syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [24/40] syncope git commit: [SYNCOPE-119] New security model implemented
Date Tue, 21 Apr 2015 07:49:39 GMT
http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java
index 3067ca5..5f006d0 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java
@@ -30,12 +30,12 @@ import org.apache.syncope.common.lib.types.MatchingRule;
 import org.apache.syncope.common.lib.types.ResourceOperation;
 import org.apache.syncope.common.lib.types.UnmatchingRule;
 import org.apache.syncope.core.persistence.api.dao.NotFoundException;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtils;
 import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
 import org.apache.syncope.core.provisioning.api.AttributableTransformer;
 import org.apache.syncope.core.provisioning.api.propagation.PropagationException;
 import org.apache.syncope.core.provisioning.api.sync.SyncActions;
-import org.apache.syncope.core.misc.security.UnauthorizedGroupException;
+import org.apache.syncope.core.misc.security.UnauthorizedException;
 import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult;
 import org.apache.syncope.core.provisioning.api.sync.SyncopeSyncResultHandler;
 import org.identityconnectors.framework.common.objects.SyncDelta;
@@ -47,12 +47,12 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
         implements SyncopeSyncResultHandler {
 
     @Autowired
-    protected SyncUtilities syncUtilities;
+    protected SyncUtils syncUtilities;
 
     @Autowired
     protected AttributableTransformer attrTransformer;
 
-    protected abstract AttributableUtil getAttributableUtil();
+    protected abstract AttributableUtils getAttributableUtils();
 
     protected abstract String getName(AbstractSubjectTO subjectTO);
 
@@ -83,7 +83,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
         }
     }
 
-    protected List<ProvisioningResult> assign(final SyncDelta delta, final AttributableUtil attrUtil)
+    protected List<ProvisioningResult> assign(final SyncDelta delta, final AttributableUtils attrUtils)
             throws JobExecutionException {
         if (!profile.getTask().isPerformCreate()) {
             LOG.debug("SyncTask not configured for create");
@@ -91,13 +91,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
         }
 
         final AbstractSubjectTO subjectTO =
-                connObjectUtil.getSubjectTO(delta.getObject(), profile.getTask(), attrUtil);
+                connObjectUtils.getSubjectTO(delta.getObject(), profile.getTask(), attrUtils);
 
         subjectTO.getResources().add(profile.getTask().getResource().getKey());
 
         final ProvisioningResult result = new ProvisioningResult();
         result.setOperation(ResourceOperation.CREATE);
-        result.setSubjectType(attrUtil.getType());
+        result.setSubjectType(attrUtils.getType());
         result.setStatus(ProvisioningResult.Status.SUCCESS);
 
         // Attributable transformation (if configured)
@@ -114,13 +114,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 _delta = action.beforeAssign(this.getProfile(), _delta, transformed);
             }
 
-            create(transformed, _delta, attrUtil, UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), result);
+            create(transformed, _delta, attrUtils, UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), result);
         }
 
         return Collections.singletonList(result);
     }
 
-    protected List<ProvisioningResult> create(final SyncDelta delta, final AttributableUtil attrUtil)
+    protected List<ProvisioningResult> create(final SyncDelta delta, final AttributableUtils attrUtils)
             throws JobExecutionException {
 
         if (!profile.getTask().isPerformCreate()) {
@@ -129,7 +129,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
         }
 
         final AbstractSubjectTO subjectTO =
-                connObjectUtil.getSubjectTO(delta.getObject(), profile.getTask(), attrUtil);
+                connObjectUtils.getSubjectTO(delta.getObject(), profile.getTask(), attrUtils);
 
         // Attributable transformation (if configured)
         AbstractSubjectTO transformed = attrTransformer.transform(subjectTO);
@@ -137,7 +137,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
         final ProvisioningResult result = new ProvisioningResult();
         result.setOperation(ResourceOperation.CREATE);
-        result.setSubjectType(attrUtil.getType());
+        result.setSubjectType(attrUtils.getType());
         result.setStatus(ProvisioningResult.Status.SUCCESS);
 
         result.setName(getName(transformed));
@@ -150,7 +150,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 _delta = action.beforeProvision(this.getProfile(), _delta, transformed);
             }
 
-            create(transformed, _delta, attrUtil, UnmatchingRule.toEventName(UnmatchingRule.PROVISION), result);
+            create(transformed, _delta, attrUtils, UnmatchingRule.toEventName(UnmatchingRule.PROVISION), result);
         }
 
         return Collections.<ProvisioningResult>singletonList(result);
@@ -159,7 +159,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
     private void create(
             final AbstractSubjectTO subjectTO,
             final SyncDelta delta,
-            final AttributableUtil attrUtil,
+            final AttributableUtils attrUtils,
             final String operation,
             final ProvisioningResult result)
             throws JobExecutionException {
@@ -179,13 +179,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
         } catch (PropagationException e) {
             // A propagation failure doesn't imply a synchronization failure.
             // The propagation exception status will be reported into the propagation task execution.
-            LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+            LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
             output = e;
             resultStatus = Result.FAILURE;
         } catch (Exception e) {
             result.setStatus(ProvisioningResult.Status.FAILURE);
             result.setMessage(ExceptionUtils.getRootCauseMessage(e));
-            LOG.error("Could not create {} {} ", attrUtil.getType(), delta.getUid().getUidValue(), e);
+            LOG.error("Could not create {} {} ", attrUtils.getType(), delta.getUid().getUidValue(), e);
             output = e;
             resultStatus = Result.FAILURE;
         }
@@ -194,7 +194,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
     }
 
     protected List<ProvisioningResult> update(SyncDelta delta, final List<Long> subjects,
-            final AttributableUtil attrUtil)
+            final AttributableUtils attrUtils)
             throws JobExecutionException {
 
         if (!profile.getTask().isPerformUpdate()) {
@@ -211,14 +211,14 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
             final ProvisioningResult result = new ProvisioningResult();
             result.setOperation(ResourceOperation.UPDATE);
-            result.setSubjectType(attrUtil.getType());
+            result.setSubjectType(attrUtils.getType());
             result.setStatus(ProvisioningResult.Status.SUCCESS);
             result.setId(key);
 
             AbstractSubjectTO before = getSubjectTO(key);
             if (before == null) {
                 result.setStatus(ProvisioningResult.Status.FAILURE);
-                result.setMessage(String.format("Subject '%s(%d)' not found", attrUtil.getType().name(), key));
+                result.setMessage(String.format("Subject '%s(%d)' not found", attrUtils.getType().name(), key));
             } else {
                 result.setName(getName(before));
             }
@@ -250,17 +250,17 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                         output = updated;
                         resultStatus = Result.SUCCESS;
                         result.setName(getName(updated));
-                        LOG.debug("{} {} successfully updated", attrUtil.getType(), key);
+                        LOG.debug("{} {} successfully updated", attrUtils.getType(), key);
                     } catch (PropagationException e) {
                         // A propagation failure doesn't imply a synchronization failure.
                         // The propagation exception status will be reported into the propagation task execution.
-                        LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+                        LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
                         output = e;
                         resultStatus = Result.FAILURE;
                     } catch (Exception e) {
                         result.setStatus(ProvisioningResult.Status.FAILURE);
                         result.setMessage(ExceptionUtils.getRootCauseMessage(e));
-                        LOG.error("Could not update {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+                        LOG.error("Could not update {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
                         output = e;
                         resultStatus = Result.FAILURE;
                     }
@@ -275,7 +275,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
     protected List<ProvisioningResult> deprovision(
             SyncDelta delta,
             final List<Long> subjects,
-            final AttributableUtil attrUtil,
+            final AttributableUtils attrUtils,
             final boolean unlink)
             throws JobExecutionException {
 
@@ -296,7 +296,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
             final ProvisioningResult result = new ProvisioningResult();
             result.setOperation(ResourceOperation.DELETE);
-            result.setSubjectType(attrUtil.getType());
+            result.setSubjectType(attrUtils.getType());
             result.setStatus(ProvisioningResult.Status.SUCCESS);
             result.setId(id);
 
@@ -304,7 +304,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
             if (before == null) {
                 result.setStatus(ProvisioningResult.Status.FAILURE);
-                result.setMessage(String.format("Subject '%s(%d)' not found", attrUtil.getType().name(), id));
+                result.setMessage(String.format("Subject '%s(%d)' not found", attrUtils.getType().name(), id));
             }
 
             if (!profile.isDryRun()) {
@@ -333,17 +333,17 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                         }
 
                         resultStatus = Result.SUCCESS;
-                        LOG.debug("{} {} successfully updated", attrUtil.getType(), id);
+                        LOG.debug("{} {} successfully updated", attrUtils.getType(), id);
                     } catch (PropagationException e) {
                         // A propagation failure doesn't imply a synchronization failure.
                         // The propagation exception status will be reported into the propagation task execution.
-                        LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+                        LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
                         output = e;
                         resultStatus = Result.FAILURE;
                     } catch (Exception e) {
                         result.setStatus(ProvisioningResult.Status.FAILURE);
                         result.setMessage(ExceptionUtils.getRootCauseMessage(e));
-                        LOG.error("Could not update {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+                        LOG.error("Could not update {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
                         output = e;
                         resultStatus = Result.FAILURE;
                     }
@@ -361,7 +361,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
     protected List<ProvisioningResult> link(
             SyncDelta delta,
             final List<Long> subjects,
-            final AttributableUtil attrUtil,
+            final AttributableUtils attrUtils,
             final boolean unlink)
             throws JobExecutionException {
 
@@ -382,7 +382,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
             final ProvisioningResult result = new ProvisioningResult();
             result.setOperation(ResourceOperation.NONE);
-            result.setSubjectType(attrUtil.getType());
+            result.setSubjectType(attrUtils.getType());
             result.setStatus(ProvisioningResult.Status.SUCCESS);
             result.setId(id);
 
@@ -390,7 +390,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
             if (before == null) {
                 result.setStatus(ProvisioningResult.Status.FAILURE);
-                result.setMessage(String.format("Subject '%s(%d)' not found", attrUtil.getType().name(), id));
+                result.setMessage(String.format("Subject '%s(%d)' not found", attrUtils.getType().name(), id));
             }
 
             if (!profile.isDryRun()) {
@@ -418,17 +418,17 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                         }
 
                         resultStatus = Result.SUCCESS;
-                        LOG.debug("{} {} successfully updated", attrUtil.getType(), id);
+                        LOG.debug("{} {} successfully updated", attrUtils.getType(), id);
                     } catch (PropagationException e) {
                         // A propagation failure doesn't imply a synchronization failure.
                         // The propagation exception status will be reported into the propagation task execution.
-                        LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+                        LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
                         output = e;
                         resultStatus = Result.FAILURE;
                     } catch (Exception e) {
                         result.setStatus(ProvisioningResult.Status.FAILURE);
                         result.setMessage(ExceptionUtils.getRootCauseMessage(e));
-                        LOG.error("Could not update {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e);
+                        LOG.error("Could not update {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e);
                         output = e;
                         resultStatus = Result.FAILURE;
                     }
@@ -443,7 +443,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
     }
 
     protected List<ProvisioningResult> delete(
-            SyncDelta delta, final List<Long> subjects, final AttributableUtil attrUtil)
+            SyncDelta delta, final List<Long> subjects, final AttributableUtils attrUtils)
             throws JobExecutionException {
 
         if (!profile.getTask().isPerformDelete()) {
@@ -468,7 +468,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 result.setId(id);
                 result.setName(getName(before));
                 result.setOperation(ResourceOperation.DELETE);
-                result.setSubjectType(attrUtil.getType());
+                result.setSubjectType(attrUtils.getType());
                 result.setStatus(ProvisioningResult.Status.SUCCESS);
 
                 if (!profile.isDryRun()) {
@@ -483,7 +483,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                     } catch (Exception e) {
                         result.setStatus(ProvisioningResult.Status.FAILURE);
                         result.setMessage(ExceptionUtils.getRootCauseMessage(e));
-                        LOG.error("Could not delete {} {}", attrUtil.getType(), id, e);
+                        LOG.error("Could not delete {} {}", attrUtils.getType(), id, e);
                         output = e;
                     }
 
@@ -497,18 +497,18 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 delResults.add(result);
 
             } catch (NotFoundException e) {
-                LOG.error("Could not find {} {}", attrUtil.getType(), id, e);
-            } catch (UnauthorizedGroupException e) {
-                LOG.error("Not allowed to read {} {}", attrUtil.getType(), id, e);
+                LOG.error("Could not find {} {}", attrUtils.getType(), id, e);
+            } catch (UnauthorizedException e) {
+                LOG.error("Not allowed to read {} {}", attrUtils.getType(), id, e);
             } catch (Exception e) {
-                LOG.error("Could not delete {} {}", attrUtil.getType(), id, e);
+                LOG.error("Could not delete {} {}", attrUtils.getType(), id, e);
             }
         }
 
         return delResults;
     }
 
-    private List<ProvisioningResult> ignore(SyncDelta delta, final AttributableUtil attrUtil, final boolean matching)
+    private List<ProvisioningResult> ignore(SyncDelta delta, final AttributableUtils attrUtils, final boolean matching)
             throws JobExecutionException {
 
         LOG.debug("Subject to ignore {}", delta.getObject().getUid().getUidValue());
@@ -519,7 +519,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
         result.setId(null);
         result.setName(delta.getObject().getUid().getUidValue());
         result.setOperation(ResourceOperation.NONE);
-        result.setSubjectType(attrUtil.getType());
+        result.setSubjectType(attrUtils.getType());
         result.setStatus(ProvisioningResult.Status.SUCCESS);
         ignoreResults.add(result);
 
@@ -541,7 +541,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
     protected final void doHandle(final SyncDelta delta)
             throws JobExecutionException {
 
-        final AttributableUtil attrUtil = getAttributableUtil();
+        final AttributableUtils attrUtils = getAttributableUtils();
 
         LOG.debug("Process {} for {} as {}",
                 delta.getDeltaType(), delta.getUid().getUidValue(), delta.getObject().getObjectClass());
@@ -552,7 +552,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
 
         try {
             List<Long> subjectKeys = syncUtilities.findExisting(
-                    uid, delta.getObject(), profile.getTask().getResource(), attrUtil);
+                    uid, delta.getObject(), profile.getTask().getResource(), attrUtils);
 
             if (subjectKeys.size() > 1) {
                 switch (profile.getResAct()) {
@@ -576,13 +576,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 if (subjectKeys.isEmpty()) {
                     switch (profile.getTask().getUnmatchingRule()) {
                         case ASSIGN:
-                            profile.getResults().addAll(assign(delta, attrUtil));
+                            profile.getResults().addAll(assign(delta, attrUtils));
                             break;
                         case PROVISION:
-                            profile.getResults().addAll(create(delta, attrUtil));
+                            profile.getResults().addAll(create(delta, attrUtils));
                             break;
                         case IGNORE:
-                            profile.getResults().addAll(ignore(delta, attrUtil, false));
+                            profile.getResults().addAll(ignore(delta, attrUtils, false));
                             break;
                         default:
                         // do nothing
@@ -590,22 +590,22 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 } else {
                     switch (profile.getTask().getMatchingRule()) {
                         case UPDATE:
-                            profile.getResults().addAll(update(delta, subjectKeys, attrUtil));
+                            profile.getResults().addAll(update(delta, subjectKeys, attrUtils));
                             break;
                         case DEPROVISION:
-                            profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtil, false));
+                            profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtils, false));
                             break;
                         case UNASSIGN:
-                            profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtil, true));
+                            profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtils, true));
                             break;
                         case LINK:
-                            profile.getResults().addAll(link(delta, subjectKeys, attrUtil, false));
+                            profile.getResults().addAll(link(delta, subjectKeys, attrUtils, false));
                             break;
                         case UNLINK:
-                            profile.getResults().addAll(link(delta, subjectKeys, attrUtil, true));
+                            profile.getResults().addAll(link(delta, subjectKeys, attrUtils, true));
                             break;
                         case IGNORE:
-                            profile.getResults().addAll(ignore(delta, attrUtil, true));
+                            profile.getResults().addAll(ignore(delta, attrUtils, true));
                             break;
                         default:
                         // do nothing
@@ -615,7 +615,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 if (subjectKeys.isEmpty()) {
                     LOG.debug("No match found for deletion");
                 } else {
-                    profile.getResults().addAll(delete(delta, subjectKeys, attrUtil));
+                    profile.getResults().addAll(delete(delta, subjectKeys, attrUtils));
                 }
             }
         } catch (IllegalStateException | IllegalArgumentException e) {
@@ -630,9 +630,8 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
             final Object output,
             final Object... input) {
 
-        notificationManager.createTasks(
-                AuditElements.EventCategoryType.SYNCHRONIZATION,
-                getAttributableUtil().getType().name().toLowerCase(),
+        notificationManager.createTasks(AuditElements.EventCategoryType.SYNCHRONIZATION,
+                getAttributableUtils().getType().name().toLowerCase(),
                 profile.getTask().getResource().getKey(),
                 event,
                 result,
@@ -640,9 +639,8 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan
                 output,
                 input);
 
-        auditManager.audit(
-                AuditElements.EventCategoryType.SYNCHRONIZATION,
-                getAttributableUtil().getType().name().toLowerCase(),
+        auditManager.audit(AuditElements.EventCategoryType.SYNCHRONIZATION,
+                getAttributableUtils().getType().name().toLowerCase(),
                 profile.getTask().getResource().getKey(),
                 event,
                 result,

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java
index ec33571..d07ad34 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java
@@ -20,7 +20,7 @@ package org.apache.syncope.core.provisioning.java.sync;
 
 import org.apache.syncope.core.persistence.api.dao.GroupDAO;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtilsFactory;
 import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask;
 import org.apache.syncope.core.provisioning.api.GroupProvisioningManager;
 import org.apache.syncope.core.provisioning.api.data.GroupDataBinder;
@@ -32,7 +32,7 @@ import org.apache.syncope.core.provisioning.api.sync.ProvisioningActions;
 import org.apache.syncope.core.provisioning.api.sync.ProvisioningProfile;
 import org.apache.syncope.core.provisioning.api.sync.SyncopeResultHandler;
 import org.apache.syncope.core.misc.AuditManager;
-import org.apache.syncope.core.misc.ConnObjectUtil;
+import org.apache.syncope.core.misc.ConnObjectUtils;
 import org.apache.syncope.core.provisioning.api.notification.NotificationManager;
 import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter;
 import org.apache.syncope.core.workflow.api.UserWorkflowAdapter;
@@ -55,10 +55,10 @@ public abstract class AbstractSyncopeResultHandler<T extends ProvisioningTask, A
     protected GroupDAO groupDAO;
 
     /**
-     * ConnectorObject util.
+     * ConnectorObject utils.
      */
     @Autowired
-    protected ConnObjectUtil connObjectUtil;
+    protected ConnObjectUtils connObjectUtils;
 
     /**
      * Notification Manager.
@@ -97,10 +97,10 @@ public abstract class AbstractSyncopeResultHandler<T extends ProvisioningTask, A
     protected GroupWorkflowAdapter gwfAdapter;
 
     @Autowired
-    protected UserDataBinder userTransfer;
+    protected UserDataBinder userDataBinder;
 
     @Autowired
-    protected GroupDataBinder groupTransfer;
+    protected GroupDataBinder groupDataBinder;
 
     @Autowired
     protected UserProvisioningManager userProvisioningManager;
@@ -109,7 +109,7 @@ public abstract class AbstractSyncopeResultHandler<T extends ProvisioningTask, A
     protected GroupProvisioningManager groupProvisioningManager;
 
     @Autowired
-    protected AttributableUtilFactory attrUtilFactory;
+    protected AttributableUtilsFactory attrUtilsFactory;
 
     /**
      * Sync profile.

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java
index 66d8efa..c38e5d6 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupPushResultHandlerImpl.java
@@ -27,7 +27,7 @@ import org.apache.syncope.common.lib.to.GroupTO;
 import org.apache.syncope.common.lib.types.AttributableType;
 import org.apache.syncope.common.lib.types.PropagationByResource;
 import org.apache.syncope.common.lib.types.ResourceOperation;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtils;
 import org.apache.syncope.core.persistence.api.entity.Mapping;
 import org.apache.syncope.core.persistence.api.entity.MappingItem;
 import org.apache.syncope.core.persistence.api.entity.Subject;
@@ -41,25 +41,25 @@ import org.identityconnectors.framework.common.objects.Uid;
 public class GroupPushResultHandlerImpl extends AbstractPushResultHandler implements GroupPushResultHandler {
 
     @Override
-    protected AttributableUtil getAttributableUtil() {
-        return attrUtilFactory.getInstance(AttributableType.GROUP);
+    protected AttributableUtils getAttributableUtils() {
+        return attrUtilsFactory.getInstance(AttributableType.GROUP);
     }
 
     @Override
     protected Subject<?, ?, ?> deprovision(final Subject<?, ?, ?> sbj) {
-        final GroupTO before = groupTransfer.getGroupTO(Group.class.cast(sbj));
+        final GroupTO before = groupDataBinder.getGroupTO(Group.class.cast(sbj));
 
         final List<String> noPropResources = new ArrayList<>(before.getResources());
         noPropResources.remove(profile.getTask().getResource().getKey());
 
-        taskExecutor.execute(propagationManager.getGroupDeleteTaskIds(before.getKey(), noPropResources));
+        taskExecutor.execute(propagationManager.getGroupDeleteTasks(before.getKey(), noPropResources));
 
         return groupDAO.authFetch(before.getKey());
     }
 
     @Override
     protected Subject<?, ?, ?> provision(final Subject<?, ?, ?> sbj, final Boolean enabled) {
-        final GroupTO before = groupTransfer.getGroupTO(Group.class.cast(sbj));
+        final GroupTO before = groupDataBinder.getGroupTO(Group.class.cast(sbj));
 
         final List<String> noPropResources = new ArrayList<>(before.getResources());
         noPropResources.remove(profile.getTask().getResource().getKey());
@@ -67,7 +67,7 @@ public class GroupPushResultHandlerImpl extends AbstractPushResultHandler implem
         final PropagationByResource propByRes = new PropagationByResource();
         propByRes.add(ResourceOperation.CREATE, profile.getTask().getResource().getKey());
 
-        taskExecutor.execute(propagationManager.getGroupCreateTaskIds(
+        taskExecutor.execute(propagationManager.getGroupCreateTasks(
                 before.getKey(),
                 Collections.unmodifiableCollection(before.getVirAttrs()),
                 propByRes,
@@ -118,7 +118,7 @@ public class GroupPushResultHandlerImpl extends AbstractPushResultHandler implem
     @Override
     protected AbstractSubjectTO getSubjectTO(final long key) {
         try {
-            return groupTransfer.getGroupTO(key);
+            return groupDataBinder.getGroupTO(key);
         } catch (Exception e) {
             LOG.warn("Error retrieving user {}", key, e);
             return null;

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java
index b52cc0c..36e3215 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java
@@ -30,7 +30,7 @@ import org.apache.syncope.common.lib.to.AbstractSubjectTO;
 import org.apache.syncope.common.lib.to.PropagationStatus;
 import org.apache.syncope.common.lib.to.GroupTO;
 import org.apache.syncope.common.lib.types.AttributableType;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtils;
 import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult;
 import org.apache.syncope.core.provisioning.api.sync.GroupSyncResultHandler;
 import org.identityconnectors.framework.common.objects.SyncDelta;
@@ -45,8 +45,8 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
     }
 
     @Override
-    protected AttributableUtil getAttributableUtil() {
-        return attrUtilFactory.getInstance(AttributableType.GROUP);
+    protected AttributableUtils getAttributableUtils() {
+        return attrUtilsFactory.getInstance(AttributableType.GROUP);
     }
 
     @Override
@@ -57,7 +57,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
     @Override
     protected AbstractSubjectTO getSubjectTO(final long key) {
         try {
-            return groupTransfer.getGroupTO(key);
+            return groupDataBinder.getGroupTO(key);
         } catch (Exception e) {
             LOG.warn("Error retrieving group {}", key, e);
             return null;
@@ -68,12 +68,12 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
     protected AbstractSubjectMod getSubjectMod(
             final AbstractSubjectTO subjectTO, final SyncDelta delta) {
 
-        return connObjectUtil.getAttributableMod(
+        return connObjectUtils.getAttributableMod(
                 subjectTO.getKey(),
                 delta.getObject(),
                 subjectTO,
                 profile.getTask(),
-                attrUtilFactory.getInstance(AttributableType.GROUP));
+                attrUtilsFactory.getInstance(AttributableType.GROUP));
     }
 
     @Override
@@ -85,7 +85,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
         Map.Entry<Long, List<PropagationStatus>> created = groupProvisioningManager.create(groupTO, groupOwnerMap,
                 Collections.singleton(profile.getTask().getResource().getKey()));
 
-        groupTO = groupTransfer.getGroupTO(created.getKey());
+        groupTO = groupDataBinder.getGroupTO(created.getKey());
 
         result.setId(created.getKey());
         result.setName(getName(subjectTO));
@@ -108,7 +108,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
             groupMod.getResourcesToAdd().add(profile.getTask().getResource().getKey());
         }
 
-        return groupTransfer.getGroupTO(gwfAdapter.update(groupMod).getResult());
+        return groupDataBinder.getGroupTO(gwfAdapter.update(groupMod).getResult());
     }
 
     @Override
@@ -133,7 +133,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
             groupOwnerMap.put(updated.getKey(), groupOwner);
         }
 
-        final GroupTO after = groupTransfer.getGroupTO(updated.getKey());
+        final GroupTO after = groupDataBinder.getGroupTO(updated.getKey());
 
         result.setName(getName(after));
 
@@ -143,7 +143,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
     @Override
     protected void deprovision(final Long id, final boolean unlink) {
         taskExecutor.execute(
-                propagationManager.getGroupDeleteTaskIds(id, profile.getTask().getResource().getKey()));
+                propagationManager.getGroupDeleteTasks(id, profile.getTask().getResource().getKey()));
 
         if (unlink) {
             final UserMod userMod = new UserMod();
@@ -156,7 +156,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem
     protected void delete(final Long id) {
         try {
             taskExecutor.execute(
-                    propagationManager.getGroupDeleteTaskIds(id, profile.getTask().getResource().getKey()));
+                    propagationManager.getGroupDeleteTasks(id, profile.getTask().getResource().getKey()));
         } catch (Exception e) {
             // A propagation failure doesn't imply a synchronization failure.
             // The propagation exception status will be reported into the propagation task execution.

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java
index 526b494..fc68ec0 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java
@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.Map;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.Predicate;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.mod.AbstractSubjectMod;
 import org.apache.syncope.common.lib.mod.MembershipMod;
 import org.apache.syncope.common.lib.mod.UserMod;
@@ -87,7 +88,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions {
     private AuditManager auditManager;
 
     @Autowired
-    private SyncUtilities syncUtilities;
+    private SyncUtils syncUtilities;
 
     protected Map<Long, Long> membersBeforeGroupUpdate = Collections.<Long, Long>emptyMap();
 
@@ -205,12 +206,12 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions {
 
         Result result;
 
-        WorkflowResult<Map.Entry<UserMod, Boolean>> updated = null;
+        WorkflowResult<Pair<UserMod, Boolean>> updated = null;
 
         try {
             updated = uwfAdapter.update(userMod);
 
-            List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(
+            List<PropagationTask> tasks = propagationManager.getUserUpdateTasks(
                     updated, false, Collections.singleton(resourceName));
 
             taskExecutor.execute(tasks);

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java
index 5716eb7..7bec3af 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java
@@ -20,10 +20,9 @@ package org.apache.syncope.core.provisioning.java.sync;
 
 import java.util.Collections;
 import java.util.List;
-import java.util.Set;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.common.lib.SyncopeConstants;
 import org.apache.syncope.common.lib.types.SubjectType;
-import org.apache.syncope.core.persistence.api.GroupEntitlementUtil;
 import org.apache.syncope.core.persistence.api.dao.GroupDAO;
 import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
@@ -83,8 +82,6 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions>
             final boolean dryRun) throws JobExecutionException {
         LOG.debug("Execute synchronization (push) with resource {}", pushTask.getResource());
 
-        final Set<Long> authorizations = GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll());
-
         final ProvisioningProfile<PushTask, PushActions> profile = new ProvisioningProfile<>(connector, pushTask);
         if (actions != null) {
             profile.getActions().addAll(actions);
@@ -109,9 +106,13 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions>
         }
 
         if (uMapping != null) {
-            final int count = userDAO.count(authorizations);
+            final int count = userDAO.count(SyncopeConstants.FULL_ADMIN_REALMS);
             for (int page = 1; page <= (count / PAGE_SIZE) + 1; page++) {
-                final List<User> localUsers = getUsers(authorizations, pushTask, page);
+                final List<User> localUsers = StringUtils.isBlank(pushTask.getUserFilter())
+                        ? userDAO.findAll(SyncopeConstants.FULL_ADMIN_REALMS, page, PAGE_SIZE)
+                        : searchDAO.<User>search(SyncopeConstants.FULL_ADMIN_REALMS,
+                                SearchCondConverter.convert(pushTask.getUserFilter()),
+                                Collections.<OrderByClause>emptyList(), SubjectType.USER);
 
                 for (User localUser : localUsers) {
                     try {
@@ -126,15 +127,22 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions>
         }
 
         if (rMapping != null) {
-            final List<Group> localGroups = geGroups(authorizations, pushTask);
-
-            for (Group localGroup : localGroups) {
-                try {
-                    // group propagation
-                    rhandler.handle(localGroup.getKey());
-                } catch (Exception e) {
-                    LOG.warn("Failure pushing group '{}' on '{}'", localGroup, pushTask.getResource(), e);
-                    throw new JobExecutionException("While pushing groups on connector", e);
+            final int count = groupDAO.count(SyncopeConstants.FULL_ADMIN_REALMS);
+            for (int page = 1; page <= (count / PAGE_SIZE) + 1; page++) {
+                final List<Group> localGroups = StringUtils.isBlank(pushTask.getGroupFilter())
+                        ? groupDAO.findAll(SyncopeConstants.FULL_ADMIN_REALMS, page, PAGE_SIZE)
+                        : searchDAO.<Group>search(SyncopeConstants.FULL_ADMIN_REALMS,
+                                SearchCondConverter.convert(pushTask.getGroupFilter()),
+                                Collections.<OrderByClause>emptyList(), SubjectType.GROUP);
+
+                for (Group localGroup : localGroups) {
+                    try {
+                        // group propagation
+                        rhandler.handle(localGroup.getKey());
+                    } catch (Exception e) {
+                        LOG.warn("Failure pushing group '{}' on '{}'", localGroup, pushTask.getResource(), e);
+                        throw new JobExecutionException("While pushing groups on connector", e);
+                    }
                 }
             }
         }
@@ -151,25 +159,4 @@ public class PushJobImpl extends AbstractProvisioningJob<PushTask, PushActions>
 
         return result;
     }
-
-    private List<User> getUsers(final Set<Long> authorizations, final PushTask pushTask, final int page) {
-        final String filter = pushTask.getUserFilter();
-        if (StringUtils.isBlank(filter)) {
-            return userDAO.findAll(authorizations, page, PAGE_SIZE);
-        } else {
-            return searchDAO.<User>search(
-                    authorizations, SearchCondConverter.convert(filter),
-                    Collections.<OrderByClause>emptyList(), SubjectType.USER);
-        }
-    }
-
-    private List<Group> geGroups(final Set<Long> authorizations, final PushTask pushTask) {
-        final String filter = pushTask.getGroupFilter();
-        if (StringUtils.isBlank(filter)) {
-            return groupDAO.findAll();
-        } else {
-            return searchDAO.<Group>search(authorizations, SearchCondConverter.convert(filter),
-                    Collections.<OrderByClause>emptyList(), SubjectType.GROUP);
-        }
-    }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java
index 9b49d6a..28cd5b4 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java
@@ -25,7 +25,6 @@ import org.apache.syncope.common.lib.mod.GroupMod;
 import org.apache.syncope.common.lib.types.SyncPolicySpec;
 import org.apache.syncope.core.persistence.api.dao.NotFoundException;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.SyncPolicy;
 import org.apache.syncope.core.persistence.api.entity.group.GMapping;
 import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask;
 import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
@@ -33,7 +32,7 @@ import org.apache.syncope.core.persistence.api.entity.user.UMapping;
 import org.apache.syncope.core.provisioning.api.Connector;
 import org.apache.syncope.core.provisioning.api.sync.ProvisioningProfile;
 import org.apache.syncope.core.provisioning.api.sync.SyncActions;
-import org.apache.syncope.core.misc.security.UnauthorizedGroupException;
+import org.apache.syncope.core.misc.security.UnauthorizedException;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.provisioning.api.job.SyncJob;
 import org.apache.syncope.core.provisioning.api.sync.GroupSyncResultHandler;
@@ -60,10 +59,10 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions>
     private GroupWorkflowAdapter gwfAdapter;
 
     @Autowired
-    protected SyncUtilities syncUtilities;
+    protected SyncUtils syncUtilities;
 
     protected void setGroupOwners(final GroupSyncResultHandler rhandler)
-            throws UnauthorizedGroupException, NotFoundException {
+            throws UnauthorizedException, NotFoundException {
 
         for (Map.Entry<Long, String> entry : rhandler.getGroupOwnerMap().entrySet()) {
             GroupMod groupMod = new GroupMod();
@@ -193,7 +192,7 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions>
             }
         }
 
-        final String result = createReport(profile.getResults(), syncTask.getResource().getSyncTraceLevel(), dryRun);
+        String result = createReport(profile.getResults(), syncTask.getResource().getSyncTraceLevel(), dryRun);
 
         LOG.debug("Sync result: {}", result);
 
@@ -204,11 +203,9 @@ public class SyncJobImpl extends AbstractProvisioningJob<SyncTask, SyncActions>
         SyncPolicySpec syncPolicySpec;
 
         if (task instanceof SyncTask) {
-            final SyncPolicy syncPolicy = task.getResource().getSyncPolicy() == null
-                    ? policyDAO.getGlobalSyncPolicy()
-                    : task.getResource().getSyncPolicy();
-
-            syncPolicySpec = syncPolicy == null ? null : syncPolicy.getSpecification(SyncPolicySpec.class);
+            syncPolicySpec = task.getResource().getSyncPolicy() == null
+                    ? null
+                    : task.getResource().getSyncPolicy().getSpecification(SyncPolicySpec.class);
         } else {
             syncPolicySpec = null;
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java
deleted file mode 100644
index 7f89474..0000000
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java
+++ /dev/null
@@ -1,419 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.provisioning.java.sync;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.lib.types.AttributableType;
-import org.apache.syncope.common.lib.types.MappingPurpose;
-import org.apache.syncope.common.lib.types.SubjectType;
-import org.apache.syncope.common.lib.types.SyncPolicySpec;
-import org.apache.syncope.core.persistence.api.GroupEntitlementUtil;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException;
-import org.apache.syncope.core.persistence.api.dao.EntitlementDAO;
-import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO;
-import org.apache.syncope.core.persistence.api.dao.PolicyDAO;
-import org.apache.syncope.core.persistence.api.dao.GroupDAO;
-import org.apache.syncope.core.persistence.api.dao.SubjectDAO;
-import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO;
-import org.apache.syncope.core.persistence.api.dao.UserDAO;
-import org.apache.syncope.core.persistence.api.dao.search.AttributeCond;
-import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
-import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
-import org.apache.syncope.core.persistence.api.dao.search.SubjectCond;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory;
-import org.apache.syncope.core.persistence.api.entity.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.MappingItem;
-import org.apache.syncope.core.persistence.api.entity.PlainAttrValue;
-import org.apache.syncope.core.persistence.api.entity.PlainSchema;
-import org.apache.syncope.core.persistence.api.entity.Subject;
-import org.apache.syncope.core.persistence.api.entity.SyncPolicy;
-import org.apache.syncope.core.persistence.api.entity.group.Group;
-import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask;
-import org.apache.syncope.core.persistence.api.entity.user.UDerAttr;
-import org.apache.syncope.core.persistence.api.entity.user.UPlainAttr;
-import org.apache.syncope.core.persistence.api.entity.user.UVirAttr;
-import org.apache.syncope.core.persistence.api.entity.user.User;
-import org.apache.syncope.core.provisioning.api.Connector;
-import org.apache.syncope.core.provisioning.api.sync.SyncCorrelationRule;
-import org.identityconnectors.framework.common.objects.Attribute;
-import org.identityconnectors.framework.common.objects.AttributeUtil;
-import org.identityconnectors.framework.common.objects.ConnectorObject;
-import org.identityconnectors.framework.common.objects.Name;
-import org.identityconnectors.framework.common.objects.ObjectClass;
-import org.identityconnectors.framework.common.objects.OperationalAttributes;
-import org.identityconnectors.framework.common.objects.filter.EqualsFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-@Component
-public class SyncUtilities {
-
-    /**
-     * Logger.
-     */
-    protected static final Logger LOG = LoggerFactory.getLogger(SyncUtilities.class);
-
-    /**
-     * Policy DAO.
-     */
-    @Autowired
-    protected PolicyDAO policyDAO;
-
-    /**
-     * Entitlement DAO.
-     */
-    @Autowired
-    protected EntitlementDAO entitlementDAO;
-
-    /**
-     * Schema DAO.
-     */
-    @Autowired
-    protected PlainSchemaDAO plainSchemaDAO;
-
-    /**
-     * User DAO.
-     */
-    @Autowired
-    protected UserDAO userDAO;
-
-    /**
-     * Group DAO.
-     */
-    @Autowired
-    protected GroupDAO groupDAO;
-
-    /**
-     * Search DAO.
-     */
-    @Autowired
-    protected SubjectSearchDAO searchDAO;
-
-    @Autowired
-    protected AttributableUtilFactory attrUtilFactory;
-
-    public Long findMatchingAttributableKey(
-            final ObjectClass oclass,
-            final String name,
-            final ExternalResource resource,
-            final Connector connector) {
-
-        Long result = null;
-
-        final AttributableUtil attrUtil = attrUtilFactory.getInstance(oclass);
-
-        final List<ConnectorObject> found = connector.search(oclass,
-                new EqualsFilter(new Name(name)), connector.getOperationOptions(
-                        attrUtil.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION)));
-
-        if (found.isEmpty()) {
-            LOG.debug("No {} found on {} with __NAME__ {}", oclass, resource, name);
-        } else {
-            if (found.size() > 1) {
-                LOG.warn("More than one {} found on {} with __NAME__ {} - taking first only", oclass, resource, name);
-            }
-
-            ConnectorObject connObj = found.iterator().next();
-            try {
-                List<Long> subjectKeys = findExisting(connObj.getUid().getUidValue(), connObj, resource, attrUtil);
-                if (subjectKeys.isEmpty()) {
-                    LOG.debug("No matching {} found for {}, aborting", attrUtil.getType(), connObj);
-                } else {
-                    if (subjectKeys.size() > 1) {
-                        LOG.warn("More than one {} found {} - taking first only", attrUtil.getType(), subjectKeys);
-                    }
-
-                    result = subjectKeys.iterator().next();
-                }
-            } catch (IllegalArgumentException e) {
-                LOG.warn(e.getMessage());
-            }
-        }
-
-        return result;
-    }
-
-    private SubjectDAO<?, ?, ?> getSubjectDAO(final MappingItem accountIdItem) {
-        return AttributableType.USER == accountIdItem.getIntMappingType().getAttributableType() ? userDAO : groupDAO;
-    }
-
-    private List<Long> findByAccountIdItem(
-            final String uid, final ExternalResource resource, final AttributableUtil attrUtil) {
-        final List<Long> result = new ArrayList<>();
-
-        final MappingItem accountIdItem = attrUtil.getAccountIdItem(resource);
-        switch (accountIdItem.getIntMappingType()) {
-            case UserPlainSchema:
-            case GroupPlainSchema:
-                final PlainAttrValue value = attrUtil.newPlainAttrValue();
-
-                PlainSchema schema = plainSchemaDAO.find(accountIdItem.getIntAttrName(), attrUtil.plainSchemaClass());
-                if (schema == null) {
-                    value.setStringValue(uid);
-                } else {
-                    try {
-                        value.parseValue(schema, uid);
-                    } catch (ParsingValidationException e) {
-                        LOG.error("While parsing provided __UID__ {}", uid, e);
-                        value.setStringValue(uid);
-                    }
-                }
-
-                List<? extends Subject<?, ?, ?>> subjects =
-                        getSubjectDAO(accountIdItem).findByAttrValue(accountIdItem.getIntAttrName(), value, attrUtil);
-                for (Subject<?, ?, ?> subject : subjects) {
-                    result.add(subject.getKey());
-                }
-                break;
-
-            case UserDerivedSchema:
-            case GroupDerivedSchema:
-                subjects = getSubjectDAO(accountIdItem).
-                        findByDerAttrValue(accountIdItem.getIntAttrName(), uid, attrUtil);
-                for (Subject<?, ?, ?> subject : subjects) {
-                    result.add(subject.getKey());
-                }
-                break;
-
-            case Username:
-                User user = userDAO.find(uid);
-                if (user != null) {
-                    result.add(user.getKey());
-                }
-                break;
-
-            case UserId:
-                user = userDAO.find(Long.parseLong(uid));
-                if (user != null) {
-                    result.add(user.getKey());
-                }
-                break;
-
-            case GroupName:
-                List<Group> groups = groupDAO.find(uid);
-                for (Group group : groups) {
-                    result.add(group.getKey());
-                }
-                break;
-
-            case GroupId:
-                Group group = groupDAO.find(Long.parseLong(uid));
-                if (group != null) {
-                    result.add(group.getKey());
-                }
-                break;
-
-            default:
-                LOG.error("Invalid accountId type '{}'", accountIdItem.getIntMappingType());
-        }
-
-        return result;
-    }
-
-    private List<Long> search(final SearchCond searchCond, final SubjectType type) {
-        final List<Long> result = new ArrayList<>();
-
-        List<Subject<?, ?, ?>> subjects = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCond, Collections.<OrderByClause>emptyList(), type);
-        for (Subject<?, ?, ?> subject : subjects) {
-            result.add(subject.getKey());
-        }
-
-        return result;
-    }
-
-    private List<Long> findByCorrelationRule(
-            final ConnectorObject connObj, final SyncCorrelationRule rule, final SubjectType type) {
-
-        return search(rule.getSearchCond(connObj), type);
-    }
-
-    private List<Long> findByAttributableSearch(
-            final ConnectorObject connObj,
-            final List<String> altSearchSchemas,
-            final ExternalResource resource,
-            final AttributableUtil attrUtil) {
-
-        // search for external attribute's name/value of each specified name
-        final Map<String, Attribute> extValues = new HashMap<>();
-
-        for (MappingItem item : attrUtil.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION)) {
-            extValues.put(item.getIntAttrName(), connObj.getAttributeByName(item.getExtAttrName()));
-        }
-
-        // search for user/group by attribute(s) specified in the policy
-        SearchCond searchCond = null;
-
-        for (String schema : altSearchSchemas) {
-            Attribute value = extValues.get(schema);
-
-            if (value == null) {
-                throw new IllegalArgumentException(
-                        "Connector object does not contains the attributes to perform the search: " + schema);
-            }
-
-            AttributeCond.Type type;
-            String expression = null;
-
-            if (value.getValue() == null || value.getValue().isEmpty()
-                    || (value.getValue().size() == 1 && value.getValue().get(0) == null)) {
-
-                type = AttributeCond.Type.ISNULL;
-            } else {
-                type = AttributeCond.Type.EQ;
-                expression = value.getValue().size() > 1
-                        ? value.getValue().toString()
-                        : value.getValue().get(0).toString();
-            }
-
-            SearchCond nodeCond;
-            // users: just id or username can be selected to be used
-            // groups: just id or name can be selected to be used
-            if ("key".equalsIgnoreCase(schema)
-                    || "username".equalsIgnoreCase(schema) || "name".equalsIgnoreCase(schema)) {
-
-                SubjectCond cond = new SubjectCond();
-                cond.setSchema(schema);
-                cond.setType(type);
-                cond.setExpression(expression);
-
-                nodeCond = SearchCond.getLeafCond(cond);
-            } else {
-                AttributeCond cond = new AttributeCond();
-                cond.setSchema(schema);
-                cond.setType(type);
-                cond.setExpression(expression);
-
-                nodeCond = SearchCond.getLeafCond(cond);
-            }
-
-            searchCond = searchCond == null
-                    ? nodeCond
-                    : SearchCond.getAndCond(searchCond, nodeCond);
-        }
-
-        return search(searchCond, SubjectType.valueOf(attrUtil.getType().name()));
-    }
-
-    private SyncCorrelationRule getCorrelationRule(final AttributableType type, final SyncPolicySpec policySpec) {
-        String clazz;
-
-        switch (type) {
-            case USER:
-                clazz = policySpec.getUserJavaRule();
-                break;
-            case GROUP:
-                clazz = policySpec.getGroupJavaRule();
-                break;
-            case MEMBERSHIP:
-            case CONFIGURATION:
-            default:
-                clazz = null;
-        }
-
-        SyncCorrelationRule res = null;
-
-        if (StringUtils.isNotBlank(clazz)) {
-            try {
-                res = (SyncCorrelationRule) Class.forName(clazz).newInstance();
-            } catch (Exception e) {
-                LOG.error("Failure instantiating correlation rule class '{}'", clazz, e);
-            }
-        }
-
-        return res;
-    }
-
-    private List<String> getAltSearchSchemas(final AttributableType type, final SyncPolicySpec policySpec) {
-        List<String> result = Collections.emptyList();
-
-        switch (type) {
-            case USER:
-                result = policySpec.getuAltSearchSchemas();
-                break;
-            case GROUP:
-                result = policySpec.getrAltSearchSchemas();
-                break;
-            case MEMBERSHIP:
-            case CONFIGURATION:
-            default:
-        }
-
-        return result;
-    }
-
-    /**
-     * Find users / groups based on mapped uid value (or previous uid value, if updated).
-     *
-     * @param uid for finding by account id
-     * @param connObj for finding by attribute value
-     * @param resource external resource
-     * @param attrUtil attributable util
-     * @return list of matching users / groups
-     */
-    public List<Long> findExisting(
-            final String uid,
-            final ConnectorObject connObj,
-            final ExternalResource resource,
-            final AttributableUtil attrUtil) {
-
-        SyncPolicySpec syncPolicySpec = null;
-        if (resource.getSyncPolicy() == null) {
-            SyncPolicy globalSP = policyDAO.getGlobalSyncPolicy();
-            if (globalSP != null) {
-                syncPolicySpec = globalSP.getSpecification(SyncPolicySpec.class);
-            }
-        } else {
-            syncPolicySpec = resource.getSyncPolicy().getSpecification(SyncPolicySpec.class);
-        }
-
-        SyncCorrelationRule syncRule = null;
-        List<String> altSearchSchemas = null;
-
-        if (syncPolicySpec != null) {
-            syncRule = getCorrelationRule(attrUtil.getType(), syncPolicySpec);
-            altSearchSchemas = getAltSearchSchemas(attrUtil.getType(), syncPolicySpec);
-        }
-
-        return syncRule == null ? altSearchSchemas == null || altSearchSchemas.isEmpty()
-                ? findByAccountIdItem(uid, resource, attrUtil)
-                : findByAttributableSearch(connObj, altSearchSchemas, resource, attrUtil)
-                : findByCorrelationRule(connObj, syncRule, SubjectType.valueOf(attrUtil.getType().name()));
-    }
-
-    public Boolean readEnabled(final ConnectorObject connectorObject, final ProvisioningTask task) {
-        Boolean enabled = null;
-        if (task.isSyncStatus()) {
-            Attribute status = AttributeUtil.find(OperationalAttributes.ENABLE_NAME, connectorObject.getAttributes());
-            if (status != null && status.getValue() != null && !status.getValue().isEmpty()) {
-                enabled = (Boolean) status.getValue().get(0);
-            }
-        }
-
-        return enabled;
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java
new file mode 100644
index 0000000..7dabe8f
--- /dev/null
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java
@@ -0,0 +1,403 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.provisioning.java.sync;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.common.lib.SyncopeConstants;
+import org.apache.syncope.common.lib.types.AttributableType;
+import org.apache.syncope.common.lib.types.MappingPurpose;
+import org.apache.syncope.common.lib.types.SubjectType;
+import org.apache.syncope.common.lib.types.SyncPolicySpec;
+import org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException;
+import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO;
+import org.apache.syncope.core.persistence.api.dao.PolicyDAO;
+import org.apache.syncope.core.persistence.api.dao.GroupDAO;
+import org.apache.syncope.core.persistence.api.dao.SubjectDAO;
+import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO;
+import org.apache.syncope.core.persistence.api.dao.UserDAO;
+import org.apache.syncope.core.persistence.api.dao.search.AttributeCond;
+import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
+import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
+import org.apache.syncope.core.persistence.api.dao.search.SubjectCond;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtils;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtilsFactory;
+import org.apache.syncope.core.persistence.api.entity.ExternalResource;
+import org.apache.syncope.core.persistence.api.entity.MappingItem;
+import org.apache.syncope.core.persistence.api.entity.PlainAttrValue;
+import org.apache.syncope.core.persistence.api.entity.PlainSchema;
+import org.apache.syncope.core.persistence.api.entity.Subject;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
+import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask;
+import org.apache.syncope.core.persistence.api.entity.user.User;
+import org.apache.syncope.core.provisioning.api.Connector;
+import org.apache.syncope.core.provisioning.api.sync.SyncCorrelationRule;
+import org.identityconnectors.framework.common.objects.Attribute;
+import org.identityconnectors.framework.common.objects.AttributeUtil;
+import org.identityconnectors.framework.common.objects.ConnectorObject;
+import org.identityconnectors.framework.common.objects.Name;
+import org.identityconnectors.framework.common.objects.ObjectClass;
+import org.identityconnectors.framework.common.objects.OperationalAttributes;
+import org.identityconnectors.framework.common.objects.filter.EqualsFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class SyncUtils {
+
+    /**
+     * Logger.
+     */
+    protected static final Logger LOG = LoggerFactory.getLogger(SyncUtils.class);
+
+    /**
+     * Policy DAO.
+     */
+    @Autowired
+    protected PolicyDAO policyDAO;
+
+    /**
+     * Schema DAO.
+     */
+    @Autowired
+    protected PlainSchemaDAO plainSchemaDAO;
+
+    /**
+     * User DAO.
+     */
+    @Autowired
+    protected UserDAO userDAO;
+
+    /**
+     * Group DAO.
+     */
+    @Autowired
+    protected GroupDAO groupDAO;
+
+    /**
+     * Search DAO.
+     */
+    @Autowired
+    protected SubjectSearchDAO searchDAO;
+
+    @Autowired
+    protected AttributableUtilsFactory attrUtilsFactory;
+
+    public Long findMatchingAttributableKey(
+            final ObjectClass oclass,
+            final String name,
+            final ExternalResource resource,
+            final Connector connector) {
+
+        Long result = null;
+
+        final AttributableUtils attrUtils = attrUtilsFactory.getInstance(oclass);
+
+        final List<ConnectorObject> found = connector.search(oclass,
+                new EqualsFilter(new Name(name)), connector.getOperationOptions(
+                        attrUtils.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION)));
+
+        if (found.isEmpty()) {
+            LOG.debug("No {} found on {} with __NAME__ {}", oclass, resource, name);
+        } else {
+            if (found.size() > 1) {
+                LOG.warn("More than one {} found on {} with __NAME__ {} - taking first only", oclass, resource, name);
+            }
+
+            ConnectorObject connObj = found.iterator().next();
+            try {
+                List<Long> subjectKeys = findExisting(connObj.getUid().getUidValue(), connObj, resource, attrUtils);
+                if (subjectKeys.isEmpty()) {
+                    LOG.debug("No matching {} found for {}, aborting", attrUtils.getType(), connObj);
+                } else {
+                    if (subjectKeys.size() > 1) {
+                        LOG.warn("More than one {} found {} - taking first only", attrUtils.getType(), subjectKeys);
+                    }
+
+                    result = subjectKeys.iterator().next();
+                }
+            } catch (IllegalArgumentException e) {
+                LOG.warn(e.getMessage());
+            }
+        }
+
+        return result;
+    }
+
+    private SubjectDAO<?, ?, ?> getSubjectDAO(final MappingItem accountIdItem) {
+        return AttributableType.USER == accountIdItem.getIntMappingType().getAttributableType() ? userDAO : groupDAO;
+    }
+
+    private List<Long> findByAccountIdItem(
+            final String uid, final ExternalResource resource, final AttributableUtils attrUtils) {
+        final List<Long> result = new ArrayList<>();
+
+        final MappingItem accountIdItem = attrUtils.getAccountIdItem(resource);
+        switch (accountIdItem.getIntMappingType()) {
+            case UserPlainSchema:
+            case GroupPlainSchema:
+                final PlainAttrValue value = attrUtils.newPlainAttrValue();
+
+                PlainSchema schema = plainSchemaDAO.find(accountIdItem.getIntAttrName(), attrUtils.plainSchemaClass());
+                if (schema == null) {
+                    value.setStringValue(uid);
+                } else {
+                    try {
+                        value.parseValue(schema, uid);
+                    } catch (ParsingValidationException e) {
+                        LOG.error("While parsing provided __UID__ {}", uid, e);
+                        value.setStringValue(uid);
+                    }
+                }
+
+                List<? extends Subject<?, ?, ?>> subjects =
+                        getSubjectDAO(accountIdItem).findByAttrValue(accountIdItem.getIntAttrName(), value, attrUtils);
+                for (Subject<?, ?, ?> subject : subjects) {
+                    result.add(subject.getKey());
+                }
+                break;
+
+            case UserDerivedSchema:
+            case GroupDerivedSchema:
+                subjects = getSubjectDAO(accountIdItem).
+                        findByDerAttrValue(accountIdItem.getIntAttrName(), uid, attrUtils);
+                for (Subject<?, ?, ?> subject : subjects) {
+                    result.add(subject.getKey());
+                }
+                break;
+
+            case Username:
+                User user = userDAO.find(uid);
+                if (user != null) {
+                    result.add(user.getKey());
+                }
+                break;
+
+            case UserId:
+                user = userDAO.find(Long.parseLong(uid));
+                if (user != null) {
+                    result.add(user.getKey());
+                }
+                break;
+
+            case GroupName:
+                Group group = groupDAO.find(uid);
+                if (group != null) {
+                    result.add(group.getKey());
+                }
+                break;
+
+            case GroupId:
+                group = groupDAO.find(Long.parseLong(uid));
+                if (group != null) {
+                    result.add(group.getKey());
+                }
+                break;
+
+            default:
+                LOG.error("Invalid accountId type '{}'", accountIdItem.getIntMappingType());
+        }
+
+        return result;
+    }
+
+    private List<Long> search(final SearchCond searchCond, final SubjectType type) {
+        final List<Long> result = new ArrayList<>();
+
+        List<Subject<?, ?, ?>> subjects = searchDAO.search(
+                SyncopeConstants.FULL_ADMIN_REALMS, searchCond, Collections.<OrderByClause>emptyList(), type);
+        for (Subject<?, ?, ?> subject : subjects) {
+            result.add(subject.getKey());
+        }
+
+        return result;
+    }
+
+    private List<Long> findByCorrelationRule(
+            final ConnectorObject connObj, final SyncCorrelationRule rule, final SubjectType type) {
+
+        return search(rule.getSearchCond(connObj), type);
+    }
+
+    private List<Long> findByAttributableSearch(
+            final ConnectorObject connObj,
+            final List<String> altSearchSchemas,
+            final ExternalResource resource,
+            final AttributableUtils attrUtils) {
+
+        // search for external attribute's name/value of each specified name
+        final Map<String, Attribute> extValues = new HashMap<>();
+
+        for (MappingItem item : attrUtils.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION)) {
+            extValues.put(item.getIntAttrName(), connObj.getAttributeByName(item.getExtAttrName()));
+        }
+
+        // search for user/group by attribute(s) specified in the policy
+        SearchCond searchCond = null;
+
+        for (String schema : altSearchSchemas) {
+            Attribute value = extValues.get(schema);
+
+            if (value == null) {
+                throw new IllegalArgumentException(
+                        "Connector object does not contains the attributes to perform the search: " + schema);
+            }
+
+            AttributeCond.Type type;
+            String expression = null;
+
+            if (value.getValue() == null || value.getValue().isEmpty()
+                    || (value.getValue().size() == 1 && value.getValue().get(0) == null)) {
+
+                type = AttributeCond.Type.ISNULL;
+            } else {
+                type = AttributeCond.Type.EQ;
+                expression = value.getValue().size() > 1
+                        ? value.getValue().toString()
+                        : value.getValue().get(0).toString();
+            }
+
+            SearchCond nodeCond;
+            // users: just id or username can be selected to be used
+            // groups: just id or name can be selected to be used
+            if ("key".equalsIgnoreCase(schema)
+                    || "username".equalsIgnoreCase(schema) || "name".equalsIgnoreCase(schema)) {
+
+                SubjectCond cond = new SubjectCond();
+                cond.setSchema(schema);
+                cond.setType(type);
+                cond.setExpression(expression);
+
+                nodeCond = SearchCond.getLeafCond(cond);
+            } else {
+                AttributeCond cond = new AttributeCond();
+                cond.setSchema(schema);
+                cond.setType(type);
+                cond.setExpression(expression);
+
+                nodeCond = SearchCond.getLeafCond(cond);
+            }
+
+            searchCond = searchCond == null
+                    ? nodeCond
+                    : SearchCond.getAndCond(searchCond, nodeCond);
+        }
+
+        return search(searchCond, SubjectType.valueOf(attrUtils.getType().name()));
+    }
+
+    private SyncCorrelationRule getCorrelationRule(final AttributableType type, final SyncPolicySpec policySpec) {
+        String clazz;
+
+        switch (type) {
+            case USER:
+                clazz = policySpec.getUserJavaRule();
+                break;
+            case GROUP:
+                clazz = policySpec.getGroupJavaRule();
+                break;
+            case MEMBERSHIP:
+            case CONFIGURATION:
+            default:
+                clazz = null;
+        }
+
+        SyncCorrelationRule res = null;
+
+        if (StringUtils.isNotBlank(clazz)) {
+            try {
+                res = (SyncCorrelationRule) Class.forName(clazz).newInstance();
+            } catch (Exception e) {
+                LOG.error("Failure instantiating correlation rule class '{}'", clazz, e);
+            }
+        }
+
+        return res;
+    }
+
+    private List<String> getAltSearchSchemas(final AttributableType type, final SyncPolicySpec policySpec) {
+        List<String> result = Collections.emptyList();
+
+        switch (type) {
+            case USER:
+                result = policySpec.getuAltSearchSchemas();
+                break;
+            case GROUP:
+                result = policySpec.getrAltSearchSchemas();
+                break;
+            case MEMBERSHIP:
+            case CONFIGURATION:
+            default:
+        }
+
+        return result;
+    }
+
+    /**
+     * Find users / groups based on mapped uid value (or previous uid value, if updated).
+     *
+     * @param uid for finding by account id
+     * @param connObj for finding by attribute value
+     * @param resource external resource
+     * @param attrUtils attributable util
+     * @return list of matching users / groups
+     */
+    public List<Long> findExisting(
+            final String uid,
+            final ConnectorObject connObj,
+            final ExternalResource resource,
+            final AttributableUtils attrUtils) {
+
+        SyncPolicySpec syncPolicySpec = null;
+        if (resource.getSyncPolicy() != null) {
+            syncPolicySpec = resource.getSyncPolicy().getSpecification(SyncPolicySpec.class);
+        }
+
+        SyncCorrelationRule syncRule = null;
+        List<String> altSearchSchemas = null;
+
+        if (syncPolicySpec != null) {
+            syncRule = getCorrelationRule(attrUtils.getType(), syncPolicySpec);
+            altSearchSchemas = getAltSearchSchemas(attrUtils.getType(), syncPolicySpec);
+        }
+
+        return syncRule == null ? altSearchSchemas == null || altSearchSchemas.isEmpty()
+                ? findByAccountIdItem(uid, resource, attrUtils)
+                : findByAttributableSearch(connObj, altSearchSchemas, resource, attrUtils)
+                : findByCorrelationRule(connObj, syncRule, SubjectType.valueOf(attrUtils.getType().name()));
+    }
+
+    public Boolean readEnabled(final ConnectorObject connectorObject, final ProvisioningTask task) {
+        Boolean enabled = null;
+        if (task.isSyncStatus()) {
+            Attribute status = AttributeUtil.find(OperationalAttributes.ENABLE_NAME, connectorObject.getAttributes());
+            if (status != null && status.getValue() != null && !status.getValue().isEmpty()) {
+                enabled = (Boolean) status.getValue().get(0);
+            }
+        }
+
+        return enabled;
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java
index 61637a4..87d72e6 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java
@@ -27,7 +27,7 @@ import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.lib.types.AttributableType;
 import org.apache.syncope.common.lib.types.PropagationByResource;
 import org.apache.syncope.common.lib.types.ResourceOperation;
-import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtils;
 import org.apache.syncope.core.persistence.api.entity.Mapping;
 import org.apache.syncope.core.persistence.api.entity.MappingItem;
 import org.apache.syncope.core.persistence.api.entity.Subject;
@@ -41,18 +41,18 @@ import org.identityconnectors.framework.common.objects.Uid;
 public class UserPushResultHandlerImpl extends AbstractPushResultHandler implements UserPushResultHandler {
 
     @Override
-    protected AttributableUtil getAttributableUtil() {
-        return attrUtilFactory.getInstance(AttributableType.USER);
+    protected AttributableUtils getAttributableUtils() {
+        return attrUtilsFactory.getInstance(AttributableType.USER);
     }
 
     @Override
     protected Subject<?, ?, ?> deprovision(final Subject<?, ?, ?> sbj) {
-        final UserTO before = userTransfer.getUserTO(sbj.getKey());
+        final UserTO before = userDataBinder.getUserTO(sbj.getKey());
 
         final List<String> noPropResources = new ArrayList<>(before.getResources());
         noPropResources.remove(profile.getTask().getResource().getKey());
 
-        taskExecutor.execute(propagationManager.getUserDeleteTaskIds(before.getKey(),
+        taskExecutor.execute(propagationManager.getUserDeleteTasks(before.getKey(),
                 Collections.singleton(profile.getTask().getResource().getKey()), noPropResources));
 
         return userDAO.authFetch(before.getKey());
@@ -60,7 +60,7 @@ public class UserPushResultHandlerImpl extends AbstractPushResultHandler impleme
 
     @Override
     protected Subject<?, ?, ?> provision(final Subject<?, ?, ?> sbj, final Boolean enabled) {
-        final UserTO before = userTransfer.getUserTO(sbj.getKey());
+        final UserTO before = userDataBinder.getUserTO(sbj.getKey());
 
         final List<String> noPropResources = new ArrayList<>(before.getResources());
         noPropResources.remove(profile.getTask().getResource().getKey());
@@ -68,7 +68,7 @@ public class UserPushResultHandlerImpl extends AbstractPushResultHandler impleme
         final PropagationByResource propByRes = new PropagationByResource();
         propByRes.add(ResourceOperation.CREATE, profile.getTask().getResource().getKey());
 
-        taskExecutor.execute(propagationManager.getUserCreateTaskIds(
+        taskExecutor.execute(propagationManager.getUserCreateTasks(
                 before.getKey(),
                 enabled,
                 propByRes,
@@ -122,7 +122,7 @@ public class UserPushResultHandlerImpl extends AbstractPushResultHandler impleme
     @Override
     protected AbstractSubjectTO getSubjectTO(final long key) {
         try {
-            return userTransfer.getUserTO(key);
+            return userDataBinder.getUserTO(key);
         } catch (Exception e) {
             LOG.warn("Error retrieving user {}", key, e);
             return null;


Mime
View raw message