Repository: syncope Updated Branches: refs/heads/2_0_X 14f25859a -> 6d086d5f3 refs/heads/master a7b54fa78 -> 20596e2e0
http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SyncopeService.java ---------------------------------------------------------------------- diff --git a/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SyncopeService.java b/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SyncopeService.java index c60b974..1ec31f2 100644 --- a/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SyncopeService.java +++ b/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SyncopeService.java @@ -18,13 +18,22 @@ */ package org.apache.syncope.common.rest.api.service; +import javax.validation.constraints.Min; +import javax.validation.constraints.NotNull; +import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; +import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import org.apache.syncope.common.lib.info.NumbersInfo; import org.apache.syncope.common.lib.info.SystemInfo; import org.apache.syncope.common.lib.info.PlatformInfo; +import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.to.PagedResult; +import org.apache.syncope.common.lib.to.TypeExtensionTO; /** * General info about this Apache Syncope deployment. @@ -63,4 +72,34 @@ public interface SyncopeService extends JAXRSService { @Path("/numbers") @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) NumbersInfo numbers(); + + /** + * Returns the list of Groups, according to provided paging instructions, assignable to Users and Any Objects of + * the provided Realm. + * + * @param realm of the User and Any Objects assignable to the returned Groups + * @param page search page + * @param size search page size + * @return list of Groups, according to provided paging instructions, assignable to Users and Any Objects of + * the provided Realm + */ + @POST + @Path("/assignableGroups/{realm:.*}") + @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) + PagedResult<GroupTO> searchAssignableGroups( + @NotNull @PathParam("realm") String realm, + @Min(1) @QueryParam(PARAM_PAGE) @DefaultValue("1") int page, + @Min(1) @QueryParam(PARAM_SIZE) @DefaultValue("25") int size); + + /** + * Extracts User type extension information, for the provided group. + * + * @param groupName group name + * @return User type extension information, for the provided group + */ + @GET + @Path("/userTypeExtension/{groupName}") + @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) + TypeExtensionTO readUserTypeExtension( + @NotNull @PathParam("groupName") String groupName); } http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java index 180035f..babe255 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeClassLogic.java @@ -37,6 +37,7 @@ import org.apache.syncope.core.provisioning.api.data.AnyTypeClassDataBinder; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; @Component public class AnyTypeClassLogic extends AbstractTransactionalLogic<AnyTypeClassTO> { @@ -47,7 +48,8 @@ public class AnyTypeClassLogic extends AbstractTransactionalLogic<AnyTypeClassTO @Autowired private AnyTypeClassDAO anyTypeClassDAO; - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPECLASS_READ + "')") + @Transactional(readOnly = true) public AnyTypeClassTO read(final String key) { AnyTypeClass anyType = anyTypeClassDAO.find(key); if (anyType == null) { @@ -59,7 +61,8 @@ public class AnyTypeClassLogic extends AbstractTransactionalLogic<AnyTypeClassTO return binder.getAnyTypeClassTO(anyType); } - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPECLASS_LIST + "')") + @Transactional(readOnly = true) public List<AnyTypeClassTO> list() { return CollectionUtils.collect(anyTypeClassDAO.findAll(), new Transformer<AnyTypeClass, AnyTypeClassTO>() { http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java index b21ab45..f967da8 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AnyTypeLogic.java @@ -37,6 +37,7 @@ import org.apache.syncope.core.provisioning.api.data.AnyTypeDataBinder; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; @Component public class AnyTypeLogic extends AbstractTransactionalLogic<AnyTypeTO> { @@ -47,7 +48,8 @@ public class AnyTypeLogic extends AbstractTransactionalLogic<AnyTypeTO> { @Autowired private AnyTypeDAO anyTypeDAO; - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPE_READ + "')") + @Transactional(readOnly = true) public AnyTypeTO read(final String key) { AnyType anyType = anyTypeDAO.find(key); if (anyType == null) { @@ -59,7 +61,8 @@ public class AnyTypeLogic extends AbstractTransactionalLogic<AnyTypeTO> { return binder.getAnyTypeTO(anyType); } - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.ANYTYPE_LIST + "')") + @Transactional(readOnly = true) public List<AnyTypeTO> list() { return CollectionUtils.collect(anyTypeDAO.findAll(), new Transformer<AnyType, AnyTypeTO>() { http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java index 200cc7a..eea22ad 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java @@ -81,7 +81,8 @@ public class ConfigurationLogic extends AbstractTransactionalLogic<AttrTO> { return binder.getConfTO(); } - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.CONFIGURATION_GET + "')") + @Transactional(readOnly = true) public AttrTO get(final String schema) { AttrTO result; http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java index 6532936..9c92e29 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java @@ -163,8 +163,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { try { result = binder.getConnInstanceTO(connInstance); } catch (NotFoundException e) { - LOG.error("Connector '{}#{}' not found", - connInstance.getBundleName(), connInstance.getVersion()); + LOG.error("Connector '{}#{}' not found", connInstance.getBundleName(), connInstance.getVersion()); } return result; http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java index 4420d4d..52946a6 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java @@ -41,7 +41,6 @@ import org.apache.syncope.common.lib.to.ExecTO; import org.apache.syncope.common.lib.to.GroupTO; import org.apache.syncope.common.lib.to.PropagationStatus; import org.apache.syncope.common.lib.to.ProvisioningResult; -import org.apache.syncope.common.lib.to.TypeExtensionTO; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.BulkMembersActionType; import org.apache.syncope.common.lib.types.ClientExceptionType; @@ -161,19 +160,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { }, new ArrayList<GroupTO>()); } - @PreAuthorize("isAuthenticated()") - @Transactional(readOnly = true) - public TypeExtensionTO readTypeExtension(final String key, final String anyTypeKey) { - Group group = groupDAO.find(key); - if (group == null) { - throw new NotFoundException("Group " + key); - } - - GroupTO groupTO = binder.getGroupTO(group, false); - return groupTO.getTypeExtension(anyTypeKey); - } - - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')") @Transactional(readOnly = true) @Override public Pair<Integer, List<GroupTO>> search( http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java index 1cde745..760b812 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java @@ -260,7 +260,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return binder.getResourceTO(resource); } - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_LIST + "')") @Transactional(readOnly = true) public List<ResourceTO> list() { return CollectionUtils.collect(resourceDAO.findAll(), new Transformer<ExternalResource, ResourceTO>() { http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java index 13102a5..c5b3b9a 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java @@ -34,6 +34,7 @@ import org.apache.syncope.core.provisioning.api.data.RoleDataBinder; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; @Component public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { @@ -45,6 +46,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { private RoleDAO roleDAO; @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_READ + "')") + @Transactional(readOnly = true) public RoleTO read(final String key) { Role role = roleDAO.find(key); if (role == null) { @@ -57,6 +59,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { } @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_LIST + "')") + @Transactional(readOnly = true) public List<RoleTO> list() { return CollectionUtils.collect(roleDAO.findAll(), new Transformer<Role, RoleTO>() { http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java index 5bbddc4..e3dae91 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java @@ -35,6 +35,7 @@ import org.apache.syncope.core.provisioning.api.data.SecurityQuestionDataBinder; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; @Component public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQuestionTO> { @@ -49,6 +50,7 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu private SecurityQuestionDataBinder binder; @PreAuthorize("isAuthenticated()") + @Transactional(readOnly = true) public List<SecurityQuestionTO> list() { return CollectionUtils.collect(securityQuestionDAO.findAll(), new Transformer<SecurityQuestion, SecurityQuestionTO>() { @@ -60,7 +62,8 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu }, new ArrayList<SecurityQuestionTO>()); } - @PreAuthorize("isAuthenticated()") + @PreAuthorize("hasRole('" + StandardEntitlement.SECURITY_QUESTION_READ + "')") + @Transactional(readOnly = true) public SecurityQuestionTO read(final String key) { SecurityQuestion securityQuestion = securityQuestionDAO.find(key); if (securityQuestion == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java index 29bab96..c562de9 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java @@ -21,27 +21,39 @@ package org.apache.syncope.core.logic; import java.lang.management.ManagementFactory; import java.lang.management.OperatingSystemMXBean; import java.lang.management.RuntimeMXBean; -import org.apache.syncope.core.provisioning.api.EntitlementsHolder; import java.lang.reflect.Method; import java.net.InetAddress; import java.net.URI; import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.Collections; import java.util.Iterator; +import java.util.List; import java.util.Map; import javax.annotation.Resource; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.Transformer; +import org.apache.commons.lang3.tuple.Pair; import org.apache.syncope.common.lib.AbstractBaseBean; +import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.info.NumbersInfo; import org.apache.syncope.common.lib.info.SystemInfo; import org.apache.syncope.common.lib.info.PlatformInfo; +import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.to.TypeExtensionTO; +import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.TaskType; import org.apache.syncope.core.spring.security.PasswordGenerator; import org.apache.syncope.core.persistence.api.ImplementationLookup; import org.apache.syncope.core.persistence.api.ImplementationLookup.Type; import org.apache.syncope.core.persistence.api.dao.AnyObjectDAO; import org.apache.syncope.core.persistence.api.dao.AnySearchDAO; +import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO; +import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; import org.apache.syncope.core.persistence.api.dao.ConfDAO; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.GroupDAO; +import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.NotificationDAO; import org.apache.syncope.core.persistence.api.dao.PolicyDAO; import org.apache.syncope.core.persistence.api.dao.RoleDAO; @@ -49,14 +61,23 @@ import org.apache.syncope.core.persistence.api.dao.SecurityQuestionDAO; import org.apache.syncope.core.persistence.api.dao.TaskDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; import org.apache.syncope.core.persistence.api.dao.VirSchemaDAO; +import org.apache.syncope.core.persistence.api.dao.search.AssignableCond; +import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; +import org.apache.syncope.core.persistence.api.dao.search.SearchCond; import org.apache.syncope.core.persistence.api.entity.AnyType; +import org.apache.syncope.core.persistence.api.entity.group.Group; +import org.apache.syncope.core.persistence.api.entity.group.TypeExtension; import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy; import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy; import org.apache.syncope.core.provisioning.api.AnyObjectProvisioningManager; import org.apache.syncope.core.provisioning.api.ConnIdBundleManager; +import org.apache.syncope.core.provisioning.api.EntitlementsHolder; import org.apache.syncope.core.provisioning.api.GroupProvisioningManager; import org.apache.syncope.core.provisioning.api.UserProvisioningManager; import org.apache.syncope.core.provisioning.api.cache.VirAttrCache; +import org.apache.syncope.core.provisioning.api.data.GroupDataBinder; +import org.apache.syncope.core.provisioning.api.utils.EntityUtils; +import org.apache.syncope.core.spring.security.AuthContextUtils; import org.apache.syncope.core.workflow.api.AnyObjectWorkflowAdapter; import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter; import org.apache.syncope.core.workflow.api.UserWorkflowAdapter; @@ -79,6 +100,12 @@ public class SyncopeLogic extends AbstractLogic<AbstractBaseBean> { private static SystemInfo SYSTEM_INFO; @Autowired + private AnyTypeDAO anyTypeDAO; + + @Autowired + private AnyTypeClassDAO anyTypeClassDAO; + + @Autowired private UserDAO userDAO; @Autowired @@ -111,6 +138,12 @@ public class SyncopeLogic extends AbstractLogic<AbstractBaseBean> { @Autowired private ConfDAO confDAO; + @Autowired + private AnySearchDAO searchDAO; + + @Autowired + private GroupDataBinder groupDataBinder; + @Resource(name = "version") private String version; @@ -211,6 +244,37 @@ public class SyncopeLogic extends AbstractLogic<AbstractBaseBean> { PLATFORM_INFO.getEntitlements().clear(); PLATFORM_INFO.getEntitlements().addAll(EntitlementsHolder.getInstance().getValues()); + + PLATFORM_INFO.getAnyTypes().clear(); + PLATFORM_INFO.getUserClasses().clear(); + PLATFORM_INFO.getAnyTypeClasses().clear(); + PLATFORM_INFO.getResources().clear(); + AuthContextUtils.execWithAuthContext(AuthContextUtils.getDomain(), new AuthContextUtils.Executable<Void>() { + + @Override + public Void exec() { + CollectionUtils.collect( + anyTypeDAO.findAll(), + EntityUtils.keyTransformer(), + PLATFORM_INFO.getAnyTypes()); + + CollectionUtils.collect( + anyTypeDAO.findUser().getClasses(), + EntityUtils.keyTransformer(), + PLATFORM_INFO.getUserClasses()); + + CollectionUtils.collect( + anyTypeClassDAO.findAll(), + EntityUtils.keyTransformer(), + PLATFORM_INFO.getAnyTypeClasses()); + + CollectionUtils.collect( + resourceDAO.findAll(), + EntityUtils.keyTransformer(), + PLATFORM_INFO.getResources()); + return null; + } + }); } return PLATFORM_INFO; @@ -311,10 +375,55 @@ public class SyncopeLogic extends AbstractLogic<AbstractBaseBean> { return numbersInfo; } + @PreAuthorize("isAuthenticated()") + public Pair<Integer, List<GroupTO>> searchAssignableGroups( + final String realm, final int page, final int size) { + + AssignableCond assignableCond = new AssignableCond(); + assignableCond.setRealmFullPath(realm); + SearchCond searchCond = SearchCond.getLeafCond(assignableCond); + + int count = searchDAO.count(SyncopeConstants.FULL_ADMIN_REALMS, searchCond, AnyTypeKind.GROUP); + + OrderByClause orderByClause = new OrderByClause(); + orderByClause.setField("name"); + orderByClause.setDirection(OrderByClause.Direction.ASC); + List<Group> matching = searchDAO.search( + SyncopeConstants.FULL_ADMIN_REALMS, + searchCond, + page, size, + Collections.singletonList(orderByClause), AnyTypeKind.GROUP); + List<GroupTO> result = CollectionUtils.collect(matching, new Transformer<Group, GroupTO>() { + + @Transactional(readOnly = true) + @Override + public GroupTO transform(final Group input) { + return groupDataBinder.getGroupTO(input, false); + } + }, new ArrayList<GroupTO>()); + + return Pair.of(count, result); + } + + @PreAuthorize("isAuthenticated()") + public TypeExtensionTO readTypeExtension(final String groupName) { + Group group = groupDAO.findByName(groupName); + if (group == null) { + throw new NotFoundException("Group " + groupName); + } + TypeExtension typeExt = group.getTypeExtension(anyTypeDAO.findUser()); + if (typeExt == null) { + throw new NotFoundException("TypeExtension in " + groupName + " for users"); + } + + return groupDataBinder.getTypeExtensionTO(typeExt); + } + @Override protected AbstractBaseBean resolveReference(final Method method, final Object... args) throws UnresolvedReferenceException { throw new UnresolvedReferenceException(); } + } http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAExternalResourceDAO.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAExternalResourceDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAExternalResourceDAO.java index 8989fc5..43b36d5 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAExternalResourceDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAExternalResourceDAO.java @@ -18,11 +18,14 @@ */ package org.apache.syncope.core.persistence.jpa.dao; +import java.util.ArrayList; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; import javax.persistence.Query; import javax.persistence.TypedQuery; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.collections4.Predicate; import org.apache.syncope.common.lib.types.StandardEntitlement; @@ -232,9 +235,28 @@ public class JPAExternalResourceDAO extends AbstractDAO<ExternalResource> implem @Override public List<ExternalResource> findAll() { + final Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.RESOURCE_LIST); + if (authRealms == null || authRealms.isEmpty()) { + return Collections.emptyList(); + } + TypedQuery<ExternalResource> query = entityManager().createQuery( "SELECT e FROM " + JPAExternalResource.class.getSimpleName() + " e", ExternalResource.class); - return query.getResultList(); + + return CollectionUtils.select(query.getResultList(), new Predicate<ExternalResource>() { + + @Override + public boolean evaluate(final ExternalResource resource) { + return IterableUtils.matchesAny(authRealms, new Predicate<String>() { + + @Override + public boolean evaluate(final String realm) { + return resource.getConnector() != null + && resource.getConnector().getAdminRealm().getFullPath().startsWith(realm); + } + }); + } + }, new ArrayList<ExternalResource>()); } @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ResourceTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ResourceTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ResourceTest.java index 03b516d..9439827 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ResourceTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/ResourceTest.java @@ -25,11 +25,16 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import java.util.ArrayList; import java.util.List; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.collections4.Predicate; +import org.apache.commons.collections4.Transformer; +import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.EntityViolationType; import org.apache.syncope.common.lib.types.MappingPurpose; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException; import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; @@ -40,9 +45,14 @@ import org.apache.syncope.core.persistence.api.entity.resource.MappingItem; import org.apache.syncope.core.persistence.api.entity.resource.Provision; import org.apache.syncope.core.persistence.jpa.AbstractTest; import org.apache.syncope.core.spring.security.DelegatedAdministrationException; +import org.apache.syncope.core.spring.security.SyncopeAuthenticationDetails; +import org.apache.syncope.core.spring.security.SyncopeGrantedAuthority; import org.identityconnectors.framework.common.objects.ObjectClass; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.transaction.annotation.Transactional; @Transactional("Master") @@ -93,9 +103,28 @@ public class ResourceTest extends AbstractTest { @Test public void findAll() { - List<ExternalResource> resources = resourceDAO.findAll(); - assertNotNull(resources); - assertEquals(21, resources.size()); + List<GrantedAuthority> authorities = CollectionUtils.collect(StandardEntitlement.values(), + new Transformer<String, GrantedAuthority>() { + + @Override + public GrantedAuthority transform(final String entitlement) { + return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); + } + }, new ArrayList<GrantedAuthority>()); + + UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( + new org.springframework.security.core.userdetails.User( + "admin", "FAKE_PASSWORD", authorities), "FAKE_PASSWORD", authorities); + auth.setDetails(new SyncopeAuthenticationDetails("Master")); + SecurityContextHolder.getContext().setAuthentication(auth); + + try { + List<ExternalResource> resources = resourceDAO.findAll(); + assertNotNull(resources); + assertFalse(resources.isEmpty()); + } finally { + SecurityContextHolder.getContext().setAuthentication(null); + } } @Test http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PlainSchemaTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PlainSchemaTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PlainSchemaTest.java index b93acbb..5d8f021 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PlainSchemaTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PlainSchemaTest.java @@ -25,11 +25,17 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import java.util.ArrayList; import java.util.HashSet; +import java.util.List; import java.util.Set; import java.util.UUID; import javax.persistence.EntityExistsException; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.Transformer; +import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.AttrSchemaType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; import org.apache.syncope.core.persistence.api.dao.DerSchemaDAO; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; @@ -41,8 +47,15 @@ import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource; import org.apache.syncope.core.persistence.api.entity.resource.MappingItem; import org.apache.syncope.core.persistence.api.entity.user.UPlainAttr; import org.apache.syncope.core.persistence.jpa.AbstractTest; +import org.apache.syncope.core.spring.security.SyncopeAuthenticationDetails; +import org.apache.syncope.core.spring.security.SyncopeGrantedAuthority; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.transaction.annotation.Transactional; @Transactional("Master") @@ -66,6 +79,29 @@ public class PlainSchemaTest extends AbstractTest { @Autowired private ExternalResourceDAO resourceDAO; + @BeforeClass + public static void setAuthContext() { + List<GrantedAuthority> authorities = CollectionUtils.collect(StandardEntitlement.values(), + new Transformer<String, GrantedAuthority>() { + + @Override + public GrantedAuthority transform(final String entitlement) { + return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); + } + }, new ArrayList<GrantedAuthority>()); + + UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( + new org.springframework.security.core.userdetails.User( + "admin", "FAKE_PASSWORD", authorities), "FAKE_PASSWORD", authorities); + auth.setDetails(new SyncopeAuthenticationDetails("Master")); + SecurityContextHolder.getContext().setAuthentication(auth); + } + + @AfterClass + public static void unsetAuthContext() { + SecurityContextHolder.getContext().setAuthentication(null); + } + @Test public void checkIdUniqueness() { assertNotNull(derSchemaDAO.find("cn")); http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/GroupDataBinder.java ---------------------------------------------------------------------- diff --git a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/GroupDataBinder.java b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/GroupDataBinder.java index 087a271..1ada7d2 100644 --- a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/GroupDataBinder.java +++ b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/GroupDataBinder.java @@ -21,13 +21,17 @@ package org.apache.syncope.core.provisioning.api.data; import java.util.Map; import org.apache.syncope.common.lib.patch.GroupPatch; import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.to.TypeExtensionTO; import org.apache.syncope.core.provisioning.api.PropagationByResource; import org.apache.syncope.core.persistence.api.entity.group.Group; +import org.apache.syncope.core.persistence.api.entity.group.TypeExtension; public interface GroupDataBinder { GroupTO getGroupTO(String key); + TypeExtensionTO getTypeExtensionTO(TypeExtension typeExt); + GroupTO getGroupTO(Group group, boolean details); void create(Group group, GroupTO groupTO); http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/GroupDataBinderImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/GroupDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/GroupDataBinderImpl.java index c4f8c50..1d25c08 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/GroupDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/GroupDataBinderImpl.java @@ -311,6 +311,22 @@ public class GroupDataBinderImpl extends AbstractAnyDataBinder implements GroupD return propByRes; } + @Override + public TypeExtensionTO getTypeExtensionTO(final TypeExtension typeExt) { + TypeExtensionTO typeExtTO = new TypeExtensionTO(); + typeExtTO.setAnyType(typeExt.getAnyType().getKey()); + typeExtTO.getAuxClasses().addAll(CollectionUtils.collect(typeExt.getAuxClasses(), + new Transformer<AnyTypeClass, String>() { + + @Override + public String transform(final AnyTypeClass clazz) { + return clazz.getKey(); + } + })); + + return typeExtTO; + } + @Transactional(readOnly = true) @Override public GroupTO getGroupTO(final Group group, final boolean details) { @@ -358,17 +374,7 @@ public class GroupDataBinderImpl extends AbstractAnyDataBinder implements GroupD } for (TypeExtension typeExt : group.getTypeExtensions()) { - TypeExtensionTO typeExtTO = new TypeExtensionTO(); - typeExtTO.setAnyType(typeExt.getAnyType().getKey()); - typeExtTO.getAuxClasses().addAll(CollectionUtils.collect(typeExt.getAuxClasses(), - new Transformer<AnyTypeClass, String>() { - - @Override - public String transform(final AnyTypeClass clazz) { - return clazz.getKey(); - } - })); - groupTO.getTypeExtensions().add(typeExtTO); + groupTO.getTypeExtensions().add(getTypeExtensionTO(typeExt)); } return groupTO; http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/provisioning-java/src/test/java/org/apache/syncope/core/provisioning/java/ResourceDataBinderTest.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/test/java/org/apache/syncope/core/provisioning/java/ResourceDataBinderTest.java b/core/provisioning-java/src/test/java/org/apache/syncope/core/provisioning/java/ResourceDataBinderTest.java index cb1612a..714dcff 100644 --- a/core/provisioning-java/src/test/java/org/apache/syncope/core/provisioning/java/ResourceDataBinderTest.java +++ b/core/provisioning-java/src/test/java/org/apache/syncope/core/provisioning/java/ResourceDataBinderTest.java @@ -21,14 +21,20 @@ package org.apache.syncope.core.provisioning.java; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import java.util.ArrayList; import java.util.HashSet; +import java.util.List; import java.util.Set; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.Transformer; +import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.to.MappingItemTO; import org.apache.syncope.common.lib.to.MappingTO; import org.apache.syncope.common.lib.to.ProvisionTO; import org.apache.syncope.common.lib.to.ResourceTO; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.MappingPurpose; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; @@ -36,9 +42,16 @@ import org.apache.syncope.core.persistence.api.entity.PlainSchema; import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource; import org.apache.syncope.core.persistence.api.entity.resource.MappingItem; import org.apache.syncope.core.provisioning.api.data.ResourceDataBinder; +import org.apache.syncope.core.spring.security.SyncopeAuthenticationDetails; +import org.apache.syncope.core.spring.security.SyncopeGrantedAuthority; import org.identityconnectors.framework.common.objects.ObjectClass; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.transaction.annotation.Transactional; @Transactional("Master") @@ -56,6 +69,29 @@ public class ResourceDataBinderTest extends AbstractTest { @Autowired private PlainSchemaDAO plainSchemaDAO; + @BeforeClass + public static void setAuthContext() { + List<GrantedAuthority> authorities = CollectionUtils.collect(StandardEntitlement.values(), + new Transformer<String, GrantedAuthority>() { + + @Override + public GrantedAuthority transform(final String entitlement) { + return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); + } + }, new ArrayList<GrantedAuthority>()); + + UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( + new org.springframework.security.core.userdetails.User( + "admin", "FAKE_PASSWORD", authorities), "FAKE_PASSWORD", authorities); + auth.setDetails(new SyncopeAuthenticationDetails("Master")); + SecurityContextHolder.getContext().setAuthentication(auth); + } + + @AfterClass + public static void unsetAuthContext() { + SecurityContextHolder.getContext().setAuthentication(null); + } + @Test public void issue42() { PlainSchema userId = plainSchemaDAO.find("userId"); http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java index 69b21a1..50ef081 100644 --- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java +++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/GroupServiceImpl.java @@ -22,7 +22,6 @@ import java.util.List; import org.apache.syncope.common.lib.patch.GroupPatch; import org.apache.syncope.common.lib.to.ExecTO; import org.apache.syncope.common.lib.to.GroupTO; -import org.apache.syncope.common.lib.to.TypeExtensionTO; import org.apache.syncope.common.lib.types.BulkMembersActionType; import org.apache.syncope.common.rest.api.service.GroupService; import org.apache.syncope.core.logic.AbstractAnyLogic; @@ -54,11 +53,6 @@ public class GroupServiceImpl extends AbstractAnyService<GroupTO, GroupPatch> im } @Override - public TypeExtensionTO readTypeExtension(final String key, final String anyTypeKey) { - return logic.readTypeExtension(key, anyTypeKey); - } - - @Override public ExecTO bulkMembersAction(final String key, final BulkMembersActionType actionType) { return logic.bulkMembersAction(key, actionType); } http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SyncopeServiceImpl.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SyncopeServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SyncopeServiceImpl.java index 944d684..4a301a3 100644 --- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SyncopeServiceImpl.java +++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SyncopeServiceImpl.java @@ -18,9 +18,16 @@ */ package org.apache.syncope.core.rest.cxf.service; +import java.util.List; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.tuple.Pair; +import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.info.NumbersInfo; import org.apache.syncope.common.lib.info.SystemInfo; import org.apache.syncope.common.lib.info.PlatformInfo; +import org.apache.syncope.common.lib.to.GroupTO; +import org.apache.syncope.common.lib.to.PagedResult; +import org.apache.syncope.common.lib.to.TypeExtensionTO; import org.apache.syncope.common.rest.api.service.SyncopeService; import org.apache.syncope.core.logic.SyncopeLogic; import org.springframework.beans.factory.annotation.Autowired; @@ -47,4 +54,18 @@ public class SyncopeServiceImpl extends AbstractServiceImpl implements SyncopeSe return logic.numbers(); } + @Override + public PagedResult<GroupTO> searchAssignableGroups( + final String realm, final int page, final int size) { + + Pair<Integer, List<GroupTO>> result = logic.searchAssignableGroups( + StringUtils.prependIfMissing(realm, SyncopeConstants.ROOT_REALM), page, size); + return buildPagedResult(result.getRight(), page, size, result.getLeft()); + } + + @Override + public TypeExtensionTO readUserTypeExtension(final String groupName) { + return logic.readTypeExtension(groupName); + } + } http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/fit/core-reference/src/test/java/org/apache/syncope/fit/console/UsersITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/UsersITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/UsersITCase.java index a78d9f3..25f544d 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/UsersITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/UsersITCase.java @@ -153,6 +153,13 @@ public class UsersITCase extends AbstractConsoleITCase { TESTER.executeAjaxEvent(TAB_PANEL + "outerObjectsRepeater:0:outer:form:content:form:view:relationships:" + "specification:type:dropDownChoiceField", Constants.ON_CHANGE); + // The ON_CHANGE above should enable this component, but it doesn't; doing it by hand + Component rightType = findComponentById( + TAB_PANEL + "outerObjectsRepeater:0:outer:form:content:form:view:relationships:specification", + "rightType"); + assertNotNull(rightType); + rightType.setEnabled(true); + formTester.setValue("view:relationships:specification:rightType:dropDownChoiceField", "PRINTER"); TESTER.executeAjaxEvent(TAB_PANEL + "outerObjectsRepeater:0:outer:form:content:form:view:relationships:" + "specification:rightType:dropDownChoiceField", Constants.ON_CHANGE); http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java index 01df4f5..6ee4484 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java @@ -100,7 +100,7 @@ public class AuthenticationITCase extends AbstractITCase { } @Test - public void testReadEntitlements() { + public void readEntitlements() { // 1. as not authenticated (not allowed) try { clientFactory.create().self(); @@ -130,7 +130,7 @@ public class AuthenticationITCase extends AbstractITCase { } @Test - public void testUserSchemaAuthorization() { + public void userSchemaAuthorization() { String schemaName = "authTestSchema" + getUUIDString(); // 1. create a schema (as admin) @@ -169,7 +169,7 @@ public class AuthenticationITCase extends AbstractITCase { } @Test - public void testUserRead() { + public void userRead() { UserTO userTO = UserITCase.getUniqueSampleTO("[email protected]"); userTO.getRoles().add("User manager"); @@ -194,7 +194,7 @@ public class AuthenticationITCase extends AbstractITCase { } @Test - public void testUserSearch() { + public void userSearch() { UserTO userTO = UserITCase.getUniqueSampleTO("[email protected]"); userTO.getRoles().add("User reviewer"); http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java index 082adf7..857e371 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java @@ -89,6 +89,7 @@ import org.apache.syncope.common.lib.types.ResourceDeassociationAction; import org.apache.syncope.common.lib.types.SchemaType; import org.apache.syncope.common.rest.api.beans.AnyQuery; import org.apache.syncope.common.rest.api.service.GroupService; +import org.apache.syncope.common.rest.api.service.SyncopeService; import org.apache.syncope.core.provisioning.java.job.TaskJob; import org.apache.syncope.fit.AbstractITCase; import org.junit.Test; @@ -619,17 +620,24 @@ public class GroupITCase extends AbstractITCase { public void anonymous() { GroupService unauthenticated = clientFactory.create().getService(GroupService.class); try { - unauthenticated.search(new AnyQuery.Builder().realm(SyncopeConstants.ROOT_REALM).build()); + unauthenticated.search(new AnyQuery.Builder().realm("/even").build()); fail(); } catch (AccessControlException e) { assertNotNull(e); } - GroupService anonymous = clientFactory.create( - new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)). - getService(GroupService.class); - assertFalse(anonymous.search(new AnyQuery.Builder().realm(SyncopeConstants.ROOT_REALM).build()). - getResult().isEmpty()); + SyncopeClient anonymous = clientFactory.create( + new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)); + try { + anonymous.getService(GroupService.class). + search(new AnyQuery.Builder().realm("/even").build()); + fail(); + } catch (ForbiddenException e) { + assertNotNull(e); + } + + assertFalse(anonymous.getService(SyncopeService.class). + searchAssignableGroups("/even", 1, 100).getResult().isEmpty()); } @Test http://git-wip-us.apache.org/repos/asf/syncope/blob/6d086d5f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java index 8f881de..95109f4 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java @@ -26,7 +26,6 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; -import java.security.AccessControlException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -38,7 +37,6 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.SerializationUtils; import org.apache.syncope.client.console.commons.ConnIdSpecialName; -import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.AnyObjectTO; @@ -503,22 +501,6 @@ public class ResourceITCase extends AbstractITCase { } @Test - public void anonymous() { - ResourceService unauthenticated = clientFactory.create().getService(ResourceService.class); - try { - unauthenticated.list(); - fail(); - } catch (AccessControlException e) { - assertNotNull(e); - } - - ResourceService anonymous = clientFactory.create( - new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)). - getService(ResourceService.class); - assertFalse(anonymous.list().isEmpty()); - } - - @Test public void listConnObjects() { List<String> groupKeys = new ArrayList<>(); for (int i = 0; i < 10; i++) {
