Repository: syncope Updated Branches: refs/heads/2_1_X 21aeaaaa8 -> 174588acc refs/heads/master 0de2236d6 -> 348f15064
Clarifying about default account and password rules with Syncope 2.1 and later Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/174588ac Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/174588ac Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/174588ac Branch: refs/heads/2_1_X Commit: 174588acc8fdd82dbcc21201f8e3cfd707b14ff9 Parents: 21aeaaa Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Tue Jul 31 16:21:42 2018 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Tue Jul 31 16:21:42 2018 +0200 ---------------------------------------------------------------------- .../reference-guide/concepts/policies.adoc | 109 ++++++++++++------- .../concepts/typemanagement.adoc | 6 +- 2 files changed, 75 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/174588ac/src/main/asciidoc/reference-guide/concepts/policies.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/policies.adoc b/src/main/asciidoc/reference-guide/concepts/policies.adoc index 9435e64..a6b612d 100644 --- a/src/main/asciidoc/reference-guide/concepts/policies.adoc +++ b/src/main/asciidoc/reference-guide/concepts/policies.adoc @@ -58,6 +58,46 @@ suspended on associated resources or not? Account rules define constraints to apply to username values. +Some implementations are provided out-of-the-box, custom ones can be provided on given deployment. + +[TIP] +==== +As `JAVA` <<implementations,implementation>>, writing custom account rules means: + +. providing configuration parameters in an implementation of +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/2_1_X/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^] +endif::[] +. enforcing in an implementation of +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] +endif::[] +annotated via +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^] +endif::[] +referring to the configuration class. + +As `GROOVY` <<implementations,implementation>>, writing custom account rules means implementing +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] +endif::[] +==== + +====== Default Account Rule + The default account rule (enforced by ifeval::["{snapshotOrRelease}" == "release"] https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/DefaultAccountRule.java[DefaultAccountRule^] @@ -76,7 +116,7 @@ endif::[] * maximum length - the maximum length to allow; `0` means no limit set; * minimum length - the minimum length to allow; `0` means no limit set; -* pattern - http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html[Java regular expression pattern^] to +* pattern - http://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html[Java regular expression pattern^] to match; `NULL` means no match is attempted; * all uppercase - are lowercase characters allowed? * all lowercase - are uppercase characters allowed? @@ -85,33 +125,10 @@ match; `NULL` means no match is attempted; * prefixes not permitted - list of strings that cannot be present as a prefix; * suffixes not permitted - list of strings that cannot be present as a suffix. -[TIP] -==== -Writing custom account rules means: - -. providing configuration parameters in an implementation of -ifeval::["{snapshotOrRelease}" == "release"] -https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^] -endif::[] -ifeval::["{snapshotOrRelease}" == "snapshot"] -https://github.com/apache/syncope/blob/2_1_X/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^] -endif::[] -. implementing enforcement in an implementation of -ifeval::["{snapshotOrRelease}" == "release"] -https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] -endif::[] -ifeval::["{snapshotOrRelease}" == "snapshot"] -https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] -endif::[] -annotated via -ifeval::["{snapshotOrRelease}" == "release"] -https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^] -endif::[] -ifeval::["{snapshotOrRelease}" == "snapshot"] -https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^] -endif::[] -referring to the configuration class -==== +[NOTE] +Before being able to configure the default account rule as mentioned above, you will need to first create a `JAVA` +`ACCOUNT_RULE` <<implementations,implementation>> for the `org.apache.syncope.common.lib.policy.DefaultAccountRuleConf` +class. ===== Pass-through Authentication @@ -149,30 +166,38 @@ Some implementations are provided out-of-the-box, custom ones can be provided on [TIP] ==== -Writing custom account rules means: +As `JAVA` <<implementations,implementation>>, writing custom password rules means: . providing configuration parameters in an implementation of ifeval::["{snapshotOrRelease}" == "release"] -https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^] +https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/PasswordRuleConf.java[PasswordRuleConf^] endif::[] ifeval::["{snapshotOrRelease}" == "snapshot"] -https://github.com/apache/syncope/blob/2_1_X/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^] +https://github.com/apache/syncope/blob/2_1_X/common/lib/src/main/java/org/apache/syncope/common/lib/policy/PasswordRuleConf.java[PasswordRuleConf^] endif::[] -. implementing enforcement in an implementation of +. enforcing in an implementation of ifeval::["{snapshotOrRelease}" == "release"] -https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] +https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^] endif::[] ifeval::["{snapshotOrRelease}" == "snapshot"] -https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^] +https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^] endif::[] annotated via ifeval::["{snapshotOrRelease}" == "release"] -https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^] +https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRuleConfClass.java[@PasswordRuleConfClass^] endif::[] ifeval::["{snapshotOrRelease}" == "snapshot"] -https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^] +https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRuleConfClass.java[@PasswordRuleConfClass^] +endif::[] +referring to the configuration class. + +As `GROOVY` <<implementations,implementation>>, writing custom account rules means implementing +ifeval::["{snapshotOrRelease}" == "release"] +https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^] +endif::[] +ifeval::["{snapshotOrRelease}" == "snapshot"] +https://github.com/apache/syncope/blob/2_1_X/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^] endif::[] -referring to the configuration class ==== ====== Default Password Rule @@ -218,6 +243,11 @@ endif::[] * prefixes not permitted - list of strings that cannot be present as a prefix; * suffixes not permitted - list of strings that cannot be present as a suffix. +[NOTE] +Before being able to configure the default password rule as mentioned above, you will need to first create a `JAVA` +`PASSWORD_RULE` <<implementations,implementation>> for the `org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf` +class. + ====== "Have I Been Pwned?" Password Rule This password rule (enforced by @@ -237,6 +267,11 @@ endif::[] ) checks the provided password values against the popular https://haveibeenpwned.com["Have I Been Pwned?"^] service. +[NOTE] +Before being able to configure the "Have I Been Pwned?" password rule as mentioned above, you will need to first create +a `JAVA` `PASSWORD_RULE` <<implementations,implementation>> for the +`org.apache.syncope.common.lib.policy.HaveIBeenPwnedPasswordRuleConf` class. + [[policies-pull]] ==== Pull http://git-wip-us.apache.org/repos/asf/syncope/blob/174588ac/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc b/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc index f6a561b..7ee7e7d 100644 --- a/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc +++ b/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc @@ -36,12 +36,12 @@ When defining a plain schema, the following information must be provided: * Type ** `String` ** `Long` - allows to specify a _conversion pattern_ to / from string, according to -http://docs.oracle.com/javase/7/docs/api/java/text/DecimalFormat.html[DecimalFormat^] +http://docs.oracle.com/javase/8/docs/api/java/text/DecimalFormat.html[DecimalFormat^] ** `Double` - allows to specify a _conversion pattern_ to / from string, according to -http://docs.oracle.com/javase/7/docs/api/java/text/DecimalFormat.html[DecimalFormat^] +http://docs.oracle.com/javase/8/docs/api/java/text/DecimalFormat.html[DecimalFormat^] ** `Boolean` ** `Date` - allows to specify a _conversion pattern_ to / from string, according to -http://docs.oracle.com/javase/7/docs/api/java/text/DateFormat.html[DateFormat^] +http://docs.oracle.com/javase/8/docs/api/java/text/DateFormat.html[DateFormat^] ** `Enum` *** enumeration values (mandatory) *** enumeration labels (optional, values will be used alternatively)