airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [5/7] airavata git commit: adding grouper client code to airavata
Date Thu, 07 Jul 2016 03:47:55 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
new file mode 100755
index 0000000..fb7f668
--- /dev/null
+++ b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.overlay.properties
@@ -0,0 +1,78 @@
+org.owasp.csrfguard.Logger=edu.internet2.middleware.grouper.grouperUi.csrf.CsrfGuardLogger
+
+org.owasp.csrfguard.TokenPerPage=false
+
+org.owasp.csrfguard.action.Redirect.Page=%servletContext%/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf
+
+org.owasp.csrfguard.configuration.provider.factory=org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
+
+org.owasp.csrfguard.Config.Print = false
+
+# to see how error handling works, edit grouperUi.js
+org.owasp.csrfguard.Ajax=true
+
+
+org.owasp.csrfguard.unprotected.DefaultGrouper=%servletContext%/
+org.owasp.csrfguard.unprotected.GrouperHome=%servletContext%/home.do
+org.owasp.csrfguard.unprotected.GrouperDir=%servletContext%/grouper/*
+org.owasp.csrfguard.unprotected.GrouperExternal=%servletContext%/grouperExternal/index.html
+org.owasp.csrfguard.unprotected.GrouperExternalAppHtml=%servletContext%/grouperExternal/appHtml/*
+org.owasp.csrfguard.unprotected.GrouperExternalPublicAssets=%servletContext%/grouperExternal/public/assets/*
+org.owasp.csrfguard.unprotected.GrouperExternalPublicNetworkGraph=%servletContext%/grouperExternal/public/networkGraph/*
+org.owasp.csrfguard.unprotected.GrouperGifs=^/grouper/grouperExternal/public/.*\\.gif$
+org.owasp.csrfguard.unprotected.GrouperJpgs=^/grouper/grouperExternal/public/.*\\.jpg$
+org.owasp.csrfguard.unprotected.GrouperPngs=^/grouper/grouperExternal/public/.*\\.png$
+org.owasp.csrfguard.unprotected.GrouperUi=%servletContext%/grouperUi/
+org.owasp.csrfguard.unprotected.GrouperUiIndex=%servletContext%/grouperUi/index.html
+org.owasp.csrfguard.unprotected.GrouperUiAppHtml=%servletContext%/grouperUi/appHtml/*
+org.owasp.csrfguard.unprotected.GrouperI2mi=%servletContext%/i2mi/*
+org.owasp.csrfguard.unprotected.GrouperScripts=%servletContext%/scripts/*
+org.owasp.csrfguard.unprotected.GrouperStatus=%servletContext%/status
+org.owasp.csrfguard.unprotected.GrouperIndex=%servletContext%/index.jsp
+org.owasp.csrfguard.unprotected.GrouperOwaspJavascript=%servletContext%/grouperExternal/public/OwaspJavaScriptServlet
+
+org.owasp.csrfguard.unprotected.GrouperStrutsAddSaved=^%servletContext%/addSaved[^.]+\\.do$
+org.owasp.csrfguard.unprotected.GrouperStrutsBrowse=^%servletContext%/browse[^.]+\\.do$
+org.owasp.csrfguard.unprotected.GrouperStrutsCancel=^%servletContext%/cancel[^.]+\\.do$
+org.owasp.csrfguard.unprotected.GrouperStrutserror=%servletContext%/error.do
+org.owasp.csrfguard.unprotected.GrouperStrutsfilterError=%servletContext%/filterError.do
+org.owasp.csrfguard.unprotected.GrouperStrutshelp=%servletContext%/help.do
+org.owasp.csrfguard.unprotected.GrouperStrutslogin=%servletContext%/login.do
+org.owasp.csrfguard.unprotected.GrouperStrutsCallLogin=%servletContext%/callLogin.do
+org.owasp.csrfguard.unprotected.GrouperStrutslogout=%servletContext%/logout.do
+org.owasp.csrfguard.unprotected.GrouperStrutsPopulate=^%servletContext%/populate[^.]+\\.do$
+org.owasp.csrfguard.unprotected.GrouperStrutsuserAudit=%servletContext%/userAudit.do
+#http://localhost:8090/grouper/populateSearchSubjects.do
+
+
+org.owasp.csrfguard.unprotected.GrouperSimpleMembershipUpdateImportExportExportSubjectIdsCsv=%servletContext%/grouperUi/app/SimpleMembershipUpdateImportExport.exportSubjectIdsCsv/*
+org.owasp.csrfguard.unprotected.GrouperSimpleMembershipUpdateImportExportExportAllCsv=%servletContext%/grouperUi/app/SimpleMembershipUpdateImportExport.exportAllCsv/*
+
+org.owasp.csrfguard.unprotected.GrouperUiV2MainIndex=%servletContext%/grouperUi/app/UiV2Main.index
+org.owasp.csrfguard.unprotected.GrouperUiV2MainIndexMain=%servletContext%/grouperUi/app/UiV2Main.indexMain
+org.owasp.csrfguard.unprotected.GrouperUiV2MainFolderMenu=%servletContext%/grouperUi/app/UiV2Main.folderMenu
+org.owasp.csrfguard.unprotected.GrouperUiV2GroupAddMemberFilter=%servletContext%/grouperUi/app/UiV2Group.addMemberFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2GroupImportGroupExportSubmit=%servletContext%/grouperUi/app/UiV2GroupImport.groupExportSubmit
+org.owasp.csrfguard.unprotected.GrouperUiV2StemCopyParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.stemCopyParentFolderFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2StemCreateGroupParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.createGroupParentFolderFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2StemCreateStemParentFolderFilter=%servletContext%/grouperUi/app/UiV2Stem.createStemParentFolderFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToGroupFilter=%servletContext%/grouperUi/app/UiV2Subject.addToGroupFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2GroupUpdateFilter=%servletContext%/grouperUi/app/UiV2Group.groupUpdateFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2GroupCompositeFilter=%servletContext%/grouperUi/app/UiV2Group.groupCompositeFactorFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2StemAddMemberFilter=%servletContext%/grouperUi/app/UiV2Stem.addMemberFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2ExternalEntitiesAddGroupFilter=%servletContext%/grouperUi/app/UiV2ExternalEntities.addGroupFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToStemFilter=%servletContext%/grouperUi/app/UiV2Subject.addToStemFilter
+org.owasp.csrfguard.unprotected.GrouperUiV2SubjectAddToAttributeDefFilter=%servletContext%/grouperUi/app/UiV2Subject.addToAttributeDefFilter
+org.owasp.csrfguard.unprotected.GrouperExternalPublicIndex=%servletContext%/grouperExternal/public/UiV2Public.index
+# TODO take this out and error page should not be post
+org.owasp.csrfguard.unprotected.GrouperExternalPublicPostIndex=%servletContext%/grouperExternal/public/UiV2Public.postIndex
+org.owasp.csrfguard.unprotected.GrouperUiV2Export=^%servletContext%/grouperUi/app/UiV2GroupImport\\.groupExportSubmit/.*$
+
+
+
+# Allows the developer to specify the value of the Cache-Control header in the HTTP response 
+# when serving the dynamic JavaScript file. The default value is private, maxage=28800. 
+# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance. 
+# Note that the Cache-Control header is always set to "no-store" when either the "Rotate" 
+# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
+org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=1800

http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
new file mode 100755
index 0000000..97e655e
--- /dev/null
+++ b/modules/group-manager/src/main/resources/Owasp.CsrfGuard.properties
@@ -0,0 +1,403 @@
+# The OWASP CSRFGuard Project, BSD License
+# Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. Neither the name of OWASP nor the names of its contributors may be used
+# to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# From: https://github.com/esheri3/OWASP-CSRFGuard/blob/master/csrfguard-test/src/main/webapp/WEB-INF/csrfguard.properties
+ 
+# Common substitutions
+# %servletContext%  is the servlet context (e.g. the configured app prefix or war file name, or blank.
+# e.g. if you deploy a default warfile as someApp.war, then %servletContext% will be /someApp
+# if there isnt a context it will be the empty string.  So to use this in the configuration, use e.g. %servletContext%/something.html
+# which will translate to e.g. /someApp/something.html
+
+# Logger
+#
+# The logger property (org.owasp.csrfguard.Logger) defines the qualified class name of
+# the object responsible for processing all log messages produced by CSRFGuard. The default
+# CSRFGuard logger is org.owasp.csrfguard.log.ConsoleLogger. This class logs all messages
+# to System.out which JavaEE application servers redirect to a vendor specific log file.
+# Developers can customize the logging behavior of CSRFGuard by implementing the
+# org.owasp.csrfguard.log.ILogger interface and setting the logger property to the new
+# logger's qualified class name. The following configuration snippet instructs OWASP CSRFGuard
+# to capture all log messages to the console:
+#
+# org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
+org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.JavaLogger
+ 
+# Which configuration provider factory you want to use.  The default is org.owasp.csrfguard.config.PropertiesConfigurationProviderFactory
+# Another configuration provider has more features including config overlays: org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
+# The default configuration provider is: org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
+# which will look for an overlay file, it is there, and the factory inside that file is set it will use it, otherwise will be PropertiesConfigurationProviderFactory
+# it needs to implement org.owasp.csrfguard.config.ConfigurationProviderFactory
+org.owasp.csrfguard.configuration.provider.factory = org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
+
+
+# If csrfguard filter is enabled
+org.owasp.csrfguard.Enabled = true
+
+# If csrf guard filter should check even if there is no session for the user
+# Note: this changed around 2014/04, the default behavior used to be to 
+# not check if there is no session.  If you want the legacy behavior (if your app
+# is not susceptible to CSRF if the user has no session), set this to false
+org.owasp.csrfguard.ValidateWhenNoSessionExists = true
+
+# New Token Landing Page
+#
+# The new token landing page property (org.owasp.csrfguard.NewTokenLandingPage) defines where
+# to send a user if the token is being generated for the first time, and the use new token landing
+# page boolean property (org.owasp.csrfguard.UseNewTokenLandingPage) determines if any redirect happens.
+# UseNewTokenLandingPage defaults to false if NewTokenLandingPage is not specified, and to true
+# if it is specified.. If UseNewTokenLandingPage is set true then this request is generated
+# using auto-posting forms and will only contain the CSRF prevention token parameter, if
+# applicable. All query-string or form parameters sent with the original request will be
+# discarded. If this property is not defined, CSRFGuard will instead auto-post the user to the
+# original context and servlet path. The following configuration snippet instructs OWASP CSRFGuard to
+# redirect the user to %servletContext%/index.html when the user visits a protected resource
+# without having a corresponding CSRF token present in the HttpSession object:
+#
+# org.owasp.csrfguard.NewTokenLandingPage=%servletContext%/index.html
+
+ 
+# Protected Methods
+#
+# The protected methods property (org.owasp.csrfguard.ProtectedMethods) defines a comma
+# separated list of HTTP request methods that should be protected by CSRFGuard. The default
+# list is an empty list which will cause all HTTP methods to be protected, thus preserving
+# legacy behavior. This setting allows the user to inform CSRFGuard that only requests of the
+# given types should be considered for protection. All HTTP methods not in the list will be
+# considered safe (i.e. view only / unable to modify data). This should be used only when the
+# user has concrete knowledge that all requests made via methods not in the list
+# are safe (i.e. do not apply an action to any data) since it can actually introduce new
+# security vulnerabilities. For example: the user thinks that all actionable requests are
+# only available by POST requests when in fact some are available via GET requests. If the
+# user has excluded GET requests from the list then they have introduced a vulnerability.
+# The following configuration snippet instructs OWASP CSRFGuard to protect only the POST,
+# PUT, and DELETE HTTP methods.
+#
+# org.owasp.csrfguard.ProtectedMethods=POST,PUT,DELETE
+
+# or you can configure all to be protected, and specify which is unprotected.  This is the preferred approach
+
+# org.owasp.csrfguard.UnprotectedMethods=GET
+
+# Unique Per-Page Tokens
+#
+# The unique token per-page property (org.owasp.csrfguard.TokenPerPage) is a boolean value that
+# determines if CSRFGuard should make use of unique per-page (i.e. URI) prevention tokens as
+# opposed to unique per-session prevention tokens. When a user requests a protected resource,
+# CSRFGuard will determine if a page specific token has been previously generated. If a page
+# specific token has not yet been previously generated, CSRFGuard will verify the request was
+# submitted with the per-session token intact. After verifying the presence of the per-session token,
+# CSRFGuard will create a page specific token that is required for all subsequent requests to the
+# associated resource. The per-session CSRF token can only be used when requesting a resource for
+# the first time. All subsequent requests must have the per-page token intact or the request will
+# be treated as a CSRF attack. This behavior can be changed with the org.owasp.csrfguard.TokenPerPagePrecreate
+# property. Enabling this property will make CSRFGuard calculate the per page token prior to a first
+# visit. This option only works with JSTL token injection and is useful for preserving the validity of
+# links if the user pushes the back button. There may be a performance impact when enabling this option
+# if the .jsp has a large number of proctected links that need tokens to be calculated.
+# Use of the unique token per page property is currently experimental
+# but provides a significant amount of improved security. Consider the exposure of a CSRF token using
+# the legacy unique per-session model. Exposure of this token facilitates the attacker's ability to
+# carry out a CSRF attack against the victim's active session for any resource exposed by the web
+# application. Now consider the exposure of a CSRF token using the experimental unique token per-page
+# model. Exposure of this token would only allow the attacker to carry out a CSRF attack against the
+# victim's active session for a small subset of resources exposed by the web application. Use of the
+# unique token per-page property is a strong defense in depth strategy significantly reducing the
+# impact of exposed CSRF prevention tokens. The following configuration snippet instructs OWASP
+# CSRFGuard to utilize the unique token per-page model:
+#
+# org.owasp.csrfguard.TokenPerPage=true
+# org.owasp.csrfguard.TokenPerPagePrecreate=false
+org.owasp.csrfguard.TokenPerPage=true
+org.owasp.csrfguard.TokenPerPagePrecreate=false
+ 
+# Token Rotation
+#
+# The rotate token property (org.owasp.csrfguard.Rotate) is a boolean value that determines if
+# CSRFGuard should generate and utilize a new token after verifying the previous token. Rotation
+# helps minimize the window of opportunity an attacker has to leverage the victim's stolen token
+# in a targeted CSRF attack. However, this functionality generally causes navigation problems in
+# most applications. Specifically, the 'Back' button in the browser will often cease to function
+# properly. When a user hits the 'Back' button and interacts with the HTML, the browser may submit
+# an old token causing CSRFGuard to incorrectly believe this request is a CSRF attack in progress
+# (i.e. a 'false positive'). Users can prevent this scenario by preventing the caching of HTML pages
+# containing FORM submissions using the cache-control header. However, this may also introduce
+# performance problems as the browser will have to request HTML on a more frequent basis. The following
+# configuration snippet enables token rotation:
+#
+# org.owasp.csrfguard.Rotate=true
+ 
+# Ajax and XMLHttpRequest Support
+#
+# The Ajax property (org.owasp.csrfguard.Ajax) is a boolean value that indicates whether or not OWASP
+# CSRFGuard should support the injection and verification of unique per-session prevention tokens for
+# XMLHttpRequests. To leverage Ajax support, the user must not only set this property to true but must
+# also reference the JavaScript DOM Manipulation code using a script element. This dynamic script will
+# override the send method of the XMLHttpRequest object to ensure the submission of an X-Requested-With
+# header name value pair coupled with the submission of a custom header name value pair for each request.
+# The name of the custom header is the value of the token name property and the value of the header is
+# always the unique per-session token value. This custom header is analogous to the HTTP parameter name
+# value pairs submitted via traditional GET and POST requests. If the X-Requested-With header was sent
+# in the HTTP request, then CSRFGuard will look for the presence and ensure the validity of the unique
+# per-session token in the custom header name value pair. Note that verification of these headers takes
+# precedence over verification of the CSRF token supplied as an HTTP parameter. More specifically,
+# CSRFGuard does not verify the presence of the CSRF token if the Ajax support property is enabled and
+# the corresponding X-Requested-With and custom headers are embedded within the request. The following
+# configuration snippet instructs OWASP CSRFGuard to support Ajax requests by verifying the presence and
+# correctness of the X-Requested-With and custom headers:
+#
+# org.owasp.csrfguard.Ajax=true
+org.owasp.csrfguard.Ajax=true
+ 
+# The default behavior of CSRFGuard is to protect all pages. Pages marked as unprotected will not be protected.
+# If the Protect property is enabled, this behavior is reversed. Pages must be marked as protected to be protected.
+# All other pages will not be protected. This is useful when the CsrfGuardFilter is aggressively mapped (ex: /*),
+# but you only want to protect a few pages.
+#
+# org.owasp.csrfguard.Protect=true
+
+# Unprotected Pages:
+#
+# The unprotected pages property (org.owasp.csrfguard.unprotected.*) defines a series of pages that
+# should not be protected by CSRFGuard. Such configurations are useful when the CsrfGuardFilter is
+# aggressively mapped (ex: /*). The syntax of the property name is org.owasp.csrfguard.unprotected.[PageName],
+# where PageName is some arbitrary identifier that can be used to reference a resource. The syntax of
+# defining the uri of unprotected pages is the same as the syntax used by the JavaEE container for uri mapping.
+# Specifically, CSRFGuard will identify the first match (if any) between the requested uri and an unprotected
+# page in order of declaration. Match criteria is as follows:
+#
+# Case 1: exact match between request uri and unprotected page
+# Case 2: longest path prefix match, beginning / and ending /*
+# Case 3: extension match, beginning *.
+# Case 4: if the value starts with ^ and ends with $, it will be evaulated as a regex.  Note that before the
+#   regex is compiled, any common variables will be substituted (e.g. %servletContext%)
+# Default: requested resource must be validated by CSRFGuard
+#
+# The following code snippet illustrates the four use cases over four examples. The first two examples
+# (Tag and JavaScriptServlet) look for direct URI matches. The third example (Html) looks for all resources
+# ending in a .html extension. The next example (Public) looks for all resources prefixed with the URI path /MySite/Public/*.
+# The last example looks for resources that end in Public.do
+#
+# org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
+# org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
+# org.owasp.csrfguard.unprotected.Html=*.html
+# org.owasp.csrfguard.unprotected.Public=%servletContext%/Public/*
+# regex example starts with ^ and ends with $, and the %servletContext% is evaluated before the regex
+# org.owasp.csrfguard.unprotected.PublicServlet=^%servletContext%/.*Public\.do$
+org.owasp.csrfguard.unprotected.Default=%servletContext%/
+org.owasp.csrfguard.unprotected.Upload=%servletContext%/upload.html
+org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
+org.owasp.csrfguard.unprotected.Ajax=%servletContext%/ajax.html
+org.owasp.csrfguard.unprotected.Error=%servletContext%/error.html
+org.owasp.csrfguard.unprotected.Index=%servletContext%/index.html
+org.owasp.csrfguard.unprotected.JavaScript=%servletContext%/javascript.html
+org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
+org.owasp.csrfguard.unprotected.Redirect=%servletContext%/redirect.jsp
+org.owasp.csrfguard.unprotected.Forward=%servletContext%/forward.jsp
+org.owasp.csrfguard.unprotected.Session=%servletContext%/session.jsp
+ 
+# Actions: Responding to Attacks
+#
+# The actions directive (org.owasp.csrfguard.action.*) gives the user the ability to specify one or more
+# actions that should be invoked when a CSRF attack is detected. Every action must implement the
+# org.owasp.csrfguard.action.IAction interface either directly or indirectly through the
+# org.owasp.csrfguard.action.AbstractAction helper class. Many actions accept parameters that can be specified
+# along with the action class declaration. These parameters are consumed at runtime and impact the behavior of
+# the associated action.
+#
+# The syntax for defining and configuring CSRFGuard actions is relatively straight forward. Let us assume we wish
+# to redirect the user to a default page when a CSRF attack is detected. A redirect action already exists within
+# the CSRFGuard bundle and is available via the class name org.owasp.csrfguard.actions.Redirect. In order to enable
+# this action, we capture the following declaration in the Owasp.CsrfGuard.properties file:
+#
+# syntax: org.owasp.csrfguard.action.[actionName]=[className]
+# example: org.owasp.csrfguard.action.class.Redirect=org.owasp.csrfguard.actions.Redirect
+#
+# The aforementioned directive declares an action called "Redirect" (i.e. [actionName]) referencing the Java class
+# "org.owasp.csrfguard.actions.Redirect" (i.e. [className]). Anytime a CSRF attack is detected, the Redirect action
+# will be executed. You may be asking yourself, "but how do I specify where the user is redirected?"; this is where
+# action parameters come into play. In order to specify the redirect location, we capture the following declaration
+# in the Owasp.CsrfGuard.properties file:
+#
+# syntax: org.owasp.csrfguard.action.[actionName].[parameterName]=[parameterValue]
+# example: org.owasp.csrfguard.action.Redirect.ErrorPage=%servletContext%/error.html
+#
+# The aforementioned directive declares an action parameter called "ErrorPage" (i.e. [parameterName]) with the value
+# of "%servletContext%/error.html" (i.e. [parameterValue]) for the action "Redirect" (i.e. [actionName]). The
+# Redirect action expects the "ErrorPage" parameter to be defined and will redirect the user to this location when
+# an attack is detected.
+#
+#org.owasp.csrfguard.action.Empty=org.owasp.csrfguard.action.Empty
+org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
+org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, method:%request_method%, uri:%request_uri%, error:%exception_message%)
+#org.owasp.csrfguard.action.Invalidate=org.owasp.csrfguard.action.Invalidate
+org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect
+org.owasp.csrfguard.action.Redirect.Page=%servletContext%/error.html
+#org.owasp.csrfguard.action.RequestAttribute=org.owasp.csrfguard.action.RequestAttribute
+#org.owasp.csrfguard.action.RequestAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
+org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate
+#org.owasp.csrfguard.action.SessionAttribute=org.owasp.csrfguard.action.SessionAttribute
+#org.owasp.csrfguard.action.SessionAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
+#org.owasp.csrfguard.action.Error=org.owasp.csrfguard.action.Error
+#org.owasp.csrfguard.action.Error.Code=403
+#org.owasp.csrfguard.action.Error.Message=Security violation.
+
+# Token Name
+#
+# The token name property (org.owasp.csrfguard.TokenName) defines the name of the HTTP parameter
+# to contain the value of the OWASP CSRFGuard token for each request. The following configuration
+# snippet sets the CSRFGuard token parameter name to the value OWASP_CSRFTOKEN:
+#
+# org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
+org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
+ 
+# Session Key
+#
+# The session key property (org.owasp.csrfguard.SessionKey) defines the string literal used to save
+# and lookup the CSRFGuard token from the session. This value is used by the filter and the tag
+# libraries to retrieve and set the token value in the session. Developers can use this key to
+# programmatically lookup the token within their own code. The following configuration snippet sets
+# the session key to the value OWASP_CSRFTOKEN:
+#
+# org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
+org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
+ 
+# Token Length
+#
+# The token length property (org.owasp.csrfguard.TokenLength) defines the number of characters that
+# should be found within the CSRFGuard token. Note that characters are delimited by dashes (-) in groups
+# of four. For cosmetic reasons, users are encourage to ensure the token length is divisible by four.
+# The following configuration snippet sets the token length property to 32 characters:
+#
+# org.owasp.csrfguard.TokenLength=32
+org.owasp.csrfguard.TokenLength=32
+ 
+# Pseudo-random Number Generator
+#
+# The pseudo-random number generator property (org.owasp.csrfguard.PRNG) defines what PRNG should be used
+# to generate the OWASP CSRFGuard token. Always ensure this value references a cryptographically strong
+# pseudo-random number generator algorithm. The following configuration snippet sets the pseudo-random number
+# generator to SHA1PRNG:
+#
+# org.owasp.csrfguard.PRNG=SHA1PRNG
+org.owasp.csrfguard.PRNG=SHA1PRNG
+ 
+# Pseudo-random Number Generator Provider
+
+# The pseudo-random number generator provider property (org.owasp.csrfguard.PRNG.Provider) defines which
+# provider's implementation of org.owasp.csrfguard.PRNG we should utilize. The following configuration
+# snippet instructs the JVM to leverage SUN's implementation of the algorithm denoted by the
+# org.owasp.csrfguard.PRNG property:
+
+# org.owasp.csrfguard.PRNG.Provider=SUN
+org.owasp.csrfguard.PRNG.Provider=SUN
+
+# If not specifying the print config option in the web.xml, you can specify it here, to print the config
+# on startup
+org.owasp.csrfguard.Config.Print = true
+
+###########################
+## Javascript servlet settings if not set in web.xml
+## https://www.owasp.org/index.php/CSRFGuard_3_Token_Injection
+###########################
+
+# leave this blank and blank in web.xml and it will read from META-INF/csrfguard.js from the jarfile
+# Denotes the location of the JavaScript template file that should be consumed and dynamically 
+# augmented by the JavaScriptServlet class. The default value is WEB-INF/Owasp.CsrfGuard.js. 
+# Use of this property and the existence of the specified template file is required.
+org.owasp.csrfguard.JavascriptServlet.sourceFile = 
+
+# Boolean value that determines whether or not the dynamic JavaScript code should be strict 
+# with regards to what links it should inject the CSRF prevention token. With a value of true, 
+# the JavaScript code will only place the token in links that point to the same exact domain 
+# from which the HTML originated. With a value of false, the JavaScript code will place the 
+# token in links that not only point to the same exact domain from which the HTML originated, 
+# but sub-domains as well.
+org.owasp.csrfguard.JavascriptServlet.domainStrict = true
+
+# Allows the developer to specify the value of the Cache-Control header in the HTTP response 
+# when serving the dynamic JavaScript file. The default value is private, maxage=28800. 
+# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance. 
+# Note that the Cache-Control header is always set to "no-store" when either the "Rotate" 
+# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
+org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=28800
+
+# Allows the developer to specify a regular expression describing the required value of the 
+# Referer header. Any attempts to access the servlet with a Referer header that does not 
+# match the captured expression is discarded. Inclusion of referer header checking is to 
+# help minimize the risk of JavaScript Hijacking attacks that attempt to steal tokens from 
+# the dynamically generated JavaScript. While the primary defenses against JavaScript 
+# Hijacking attacks are implemented within the dynamic JavaScript itself, referer header 
+# checking is implemented to achieve defense in depth.
+org.owasp.csrfguard.JavascriptServlet.refererPattern = .*
+
+# Similar to javascript servlet referer pattern, but this will make sure the referer of the 
+# javascript servlet matches the domain of the request.  If there is no referer (proxy strips it?)
+# then it will not fail.  Generally this is a good idea to be true.
+org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
+
+# Boolean value that determines whether or not the dynamic JavaScript code should 
+# inject the CSRF prevention token as a hidden field into HTML forms. The default 
+# value is true. Developers are strongly discouraged from disabling this property 
+# as most server-side state changing actions are triggered via a POST request.
+org.owasp.csrfguard.JavascriptServlet.injectIntoForms = true
+
+# Boolean value that determines whether or not the dynamic JavaScript code should 
+# inject the CSRF prevention token in the query string of src and href attributes. 
+# Injecting the CSRF prevention token in a URL resource increases its general risk 
+# of exposure to unauthorized parties. However, most JavaEE web applications respond 
+# in the exact same manner to HTTP requests and their associated parameters regardless 
+# of the HTTP method. The risk associated with not protecting GET requests in this 
+# situation is perceived greater than the risk of exposing the token in protected GET 
+# requests. As a result, the default value of this attribute is set to true. Developers 
+# that are confident their server-side state changing controllers will only respond to 
+# POST requests (i.e. discarding GET requests) are strongly encouraged to disable this property.
+org.owasp.csrfguard.JavascriptServlet.injectIntoAttributes = true 
+
+
+org.owasp.csrfguard.JavascriptServlet.xRequestedWith = OWASP CSRFGuard Project
+
+###########################
+## Config overlay settings if you have the provider above set to ConfigurationOverlayProvider
+## This CSRF config provider uses Internet2 Configuration Overlays (documented on Internet2 wiki)
+## By default the configuration is read from the Owasp.CsrfGuard.properties
+## (which should not be edited), and the Owasp.CsrfGuard.overlay.properties overlays
+## the base settings.  See the Owasp.CsrfGuard.properties for the possible
+## settings that can be applied to the Owasp.CsrfGuard.overlay.properties
+###########################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:Owasp.CsrfGuard.properties, file:c:/temp/myFile.properties
+org.owasp.csrfguard.configOverlay.hierarchy = classpath:Owasp.CsrfGuard.properties, classpath:Owasp.CsrfGuard.overlay.properties
+
+# seconds between checking to see if the config files are updated
+org.owasp.csrfguard.configOverlay.secondsBetweenUpdateChecks = 60
+
+
+###########################
+

http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/README.txt
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/README.txt b/modules/group-manager/src/main/resources/README.txt
new file mode 100755
index 0000000..5fd8001
--- /dev/null
+++ b/modules/group-manager/src/main/resources/README.txt
@@ -0,0 +1,21 @@
+====
+    Copyright 2014 Internet2
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+====
+
+- All of the config files which have ".example" in them are examples of the real config files, with the same name without the ".example" in the name
+- So copy each of the *.example* files to a name without .example in it, and customize to your environment.
+- e.g. copy sources.example.xml to sources.xml, then customize
+- the .example shows you which files need customization, and will not prompt you to commit the real file to CVS (since it is ignored and not stored in CVS)
+- note some files without .example also might need customization (e.g. grouper.properties)
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/ehcache.xml
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/ehcache.xml b/modules/group-manager/src/main/resources/ehcache.xml
new file mode 100755
index 0000000..9b6dcc1
--- /dev/null
+++ b/modules/group-manager/src/main/resources/ehcache.xml
@@ -0,0 +1,1517 @@
+<!--
+
+    Copyright 2014 Internet2
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<ehcache updateCheck="false">
+
+  <!-- Sets the path to the directory where cache .data files are created. -->
+  <diskStore path="java.io.tmpdir"/>
+
+
+  <!--
+    Default Cache configuration. These will applied to caches
+    programmatically created through the CacheManager.
+
+    The following attributes are required for defaultCache:
+
+    maxInMemory       - Sets the maximum number of objects that
+                        will be created in memory
+    eternal           - Sets whether elements are eternal. If
+                        eternal,  timeouts are ignored and the
+                        element is never expired.
+    timeToIdleSeconds - Sets the time to idle for an element
+                        before it expires. Is only used if the
+                        element is not eternal.  Idle time is now -
+                        last accessed time
+    timeToLiveSeconds - Sets the time to live for an element
+                        before it expires. Is only used if the
+                        element is not eternal.  TTL is now -
+                        creation time
+    overflowToDisk    - Sets whether elements can overflow to
+                        disk when the in-memory cache has reached
+                        the maxInMemory limit.
+  -->
+  <defaultCache
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO"
+          maxElementsInMemory="500"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+  />
+
+  <!--
+    Predefined caches.  Add your cache configuration settings here.
+    If you do not have a configuration for your cache a WARNING
+    will be issued when the CacheManager starts
+  -->
+
+<!--
+  Grouper Caches
+-->
+
+  <!-- class: HibernateMemberDAO -->
+<!--
+  <cache  name="edu.internet2.middleware.grouper.HibernateMemberDAO.FindByUuid"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"  
+  />
+-->
+
+  <!-- class: HibernateMemberDAO -->
+
+  <!-- class: Hib3MemberDAO -->
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.FindBySubject"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"  
+          statistics="false"
+  />
+
+  <!-- class: Hib3MemberDAO -->
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MembershipDAO"
+          maxElementsInMemory="10000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"  
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignActionDAO.FindByAttributeDefId"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- Queries -->
+
+<!--
+  Hibernate Query Caches
+-->
+
+  <cache name="org.hibernate.cache.internal.StandardQueryCache"
+    maxElementsInMemory="500"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache name="org.hibernate.cache.spi.UpdateTimestampsCache"
+    maxElementsInMemory="5000"
+    eternal="true"
+    overflowToDisk="true"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.RegistrySubject"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.GroupTypeTuple"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Field"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.RegistrySubjectAttribute"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.AuditType"
+          maxElementsInMemory="500"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Attribute"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Composite"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.GroupType"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Membership"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Group"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Stem"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Member"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1"
+          timeToLiveSeconds="1"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   StemDAO#findByName(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByName"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- @see   StemDAO#findByUuid(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByUuid"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   GroupDAO#findByName(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByName"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- @see   GroupDAO#findByIdIndex(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByIdIndex"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  
+  <!-- @see   GroupDAO#findByIdIndex(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByIdIndexSecure"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  
+  <!-- @see   GroupDAO#findByUuid(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByUuid"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindByUuidsSecure"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByUuidsSecure"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByName"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByNameCache"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="60"
+          timeToLiveSeconds="60"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.audit.AuditType"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.changeLog.ChangeLogType"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="ImmediateMembershipEntry"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.permissions.role.RoleSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.AttributeDefNameSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignActionSetView"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.AttributeDef"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="MembershipEntry"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.assign.AttributeAssign"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.AttributeDefName"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder.findByNameCache"
+          maxElementsInMemory="2000"
+          eternal="false"
+          timeToIdleSeconds="60"
+          timeToLiveSeconds="60"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.AttributeDefScope"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.AttributeDefNameSetView"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.permissions.role.RoleSetView"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignActionSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.changeLog.ChangeLogConsumer"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignValue"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.attr.assign.AttributeAssignAction"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+    />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefScopeDAO.FindByUuidOrName"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="20"
+          timeToLiveSeconds="20"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindByUuidOrName"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignValueDAO.FindByAttributeAssignId"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib.Hib3AttributeAssignDAO.FindByAttributeTypeDefNameId"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib.Hib3AttributeDefDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib.Hib3AttributeDefDAO.FindByIdIndex"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="10"
+          timeToLiveSeconds="10"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3ChangeLogEntryDAO.FindBySequenceNumber"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3FieldDAO.FindAll"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindByName"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindByAttributeDefNameIdSecure"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITField"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITFieldDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeAssign"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeAssignAction"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeAssignActionSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeAssignValue"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeAssignValueView"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeDef"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeDefName"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITAttributeDefNameSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITGroup"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITGroupSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITMember"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITMembership"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITMembershipView"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITPermissionAllView"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITRoleSet"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.pit.PITStem"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionSetDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignValueDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameSetDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupSetDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMemberDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMembershipDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITRoleSetDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITStemDAO.FindById"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignActionSetDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeAssignValueDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITAttributeDefNameSetDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITGroupSetDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMemberDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITMembershipDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITRoleSetDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITStemDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3PITFieldDAO.FindBySourceIdActive"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+
+
+  <cache  name="edu.internet2.middleware.grouper.group.GroupSet"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.externalSubjects.ExternalSubject"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.externalSubjects.ExternalSubjectAttribute"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.attr.value.AttributeAssignValue"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByUuidsSecure"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupDAO.FindByNamesSecure"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefDAO.FindById"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByCurrentName"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByIdIndex"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3StemDAO.FindByAlternateName"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupTypeTupleDAO.FindByUuidOrKey"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3CompositeDAO.FindByUuidOrName"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupSetDAO.FindSelfStem"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupSetDAO.FindSelfGroup"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3FieldDAO.FindByUuidOrName"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignActionDAO.FindByUuidOrName"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeDefNameDAO.FindAll"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignDAO.FindByUuidOrKey"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GroupSetDAO.FindByOwnerMemberFieldParentAndType"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AuditTypeDAO.FindByCategory"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AuditTypeDAO.FindByUuidOrName"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="10"
+    timeToLiveSeconds="10"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AuditEntryDAO.FindByActingUser"
+    maxElementsInMemory="1000"
+    eternal="false"
+    timeToIdleSeconds="120"
+    timeToLiveSeconds="120"
+    overflowToDisk="false"
+    statistics="false"
+  />
+
+  <!-- @see   CachingAccessResolver#hasPrivilege(...) -->
+  <cache  name="edu.internet2.middleware.grouper.privs.CachingAccessResolver.HasPrivilege"
+          maxElementsInMemory="500"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+
+
+  <!-- Naming privilege resolving caching -->
+
+  <!-- @see   CachingNamingResolver#hasPrivilege(...) -->
+  <cache  name="edu.internet2.middleware.grouper.privs.CachingNamingResolver.HasPrivilege"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!--  attribute def resolving caching -->
+
+  <cache  name="edu.internet2.middleware.grouper.privs.CachingAttrDefResolver.HasPrivilege"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+  />
+
+
+  <!-- Subject resolving caching -->
+
+  <!-- @see   CachingResolver#find(...) -->
+  <cache  name="edu.internet2.middleware.grouper.subj.CachingResolver.Find"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   CachingResolver#findAll(...) -->
+  <cache  name="edu.internet2.middleware.grouper.subj.CachingResolver.FindAll"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   CachingResolver#findPage(...) -->
+  <cache  name="edu.internet2.middleware.grouper.subj.CachingResolver.FindPage"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   CachingResolver#findByIdentifier(...) -->
+  <cache  name="edu.internet2.middleware.grouper.subj.CachingResolver.FindByIdentifier"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   CachingResolver#findByIdOrIdentifier(...) -->
+  <cache  name="edu.internet2.middleware.grouper.subj.CachingResolver.FindByIdOrIdentifier"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <cache  name="edu.internet2.middleware.grouper.attr.AttributeDefName.CanAdminAttributeDef"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="5"
+          timeToLiveSeconds="5"
+          overflowToDisk="false"
+  />
+  
+    <!-- @see   WheelCache#isWheelMember(...) -->
+  <cache  name="edu.internet2.middleware.grouper.privs.WheelCache.isWheelMember"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+    <!-- @see   Membership#getGroup(...) -->
+  <cache  name="edu.internet2.middleware.grouper.Membership.getGroup"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- @see   Membership#getStem(...) -->
+  <cache  name="edu.internet2.middleware.grouper.Membership.getStem"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   Membership#getAttributeDef(...) -->
+  <cache  name="edu.internet2.middleware.grouper.Membership.getAttributeDef"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- @see   Hib3MemberDAO#exists(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.exists"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- @see   Hib3MemberDAO#findBySubject/Uuid(...) -->
+  <cache  name="edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.find"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  <cache  name="AttributeAssignBaseDelegate.allAttributeAssignsCache"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="1200"
+          timeToLiveSeconds="1200"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  <cache  name="edu.internet2.middleware.grouper.entity.EntitySubject.EntityAttributeIdCache"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- this is the cache of groups used by user data.  will be a small cache, but can last a long time (10 minutes) -->
+  <cache  name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataGroupCache"
+          maxElementsInMemory="100"
+          eternal="false"
+          timeToIdleSeconds="600"
+          timeToLiveSeconds="600"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- this is the cache of memberships used by user data.  will last a long time (10 minutes) -->
+  <cache  name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataMembershipCache"
+          maxElementsInMemory="100"
+          eternal="false"
+          timeToIdleSeconds="600"
+          timeToLiveSeconds="600"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- this is the cache of attribute values used by user data.  will last not a long time (2 minutes) -->
+  <cache  name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataAttributeValueCache"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="120"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+  
+  <!-- this is the cache of results for user data.  will last not a long time (2 minutes) -->
+  <cache  name="edu.internet2.middleware.grouper.userData.GrouperUserDataUtils.userDataResultCache"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="120"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- cache of attribute def names for legacy attributes.  note, this must be short for tests to work, in prod can be longer -->
+  <cache  name="edu.internet2.middleware.grouper.GroupType.attributeDefNameFromTypeIdCache"
+          maxElementsInMemory="200"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- cache of set of attribute def names for legacy attributes.  note, this must be short for tests to work, in prod can be longer -->
+  <cache  name="edu.internet2.middleware.grouper.GroupType.legacyAttributesFromTypeIdCache"
+          maxElementsInMemory="200"
+          eternal="false"
+          timeToIdleSeconds="30"
+          timeToLiveSeconds="30"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- cache of recently created stem names to prevent race conditions of multiple threads creating the same stem -->
+  <cache  name="edu.internet2.middleware.grouper.Stem.stemCreatedCache"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="120"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.Stem.stemLocksCache"
+          maxElementsInMemory="1000"
+          eternal="false"
+          timeToIdleSeconds="120"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <!-- cache of recently created member objects to prevent race conditions of multiple threads creating the same member -->
+  <cache  name="edu.internet2.middleware.grouper.MemberFinder.memberCreatedCache"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="120"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.MemberFinder.memberLocksCache"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="120"
+          timeToLiveSeconds="120"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.util.GrouperUtil.objectHasAttributeCache"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="60"
+          timeToLiveSeconds="60"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem.messageCache"
+          maxElementsInMemory="100"
+          eternal="false"
+          timeToIdleSeconds="60"
+          timeToLiveSeconds="60"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+  <cache  name="edu.internet2.middleware.grouper.hooks.examples.MembershipOneInFolderMaxHook.membershipOneAttribute"
+          maxElementsInMemory="5000"
+          eternal="false"
+          timeToIdleSeconds="60"
+          timeToLiveSeconds="60"
+          overflowToDisk="false"
+          statistics="false"
+  />
+
+</ehcache>


Mime
View raw message