_CAttrPlainValue" initial-value="100"/> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUser"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_User" strategy="TABLE"/> + <table-generator name="SEQ_User" pk-column-value="SEQ_User" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARole"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Role" strategy="TABLE"/> + <table-generator name="SEQ_Role" pk-column-value="SEQ_Role" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMembership"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Membership" strategy="TABLE"/> + <table-generator name="SEQ_Membership" pk-column-value="SEQ_Membership" initial-value="100"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUMapping"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UMapping" strategy="TABLE"/> + <table-generator name="SEQ_UMapping" pk-column-value="SEQ_UMapping" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARMapping"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RMapping" strategy="TABLE"/> + <table-generator name="SEQ_RMapping" pk-column-value="SEQ_RMapping" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUMappingItem"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UMappingItem" strategy="TABLE"/> + <table-generator name="SEQ_UMappingItem" pk-column-value="SEQ_UMappingItem" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARMappingItem"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RMappingItem" strategy="TABLE"/> + <table-generator name="SEQ_RMappingItem" pk-column-value="SEQ_RMappingItem" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAConnInstance"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ConnInstance" strategy="TABLE"/> + <table-generator name="SEQ_ConnInstance" pk-column-value="SEQ_ConnInstance" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_UPlainAttr" pk-column-value="SEQ_UPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_RPlainAttr" pk-column-value="SEQ_RPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrTemplate"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrTemplate" strategy="TABLE"/> + <table-generator name="SEQ_RPlainAttrTemplate" pk-column-value="SEQ_RPlainAttrTemplate" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MPlainAttr" strategy="TABLE"/> + <table-generator name="SEQ_MPlainAttr" pk-column-value="SEQ_MPlainAttr" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrTemplate"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MPlainAttrTemplate" strategy="TABLE"/> + <table-generator name="SEQ_MPlainAttrTemplate" pk-column-value="SEQ_MPlainAttrTemplate" initial-value="1000"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttr"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlain" strategy="TABLE"/> + <table-generator name="SEQ_CAttrPlain" pk-column-value="SEQ_CAttrPlain" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.user.JPAUPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>dateValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>stringValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>doubleValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_UPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.role.JPARPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>dateValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>stringValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>doubleValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_RPlainAttrValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>dateValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>stringValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>doubleValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_MAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttrValue"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttrUniqueValue"> + <table> + <unique-constraint> + <column-name>booleanValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>dateValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>stringValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>doubleValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + <unique-constraint> + <column-name>longValue</column-name> + <column-name>schema_name</column-name> + </unique-constraint> + </table> + <attributes> + <id name="id"> + <generated-value generator="SEQ_CAttrPlainValue" strategy="TABLE"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.task.JPATask"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Task" strategy="TABLE"/> + <table-generator name="SEQ_Task" pk-column-value="SEQ_Task" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.task.JPATaskExec"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_TaskExec" strategy="TABLE"/> + <table-generator name="SEQ_TaskExec" pk-column-value="SEQ_TaskExec" initial-value="10"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAPolicy"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Policy" strategy="TABLE"/> + <table-generator name="SEQ_Policy" pk-column-value="SEQ_Policy" initial-value="1000"/> + </id> + </attributes> + </entity> + + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReport"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Report" strategy="TABLE"/> + <table-generator name="SEQ_Report" pk-column-value="SEQ_Report" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReportExec"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ReportExec" strategy="TABLE"/> + <table-generator name="SEQ_ReportExec" pk-column-value="SEQ_ReportExec" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPAReportletConfInstance"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_ReportletConfInstance" strategy="TABLE"/> + <table-generator name="SEQ_ReportletConfInstance" pk-column-value="SEQ_ReportletConfInstance" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPANotification"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_Notification" strategy="TABLE"/> + <table-generator name="SEQ_Notification" pk-column-value="SEQ_Notification" initial-value="100"/> + </id> + </attributes> + </entity> + <entity class="org.apache.syncope.core.persistence.jpa.entity.JPASecurityQuestion"> + <attributes> + <id name="id"> + <generated-value generator="SEQ_SecurityQuestion" strategy="TABLE"/> + <table-generator name="SEQ_SecurityQuestion" pk-column-value="SEQ_SecurityQuestion" initial-value="100"/> + </id> + </attributes> + </entity> +</entity-mappings> http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/audit/audit.sql ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/audit/audit.sql b/syncope620/core/persistence-jpa/src/main/resources/audit/audit.sql new file mode 100644 index 0000000..faf8c5b --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/audit/audit.sql @@ -0,0 +1,24 @@ +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. + +CREATE TABLE IF NOT EXISTS SYNCOPEAUDIT ( + EVENT_DATE TIMESTAMP, + LOGGER_LEVEL VARCHAR(255) NOT NULL, + LOGGER VARCHAR(255) NOT NULL, + MESSAGE TEXT NOT NULL, + THROWABLE TEXT +) http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/audit/audit_mysql_innodb.sql ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/audit/audit_mysql_innodb.sql b/syncope620/core/persistence-jpa/src/main/resources/audit/audit_mysql_innodb.sql new file mode 100644 index 0000000..ff753fa --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/audit/audit_mysql_innodb.sql @@ -0,0 +1,24 @@ +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. + +CREATE TABLE IF NOT EXISTS SYNCOPEAUDIT ( + EVENT_DATE TIMESTAMP, + LOGGER_LEVEL VARCHAR(255) NOT NULL, + LOGGER VARCHAR(255) NOT NULL, + MESSAGE TEXT NOT NULL, + THROWABLE TEXT +) ENGINE=InnoDB http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/audit/audit_oracle.sql ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/audit/audit_oracle.sql b/syncope620/core/persistence-jpa/src/main/resources/audit/audit_oracle.sql new file mode 100644 index 0000000..e1b7d81 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/audit/audit_oracle.sql @@ -0,0 +1,38 @@ +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. + +BEGIN + BEGIN + EXECUTE IMMEDIATE 'DROP TABLE SYNCOPEAUDIT'; + EXCEPTION + WHEN OTHERS THEN + IF SQLCODE != -942 THEN + RAISE; + END IF; + END; + + EXECUTE IMMEDIATE ' +CREATE TABLE SYNCOPEAUDIT ( + EVENT_DATE TIMESTAMP, + LOGGER_LEVEL VARCHAR(255) NOT NULL, + LOGGER VARCHAR(255) NOT NULL, + MESSAGE CLOB NOT NULL, + THROWABLE CLOB +) +'; + +END; http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/audit/audit_sqlserver.sql ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/audit/audit_sqlserver.sql b/syncope620/core/persistence-jpa/src/main/resources/audit/audit_sqlserver.sql new file mode 100644 index 0000000..191428a --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/audit/audit_sqlserver.sql @@ -0,0 +1,28 @@ +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. + +IF NOT EXISTS +(SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[SYNCOPEAUDIT]') AND type in (N'U')) +BEGIN +CREATE TABLE SYNCOPEAUDIT ( + EVENT_DATE DATETIME, + LOGGER_LEVEL VARCHAR(255) NOT NULL, + LOGGER VARCHAR(255) NOT NULL, + MESSAGE TEXT NOT NULL, + THROWABLE TEXT +) +END http://git-wip-us.apache.org/repos/asf/syncope/blob/d30c8526/syncope620/core/persistence-jpa/src/main/resources/content.xml ---------------------------------------------------------------------- diff --git a/syncope620/core/persistence-jpa/src/main/resources/content.xml b/syncope620/core/persistence-jpa/src/main/resources/content.xml new file mode 100644 index 0000000..b0257b1 --- /dev/null +++ b/syncope620/core/persistence-jpa/src/main/resources/content.xml @@ -0,0 +1,183 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<dataset> + <SyncopeConf id="1" + creator="admin" lastModifier="admin" + creationDate="2014-06-20 11:00:00" lastChangeDate="2014-06-20 11:00:00"/> + + <CPlainSchema name="password.cipher.algorithm" type="String" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="1" owner_id="1" schema_name="password.cipher.algorithm"/> + <CPlainAttrValue id="1" attribute_id="1" stringValue="SHA1"/> + + <!-- notificationjob.cronExpression: + + not existing: NotificationJob runs according to Notification.DEFAULT_CRON_EXP + + provided as empty string: NotificationJob disabled + + provided as non-empty string: NotificationJob runs according to the given value --> + <CPlainSchema name="notificationjob.cronExpression" type="String" + mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="2" owner_id="1" schema_name="notificationjob.cronExpression"/> + <CPlainAttrValue id="2" attribute_id="2" stringValue=""/> + + <CPlainSchema name="notification.maxRetries" type="Long" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="3" owner_id="1" schema_name="notification.maxRetries"/> + <CPlainAttrValue id="3" attribute_id="3" longValue="3"/> + + <CPlainSchema name="token.length" type="Long" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="4" owner_id="1" schema_name="token.length"/> + <CPlainAttrValue id="4" attribute_id="4" longValue="256"/> + + <CPlainSchema name="token.expireTime" type="Long" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="5" owner_id="1" schema_name="token.expireTime"/> + <CPlainAttrValue id="5" attribute_id="5" longValue="60"/> + + <CPlainSchema name="selfRegistration.allowed" type="Boolean" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="6" owner_id="1" schema_name="selfRegistration.allowed"/> + <CPlainAttrValue id="6" attribute_id="6" booleanValue="1"/> + + <CPlainSchema name="passwordReset.allowed" type="Boolean" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="7" owner_id="1" schema_name="passwordReset.allowed"/> + <CPlainAttrValue id="7" attribute_id="7" booleanValue="1"/> + + <CPlainSchema name="passwordReset.securityQuestion" type="Boolean" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="8" owner_id="1" schema_name="passwordReset.securityQuestion"/> + <CPlainAttrValue id="8" attribute_id="8" booleanValue="1"/> + + <CPlainSchema name="authentication.statuses" type="String" + mandatoryCondition="true" multivalue="1" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="9" owner_id="1" schema_name="authentication.statuses"/> + <CPlainAttrValue id="9" attribute_id="9" stringValue="created"/> + <CPlainAttrValue id="10" attribute_id="9" stringValue="active"/> + + <!-- Save user login date upon successful authentication --> + <CPlainSchema name="log.lastlogindate" type="Boolean" + mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="11" owner_id="1" schema_name="log.lastlogindate"/> + <CPlainAttrValue id="11" attribute_id="11" booleanValue="1"/> + + <!-- For usage with admin console --> + <CPlainSchema name="admin.user.layout" type="String" + mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> + <CPlainSchema name="self.user.layout" type="String" + mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> + <CPlainSchema name="admin.role.layout" type="String" + mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> + <CPlainSchema name="self.role.layout" type="String" + mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> + <CPlainSchema name="admin.membership.layout" type="String" + mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> + <CPlainSchema name="self.membership.layout" type="String" + mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> + + <!-- User pre-defined schemas --> + <UPlainSchema name="email" type="String" + mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0" + validatorClass="org.apache.syncope.core.persistence.jpa.attrvalue.validation.EmailAddressValidator"/> + + <!-- Password reset notifications --> + <Notification id="1" active="1" recipientAttrName="email" recipientAttrType="UserPlainSchema" selfAsRecipient="1" + sender="[email protected]" subject="Password Reset request" template="requestPasswordReset" + traceLevel="FAILURES" userAbout="token!=$null"/> + <Notification_events Notification_id="1" events="[CUSTOM]:[]:[]:[requestPasswordReset]:[SUCCESS]"/> + + <Notification id="2" active="1" recipientAttrName="email" recipientAttrType="UserPlainSchema" selfAsRecipient="1" + sender="[email protected]" subject="Password Reset successful" template="confirmPasswordReset" + traceLevel="FAILURES" userAbout="token!=$null"/> + <Notification_events Notification_id="2" events="[CUSTOM]:[]:[]:[confirmPasswordReset]:[SUCCESS]"/> + + <!-- Authentication and authorization --> + <Entitlement name="SCHEMA_LIST"/> + <Entitlement name="SCHEMA_CREATE"/> + <Entitlement name="SCHEMA_READ"/> + <Entitlement name="SCHEMA_UPDATE"/> + <Entitlement name="SCHEMA_DELETE"/> + <Entitlement name="USER_LIST"/> + <Entitlement name="USER_CREATE"/> + <Entitlement name="USER_READ"/> + <Entitlement name="USER_UPDATE"/> + <Entitlement name="USER_DELETE"/> + <Entitlement name="USER_VIEW"/> + <Entitlement name="ROLE_LIST"/> + <Entitlement name="ROLE_CREATE"/> + <Entitlement name="ROLE_READ"/> + <Entitlement name="ROLE_UPDATE"/> + <Entitlement name="ROLE_DELETE"/> + <Entitlement name="RESOURCE_LIST"/> + <Entitlement name="RESOURCE_CREATE"/> + <Entitlement name="RESOURCE_READ"/> + <Entitlement name="RESOURCE_UPDATE"/> + <Entitlement name="RESOURCE_DELETE"/> + <Entitlement name="RESOURCE_GETCONNECTOROBJECT"/> + <Entitlement name="CONNECTOR_LIST"/> + <Entitlement name="CONNECTOR_CREATE"/> + <Entitlement name="CONNECTOR_READ"/> + <Entitlement name="CONNECTOR_UPDATE"/> + <Entitlement name="CONNECTOR_DELETE"/> + <Entitlement name="CONNECTOR_RELOAD"/> + <Entitlement name="CONFIGURATION_EXPORT"/> + <Entitlement name="CONFIGURATION_LIST"/> + <Entitlement name="CONFIGURATION_SET"/> + <Entitlement name="CONFIGURATION_DELETE"/> + <Entitlement name="TASK_LIST"/> + <Entitlement name="TASK_CREATE"/> + <Entitlement name="TASK_READ"/> + <Entitlement name="TASK_UPDATE"/> + <Entitlement name="TASK_DELETE"/> + <Entitlement name="TASK_EXECUTE"/> + <Entitlement name="POLICY_LIST"/> + <Entitlement name="POLICY_CREATE"/> + <Entitlement name="POLICY_READ"/> + <Entitlement name="POLICY_UPDATE"/> + <Entitlement name="POLICY_DELETE"/> + <Entitlement name="WORKFLOW_DEF_READ"/> + <Entitlement name="WORKFLOW_DEF_UPDATE"/> + <Entitlement name="WORKFLOW_TASK_LIST"/> + <Entitlement name="WORKFLOW_FORM_LIST"/> + <Entitlement name="WORKFLOW_FORM_READ"/> + <Entitlement name="WORKFLOW_FORM_CLAIM"/> + <Entitlement name="WORKFLOW_FORM_SUBMIT"/> + <Entitlement name="NOTIFICATION_LIST"/> + <Entitlement name="NOTIFICATION_CREATE"/> + <Entitlement name="NOTIFICATION_READ"/> + <Entitlement name="NOTIFICATION_UPDATE"/> + <Entitlement name="NOTIFICATION_DELETE"/> + <Entitlement name="REPORT_LIST"/> + <Entitlement name="REPORT_READ"/> + <Entitlement name="REPORT_CREATE"/> + <Entitlement name="REPORT_UPDATE"/> + <Entitlement name="REPORT_DELETE"/> + <Entitlement name="REPORT_EXECUTE"/> + <Entitlement name="LOG_LIST"/> + <Entitlement name="LOG_SET_LEVEL"/> + <Entitlement name="LOG_DELETE"/> + <Entitlement name="AUDIT_LIST"/> + <Entitlement name="AUDIT_ENABLE"/> + <Entitlement name="AUDIT_DISABLE"/> + <Entitlement name="SECURITY_QUESTION_CREATE"/> + <Entitlement name="SECURITY_QUESTION_UPDATE"/> + <Entitlement name="SECURITY_QUESTION_DELETE"/> + +</dataset>
