syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [2/8] git commit: [SYNCOPE-599] Enhancements to console's authorization parsing
Date Mon, 03 Nov 2014 18:35:40 GMT
[SYNCOPE-599] Enhancements to console's authorization parsing


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/05d2985a
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/05d2985a
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/05d2985a

Branch: refs/heads/1_2_X
Commit: 05d2985a47cb2104a6b43d553b4707209c261f94
Parents: 79ef513
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Mon Nov 3 19:19:21 2014 +0100
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Mon Nov 3 19:19:21 2014 +0100

----------------------------------------------------------------------
 .../syncope/console/SyncopeApplication.java     |  10 +-
 .../syncope/console/commons/XMLRolesReader.java | 104 +++++++++++--------
 .../pages/AbstractSchedTaskModalPage.java       |   4 +-
 .../console/pages/ApprovalModalPage.java        |   4 +-
 .../syncope/console/pages/Configuration.java    |  16 +--
 .../console/pages/ConfigurationModalPage.java   |   4 +-
 .../console/pages/ConnectorModalPage.java       |   4 +-
 .../console/pages/DerivedSchemaModalPage.java   |   4 +-
 .../console/pages/EditUserModalPage.java        |   2 +-
 .../console/pages/NotificationModalPage.java    |   4 +-
 .../syncope/console/pages/ReportModalPage.java  |   4 +-
 .../apache/syncope/console/pages/Reports.java   |  14 +--
 .../console/pages/ResourceModalPage.java        |   2 +-
 .../apache/syncope/console/pages/Resources.java |  13 ++-
 .../syncope/console/pages/RoleModalPage.java    |   2 +-
 .../apache/syncope/console/pages/Schema.java    |   6 +-
 .../syncope/console/pages/SchemaModalPage.java  |   4 +-
 .../syncope/console/pages/StatusModalPage.java  |   2 +-
 .../org/apache/syncope/console/pages/Todo.java  |   8 +-
 .../syncope/console/pages/UserModalPage.java    |   4 +-
 .../org/apache/syncope/console/pages/Users.java |   2 +-
 .../console/pages/VirtualSchemaModalPage.java   |   4 +-
 .../console/pages/panels/PoliciesPanel.java     |   2 +-
 .../syncope/console/pages/panels/RolePanel.java |   2 +-
 .../console/pages/panels/RoleSummaryPanel.java  |   2 +-
 .../console/pages/panels/RoleTabPanel.java      |   8 +-
 .../console/pages/panels/SchedTasks.java        |   2 +-
 .../syncope/console/pages/panels/SyncTasks.java |   2 +-
 .../markup/html/form/ActionLinksPanel.java      |   4 +-
 .../wicket/markup/html/tree/TreeRolePanel.java  |   2 +-
 .../src/main/resources/applicationContext.xml   |   8 +-
 31 files changed, 133 insertions(+), 120 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java b/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
index 9803650..0fbe521 100644
--- a/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
+++ b/console/src/main/java/org/apache/syncope/console/SyncopeApplication.java
@@ -120,7 +120,7 @@ public class SyncopeApplication
                 : "") + "schema" + Constants.PNG_EXT)));
 
         BookmarkablePageLink<Void> usersLink = new BookmarkablePageLink<Void>("users", Users.class);
-        String allowedUsersRoles = xmlRolesReader.getAllAllowedRoles("Users", "list");
+        String allowedUsersRoles = xmlRolesReader.getEntitlement("Users", "list");
         MetaDataRoleAuthorizationStrategy.authorize(usersLink, WebPage.ENABLE, allowedUsersRoles);
         page.add(usersLink);
         usersLink.add(new Image("usersIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
@@ -142,7 +142,7 @@ public class SyncopeApplication
                 : "") + "resources" + Constants.PNG_EXT)));
 
         BookmarkablePageLink<Void> todoLink = new BookmarkablePageLink<Void>("todo", Todo.class);
-        MetaDataRoleAuthorizationStrategy.authorize(todoLink, WebPage.ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(todoLink, WebPage.ENABLE, xmlRolesReader.getEntitlement(
                 "Approval", "list"));
         page.add(todoLink);
         todoLink.add(new Image("todoIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
@@ -150,7 +150,7 @@ public class SyncopeApplication
                 : "") + "todo" + Constants.PNG_EXT)));
 
         BookmarkablePageLink<Void> reportLink = new BookmarkablePageLink<Void>("reports", Reports.class);
-        String allowedReportRoles = xmlRolesReader.getAllAllowedRoles("Reports", "list");
+        String allowedReportRoles = xmlRolesReader.getEntitlement("Reports", "list");
         MetaDataRoleAuthorizationStrategy.authorize(reportLink, WebPage.ENABLE, allowedReportRoles);
         page.add(reportLink);
         reportLink.add(new Image("reportsIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
@@ -159,7 +159,7 @@ public class SyncopeApplication
 
         BookmarkablePageLink<Void> configurationLink = new BookmarkablePageLink<Void>("configuration",
                 Configuration.class);
-        String allowedConfigurationRoles = xmlRolesReader.getAllAllowedRoles("Configuration", "list");
+        String allowedConfigurationRoles = xmlRolesReader.getEntitlement("Configuration", "list");
         MetaDataRoleAuthorizationStrategy.authorize(configurationLink, WebPage.ENABLE, allowedConfigurationRoles);
         page.add(configurationLink);
         configurationLink.add(new Image("configurationIcon", new ContextRelativeResource(IMG_PREFIX + (notsel
@@ -167,7 +167,7 @@ public class SyncopeApplication
                 : "") + "configuration" + Constants.PNG_EXT)));
 
         BookmarkablePageLink<Void> taskLink = new BookmarkablePageLink<Void>("tasks", Tasks.class);
-        String allowedTasksRoles = xmlRolesReader.getAllAllowedRoles("Tasks", "list");
+        String allowedTasksRoles = xmlRolesReader.getEntitlement("Tasks", "list");
         MetaDataRoleAuthorizationStrategy.authorize(taskLink, WebPage.ENABLE, allowedTasksRoles);
         page.add(taskLink);
         taskLink.add(new Image("tasksIcon", new ContextRelativeResource(IMG_PREFIX + (notsel

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/commons/XMLRolesReader.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/commons/XMLRolesReader.java b/console/src/main/java/org/apache/syncope/console/commons/XMLRolesReader.java
index c031975..69cf4ec 100644
--- a/console/src/main/java/org/apache/syncope/console/commons/XMLRolesReader.java
+++ b/console/src/main/java/org/apache/syncope/console/commons/XMLRolesReader.java
@@ -18,17 +18,17 @@
  */
 package org.apache.syncope.console.commons;
 
+import java.util.HashMap;
+import java.util.Map;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.apache.commons.lang3.tuple.Pair;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.w3c.dom.Document;
+import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 /**
@@ -41,62 +41,78 @@ public class XMLRolesReader {
      */
     private static final Logger LOG = LoggerFactory.getLogger(XMLRolesReader.class);
 
-    @Autowired
     private String authorizations;
 
-    private Document doc;
+    private Map<Pair<String, String>, String> authMap;
+
+    public void setAuthorizations(final String authorizations) {
+        this.authorizations = authorizations;
+    }
+
+    private void init() {
+        authMap = new HashMap<Pair<String, String>, String>();
 
-    public void init() {
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
         dbf.setNamespaceAware(true);
         try {
             DocumentBuilder db = dbf.newDocumentBuilder();
-            doc = db.parse(getClass().getResource("/" + authorizations).openStream());
+            Document doc = db.parse(getClass().getResource("/" + authorizations).openStream());
             doc.getDocumentElement().normalize();
+
+            Node authNode = null;
+            NodeList root = doc.getChildNodes();
+            for (int i = 0; i < root.getLength() && authNode == null; i++) {
+                if ("auth".equals(root.item(i).getNodeName())) {
+                    authNode = root.item(i);
+                }
+            }
+            if (authNode == null) {
+                throw new IllegalArgumentException("Could not find root <auth> node");
+            }
+
+            NodeList pages = authNode.getChildNodes();
+            for (int i = 0; i < pages.getLength(); i++) {
+                if ("page".equals(pages.item(i).getNodeName())) {
+                    String page = pages.item(i).getAttributes().getNamedItem("id").getTextContent();
+
+                    NodeList actions = pages.item(i).getChildNodes();
+                    for (int j = 0; j < actions.getLength(); j++) {
+                        if ("action".equals(actions.item(j).getNodeName())) {
+                            String action = actions.item(j).getAttributes().getNamedItem("id").getTextContent();
+
+                            NodeList entitlements = actions.item(j).getChildNodes();
+                            for (int k = 0; k < entitlements.getLength(); k++) {
+                                if ("entitlement".equals(entitlements.item(k).getNodeName())) {
+                                    String entitlement = entitlements.item(k).getTextContent();
+                                    authMap.put(new ImmutablePair<String, String>(page, action), entitlement);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
         } catch (Exception e) {
             LOG.error("While initializing parsing of {}", authorizations, e);
-            doc = null;
         }
     }
 
     /**
-     * Get all roles allowed for specific page and action requested.
+     * Get entitlement required for page / action.
      *
-     * @param pageId
-     * @param actionId
-     * @return roles list comma separated
+     * @param pageId page
+     * @param actionId action
+     * @return entitlement required
      */
-    public String getAllAllowedRoles(final String pageId, final String actionId) {
-
-        if (doc == null) {
-            init();
-        }
-        if (doc == null) {
-            return "";
-        }
-
-        final StringBuilder roles = new StringBuilder();
-        try {
-            XPathFactory factory = XPathFactory.newInstance();
-            XPath xpath = factory.newXPath();
-            XPathExpression expr = xpath.compile("//page[@id='" + pageId + "']/" + "action[@id='" + actionId + "']/"
-                    + "entitlement/text()");
-            Object result = expr.evaluate(doc, XPathConstants.NODESET);
-
-            NodeList nodes = (NodeList) result;
-
-            for (int i = 0; i < nodes.getLength(); i++) {
-                if (i > 0) {
-                    roles.append(",");
-                }
-                roles.append(nodes.item(i).getNodeValue());
+    public String getEntitlement(final String pageId, final String actionId) {
+        synchronized (this) {
+            if (authMap == null) {
+                init();
             }
-        } catch (XPathExpressionException e) {
-            LOG.error("While parsing authorizations file", e);
         }
 
-        LOG.debug("Authorizations found: {}", roles);
-
-        return roles.toString();
+        Pair<String, String> key = new ImmutablePair<String, String>(pageId, actionId);
+        return authMap.containsKey(key)
+                ? authMap.get(key)
+                : StringUtils.EMPTY;
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/AbstractSchedTaskModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/AbstractSchedTaskModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/AbstractSchedTaskModalPage.java
index 4d899e3..8bd02b9 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/AbstractSchedTaskModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/AbstractSchedTaskModalPage.java
@@ -129,10 +129,10 @@ public abstract class AbstractSchedTaskModalPage extends TaskModalPage {
         cancel.setDefaultFormProcessing(false);
 
         if (taskTO.getId() > 0) {
-            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getAllAllowedRoles(TASKS,
+            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getEntitlement(TASKS,
                     "update"));
         } else {
-            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getAllAllowedRoles(TASKS,
+            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getEntitlement(TASKS,
                     "create"));
         }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/ApprovalModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/ApprovalModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/ApprovalModalPage.java
index 8c69ca9..fae7b42 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/ApprovalModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ApprovalModalPage.java
@@ -188,7 +188,7 @@ public class ApprovalModalPage extends BaseModalPage {
                     }
                 };
         MetaDataRoleAuthorizationStrategy.authorize(userDetails, ENABLE,
-                xmlRolesReader.getAllAllowedRoles("Users", "read"));
+                xmlRolesReader.getEntitlement("Users", "read"));
 
         final AjaxButton submit = new IndicatingAjaxButton(APPLY, new Model<String>(getString(SUBMIT))) {
 
@@ -267,7 +267,7 @@ public class ApprovalModalPage extends BaseModalPage {
         form.add(submit);
         form.add(cancel);
 
-        MetaDataRoleAuthorizationStrategy.authorize(form, ENABLE, xmlRolesReader.getAllAllowedRoles("Approval",
+        MetaDataRoleAuthorizationStrategy.authorize(form, ENABLE, xmlRolesReader.getEntitlement("Approval",
                 SUBMIT));
 
         editUserWin = new ModalWindow("editUserWin");

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/Configuration.java b/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
index 403c948..9e4c0fc 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Configuration.java
@@ -178,13 +178,13 @@ public class Configuration extends BasePage {
             }
         };
 
-        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Configuration",
+        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getEntitlement("Configuration",
                 "workflowDefUpdate"));
         wfForm.add(submit);
 
         workflowDefContainer.add(wfForm);
 
-        MetaDataRoleAuthorizationStrategy.authorize(workflowDefContainer, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(workflowDefContainer, ENABLE, xmlRolesReader.getEntitlement(
                 "Configuration", "workflowDefRead"));
         add(workflowDefContainer);
 
@@ -195,7 +195,7 @@ public class Configuration extends BasePage {
         coreLoggerContainer.add(coreLoggerList);
         coreLoggerContainer.setOutputMarkupId(true);
 
-        MetaDataRoleAuthorizationStrategy.authorize(coreLoggerContainer, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(coreLoggerContainer, ENABLE, xmlRolesReader.getEntitlement(
                 "Configuration", "logList"));
         add(coreLoggerContainer);
 
@@ -206,7 +206,7 @@ public class Configuration extends BasePage {
         consoleLoggerContainer.add(consoleLoggerList);
         consoleLoggerContainer.setOutputMarkupId(true);
 
-        MetaDataRoleAuthorizationStrategy.authorize(consoleLoggerContainer, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(consoleLoggerContainer, ENABLE, xmlRolesReader.getEntitlement(
                 "Configuration", "logList"));
         add(consoleLoggerContainer);
     }
@@ -327,7 +327,7 @@ public class Configuration extends BasePage {
             }
         };
 
-        MetaDataRoleAuthorizationStrategy.authorize(createConfigurationLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(createConfigurationLink, ENABLE, xmlRolesReader.getEntitlement(
                 "Configuration", "create"));
         add(createConfigurationLink);
 
@@ -351,7 +351,7 @@ public class Configuration extends BasePage {
             }
         };
 
-        MetaDataRoleAuthorizationStrategy.authorize(dbExportLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(dbExportLink, ENABLE, xmlRolesReader.getEntitlement(
                 "Configuration", "read"));
         add(dbExportLink);
 
@@ -502,7 +502,7 @@ public class Configuration extends BasePage {
             }
         };
 
-        MetaDataRoleAuthorizationStrategy.authorize(createNotificationLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(createNotificationLink, ENABLE, xmlRolesReader.getEntitlement(
                 "Notification", "create"));
         add(createNotificationLink);
 
@@ -673,7 +673,7 @@ public class Configuration extends BasePage {
                 }
             });
 
-            MetaDataRoleAuthorizationStrategy.authorize(level, ENABLE, xmlRolesReader.getAllAllowedRoles(
+            MetaDataRoleAuthorizationStrategy.authorize(level, ENABLE, xmlRolesReader.getEntitlement(
                     "Configuration", "logSetLevel"));
 
             item.add(level);

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/ConfigurationModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/ConfigurationModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/ConfigurationModalPage.java
index 5af5b16..d61fa38 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/ConfigurationModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ConfigurationModalPage.java
@@ -121,8 +121,8 @@ public class ConfigurationModalPage extends BaseModalPage {
         form.add(cancel);
 
         String allowedRoles = createFlag
-                ? xmlRolesReader.getAllAllowedRoles("Configuration", "create")
-                : xmlRolesReader.getAllAllowedRoles("Configuration", "update");
+                ? xmlRolesReader.getEntitlement("Configuration", "create")
+                : xmlRolesReader.getEntitlement("Configuration", "update");
 
         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/ConnectorModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/ConnectorModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/ConnectorModalPage.java
index ae28729..94027e1 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/ConnectorModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ConnectorModalPage.java
@@ -437,8 +437,8 @@ public class ConnectorModalPage extends BaseModalPage {
             }
         };
         String roles = connInstanceTO.getId() == 0
-                ? xmlRolesReader.getAllAllowedRoles("Connectors", "create")
-                : xmlRolesReader.getAllAllowedRoles("Connectors", "update");
+                ? xmlRolesReader.getEntitlement("Connectors", "create")
+                : xmlRolesReader.getEntitlement("Connectors", "update");
         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, roles);
         connectorForm.add(submit);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/DerivedSchemaModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/DerivedSchemaModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/DerivedSchemaModalPage.java
index 5c51154..edda895 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/DerivedSchemaModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/DerivedSchemaModalPage.java
@@ -125,8 +125,8 @@ public class DerivedSchemaModalPage extends AbstractSchemaModalPage {
                 false);
 
         String allowedRoles = createFlag
-                ? xmlRolesReader.getAllAllowedRoles("Schema", "create")
-                : xmlRolesReader.getAllAllowedRoles("Schema", "update");
+                ? xmlRolesReader.getEntitlement("Schema", "create")
+                : xmlRolesReader.getEntitlement("Schema", "update");
 
         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/EditUserModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/EditUserModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/EditUserModalPage.java
index a3a6d45..9132dda 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/EditUserModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/EditUserModalPage.java
@@ -63,7 +63,7 @@ public class EditUserModalPage extends UserModalPage {
             statusPanel = new StatusPanel("statuspanel", userTO, new ArrayList<StatusBean>(), getPageReference());
             statusPanel.setOutputMarkupId(true);
             MetaDataRoleAuthorizationStrategy.authorize(
-                    statusPanel, RENDER, xmlRolesReader.getAllAllowedRoles("Resources", "getConnectorObject"));
+                    statusPanel, RENDER, xmlRolesReader.getEntitlement("Resources", "getConnectorObject"));
             form.addOrReplace(statusPanel);
 
             form.addOrReplace(new AccountInformationPanel("accountinformation", userTO));

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/NotificationModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/NotificationModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/NotificationModalPage.java
index 09d0136..dc043b8 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/NotificationModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/NotificationModalPage.java
@@ -270,8 +270,8 @@ class NotificationModalPage extends BaseModalPage {
         cancel.setDefaultFormProcessing(false);
 
         String allowedRoles = createFlag
-                ? xmlRolesReader.getAllAllowedRoles("Notification", "create")
-                : xmlRolesReader.getAllAllowedRoles("Notification", "update");
+                ? xmlRolesReader.getEntitlement("Notification", "create")
+                : xmlRolesReader.getEntitlement("Notification", "update");
         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 
         form.add(submit);

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
index 548de35..d76400b 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ReportModalPage.java
@@ -161,10 +161,10 @@ public class ReportModalPage extends BaseModalPage {
                 };
 
         if (reportTO.getId() > 0) {
-            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getAllAllowedRoles("Reports",
+            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getEntitlement("Reports",
                     "update"));
         } else {
-            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getAllAllowedRoles("Reports",
+            MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, xmlRolesReader.getEntitlement("Reports",
                     "create"));
         }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/Reports.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/Reports.java b/console/src/main/java/org/apache/syncope/console/pages/Reports.java
index f0e0647..789e37e 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/Reports.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Reports.java
@@ -110,7 +110,7 @@ public class Reports extends BasePage {
         reportContainer = new WebMarkupContainer("reportContainer");
         setWindowClosedCallback(window, reportContainer);
 
-        MetaDataRoleAuthorizationStrategy.authorize(reportContainer, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(reportContainer, RENDER, xmlRolesReader.getEntitlement(
                 "Reports", "list"));
 
         paginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_REPORT_PAGINATOR_ROWS);
@@ -223,7 +223,7 @@ public class Reports extends BasePage {
 
         Form paginatorForm = new Form("paginatorForm");
 
-        MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getAllAllowedRoles("Reports",
+        MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getEntitlement("Reports",
                 "list"));
 
         final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this, "paginatorRows"),
@@ -266,7 +266,7 @@ public class Reports extends BasePage {
             }
         };
 
-        MetaDataRoleAuthorizationStrategy.authorize(createLink, RENDER, xmlRolesReader.getAllAllowedRoles("Reports",
+        MetaDataRoleAuthorizationStrategy.authorize(createLink, RENDER, xmlRolesReader.getEntitlement("Reports",
                 "create"));
 
         add(createLink);
@@ -279,7 +279,7 @@ public class Reports extends BasePage {
         add(auditContainer);
 
         MetaDataRoleAuthorizationStrategy.authorize(
-                auditContainer, RENDER, xmlRolesReader.getAllAllowedRoles("Audit", "list"));
+                auditContainer, RENDER, xmlRolesReader.getEntitlement("Audit", "list"));
 
         final Form form = new Form("auditForm");
         auditContainer.add(form);
@@ -306,15 +306,15 @@ public class Reports extends BasePage {
                     @Override
                     protected String[] getListRoles() {
                         return new String[] {
-                            xmlRolesReader.getAllAllowedRoles("Audit", "list")
+                            xmlRolesReader.getEntitlement("Audit", "list")
                         };
                     }
 
                     @Override
                     protected String[] getChangeRoles() {
                         return new String[] {
-                            xmlRolesReader.getAllAllowedRoles("Audit", "enable"),
-                            xmlRolesReader.getAllAllowedRoles("Audit", "disable")
+                            xmlRolesReader.getEntitlement("Audit", "enable"),
+                            xmlRolesReader.getEntitlement("Audit", "disable")
                         };
                     }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
index 51e1da3..ea58648 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/ResourceModalPage.java
@@ -173,7 +173,7 @@ public class ResourceModalPage extends BaseModalPage {
 
         add(form);
 
-        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Resources",
+        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getEntitlement("Resources",
                 createFlag
                 ? "create"
                 : "update"));

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/Resources.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/Resources.java b/console/src/main/java/org/apache/syncope/console/pages/Resources.java
index 7d11d0b..89aa1ba 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/Resources.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Resources.java
@@ -139,7 +139,7 @@ public class Resources extends BasePage {
                 attributes.getAjaxCallListeners().add(ajaxCallListener);
             }
         };
-        MetaDataRoleAuthorizationStrategy.authorize(reloadLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(reloadLink, ENABLE, xmlRolesReader.getEntitlement(
                 "Connectors", "reload"));
         add(reloadLink);
 
@@ -195,8 +195,7 @@ public class Resources extends BasePage {
 
                         cellItem.add(editConnPanel);
 
-                        MetaDataRoleAuthorizationStrategy.authorize(editConnPanel, ENABLE, xmlRolesReader.
-                                getAllAllowedRoles(
+                        MetaDataRoleAuthorizationStrategy.authorize(editConnPanel, ENABLE, xmlRolesReader.getEntitlement(
                                         "Connectors", "read"));
                     }
                 });
@@ -341,7 +340,7 @@ public class Resources extends BasePage {
                     }
                 };
 
-        MetaDataRoleAuthorizationStrategy.authorize(createResourceLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(createResourceLink, ENABLE, xmlRolesReader.getEntitlement(
                 "Resources", "create"));
 
         add(createResourceLink);
@@ -459,7 +458,7 @@ public class Resources extends BasePage {
         connectorContainer.add(table);
         connectorContainer.setOutputMarkupId(true);
 
-        MetaDataRoleAuthorizationStrategy.authorize(connectorContainer, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(connectorContainer, RENDER, xmlRolesReader.getEntitlement(
                 "Connectors", "list"));
 
         add(connectorContainer);
@@ -499,14 +498,14 @@ public class Resources extends BasePage {
             }
         };
 
-        MetaDataRoleAuthorizationStrategy.authorize(createConnectorLink, ENABLE, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(createConnectorLink, ENABLE, xmlRolesReader.getEntitlement(
                 "Connectors", "create"));
 
         add(createConnectorLink);
 
         Form paginatorForm = new Form("connectorPaginatorForm");
 
-        MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(paginatorForm, RENDER, xmlRolesReader.getEntitlement(
                 "Connectors", "list"));
 
         final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this,

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
index cf16c8c..2495421 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/RoleModalPage.java
@@ -136,7 +136,7 @@ public class RoleModalPage extends BaseModalPage {
 
         cancel.setDefaultFormProcessing(false);
 
-        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getAllAllowedRoles("Roles",
+        MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, xmlRolesReader.getEntitlement("Roles",
                 createFlag
                 ? "create"
                 : "update"));

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/Schema.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/Schema.java b/console/src/main/java/org/apache/syncope/console/pages/Schema.java
index 88c3ace..d66d6e2 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/Schema.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Schema.java
@@ -136,11 +136,11 @@ public class Schema extends BasePage {
     @SpringBean
     private PreferenceManager prefMan;
 
-    private final String allowedCreateRoles = xmlRolesReader.getAllAllowedRoles("Schema", "create");
+    private final String allowedCreateRoles = xmlRolesReader.getEntitlement("Schema", "create");
 
-    private final String allowedReadRoles = xmlRolesReader.getAllAllowedRoles("Schema", "read");
+    private final String allowedReadRoles = xmlRolesReader.getEntitlement("Schema", "read");
 
-    private final String allowedDeleteRoles = xmlRolesReader.getAllAllowedRoles("Schema", "delete");
+    private final String allowedDeleteRoles = xmlRolesReader.getEntitlement("Schema", "delete");
 
     public Schema() {
         super();

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
index 05bd8c1..aedba1d 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/SchemaModalPage.java
@@ -276,8 +276,8 @@ public class SchemaModalPage extends AbstractSchemaModalPage {
         cancel.setDefaultFormProcessing(false);
 
         String allowedRoles = createFlag
-                ? xmlRolesReader.getAllAllowedRoles("Schema", "create")
-                : xmlRolesReader.getAllAllowedRoles("Schema", "update");
+                ? xmlRolesReader.getEntitlement("Schema", "create")
+                : xmlRolesReader.getEntitlement("Schema", "update");
 
         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/StatusModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/StatusModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/StatusModalPage.java
index 6040f70..c2fcf5c 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/StatusModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/StatusModalPage.java
@@ -50,7 +50,7 @@ public class StatusModalPage extends BaseModalPage {
 
         final StatusPanel statusPanel = new StatusPanel("statuspanel", attributable, statuses, null);
         MetaDataRoleAuthorizationStrategy.authorize(
-                statusPanel, RENDER, xmlRolesReader.getAllAllowedRoles("Resources", "getConnectorObject"));
+                statusPanel, RENDER, xmlRolesReader.getEntitlement("Resources", "getConnectorObject"));
         form.add(statusPanel);
 
         final AjaxButton disable;

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/Todo.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/Todo.java b/console/src/main/java/org/apache/syncope/console/pages/Todo.java
index bb0ddbd..06dd6f0 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/Todo.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Todo.java
@@ -105,7 +105,7 @@ public class Todo extends BasePage {
     private void setupApproval() {
         approvalContainer = new WebMarkupContainer("approvalContainer");
 
-        MetaDataRoleAuthorizationStrategy.authorize(approvalContainer, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(approvalContainer, RENDER, xmlRolesReader.getEntitlement(
                 "Approval", "list"));
 
         approvalPaginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_APPROVAL_PAGINATOR_ROWS);
@@ -186,7 +186,7 @@ public class Todo extends BasePage {
 
         Form approvalPaginatorForm = new Form("approvalPaginatorForm");
 
-        MetaDataRoleAuthorizationStrategy.authorize(approvalPaginatorForm, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(approvalPaginatorForm, RENDER, xmlRolesReader.getEntitlement(
                 "Approval", "list"));
 
         final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this,
@@ -220,7 +220,7 @@ public class Todo extends BasePage {
     private void setupUserRequest() {
         userRequestContainer = new WebMarkupContainer("userRequestContainer");
 
-        MetaDataRoleAuthorizationStrategy.authorize(userRequestContainer, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(userRequestContainer, RENDER, xmlRolesReader.getEntitlement(
                 "UserRequest", "list"));
 
         userRequestPaginatorRows = prefMan.getPaginatorRows(getRequest(), Constants.PREF_USER_REQUEST_PAGINATOR_ROWS);
@@ -326,7 +326,7 @@ public class Todo extends BasePage {
 
         Form userRequestPaginatorForm = new Form("userRequestPaginatorForm");
 
-        MetaDataRoleAuthorizationStrategy.authorize(userRequestPaginatorForm, RENDER, xmlRolesReader.getAllAllowedRoles(
+        MetaDataRoleAuthorizationStrategy.authorize(userRequestPaginatorForm, RENDER, xmlRolesReader.getEntitlement(
                 "UserRequest", "list"));
 
         final DropDownChoice rowsChooser = new DropDownChoice("rowsChooser", new PropertyModel(this,

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/UserModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/UserModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/UserModalPage.java
index 2ecaa45..4087266 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/UserModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/UserModalPage.java
@@ -149,8 +149,8 @@ public abstract class UserModalPage extends BaseModalPage {
 
         if (mode == Mode.ADMIN) {
             String allowedRoles = userTO.getId() == 0
-                    ? xmlRolesReader.getAllAllowedRoles("Users", "create")
-                    : xmlRolesReader.getAllAllowedRoles("Users", "update");
+                    ? xmlRolesReader.getEntitlement("Users", "create")
+                    : xmlRolesReader.getEntitlement("Users", "update");
             MetaDataRoleAuthorizationStrategy.authorize(submit, RENDER, allowedRoles);
         }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/Users.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/Users.java b/console/src/main/java/org/apache/syncope/console/pages/Users.java
index 43af342..4a208de 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/Users.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/Users.java
@@ -92,7 +92,7 @@ public class Users extends BasePage {
             }
         };
         MetaDataRoleAuthorizationStrategy.authorize(
-                createLink, ENABLE, xmlRolesReader.getAllAllowedRoles("Users", "create"));
+                createLink, ENABLE, xmlRolesReader.getEntitlement("Users", "create"));
         add(createLink);
 
         setWindowClosedReloadCallback(editModalWin);

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/VirtualSchemaModalPage.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/VirtualSchemaModalPage.java b/console/src/main/java/org/apache/syncope/console/pages/VirtualSchemaModalPage.java
index 63b3a10..a4ab941 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/VirtualSchemaModalPage.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/VirtualSchemaModalPage.java
@@ -111,8 +111,8 @@ public class VirtualSchemaModalPage extends AbstractSchemaModalPage {
         cancel.setDefaultFormProcessing(false);
 
         String allowedRoles = createFlag
-                ? xmlRolesReader.getAllAllowedRoles("Schema", "create")
-                : xmlRolesReader.getAllAllowedRoles("Schema", "update");
+                ? xmlRolesReader.getEntitlement("Schema", "create")
+                : xmlRolesReader.getEntitlement("Schema", "update");
 
         MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, allowedRoles);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java b/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
index ffacdbc..b6f7196 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/PoliciesPanel.java
@@ -223,7 +223,7 @@ public class PoliciesPanel extends Panel {
 
         add(createButton);
 
-        MetaDataRoleAuthorizationStrategy.authorize(createButton, ENABLE, xmlRolesReader.getAllAllowedRoles("Policies",
+        MetaDataRoleAuthorizationStrategy.authorize(createButton, ENABLE, xmlRolesReader.getEntitlement("Policies",
                 "create"));
 
         final Form paginatorForm = new Form("PaginatorForm");

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java b/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
index a3596ea..0b2d623 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/RolePanel.java
@@ -107,7 +107,7 @@ public class RolePanel extends Panel {
                     "statuspanel", builder.roleTO, new ArrayList<StatusBean>(), builder.pageReference);
             statusPanel.setOutputMarkupId(true);
             MetaDataRoleAuthorizationStrategy.authorize(
-                    statusPanel, RENDER, xmlRolesReader.getAllAllowedRoles("Resources", "getConnectorObject"));
+                    statusPanel, RENDER, xmlRolesReader.getEntitlement("Resources", "getConnectorObject"));
             this.add(statusPanel);
         }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/panels/RoleSummaryPanel.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/panels/RoleSummaryPanel.java b/console/src/main/java/org/apache/syncope/console/pages/panels/RoleSummaryPanel.java
index a482224..f468586 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/RoleSummaryPanel.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/RoleSummaryPanel.java
@@ -138,7 +138,7 @@ public class RoleSummaryPanel extends Panel {
 
                         builder.window.show(target);
                     }
-                }, ActionLink.ActionType.CREATE, xmlRolesReader.getAllAllowedRoles("Roles", "create"));
+                }, ActionLink.ActionType.CREATE, xmlRolesReader.getEntitlement("Roles", "create"));
             } else {
                 RoleTabPanel roleTabPanel =
                         new RoleTabPanel("nodeViewPanel", selectedNode, builder.window, builder.callerPageRef);

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/panels/RoleTabPanel.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/panels/RoleTabPanel.java b/console/src/main/java/org/apache/syncope/console/pages/panels/RoleTabPanel.java
index 6eab419..9debde4 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/RoleTabPanel.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/RoleTabPanel.java
@@ -91,7 +91,7 @@ public class RoleTabPanel extends Panel {
 
                 window.show(target);
             }
-        }, ActionLink.ActionType.CREATE, xmlRolesReader.getAllAllowedRoles("Roles", "create"));
+        }, ActionLink.ActionType.CREATE, xmlRolesReader.getEntitlement("Roles", "create"));
         links.addWithRoles(new ActionLink() {
 
             private static final long serialVersionUID = -3722207913631435501L;
@@ -110,7 +110,7 @@ public class RoleTabPanel extends Panel {
 
                 window.show(target);
             }
-        }, ActionLink.ActionType.SEARCH, xmlRolesReader.getAllAllowedRoles("Roles", "update"));
+        }, ActionLink.ActionType.SEARCH, xmlRolesReader.getEntitlement("Roles", "update"));
         links.addWithRoles(new ActionLink() {
 
             private static final long serialVersionUID = -3722207913631435501L;
@@ -131,7 +131,7 @@ public class RoleTabPanel extends Panel {
 
                 window.show(target);
             }
-        }, ActionLink.ActionType.EDIT, xmlRolesReader.getAllAllowedRoles("Roles", "update"));
+        }, ActionLink.ActionType.EDIT, xmlRolesReader.getEntitlement("Roles", "update"));
         links.addWithRoles(new ActionLink() {
 
             private static final long serialVersionUID = -3722207913631435501L;
@@ -159,7 +159,7 @@ public class RoleTabPanel extends Panel {
                     target.add(((Roles) pageRef.getPage()).getFeedbackPanel());
                 }
             }
-        }, ActionLink.ActionType.DELETE, xmlRolesReader.getAllAllowedRoles("Roles", "delete"));
+        }, ActionLink.ActionType.DELETE, xmlRolesReader.getEntitlement("Roles", "delete"));
 
         final Form form = new Form("roleForm");
         form.setModel(new CompoundPropertyModel(selectedNode));

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/panels/SchedTasks.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/panels/SchedTasks.java b/console/src/main/java/org/apache/syncope/console/pages/panels/SchedTasks.java
index 0911bcc..07aa090 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/SchedTasks.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/SchedTasks.java
@@ -142,7 +142,7 @@ public class SchedTasks extends AbstractTasks {
         };
 
         MetaDataRoleAuthorizationStrategy.authorize(
-                createLink, RENDER, xmlRolesReader.getAllAllowedRoles(TASKS, "create"));
+                createLink, RENDER, xmlRolesReader.getEntitlement(TASKS, "create"));
 
         add(createLink);
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/pages/panels/SyncTasks.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/pages/panels/SyncTasks.java b/console/src/main/java/org/apache/syncope/console/pages/panels/SyncTasks.java
index 17609fc..46b8fc9 100644
--- a/console/src/main/java/org/apache/syncope/console/pages/panels/SyncTasks.java
+++ b/console/src/main/java/org/apache/syncope/console/pages/panels/SyncTasks.java
@@ -145,7 +145,7 @@ public class SyncTasks extends AbstractTasks {
         };
 
         MetaDataRoleAuthorizationStrategy.authorize(
-                createLink, RENDER, xmlRolesReader.getAllAllowedRoles(TASKS, "create"));
+                createLink, RENDER, xmlRolesReader.getEntitlement(TASKS, "create"));
 
         add(createLink);
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/wicket/markup/html/form/ActionLinksPanel.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/wicket/markup/html/form/ActionLinksPanel.java b/console/src/main/java/org/apache/syncope/console/wicket/markup/html/form/ActionLinksPanel.java
index a4f9610..e854de1 100644
--- a/console/src/main/java/org/apache/syncope/console/wicket/markup/html/form/ActionLinksPanel.java
+++ b/console/src/main/java/org/apache/syncope/console/wicket/markup/html/form/ActionLinksPanel.java
@@ -70,7 +70,7 @@ public class ActionLinksPanel extends Panel {
     public void add(
             final ActionLink link, final ActionLink.ActionType type, final String pageId, final String actionId) {
 
-        addWithRoles(link, type, xmlRolesReader.getAllAllowedRoles(pageId, actionId), true);
+        addWithRoles(link, type, xmlRolesReader.getEntitlement(pageId, actionId), true);
     }
 
     public void add(
@@ -82,7 +82,7 @@ public class ActionLinksPanel extends Panel {
     public void add(
             final ActionLink link, final ActionLink.ActionType type, final String pageId, final boolean enabled) {
 
-        addWithRoles(link, type, xmlRolesReader.getAllAllowedRoles(pageId, type.getActionId()), enabled);
+        addWithRoles(link, type, xmlRolesReader.getEntitlement(pageId, type.getActionId()), enabled);
     }
 
     public void addWithRoles(

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/java/org/apache/syncope/console/wicket/markup/html/tree/TreeRolePanel.java
----------------------------------------------------------------------
diff --git a/console/src/main/java/org/apache/syncope/console/wicket/markup/html/tree/TreeRolePanel.java b/console/src/main/java/org/apache/syncope/console/wicket/markup/html/tree/TreeRolePanel.java
index 830e31a..d860880 100644
--- a/console/src/main/java/org/apache/syncope/console/wicket/markup/html/tree/TreeRolePanel.java
+++ b/console/src/main/java/org/apache/syncope/console/wicket/markup/html/tree/TreeRolePanel.java
@@ -104,7 +104,7 @@ public class TreeRolePanel extends Panel {
 
         DefaultMutableTreeNodeExpansion.get().expandAll();
 
-        MetaDataRoleAuthorizationStrategy.authorize(tree, ENABLE, xmlRolesReader.getAllAllowedRoles("Roles", "read"));
+        MetaDataRoleAuthorizationStrategy.authorize(tree, ENABLE, xmlRolesReader.getEntitlement("Roles", "read"));
 
         treeContainer.addOrReplace(tree);
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/05d2985a/console/src/main/resources/applicationContext.xml
----------------------------------------------------------------------
diff --git a/console/src/main/resources/applicationContext.xml b/console/src/main/resources/applicationContext.xml
index be37d23..b58640b 100644
--- a/console/src/main/resources/applicationContext.xml
+++ b/console/src/main/resources/applicationContext.xml
@@ -63,10 +63,6 @@ under the License.
     <constructor-arg value="${licenseUrl}"/>
   </bean>
 
-  <bean id="authorizations" class="java.lang.String">
-    <constructor-arg value="authorizations.xml"/>
-  </bean>
-
   <bean id="syncopeApplication" class="org.apache.syncope.console.SyncopeApplication"/>
 
   <bean id="jacksonObjectMapper" class="org.codehaus.jackson.map.ObjectMapper"/>
@@ -133,7 +129,9 @@ under the License.
 
   <bean id="preferenceManager" class="org.apache.syncope.console.commons.PreferenceManager"/>
 
-  <bean id="xmlRolesReader" class="org.apache.syncope.console.commons.XMLRolesReader"/>
+  <bean id="xmlRolesReader" class="org.apache.syncope.console.commons.XMLRolesReader" scope="singleton">
+    <property name="authorizations" value="authorizations.xml"/>
+  </bean>
 
   <bean id="roleTreeBuilder" class="org.apache.syncope.console.commons.RoleTreeBuilder"/>
 


Mime
View raw message