syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [5/8] git commit: [SYNCOPE-599] Merge from 1_1_X
Date Mon, 03 Nov 2014 18:35:43 GMT
[SYNCOPE-599] Merge from 1_1_X


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/f1607400
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/f1607400
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/f1607400

Branch: refs/heads/master
Commit: f1607400c4556a0d5581c37ac73a3401c3770311
Parents: 70b5340 05d2985
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Mon Nov 3 19:35:10 2014 +0100
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Mon Nov 3 19:35:10 2014 +0100

----------------------------------------------------------------------
 .../syncope/console/SyncopeApplication.java     | 16 ++--
 .../syncope/console/commons/XMLRolesReader.java | 97 ++++++++++++--------
 .../pages/AbstractSchedTaskModalPage.java       |  4 +-
 .../console/pages/ApprovalModalPage.java        |  4 +-
 .../syncope/console/pages/ConfModalPage.java    |  6 +-
 .../syncope/console/pages/Configuration.java    | 25 +++--
 .../console/pages/ConnectorModalPage.java       |  4 +-
 .../console/pages/DerSchemaModalPage.java       |  4 +-
 .../console/pages/EditUserModalPage.java        |  2 +-
 .../console/pages/NotificationModalPage.java    |  4 +-
 .../syncope/console/pages/ReportModalPage.java  |  4 +-
 .../apache/syncope/console/pages/Reports.java   | 20 ++--
 .../console/pages/ResourceModalPage.java        |  6 +-
 .../apache/syncope/console/pages/Resources.java | 13 ++-
 .../syncope/console/pages/RoleModalPage.java    |  2 +-
 .../apache/syncope/console/pages/Schema.java    |  6 +-
 .../syncope/console/pages/SchemaModalPage.java  |  4 +-
 .../pages/SecurityQuestionModalPage.java        |  4 +-
 .../org/apache/syncope/console/pages/Todo.java  |  6 +-
 .../syncope/console/pages/UserModalPage.java    |  4 +-
 .../org/apache/syncope/console/pages/Users.java |  2 +-
 .../console/pages/VirSchemaModalPage.java       |  4 +-
 .../console/pages/XMLEditorPopupPage.java       |  6 +-
 .../pages/panels/AbstractSyncTasksPanel.java    |  2 +-
 .../console/pages/panels/PoliciesPanel.java     |  4 +-
 .../syncope/console/pages/panels/RolePanel.java |  2 +-
 .../console/pages/panels/RoleSummaryPanel.java  |  2 +-
 .../console/pages/panels/RoleTabPanel.java      |  8 +-
 .../console/pages/panels/SchedTasks.java        |  2 +-
 .../markup/html/form/ActionLinksPanel.java      |  4 +-
 .../wicket/markup/html/tree/TreeRolePanel.java  |  2 +-
 console/src/main/resources/consoleContext.xml   |  2 +-
 32 files changed, 147 insertions(+), 128 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
index f19bdac,0fbe521..c06831b
--- a/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
+++ b/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
@@@ -159,66 -112,63 +159,66 @@@ public class SyncopeApplicatio
          };
          page.add(infoLink);
  
 -        BookmarkablePageLink<Void> schemaLink = new BookmarkablePageLink<Void>("schema", Schema.class);
 -        MetaDataRoleAuthorizationStrategy.authorizeAll(schemaLink, WebPage.ENABLE);
 +        BookmarkablePageLink<Page> schemaLink = new BookmarkablePageLink<Page>("schema", Schema.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 schemaLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Schema", "list"));
++                schemaLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Schema", "list"));
          page.add(schemaLink);
          schemaLink.add(new Image("schemaIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "schema" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> usersLink = new BookmarkablePageLink<Void>("users", Users.class);
 -        String allowedUsersRoles = xmlRolesReader.getEntitlement("Users", "list");
 -        MetaDataRoleAuthorizationStrategy.authorize(usersLink, WebPage.ENABLE, allowedUsersRoles);
 +        BookmarkablePageLink<Page> usersLink = new BookmarkablePageLink<Page>("users", Users.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 usersLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Users", "list"));
++                usersLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Users", "list"));
          page.add(usersLink);
          usersLink.add(new Image("usersIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "users" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> rolesLink = new BookmarkablePageLink<Void>("roles", Roles.class);
 -        MetaDataRoleAuthorizationStrategy.authorizeAll(rolesLink, WebPage.ENABLE);
 +        BookmarkablePageLink<Page> rolesLink = new BookmarkablePageLink<Page>("roles", Roles.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 rolesLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Roles", "list"));
++                rolesLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Roles", "list"));
          page.add(rolesLink);
          rolesLink.add(new Image("rolesIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "roles" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> resourcesLink = new BookmarkablePageLink<Void>("resources", Resources.class);
 -        MetaDataRoleAuthorizationStrategy.authorizeAll(resourcesLink, WebPage.ENABLE);
 +        BookmarkablePageLink<Page> resourcesLink = new BookmarkablePageLink<Page>("resources", Resources.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 resourcesLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Resources", "list"));
++                resourcesLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Resources", "list"));
          page.add(resourcesLink);
          resourcesLink.add(new Image("resourcesIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "resources" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> todoLink = new BookmarkablePageLink<Void>("todo", Todo.class);
 -        MetaDataRoleAuthorizationStrategy.authorize(todoLink, WebPage.ENABLE, xmlRolesReader.getEntitlement(
 -                "Approval", "list"));
 +        BookmarkablePageLink<Page> todoLink = new BookmarkablePageLink<Page>("todo", Todo.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 todoLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Approval", "list"));
++                todoLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Approval", "list"));
          page.add(todoLink);
          todoLink.add(new Image("todoIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "todo" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> reportLink = new BookmarkablePageLink<Void>("reports", Reports.class);
 -        String allowedReportRoles = xmlRolesReader.getEntitlement("Reports", "list");
 -        MetaDataRoleAuthorizationStrategy.authorize(reportLink, WebPage.ENABLE, allowedReportRoles);
 +        BookmarkablePageLink<Page> reportLink = new BookmarkablePageLink<Page>("reports", Reports.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 reportLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Reports", "list"));
++                reportLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Reports", "list"));
          page.add(reportLink);
          reportLink.add(new Image("reportsIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "reports" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> configurationLink = new BookmarkablePageLink<Void>("configuration",
 +        BookmarkablePageLink<Page> configurationLink = new BookmarkablePageLink<Page>("configuration",
                  Configuration.class);
 -        String allowedConfigurationRoles = xmlRolesReader.getEntitlement("Configuration", "list");
 -        MetaDataRoleAuthorizationStrategy.authorize(configurationLink, WebPage.ENABLE, allowedConfigurationRoles);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 configurationLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Configuration", "list"));
++                configurationLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Configuration", "list"));
          page.add(configurationLink);
          configurationLink.add(new Image("configurationIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL
                  : "") + "configuration" + Constants.PNG_EXT)));
  
 -        BookmarkablePageLink<Void> taskLink = new BookmarkablePageLink<Void>("tasks", Tasks.class);
 -        String allowedTasksRoles = xmlRolesReader.getEntitlement("Tasks", "list");
 -        MetaDataRoleAuthorizationStrategy.authorize(taskLink, WebPage.ENABLE, allowedTasksRoles);
 +        BookmarkablePageLink<Page> taskLink = new BookmarkablePageLink<Page>("tasks", Tasks.class);
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 taskLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles("Tasks", "list"));
++                taskLink, WebPage.ENABLE, xmlRolesReader.getEntitlement("Tasks", "list"));
          page.add(taskLink);
          taskLink.add(new Image("tasksIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
                  ? IMG_NOTSEL

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/AbstractSchedTaskModalPage.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/ApprovalModalPage.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/ConfModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/ConfModalPage.java
index fe72f87,0000000..99fcac6
mode 100644,000000..100644
--- a/console/src/main/java/org/apache/syncope/console/pages/ConfModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ConfModalPage.java
@@@ -1,111 -1,0 +1,111 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *   http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.syncope.console.pages;
 +
 +import java.util.Collections;
 +import org.apache.commons.lang3.StringUtils;
 +import org.apache.syncope.common.to.AttributeTO;
 +import org.apache.syncope.common.to.ConfTO;
 +import org.apache.syncope.console.commons.Constants;
 +import org.apache.syncope.console.commons.Mode;
 +import org.apache.syncope.console.pages.panels.AttributesPanel;
 +import org.apache.wicket.PageReference;
 +import org.apache.wicket.ajax.AjaxRequestTarget;
 +import org.apache.wicket.ajax.markup.html.form.AjaxButton;
 +import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
 +import org.apache.wicket.extensions.ajax.markup.html.IndicatingAjaxButton;
 +import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
 +import org.apache.wicket.markup.html.WebMarkupContainer;
 +import org.apache.wicket.markup.html.form.Form;
 +import org.apache.wicket.model.CompoundPropertyModel;
 +import org.apache.wicket.model.ResourceModel;
 +
 +public class ConfModalPage extends BaseModalPage {
 +
 +    private static final long serialVersionUID = 3524777398688399977L;
 +
 +    public ConfModalPage(final PageReference pageRef, final ModalWindow window, final WebMarkupContainer parameters) {
 +        super();
 +
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 parameters, ENABLE, xmlRolesReader.getAllAllowedRoles("Configuration", "list"));
++                parameters, ENABLE, xmlRolesReader.getEntitlement("Configuration", "list"));
 +        final ConfTO conf = confRestClient.list();
 +
 +        final Form<ConfTO> form = new Form<ConfTO>("confForm");
 +        form.setModel(new CompoundPropertyModel<ConfTO>(conf));
 +
 +        form.add(new AttributesPanel("paramAttrs", conf, form, Mode.ADMIN));
 +
 +        final AjaxButton submit = new IndicatingAjaxButton(SUBMIT, new ResourceModel(SUBMIT)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                final ConfTO updatedConf = (ConfTO) form.getModelObject();
 +
 +                try {
 +                    for (AttributeTO attr : updatedConf.getAttrs()) {
 +                        if (attr.getValues().isEmpty()
 +                                || attr.getValues().equals(Collections.singletonList(StringUtils.EMPTY))) {
 +
 +                            confRestClient.delete(attr.getSchema());
 +                        } else {
 +                            confRestClient.set(attr);
 +                        }
 +                    }
 +
 +                    if (pageRef.getPage() instanceof BasePage) {
 +                        ((BasePage) pageRef.getPage()).setModalResult(true);
 +                    }
 +
 +                    window.close(target);
 +                } catch (Exception e) {
 +                    error(getString(Constants.ERROR) + ": " + e.getMessage());
 +                    feedbackPanel.refresh(target);
 +                }
 +            }
 +
 +            @Override
 +            protected void onError(final AjaxRequestTarget target, final Form<?> form) {
 +                feedbackPanel.refresh(target);
 +            }
 +        };
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Configuration", "set"));
++                submit, ENABLE, xmlRolesReader.getEntitlement("Configuration", "set"));
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Configuration", "delete"));
++                submit, ENABLE, xmlRolesReader.getEntitlement("Configuration", "delete"));
 +        form.add(submit);
 +        form.setDefaultButton(submit);
 +
 +        final AjaxButton cancel = new IndicatingAjaxButton(CANCEL, new ResourceModel(CANCEL)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                window.close(target);
 +            }
 +        };
 +        cancel.setDefaultFormProcessing(false);
 +        form.add(cancel);
 +
 +        add(form);
 +    }
 +}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/Configuration.java
index 4851117,9e4c0fc..b2e5c07
--- a/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
@@@ -25,19 -26,13 +25,17 @@@ import java.util.Arrays
  import java.util.Collections;
  import java.util.Iterator;
  import java.util.List;
 -import org.apache.syncope.common.to.ConfigurationTO;
 +import org.apache.logging.log4j.LogManager;
 +import org.apache.logging.log4j.core.LoggerContext;
 +import org.apache.logging.log4j.core.config.LoggerConfig;
 +import org.apache.syncope.common.SyncopeClientException;
 +import org.apache.syncope.common.SyncopeConstants;
- import org.apache.syncope.common.to.AttributeTO;
- import org.apache.syncope.common.to.ConfTO;
  import org.apache.syncope.common.to.LoggerTO;
  import org.apache.syncope.common.to.NotificationTO;
 -import org.apache.syncope.common.to.WorkflowDefinitionTO;
 +import org.apache.syncope.common.to.SecurityQuestionTO;
 +import org.apache.syncope.console.commons.AttrLayoutType;
 +import org.apache.syncope.common.types.LoggerLevel;
  import org.apache.syncope.common.types.PolicyType;
 -import org.apache.syncope.common.types.SyncopeLoggerLevel;
 -import org.apache.syncope.common.validation.SyncopeClientCompositeErrorException;
  import org.apache.syncope.console.commons.Constants;
  import org.apache.syncope.console.commons.HttpResourceStream;
  import org.apache.syncope.console.commons.PreferenceManager;
@@@ -154,92 -142,50 +152,91 @@@ public class Configuration extends Base
          add(new PoliciesPanel("syncPoliciesPanel", getPageReference(), PolicyType.SYNC));
  
          add(createNotificationWin = new ModalWindow("createNotificationWin"));
 +        createNotificationWin.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 +        createNotificationWin.setInitialHeight(NOTIFICATION_WIN_HEIGHT);
 +        createNotificationWin.setInitialWidth(NOTIFICATION_WIN_WIDTH);
 +        createNotificationWin.setCookieName("create-notification-modal");
          add(editNotificationWin = new ModalWindow("editNotificationWin"));
 +        editNotificationWin.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 +        editNotificationWin.setInitialHeight(NOTIFICATION_WIN_HEIGHT);
 +        editNotificationWin.setInitialWidth(NOTIFICATION_WIN_WIDTH);
 +        editNotificationWin.setCookieName("edit-notification-modal");
          setupNotification();
  
 +        add(createSecurityQuestionWin = new ModalWindow("createSecurityQuestionWin"));
 +        createSecurityQuestionWin.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 +        createSecurityQuestionWin.setInitialHeight(SECURITY_QUESTION_WIN_HEIGHT);
 +        createSecurityQuestionWin.setInitialWidth(SECURITY_QUESTION_WIN_WIDTH);
 +        createSecurityQuestionWin.setCookieName("create-security-question-modal");
 +        add(editSecurityQuestionWin = new ModalWindow("editSecurityQuestionWin"));
 +        editSecurityQuestionWin.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 +        editSecurityQuestionWin.setInitialHeight(SECURITY_QUESTION_WIN_HEIGHT);
 +        editSecurityQuestionWin.setInitialWidth(SECURITY_QUESTION_WIN_WIDTH);
 +        editSecurityQuestionWin.setCookieName("edit-security-question-modal");
 +        setupSecurityQuestion();
 +
          // Workflow definition stuff
 -        final WorkflowDefinitionTO workflowDef = wfRestClient.getDefinition();
 +        WebMarkupContainer noActivitiEnabledForUsers = new WebMarkupContainer("noActivitiEnabledForUsers");
 +        noActivitiEnabledForUsers.setOutputMarkupPlaceholderTag(true);
 +        add(noActivitiEnabledForUsers);
  
          WebMarkupContainer workflowDefContainer = new WebMarkupContainer("workflowDefContainer");
 +        workflowDefContainer.setOutputMarkupPlaceholderTag(true);
  
 -        Form wfForm = new Form("workflowDefForm", new CompoundPropertyModel(workflowDef));
 +        if (wfRestClient.isActivitiEnabledForUsers()) {
 +            noActivitiEnabledForUsers.setVisible(false);
 +        } else {
 +            workflowDefContainer.setVisible(false);
 +        }
  
 -        TextArea<WorkflowDefinitionTO> workflowDefArea = new TextArea<WorkflowDefinitionTO>("workflowDefArea",
 -                new PropertyModel<WorkflowDefinitionTO>(workflowDef, "xmlDefinition"));
 -        wfForm.add(workflowDefArea);
 +        BookmarkablePageLink<Void> activitiModeler =
 +                new BookmarkablePageLink<Void>("activitiModeler", ActivitiModelerPopupPage.class);
 +        activitiModeler.setPopupSettings(new VeilPopupSettings().setHeight(600).setWidth(800));
 +        MetaDataRoleAuthorizationStrategy.authorize(activitiModeler, ENABLE,
-                 xmlRolesReader.getAllAllowedRoles("Configuration", "workflowDefRead"));
++                xmlRolesReader.getEntitlement("Configuration", "workflowDefRead"));
 +        workflowDefContainer.add(activitiModeler);
 +        // Check if Activiti Modeler directory is found
 +        boolean activitiModelerEnabled = false;
 +        try {
 +            String activitiModelerDirectory = WebApplicationContextUtils.getWebApplicationContext(
 +                    WebApplication.get().getServletContext()).getBean("activitiModelerDirectory", String.class);
 +            File baseDir = new File(activitiModelerDirectory);
 +            activitiModelerEnabled = baseDir.exists() && baseDir.canRead() && baseDir.isDirectory();
 +        } catch (Exception e) {
 +            LOG.error("Could not check for Activiti Modeler directory", e);
 +        }
 +        activitiModeler.setEnabled(activitiModelerEnabled);
  
 -        AjaxButton submit =
 -                new ClearIndicatingAjaxButton(APPLY, new Model<String>(getString(SUBMIT)), getPageReference()) {
 +        BookmarkablePageLink<Void> xmlEditor =
 +                new BookmarkablePageLink<Void>("xmlEditor", XMLEditorPopupPage.class);
 +        xmlEditor.setPopupSettings(new VeilPopupSettings().setHeight(480).setWidth(800));
 +        MetaDataRoleAuthorizationStrategy.authorize(xmlEditor, ENABLE,
-                 xmlRolesReader.getAllAllowedRoles("Configuration", "workflowDefRead"));
++                xmlRolesReader.getEntitlement("Configuration", "workflowDefRead"));
 +        workflowDefContainer.add(xmlEditor);
  
 -            private static final long serialVersionUID = -958724007591692537L;
 +        Image workflowDefDiagram = new Image("workflowDefDiagram", new Model()) {
  
 -            @Override
 -            protected void onSubmitInternal(final AjaxRequestTarget target, final Form<?> form) {
 -                try {
 -                    wfRestClient.updateDefinition(workflowDef);
 -                    info(getString(Constants.OPERATION_SUCCEEDED));
 -                } catch (SyncopeClientCompositeErrorException scee) {
 -                    error(getString(Constants.ERROR) + ":" + scee.getMessage());
 -                }
 -                target.add(feedbackPanel);
 -            }
 +            private static final long serialVersionUID = -8457850449086490660L;
  
              @Override
 -            protected void onError(final AjaxRequestTarget target, final Form<?> form) {
 -                target.add(feedbackPanel);
 -            }
 -        };
 +            protected IResource getImageResource() {
 +                return new DynamicImageResource() {
  
 -        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getEntitlement("Configuration",
 -                "workflowDefUpdate"));
 -        wfForm.add(submit);
 +                    private static final long serialVersionUID = 923201517955737928L;
  
 -        workflowDefContainer.add(wfForm);
 +                    @Override
 +                    protected byte[] getImageData(final IResource.Attributes attributes) {
 +                        return wfRestClient.isActivitiEnabledForUsers()
 +                                ? wfRestClient.getDiagram()
 +                                : new byte[0];
 +                    }
 +                };
 +            }
- 
 +        };
 +        workflowDefContainer.add(workflowDefDiagram);
  
 -        MetaDataRoleAuthorizationStrategy.authorize(workflowDefContainer, ENABLE, xmlRolesReader.getEntitlement(
 -                "Configuration", "workflowDefRead"));
 +        MetaDataRoleAuthorizationStrategy.authorize(workflowDefContainer, ENABLE,
-                 xmlRolesReader.getAllAllowedRoles("Configuration", "workflowDefRead"));
++                xmlRolesReader.getEntitlement("Configuration", "workflowDefRead"));
          add(workflowDefContainer);
  
          // Logger stuff
@@@ -260,27 -206,106 +257,27 @@@
          consoleLoggerContainer.add(consoleLoggerList);
          consoleLoggerContainer.setOutputMarkupId(true);
  
-         MetaDataRoleAuthorizationStrategy.authorize(consoleLoggerContainer, ENABLE, xmlRolesReader.getAllAllowedRoles(
+         MetaDataRoleAuthorizationStrategy.authorize(consoleLoggerContainer, ENABLE, xmlRolesReader.getEntitlement(
                  "Configuration", "logList"));
          add(consoleLoggerContainer);
 +
 +        add(new LayoutsPanel("adminUserLayoutPanel", AttrLayoutType.ADMIN_USER, feedbackPanel));
 +        add(new LayoutsPanel("selfUserLayoutPanel", AttrLayoutType.SELF_USER, feedbackPanel));
 +        add(new LayoutsPanel("adminRoleLayoutPanel", AttrLayoutType.ADMIN_ROLE, feedbackPanel));
 +        add(new LayoutsPanel("selfRoleLayoutPanel", AttrLayoutType.SELF_ROLE, feedbackPanel));
 +        add(new LayoutsPanel("adminMembershipLayoutPanel", AttrLayoutType.ADMIN_MEMBERSHIP, feedbackPanel));
 +        add(new LayoutsPanel("selfMembershipLayoutPanel", AttrLayoutType.SELF_MEMBERSHIP, feedbackPanel));
      }
  
 +    @SuppressWarnings({ "unchecked", "rawtypes" })
      private void setupSyncopeConf() {
 -        confPaginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_CONFIGURATION_PAGINATOR_ROWS);
 -
 -        final List<IColumn<ConfigurationTO, String>> confColumns = new ArrayList<IColumn<ConfigurationTO, String>>();
 -        confColumns.add(new PropertyColumn<ConfigurationTO, String>(new ResourceModel("key"), "key", "key"));
 -        confColumns.add(new PropertyColumn<ConfigurationTO, String>(new ResourceModel("value"), "value", "value"));
 -
 -        confColumns.add(new AbstractColumn<ConfigurationTO, String>(new ResourceModel("actions", "")) {
 -
 -            private static final long serialVersionUID = 2054811145491901166L;
 +        final WebMarkupContainer parameters = new WebMarkupContainer("parameters");
 +        parameters.setOutputMarkupId(true);
 +        add(parameters);
  
 -            @Override
 -            public String getCssClass() {
 -                return "action";
 -            }
 -
 -            @Override
 -            public void populateItem(final Item<ICellPopulator<ConfigurationTO>> cellItem, final String componentId,
 -                    final IModel<ConfigurationTO> model) {
 -
 -                final ConfigurationTO configurationTO = model.getObject();
 +        setWindowClosedCallback(syncopeConfWin, parameters);
  
 -                final ActionLinksPanel panel = new ActionLinksPanel(componentId, model, getPageReference());
 -
 -                panel.add(new ActionLink() {
 -
 -                    private static final long serialVersionUID = -3722207913631435501L;
 -
 -                    @Override
 -                    public void onClick(final AjaxRequestTarget target) {
 -
 -                        editConfigWin.setPageCreator(new ModalWindow.PageCreator() {
 -
 -                            private static final long serialVersionUID = -7834632442532690940L;
 -
 -                            @Override
 -                            public Page createPage() {
 -                                return new ConfigurationModalPage(Configuration.this.getPageReference(), editConfigWin,
 -                                        configurationTO, false);
 -                            }
 -                        });
 -
 -                        editConfigWin.show(target);
 -                    }
 -                }, ActionLink.ActionType.EDIT, "Configuration");
 -
 -                panel.add(new ActionLink() {
 -
 -                    private static final long serialVersionUID = -3722207913631435501L;
 -
 -                    @Override
 -                    public void onClick(final AjaxRequestTarget target) {
 -                        try {
 -                            confRestClient.deleteConfiguration(configurationTO.getKey());
 -                        } catch (SyncopeClientCompositeErrorException e) {
 -                            LOG.error("While deleting a conf key", e);
 -                            error(e.getMessage());
 -                            return;
 -                        }
 -
 -                        info(getString(Constants.OPERATION_SUCCEEDED));
 -                        target.add(feedbackPanel);
 -
 -                        target.add(confContainer);
 -                    }
 -                }, ActionLink.ActionType.DELETE, "Configuration");
 -
 -                cellItem.add(panel);
 -            }
 -        });
 -
 -        final AjaxFallbackDefaultDataTable<ConfigurationTO, String> confTable =
 -                new AjaxFallbackDefaultDataTable<ConfigurationTO, String>(
 -                "syncopeconf", confColumns, new SyncopeConfProvider(), confPaginatorRows);
 -
 -        confContainer = new WebMarkupContainer("confContainer");
 -        confContainer.add(confTable);
 -        confContainer.setOutputMarkupId(true);
 -
 -        add(confContainer);
 -
 -        createConfigWin.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 -        createConfigWin.setInitialHeight(CONFIG_WIN_HEIGHT);
 -        createConfigWin.setInitialWidth(CONFIG_WIN_WIDTH);
 -        createConfigWin.setCookieName("create-configuration-modal");
 -
 -        editConfigWin.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 -        editConfigWin.setInitialHeight(CONFIG_WIN_HEIGHT);
 -        editConfigWin.setInitialWidth(CONFIG_WIN_WIDTH);
 -        editConfigWin.setCookieName("edit-configuration-modal");
 -
 -        setWindowClosedCallback(createConfigWin, confContainer);
 -        setWindowClosedCallback(editConfigWin, confContainer);
 -
 -        AjaxLink createConfigurationLink = new AjaxLink("createConfigurationLink") {
 +        AjaxLink<Void> confLink = new IndicatingAjaxLink<Void>("confLink") {
  
              private static final long serialVersionUID = -7978723352517770644L;
  
@@@ -320,9 -350,32 +317,9 @@@
                  }
              }
          };
-         MetaDataRoleAuthorizationStrategy.authorize(dbExportLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
-                 "Configuration", "export"));
 -
 -        MetaDataRoleAuthorizationStrategy.authorize(dbExportLink, ENABLE, xmlRolesReader.getEntitlement(
 -                "Configuration", "read"));
++        MetaDataRoleAuthorizationStrategy.authorize(
++                dbExportLink, ENABLE, xmlRolesReader.getEntitlement("Configuration", "export"));
          add(dbExportLink);
 -
 -        Form confPaginatorForm = new Form("confPaginatorForm");
 -
 -        final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this,
 -                "confPaginatorRows"), prefMan.getPaginatorChoices());
 -
 -        rowsChooser.add(new AjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE) {
 -
 -            private static final long serialVersionUID = -1107858522700306810L;
 -
 -            @Override
 -            protected void onUpdate(final AjaxRequestTarget target) {
 -                prefMan.set(getRequest(), getResponse(), Constants.PREF_CONFIGURATION_PAGINATOR_ROWS, String.valueOf(
 -                        confPaginatorRows));
 -                confTable.setItemsPerPage(confPaginatorRows);
 -
 -                target.add(confContainer);
 -            }
 -        });
 -
 -        confPaginatorForm.add(rowsChooser);
 -        add(confPaginatorForm);
      }
  
      private void setupNotification() {
@@@ -467,117 -529,7 +464,117 @@@
          add(notificationPaginatorForm);
      }
  
 -    private class SyncopeConfProvider extends SortableDataProvider<ConfigurationTO, String> {
 +    private void setupSecurityQuestion() {
 +        final List<IColumn<SecurityQuestionTO, String>> securityQuestionCols =
 +                new ArrayList<IColumn<SecurityQuestionTO, String>>();
 +        securityQuestionCols.add(new PropertyColumn<SecurityQuestionTO, String>(
 +                new ResourceModel("id"), "id", "id"));
 +        securityQuestionCols.add(new PropertyColumn<SecurityQuestionTO, String>(
 +                new ResourceModel("content"), "content", "content"));
 +
 +        securityQuestionCols.add(new AbstractColumn<SecurityQuestionTO, String>(new ResourceModel("actions", "")) {
 +
 +            private static final long serialVersionUID = 2054811145491901166L;
 +
 +            @Override
 +            public String getCssClass() {
 +                return "action";
 +            }
 +
 +            @Override
 +            public void populateItem(final Item<ICellPopulator<SecurityQuestionTO>> cellItem, final String componentId,
 +                    final IModel<SecurityQuestionTO> model) {
 +
 +                final SecurityQuestionTO securityQuestionTO = model.getObject();
 +
 +                final ActionLinksPanel panel = new ActionLinksPanel(componentId, model, getPageReference());
 +
 +                panel.add(new ActionLink() {
 +
 +                    private static final long serialVersionUID = -3722207913631435501L;
 +
 +                    @Override
 +                    public void onClick(final AjaxRequestTarget target) {
 +                        editSecurityQuestionWin.setPageCreator(new ModalWindow.PageCreator() {
 +
 +                            private static final long serialVersionUID = -7834632442532690940L;
 +
 +                            @Override
 +                            public Page createPage() {
 +                                return new SecurityQuestionModalPage(Configuration.this.getPageReference(),
 +                                        editSecurityQuestionWin, securityQuestionTO, false);
 +                            }
 +                        });
 +
 +                        editSecurityQuestionWin.show(target);
 +                    }
 +                }, ActionLink.ActionType.EDIT, "SecurityQuestion");
 +
 +                panel.add(new ActionLink() {
 +
 +                    private static final long serialVersionUID = -3722207913631435501L;
 +
 +                    @Override
 +                    public void onClick(final AjaxRequestTarget target) {
 +                        try {
 +                            securityQuestionRestClient.delete(securityQuestionTO.getId());
 +                        } catch (SyncopeClientException e) {
 +                            LOG.error("While deleting a security question", e);
 +                            error(e.getMessage());
 +                            return;
 +                        }
 +
 +                        info(getString(Constants.OPERATION_SUCCEEDED));
 +                        feedbackPanel.refresh(target);
 +                        target.add(securityQuestionContainer);
 +                    }
 +                }, ActionLink.ActionType.DELETE, "SecurityQuestion");
 +
 +                cellItem.add(panel);
 +            }
 +        });
 +
 +        final AjaxFallbackDefaultDataTable<SecurityQuestionTO, String> securityQuestionTable =
 +                new AjaxFallbackDefaultDataTable<SecurityQuestionTO, String>("securityQuestionTable",
 +                        securityQuestionCols, new SecurityQuestionProvider(), 50);
 +
 +        securityQuestionContainer = new WebMarkupContainer("securityQuestionContainer");
 +        securityQuestionContainer.add(securityQuestionTable);
 +        securityQuestionContainer.setOutputMarkupId(true);
 +
 +        add(securityQuestionContainer);
 +
 +        setWindowClosedCallback(createSecurityQuestionWin, securityQuestionContainer);
 +        setWindowClosedCallback(editSecurityQuestionWin, securityQuestionContainer);
 +
 +        AjaxLink<Void> createSecurityQuestionLink = new AjaxLink<Void>("createSecurityQuestionLink") {
 +
 +            private static final long serialVersionUID = -7978723352517770644L;
 +
 +            @Override
 +            public void onClick(final AjaxRequestTarget target) {
 +
 +                createSecurityQuestionWin.setPageCreator(new ModalWindow.PageCreator() {
 +
 +                    private static final long serialVersionUID = -7834632442532690940L;
 +
 +                    @Override
 +                    public Page createPage() {
 +                        return new SecurityQuestionModalPage(Configuration.this.getPageReference(),
 +                                createSecurityQuestionWin, new SecurityQuestionTO(), true);
 +                    }
 +                });
 +
 +                createSecurityQuestionWin.show(target);
 +            }
 +        };
 +
-         MetaDataRoleAuthorizationStrategy.authorize(createSecurityQuestionLink, ENABLE, xmlRolesReader.
-                 getAllAllowedRoles("SecurityQuestion", "create"));
++        MetaDataRoleAuthorizationStrategy.authorize(
++                createSecurityQuestionLink, ENABLE, xmlRolesReader.getEntitlement("SecurityQuestion", "create"));
 +        add(createSecurityQuestionLink);
 +    }
 +
 +    private class NotificationProvider extends SortableDataProvider<NotificationTO, String> {
  
          private static final long serialVersionUID = -276043813563988590L;
  

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/ConnectorModalPage.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/DerSchemaModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/DerSchemaModalPage.java
index 31f8dfd,0000000..80a1b6c
mode 100644,000000..100644
--- a/console/src/main/java/org/apache/syncope/console/pages/DerSchemaModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/DerSchemaModalPage.java
@@@ -1,140 -1,0 +1,140 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *   http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.syncope.console.pages;
 +
 +import org.apache.syncope.common.to.DerSchemaTO;
 +import org.apache.syncope.common.types.AttributableType;
 +import org.apache.syncope.common.SyncopeClientException;
 +import org.apache.syncope.console.commons.Constants;
 +import org.apache.syncope.console.commons.JexlHelpUtil;
 +import org.apache.syncope.console.wicket.markup.html.form.AjaxTextFieldPanel;
 +import org.apache.wicket.PageReference;
 +import org.apache.wicket.ajax.AjaxRequestTarget;
 +import org.apache.wicket.ajax.markup.html.AjaxLink;
 +import org.apache.wicket.ajax.markup.html.form.AjaxButton;
 +import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
 +import org.apache.wicket.extensions.ajax.markup.html.IndicatingAjaxButton;
 +import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
 +import org.apache.wicket.markup.html.WebMarkupContainer;
 +import org.apache.wicket.markup.html.form.Form;
 +import org.apache.wicket.model.CompoundPropertyModel;
 +import org.apache.wicket.model.PropertyModel;
 +import org.apache.wicket.model.ResourceModel;
 +
 +/**
 + * Modal window with Schema form.
 + */
 +public class DerSchemaModalPage extends AbstractSchemaModalPage<DerSchemaTO> {
 +
 +    private static final long serialVersionUID = 6668789770131753386L;
 +
 +    public DerSchemaModalPage(final AttributableType kind) {
 +        super(kind);
 +    }
 +
 +    @Override
 +    public void setSchemaModalPage(final PageReference pageRef, final ModalWindow window,
 +            DerSchemaTO schema, final boolean createFlag) {
 +
 +        if (schema == null) {
 +            schema = new DerSchemaTO();
 +        }
 +
 +        final Form<DerSchemaTO> schemaForm = new Form<DerSchemaTO>(FORM);
 +
 +        schemaForm.setModel(new CompoundPropertyModel<DerSchemaTO>(schema));
 +
 +        final AjaxTextFieldPanel name = new AjaxTextFieldPanel("name", getString("name"), new PropertyModel<String>(
 +                schema, "name"));
 +        name.addRequiredLabel();
 +
 +        final AjaxTextFieldPanel expression = new AjaxTextFieldPanel("expression", getString("expression"),
 +                new PropertyModel<String>(schema, "expression"));
 +        expression.addRequiredLabel();
 +
 +        final WebMarkupContainer jexlHelp = JexlHelpUtil.getJexlHelpWebContainer("jexlHelp");
 +
 +        final AjaxLink<Void> questionMarkJexlHelp = JexlHelpUtil.getAjaxLink(jexlHelp, "questionMarkJexlHelp");
 +        schemaForm.add(questionMarkJexlHelp);
 +        questionMarkJexlHelp.add(jexlHelp);
 +
 +        name.setEnabled(createFlag);
 +
 +        final AjaxButton submit = new IndicatingAjaxButton(APPLY, new ResourceModel(SUBMIT)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form form) {
 +                DerSchemaTO schemaTO = (DerSchemaTO) form.getDefaultModelObject();
 +
 +                try {
 +                    if (createFlag) {
 +                        schemaRestClient.createDerSchema(kind, schemaTO);
 +                    } else {
 +                        schemaRestClient.updateDerSchema(kind, schemaTO);
 +                    }
 +
 +                    if (pageRef.getPage() instanceof BasePage) {
 +                        ((BasePage) pageRef.getPage()).setModalResult(true);
 +                    }
 +
 +                    window.close(target);
 +                } catch (SyncopeClientException e) {
 +                    error(getString(Constants.ERROR) + ": " + e.getMessage());
 +                    feedbackPanel.refresh(target);
 +                }
 +            }
 +
 +            @Override
 +            protected void onError(final AjaxRequestTarget target, final Form<?> form) {
 +                feedbackPanel.refresh(target);
 +            }
 +        };
 +
 +        final AjaxButton cancel = new IndicatingAjaxButton(CANCEL, new ResourceModel(CANCEL)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                window.close(target);
 +            }
 +        };
 +
 +        cancel.setDefaultFormProcessing(
 +                false);
 +
 +        String allowedRoles = createFlag
-                 ? xmlRolesReader.getAllAllowedRoles("Schema", "create")
-                 : xmlRolesReader.getAllAllowedRoles("Schema", "update");
++                ? xmlRolesReader.getEntitlement("Schema", "create")
++                : xmlRolesReader.getEntitlement("Schema", "update");
 +
 +        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 +
 +        schemaForm.add(name);
 +
 +        schemaForm.add(expression);
 +
 +        schemaForm.add(submit);
 +
 +        schemaForm.add(cancel);
 +
 +        add(schemaForm);
 +    }
 +}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/EditUserModalPage.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/NotificationModalPage.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
index d751ff8,d76400b..ea73e9e
--- a/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
@@@ -158,11 -161,11 +158,11 @@@ public class ReportModalPage extends Ba
                  };
  
          if (reportTO.getId() > 0) {
 -            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getEntitlement("Reports",
 -                    "update"));
 +            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER,
-                     xmlRolesReader.getAllAllowedRoles("Reports", "update"));
++                    xmlRolesReader.getEntitlement("Reports", "update"));
          } else {
 -            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getEntitlement("Reports",
 -                    "create"));
 +            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER,
-                     xmlRolesReader.getAllAllowedRoles("Reports", "create"));
++                    xmlRolesReader.getEntitlement("Reports", "create"));
          }
  
          form.add(submit);

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/Reports.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/Reports.java
index b47e434,789e37e..3f09762
--- a/console/src/main/java/org/apache/syncope/console/pages/Reports.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Reports.java
@@@ -109,8 -110,8 +109,8 @@@ public class Reports extends BasePage 
          reportContainer = new WebMarkupContainer("reportContainer");
          setWindowClosedCallback(window, reportContainer);
  
 -        MetaDataRoleAuthorizationStrategy.authorize(reportContainer, RENDER, xmlRolesReader.getEntitlement(
 -                "Reports", "list"));
 +        MetaDataRoleAuthorizationStrategy.authorize(reportContainer, RENDER,
-                 xmlRolesReader.getAllAllowedRoles("Reports", "list"));
++                xmlRolesReader.getEntitlement("Reports", "list"));
  
          paginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_REPORT_PAGINATOR_ROWS);
  
@@@ -222,13 -221,11 +222,13 @@@
  
          add(reportContainer);
  
 +        @SuppressWarnings("rawtypes")
          Form paginatorForm = new Form("paginatorForm");
  
 -        MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getEntitlement("Reports",
 -                "list"));
 +        MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER,
-                 xmlRolesReader.getAllAllowedRoles("Reports", "list"));
++                xmlRolesReader.getEntitlement("Reports", "list"));
  
 +        @SuppressWarnings({ "unchecked", "rawtypes" })
          final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this, "paginatorRows"),
                  prefMan.getPaginatorChoices());
  
@@@ -338,7 -335,7 +338,7 @@@
                                              eventCategory.getKey().getCategory(),
                                              eventCategory.getKey().getSubcategory(),
                                              CollectionUtils.isEmpty(eventCategory.getKey().getEvents())
--                                            ? null : eventCategory.getKey().getEvents().iterator().next(),
++                                                    ? null : eventCategory.getKey().getEvents().iterator().next(),
                                              eventCategory.getValue());
  
                                      loggerRestClient.disableAudit(auditLoggerName);
@@@ -356,7 -353,7 +356,7 @@@
                                              eventCategory.getKey().getCategory(),
                                              eventCategory.getKey().getSubcategory(),
                                              CollectionUtils.isEmpty(eventCategory.getKey().getEvents())
--                                            ? null : eventCategory.getKey().getEvents().iterator().next(),
++                                                    ? null : eventCategory.getKey().getEvents().iterator().next(),
                                              eventCategory.getValue());
  
                                      loggerRestClient.enableAudit(auditLoggerName);
@@@ -384,10 -381,7 +384,10 @@@
  
          @Override
          public Iterator<ReportTO> iterator(final long first, final long count) {
 -            final List<ReportTO> list = reportRestClient.list(((int) first / paginatorRows) + 1, paginatorRows);
 +            final int page = ((int) first / paginatorRows);
-             
++
 +            final List<ReportTO> list =
 +                    reportRestClient.list((page < 0 ? 0 : page) + 1, paginatorRows, getSort());
              Collections.sort(list, comparator);
              return list.iterator();
          }

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
index 5768d71,ea58648..1c93fd1
--- a/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
@@@ -81,12 -77,9 +81,12 @@@ public class ResourceModalPage extends 
          //--------------------------------
  
          //--------------------------------
 -        // Resource mapping panel
 +        // Resource connector configuration panel
          //--------------------------------
 -        form.add(new ResourceConnConfPanel("connconf", resourceTO, createFlag));
 +        ResourceConnConfPanel resourceConnConfPanel = new ResourceConnConfPanel("connconf", resourceTO, createFlag);
-         MetaDataRoleAuthorizationStrategy.authorize(resourceConnConfPanel, ENABLE,
-                 xmlRolesReader.getAllAllowedRoles("Connectors", "read"));
++        MetaDataRoleAuthorizationStrategy.authorize(
++                resourceConnConfPanel, ENABLE, xmlRolesReader.getEntitlement("Connectors", "read"));
 +        form.add(resourceConnConfPanel);
          //--------------------------------
  
          //--------------------------------
@@@ -180,10 -173,10 +180,10 @@@
  
          add(form);
  
-         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Resources",
+         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getEntitlement("Resources",
                  createFlag
 -                ? "create"
 -                : "update"));
 +                        ? "create"
 +                        : "update"));
      }
  
      /**

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/Resources.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/Resources.java
index 12f0f80,89aa1ba..f1bd39b
--- a/console/src/main/java/org/apache/syncope/console/pages/Resources.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Resources.java
@@@ -573,45 -476,40 +572,45 @@@ public class Resources extends BasePag
          editConnectorWin.setInitialWidth(WIN_WIDTH);
          editConnectorWin.setCookieName("edit-conn-modal");
  
 -        AjaxLink createConnectorLink = new ClearIndicatingAjaxLink("createConnectorLink", getPageReference()) {
 +        AjaxLink<Void> createConnectorLink =
 +                new ClearIndicatingAjaxLink<Void>("createConnectorLink", getPageReference()) {
  
 -            private static final long serialVersionUID = -7978723352517770644L;
 +                    private static final long serialVersionUID = -7978723352517770644L;
  
 -            @Override
 -            protected void onClickInternal(final AjaxRequestTarget target) {
 -                createConnectorWin.setPageCreator(new ModalWindow.PageCreator() {
 +                    @Override
 +                    protected void onClickInternal(final AjaxRequestTarget target) {
 +                        createConnectorWin.setPageCreator(new ModalWindow.PageCreator() {
  
 -                    private static final long serialVersionUID = -7834632442532690940L;
 +                            private static final long serialVersionUID = -7834632442532690940L;
  
 -                    @Override
 -                    public Page createPage() {
 -                        ConnectorModalPage form = new ConnectorModalPage(Resources.this.getPageReference(),
 -                                editConnectorWin, new ConnInstanceTO());
 -                        return form;
 -                    }
 -                });
 +                            @Override
 +                            public Page createPage() {
 +                                ConnectorModalPage form = new ConnectorModalPage(Resources.this.getPageReference(),
 +                                        editConnectorWin, new ConnInstanceTO());
 +                                return form;
 +                            }
 +                        });
  
 -                createConnectorWin.show(target);
 -            }
 -        };
 +                        createConnectorWin.show(target);
 +                    }
 +                };
  
-         MetaDataRoleAuthorizationStrategy.authorize(createConnectorLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+         MetaDataRoleAuthorizationStrategy.authorize(createConnectorLink, ENABLE, xmlRolesReader.getEntitlement(
                  "Connectors", "create"));
  
          add(createConnectorLink);
  
 +        @SuppressWarnings("rawtypes")
          Form paginatorForm = new Form("connectorPaginatorForm");
  
-         MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getAllAllowedRoles(
+         MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getEntitlement(
                  "Connectors", "list"));
  
 -        final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this,
 -                "connectorPaginatorRows"), prefMan.getPaginatorChoices());
 +        final DropDownChoice<Integer> rowsChooser = new DropDownChoice<Integer>(
 +                "rowsChooser",
 +                new PropertyModel<Integer>(this,
 +                        "connectorPaginatorRows"),
 +                prefMan.getPaginatorChoices());
  
          rowsChooser.add(new AjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE) {
  

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
index 095399b,2495421..7ef25a6
--- a/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
@@@ -122,13 -133,18 +122,13 @@@ public class RoleModalPage extends Base
                  closeAction(target, form);
              }
          };
 -
          cancel.setDefaultFormProcessing(false);
 +        form.add(cancel);
  
-         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Roles",
+         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getEntitlement("Roles",
                  createFlag
 -                ? "create"
 -                : "update"));
 -
 -        form.add(submit);
 -        form.setDefaultButton(submit);
 -
 -        form.add(cancel);
 +                        ? "create"
 +                        : "update"));
  
          add(form);
      }

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/Schema.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
index 4ab30e2,aedba1d..1e634f0
--- a/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
@@@ -286,12 -272,12 +286,12 @@@ public class SchemaModalPage extends Ab
                  window.close(target);
              }
          };
 -
          cancel.setDefaultFormProcessing(false);
 +        schemaForm.add(cancel);
  
          String allowedRoles = createFlag
-                 ? xmlRolesReader.getAllAllowedRoles("Schema", "create")
-                 : xmlRolesReader.getAllAllowedRoles("Schema", "update");
+                 ? xmlRolesReader.getEntitlement("Schema", "create")
+                 : xmlRolesReader.getEntitlement("Schema", "update");
  
          MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
  

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/SecurityQuestionModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/SecurityQuestionModalPage.java
index 743bcf2,0000000..c9cd4c7
mode 100644,000000..100644
--- a/console/src/main/java/org/apache/syncope/console/pages/SecurityQuestionModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/SecurityQuestionModalPage.java
@@@ -1,113 -1,0 +1,113 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *   http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.syncope.console.pages;
 +
 +import static org.apache.syncope.console.pages.AbstractBasePage.FORM;
 +
 +import org.apache.syncope.common.SyncopeClientException;
 +import org.apache.syncope.common.to.SecurityQuestionTO;
 +import org.apache.syncope.console.commons.Constants;
 +import org.apache.syncope.console.rest.SecurityQuestionRestClient;
 +import org.apache.syncope.console.wicket.markup.html.form.AjaxTextFieldPanel;
 +import org.apache.wicket.PageReference;
 +import org.apache.wicket.ajax.AjaxRequestTarget;
 +import org.apache.wicket.ajax.markup.html.form.AjaxButton;
 +import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
 +import org.apache.wicket.extensions.ajax.markup.html.IndicatingAjaxButton;
 +import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
 +import org.apache.wicket.markup.html.form.Form;
 +import org.apache.wicket.model.CompoundPropertyModel;
 +import org.apache.wicket.model.Model;
 +import org.apache.wicket.model.PropertyModel;
 +import org.apache.wicket.model.ResourceModel;
 +import org.apache.wicket.spring.injection.annot.SpringBean;
 +
 +class SecurityQuestionModalPage extends BaseModalPage {
 +
 +    private static final long serialVersionUID = -6709838862698327502L;
 +
 +    @SpringBean
 +    private SecurityQuestionRestClient restClient;
 +
 +    public SecurityQuestionModalPage(final PageReference pageRef, final ModalWindow window,
 +            final SecurityQuestionTO securityQuestionTO, final boolean createFlag) {
 +
 +        final Form<SecurityQuestionTO> form =
 +                new Form<SecurityQuestionTO>(FORM, new CompoundPropertyModel<SecurityQuestionTO>(securityQuestionTO));
 +
 +        final AjaxTextFieldPanel contentFieldPanel =
 +                new AjaxTextFieldPanel("content", "content", new PropertyModel<String>(securityQuestionTO, "content"));
 +        contentFieldPanel.setRequired(true);
 +        form.add(contentFieldPanel);
 +
 +        AjaxButton submit = new IndicatingAjaxButton(APPLY, new Model<String>(getString(SUBMIT))) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                try {
 +                    if (createFlag) {
 +                        restClient.create(securityQuestionTO);
 +                    } else {
 +                        restClient.update(securityQuestionTO);
 +                    }
 +                    info(getString(Constants.OPERATION_SUCCEEDED));
 +
 +                    Configuration callerPage = (Configuration) pageRef.getPage();
 +                    callerPage.setModalResult(true);
 +
 +                    window.close(target);
 +                } catch (SyncopeClientException scee) {
 +                    error(getString(Constants.ERROR) + ": " + scee.getMessage());
 +                    feedbackPanel.refresh(target);
 +                }
 +            }
 +
 +            @Override
 +            protected void onError(final AjaxRequestTarget target, final Form<?> form) {
 +                feedbackPanel.refresh(target);
 +            }
 +        };
 +
 +        final AjaxButton cancel = new IndicatingAjaxButton(CANCEL, new ResourceModel(CANCEL)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                window.close(target);
 +            }
 +        };
 +
 +        cancel.setDefaultFormProcessing(false);
 +
 +        String allowedRoles = createFlag
-                 ? xmlRolesReader.getAllAllowedRoles("SecurityQuestion", "create")
-                 : xmlRolesReader.getAllAllowedRoles("SecurityQuestion", "update");
++                ? xmlRolesReader.getEntitlement("SecurityQuestion", "create")
++                : xmlRolesReader.getEntitlement("SecurityQuestion", "update");
 +        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 +
 +        form.add(submit);
 +        form.setDefaultButton(submit);
 +
 +        form.add(cancel);
 +
 +        add(form);
 +    }
 +}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/Todo.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/Todo.java
index cf57664,06dd6f0..6ddbed9
--- a/console/src/main/java/org/apache/syncope/console/pages/Todo.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Todo.java
@@@ -78,27 -95,28 +78,27 @@@ public class Todo extends BasePage 
      public Todo(final PageParameters parameters) {
          super(parameters);
  
 -        add(editApprovalWin = new ModalWindow("editApprovalWin"));
 -        add(editUserRequestWin = new ModalWindow("editUserRequestWin"));
 +        add(window = new ModalWindow("editApprovalWin"));
  
 -        setupApproval();
 -        setupUserRequest();
 -    }
 -
 -    private void setupApproval() {
 -        approvalContainer = new WebMarkupContainer("approvalContainer");
 +        container = new WebMarkupContainer("approvalContainer");
  
-         MetaDataRoleAuthorizationStrategy.authorize(container, RENDER,
-                 xmlRolesReader.getAllAllowedRoles("Approval", "list"));
 -        MetaDataRoleAuthorizationStrategy.authorize(approvalContainer, RENDER, xmlRolesReader.getEntitlement(
 -                "Approval", "list"));
++        MetaDataRoleAuthorizationStrategy.authorize(
++                container, RENDER, xmlRolesReader.getEntitlement("Approval", "list"));
  
 -        approvalPaginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_APPROVAL_PAGINATOR_ROWS);
 +        paginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_TODO_PAGINATOR_ROWS);
  
 -        List<IColumn> columns = new ArrayList<IColumn>();
 -        columns.add(new PropertyColumn(new ResourceModel("taskId"), "taskId", "taskId"));
 -        columns.add(new PropertyColumn(new ResourceModel("key"), "key", "key"));
 -        columns.add(new PropertyColumn(new ResourceModel("description"), "description", "description"));
 -        columns.add(new DatePropertyColumn(new ResourceModel("createTime"), "createTime", "createTime"));
 -        columns.add(new DatePropertyColumn(new ResourceModel("dueDate"), "dueDate", "dueDate"));
 -        columns.add(new PropertyColumn(new ResourceModel("owner"), "owner", "owner"));
 +        List<IColumn<WorkflowFormTO, String>> columns = new ArrayList<IColumn<WorkflowFormTO, String>>();
 +        columns.add(new PropertyColumn<WorkflowFormTO, String>(
 +                new ResourceModel("taskId"), "taskId", "taskId"));
 +        columns.add(new PropertyColumn<WorkflowFormTO, String>(
 +                new ResourceModel("key"), "key", "key"));
 +        columns.add(new PropertyColumn<WorkflowFormTO, String>(
 +                new ResourceModel("description"), "description", "description"));
 +        columns.add(new DatePropertyColumn<WorkflowFormTO>(
 +                new ResourceModel("createTime"), "createTime", "createTime"));
 +        columns.add(new DatePropertyColumn<WorkflowFormTO>(
 +                new ResourceModel("dueDate"), "dueDate", "dueDate"));
 +        columns.add(new PropertyColumn<WorkflowFormTO, String>(new ResourceModel("owner"), "owner", "owner"));
          columns.add(new AbstractColumn<WorkflowFormTO, String>(new ResourceModel("actions", "")) {
  
              private static final long serialVersionUID = 2054811145491901166L;
@@@ -158,23 -176,21 +158,23 @@@
              }
          });
  
 -        final AjaxFallbackDefaultDataTable approvalTable = new AjaxFallbackDefaultDataTable("approvalTable", columns,
 -                new ApprovalProvider(), approvalPaginatorRows);
 +        final AjaxFallbackDefaultDataTable<WorkflowFormTO, String> approvalTable =
 +                new AjaxFallbackDefaultDataTable<WorkflowFormTO, String>(
 +                        "approvalTable", columns, new ApprovalProvider(), paginatorRows);
 +        container.add(approvalTable);
  
 -        approvalContainer.add(approvalTable);
 -        approvalContainer.setOutputMarkupId(true);
 +        container.setOutputMarkupId(true);
 +        add(container);
  
 -        add(approvalContainer);
 +        @SuppressWarnings("rawtypes")
 +        Form approvalPaginatorForm = new Form("paginatorForm");
  
 -        Form approvalPaginatorForm = new Form("approvalPaginatorForm");
 +        MetaDataRoleAuthorizationStrategy.authorize(approvalPaginatorForm, RENDER,
-                 xmlRolesReader.getAllAllowedRoles("Approval", "list"));
++                xmlRolesReader.getEntitlement("Approval", "list"));
  
 -        MetaDataRoleAuthorizationStrategy.authorize(approvalPaginatorForm, RENDER, xmlRolesReader.getEntitlement(
 -                "Approval", "list"));
 -
 -        final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this,
 -                "approvalPaginatorRows"), prefMan.getPaginatorChoices());
 +        @SuppressWarnings({ "unchecked", "rawtypes" })
 +        final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser",
 +                new PropertyModel(this, "paginatorRows"), prefMan.getPaginatorChoices());
  
          rowsChooser.add(new AjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE) {
  

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/UserModalPage.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/Users.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/VirSchemaModalPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/VirSchemaModalPage.java
index 5eb48fe,0000000..9ca0c42
mode 100644,000000..100644
--- a/console/src/main/java/org/apache/syncope/console/pages/VirSchemaModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/VirSchemaModalPage.java
@@@ -1,126 -1,0 +1,126 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *   http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.syncope.console.pages;
 +
 +import org.apache.syncope.common.to.VirSchemaTO;
 +import org.apache.syncope.common.types.AttributableType;
 +import org.apache.syncope.common.SyncopeClientException;
 +import org.apache.syncope.console.commons.Constants;
 +import org.apache.syncope.console.wicket.markup.html.form.AjaxCheckBoxPanel;
 +import org.apache.syncope.console.wicket.markup.html.form.AjaxTextFieldPanel;
 +import org.apache.wicket.PageReference;
 +import org.apache.wicket.ajax.AjaxRequestTarget;
 +import org.apache.wicket.ajax.markup.html.form.AjaxButton;
 +import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
 +import org.apache.wicket.extensions.ajax.markup.html.IndicatingAjaxButton;
 +import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
 +import org.apache.wicket.markup.html.form.Form;
 +import org.apache.wicket.model.CompoundPropertyModel;
 +import org.apache.wicket.model.PropertyModel;
 +import org.apache.wicket.model.ResourceModel;
 +
 +/**
 + * Modal window with Schema form.
 + */
 +public class VirSchemaModalPage extends AbstractSchemaModalPage<VirSchemaTO> {
 +
 +    private static final long serialVersionUID = 5979623248182851337L;
 +
 +    public VirSchemaModalPage(final AttributableType kind) {
 +        super(kind);
 +    }
 +
 +    @Override
 +    public void setSchemaModalPage(final PageReference pageRef, final ModalWindow window,
 +            VirSchemaTO schema, final boolean createFlag) {
 +
 +        if (schema == null) {
 +            schema = new VirSchemaTO();
 +        }
 +
 +        final Form<VirSchemaTO> schemaForm = new Form<VirSchemaTO>(FORM);
 +
 +        schemaForm.setModel(new CompoundPropertyModel<VirSchemaTO>(schema));
 +
 +        final AjaxTextFieldPanel name = new AjaxTextFieldPanel("name", getString("name"), new PropertyModel<String>(
 +                schema, "name"));
 +        name.addRequiredLabel();
 +
 +        name.setEnabled(createFlag);
 +
 +        final AjaxCheckBoxPanel readonly = new AjaxCheckBoxPanel("readonly", getString("readonly"),
 +                new PropertyModel<Boolean>(schema, "readonly"));
 +
 +        final AjaxButton submit = new IndicatingAjaxButton(APPLY, new ResourceModel(SUBMIT)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                VirSchemaTO schemaTO = (VirSchemaTO) form.getDefaultModelObject();
 +                try {
 +                    if (createFlag) {
 +                        schemaRestClient.createVirSchema(kind, schemaTO);
 +                    } else {
 +                        schemaRestClient.updateVirSchema(kind, schemaTO);
 +                    }
 +                    if (pageRef.getPage() instanceof BasePage) {
 +                        ((BasePage) pageRef.getPage()).setModalResult(true);
 +                    }
 +
 +                    window.close(target);
 +                } catch (SyncopeClientException e) {
 +                    error(getString(Constants.ERROR) + ": " + e.getMessage());
 +                    feedbackPanel.refresh(target);
 +                }
 +            }
 +
 +            @Override
 +            protected void onError(final AjaxRequestTarget target, final Form<?> form) {
 +                feedbackPanel.refresh(target);
 +            }
 +        };
 +
 +        final AjaxButton cancel = new IndicatingAjaxButton(CANCEL, new ResourceModel(CANCEL)) {
 +
 +            private static final long serialVersionUID = -958724007591692537L;
 +
 +            @Override
 +            protected void onSubmit(final AjaxRequestTarget target, final Form<?> form) {
 +                window.close(target);
 +            }
 +        };
 +
 +        cancel.setDefaultFormProcessing(false);
 +
 +        String allowedRoles = createFlag
-                 ? xmlRolesReader.getAllAllowedRoles("Schema", "create")
-                 : xmlRolesReader.getAllAllowedRoles("Schema", "update");
++                ? xmlRolesReader.getEntitlement("Schema", "create")
++                : xmlRolesReader.getEntitlement("Schema", "update");
 +
 +        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 +
 +        schemaForm.add(name);
 +        schemaForm.add(readonly);
 +
 +        schemaForm.add(submit);
 +        schemaForm.add(cancel);
 +
 +        add(schemaForm);
 +    }
 +}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/XMLEditorPopupPage.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/XMLEditorPopupPage.java
index 6ebd083,0000000..c17351c
mode 100644,000000..100644
--- a/console/src/main/java/org/apache/syncope/console/pages/XMLEditorPopupPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/XMLEditorPopupPage.java
@@@ -1,90 -1,0 +1,90 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *   http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.syncope.console.pages;
 +
 +import java.io.IOException;
 +import javax.ws.rs.core.MediaType;
 +import org.apache.commons.lang3.StringUtils;
 +import org.apache.syncope.common.SyncopeClientException;
 +import org.apache.syncope.console.commons.Constants;
 +import org.apache.syncope.console.rest.WorkflowRestClient;
 +import org.apache.syncope.console.wicket.ajax.markup.html.ClearIndicatingAjaxButton;
 +import org.apache.wicket.ajax.AjaxRequestTarget;
 +import org.apache.wicket.ajax.markup.html.form.AjaxButton;
 +import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
 +import org.apache.wicket.markup.html.form.Button;
 +import org.apache.wicket.markup.html.form.Form;
 +import org.apache.wicket.markup.html.form.TextArea;
 +import org.apache.wicket.model.Model;
 +import org.apache.wicket.spring.injection.annot.SpringBean;
 +import org.apache.wicket.util.io.IOUtils;
 +
 +public class XMLEditorPopupPage extends BasePopupPage {
 +
 +    private static final long serialVersionUID = 5816041644635271734L;
 +
 +    @SpringBean
 +    private WorkflowRestClient wfRestClient;
 +
 +    public XMLEditorPopupPage() {
 +        Form wfForm = new Form("workflowDefForm");
 +
 +        String definition;
 +        try {
 +            definition = IOUtils.toString(wfRestClient.getDefinition(MediaType.APPLICATION_XML_TYPE));
 +        } catch (IOException e) {
 +            LOG.error("Could not get workflow definition", e);
 +            definition = StringUtils.EMPTY;
 +        }
 +        final TextArea<String> workflowDefArea = new TextArea<String>("workflowDefArea", new Model<String>(definition));
 +        wfForm.add(workflowDefArea);
 +
 +        AjaxButton submit =
-                  new ClearIndicatingAjaxButton(APPLY, new Model<String>(getString(SUBMIT)), getPageReference()) {
++                new ClearIndicatingAjaxButton(APPLY, new Model<String>(getString(SUBMIT)), getPageReference()) {
 +
 +                    private static final long serialVersionUID = -958724007591692537L;
 +
 +                    @Override
 +                    protected void onSubmitInternal(final AjaxRequestTarget target, final Form<?> form) {
 +                        try {
 +                            wfRestClient.updateDefinition(
 +                                    MediaType.APPLICATION_XML_TYPE, workflowDefArea.getModelObject());
 +                            info(getString(Constants.OPERATION_SUCCEEDED));
 +                        } catch (SyncopeClientException scee) {
 +                            error(getString(Constants.ERROR) + ": " + scee.getMessage());
 +                        }
 +                        feedbackPanel.refresh(target);
 +                    }
 +
 +                    @Override
 +                    protected void onError(final AjaxRequestTarget target, final Form<?> form) {
 +                        feedbackPanel.refresh(target);
 +                    }
 +                };
 +
 +        final Button close = new Button("closePage", new Model<String>(getString(CANCEL)));
 +
-         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE,
-                 xmlRolesReader.getAllAllowedRoles("Configuration", "workflowDefUpdate"));
++        MetaDataRoleAuthorizationStrategy.authorize(
++                submit, ENABLE, xmlRolesReader.getEntitlement("Configuration", "workflowDefUpdate"));
 +        wfForm.add(submit);
 +        wfForm.add(close);
 +        this.add(wfForm);
 +    }
 +
 +}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/panels/AbstractSyncTasksPanel.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/panels/AbstractSyncTasksPanel.java
index 7d653c0,0000000..e422305
mode 100644,000000..100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/AbstractSyncTasksPanel.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/AbstractSyncTasksPanel.java
@@@ -1,159 -1,0 +1,159 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *   http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.syncope.console.pages.panels;
 +
 +import java.util.List;
 +import org.apache.syncope.common.to.AbstractTaskTO;
 +import org.apache.syncope.common.to.AbstractSyncTaskTO;
 +import org.apache.syncope.common.to.PushTaskTO;
 +import org.apache.syncope.common.to.SyncTaskTO;
 +import org.apache.syncope.console.commons.Constants;
 +import org.apache.syncope.console.pages.PushTaskModalPage;
 +import org.apache.syncope.console.pages.SyncTaskModalPage;
 +import org.apache.syncope.console.pages.Tasks;
 +import org.apache.syncope.console.pages.Tasks.TasksProvider;
 +import org.apache.syncope.console.wicket.ajax.markup.html.ClearIndicatingAjaxLink;
 +import org.apache.wicket.Page;
 +import org.apache.wicket.PageReference;
 +import org.apache.wicket.ajax.AjaxRequestTarget;
 +import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
 +import org.apache.wicket.ajax.markup.html.AjaxLink;
 +import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
 +import org.apache.wicket.event.IEvent;
 +import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
 +import org.apache.wicket.extensions.markup.html.repeater.data.table.IColumn;
 +import org.apache.wicket.markup.html.WebMarkupContainer;
 +import org.apache.wicket.markup.html.form.DropDownChoice;
 +import org.apache.wicket.markup.html.form.Form;
 +import org.apache.wicket.model.PropertyModel;
 +import org.apache.wicket.request.http.WebResponse;
 +
 +public abstract class AbstractSyncTasksPanel<T extends AbstractSyncTaskTO> extends AbstractTasks {
 +
 +    private static final long serialVersionUID = -8674781241465369244L;
 +
 +    private int paginatorRows;
 +
 +    protected WebMarkupContainer container;
 +
 +    protected ModalWindow window;
 +
 +    protected AjaxDataTablePanel<AbstractTaskTO, String> table;
 +
 +    private final Class<T> reference;
 +
 +    public AbstractSyncTasksPanel(final String id, final PageReference pageRef, final Class<T> reference) {
 +        super(id, pageRef);
 +
 +        this.reference = reference;
 +
 +        container = new WebMarkupContainer("container");
 +        container.setOutputMarkupId(true);
 +        add(container);
 +
 +        window = new ModalWindow("taskWin");
 +        window.setCssClassName(ModalWindow.CSS_CLASS_GRAY);
 +        window.setInitialHeight(WIN_HEIGHT);
 +        window.setInitialWidth(WIN_WIDTH);
 +        window.setCookieName(VIEW_TASK_WIN_COOKIE_NAME);
 +        add(window);
 +
 +        ((Tasks) pageRef.getPage()).setWindowClosedCallback(window, container);
 +
 +        paginatorRows = prefMan.getPaginatorRows(getWebRequest(), Constants.PREF_SYNC_TASKS_PAGINATOR_ROWS);
 +    }
 +
 +    @Override
 +    public void onEvent(final IEvent<?> event) {
 +        if (event.getPayload() instanceof AbstractSearchResultPanel.EventDataWrapper) {
 +            ((AbstractSearchResultPanel.EventDataWrapper) event.getPayload()).getTarget().add(container);
 +        }
 +    }
 +
 +    protected void initTasksTable() {
 +
 +        table = Tasks.updateTaskTable(
 +                getColumns(),
 +                new TasksProvider<T>(restClient, paginatorRows, getId(), this.reference),
 +                container,
 +                0,
 +                this.pageRef,
 +                restClient);
 +
 +        Form paginatorForm = new Form("PaginatorForm");
 +
 +        @SuppressWarnings({ "unchecked", "rawtypes" })
 +        final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this, "paginatorRows"),
 +                prefMan.getPaginatorChoices());
 +
 +        rowsChooser.add(new AjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE) {
 +
 +            private static final long serialVersionUID = -1107858522700306810L;
 +
 +            @Override
 +            protected void onUpdate(final AjaxRequestTarget target) {
 +                prefMan.set(getWebRequest(), (WebResponse) getResponse(), Constants.PREF_SYNC_TASKS_PAGINATOR_ROWS,
 +                        String.valueOf(paginatorRows));
 +
 +                table = Tasks.updateTaskTable(
 +                        getColumns(),
 +                        new TasksProvider<T>(restClient, paginatorRows, getId(), reference),
 +                        container,
 +                        table == null ? 0 : (int) table.getCurrentPage(),
 +                        pageRef,
 +                        restClient);
 +
 +                target.add(container);
 +            }
 +        });
 +
 +        paginatorForm.add(rowsChooser);
 +        container.add(paginatorForm);
 +
 +        // create new task
 +        AjaxLink<Void> createLink = new ClearIndicatingAjaxLink<Void>("createLink", pageRef) {
 +
 +            private static final long serialVersionUID = -7978723352517770644L;
 +
 +            @Override
 +            protected void onClickInternal(final AjaxRequestTarget target) {
 +                window.setPageCreator(new ModalWindow.PageCreator() {
 +
 +                    private static final long serialVersionUID = -7834632442532690940L;
 +
 +                    @Override
 +                    public Page createPage() {
 +                        return reference.equals(SyncTaskTO.class) ? new SyncTaskModalPage(window, new SyncTaskTO(),
 +                                pageRef) : new PushTaskModalPage(window, new PushTaskTO(), pageRef);
 +                    }
 +                });
 +
 +                window.show(target);
 +            }
 +        };
 +
 +        MetaDataRoleAuthorizationStrategy.authorize(
-                 createLink, RENDER, xmlRolesReader.getAllAllowedRoles(TASKS, "create"));
++                createLink, RENDER, xmlRolesReader.getEntitlement(TASKS, "create"));
 +
 +        add(createLink);
 +
 +    }
 +
 +    protected abstract List<IColumn<AbstractTaskTO, String>> getColumns();
 +}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
----------------------------------------------------------------------
diff --cc console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
index 553e534,b6f7196..0e94209
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
@@@ -229,13 -223,11 +229,13 @@@ public class PoliciesPanel extends Pane
  
          add(createButton);
  
-         MetaDataRoleAuthorizationStrategy.authorize(createButton, ENABLE,
-                 xmlRolesReader.getAllAllowedRoles("Policies", "create"));
 -        MetaDataRoleAuthorizationStrategy.authorize(createButton, ENABLE, xmlRolesReader.getEntitlement("Policies",
 -                "create"));
++        MetaDataRoleAuthorizationStrategy.authorize(
++                createButton, ENABLE, xmlRolesReader.getEntitlement("Policies", "create"));
  
 +        @SuppressWarnings("rawtypes")
          final Form paginatorForm = new Form("PaginatorForm");
  
 +        @SuppressWarnings({ "unchecked", "rawtypes" })
          final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this, "paginatorRows"),
                  prefMan.getPaginatorChoices());
  

http://git-wip-us.apache.org/repos/asf/syncope/blob/f1607400/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
----------------------------------------------------------------------


Mime
View raw message