syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [29/40] syncope git commit: [SYNCOPE-119] New security model implemented
Date Tue, 21 Apr 2015 07:49:44 GMT
http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/group/JPAGroup.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/group/JPAGroup.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/group/JPAGroup.java
index e6dcc7b..720b875 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/group/JPAGroup.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/group/JPAGroup.java
@@ -19,14 +19,12 @@
 package org.apache.syncope.core.persistence.jpa.entity.group;
 
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
-import javax.persistence.Basic;
 import javax.persistence.Cacheable;
 import javax.persistence.CascadeType;
+import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.Id;
@@ -36,50 +34,35 @@ import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToMany;
 import javax.persistence.Table;
-import javax.persistence.UniqueConstraint;
 import javax.validation.Valid;
-import javax.validation.constraints.Max;
-import javax.validation.constraints.Min;
 import javax.validation.constraints.NotNull;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.Predicate;
 import org.apache.commons.collections4.Transformer;
-import org.apache.syncope.core.persistence.api.entity.AccountPolicy;
 import org.apache.syncope.core.persistence.api.entity.AttrTemplate;
-import org.apache.syncope.core.persistence.api.entity.DerSchema;
-import org.apache.syncope.core.persistence.api.entity.Entitlement;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.PasswordPolicy;
-import org.apache.syncope.core.persistence.api.entity.PlainSchema;
 import org.apache.syncope.core.persistence.api.entity.Schema;
-import org.apache.syncope.core.persistence.api.entity.VirSchema;
 import org.apache.syncope.core.persistence.api.entity.membership.MDerAttrTemplate;
 import org.apache.syncope.core.persistence.api.entity.membership.MPlainAttrTemplate;
 import org.apache.syncope.core.persistence.api.entity.membership.MVirAttrTemplate;
 import org.apache.syncope.core.persistence.api.entity.group.GDerAttr;
 import org.apache.syncope.core.persistence.api.entity.group.GDerAttrTemplate;
-import org.apache.syncope.core.persistence.api.entity.group.GDerSchema;
 import org.apache.syncope.core.persistence.api.entity.group.GPlainAttr;
 import org.apache.syncope.core.persistence.api.entity.group.GPlainAttrTemplate;
 import org.apache.syncope.core.persistence.api.entity.group.GVirAttr;
 import org.apache.syncope.core.persistence.api.entity.group.GVirAttrTemplate;
-import org.apache.syncope.core.persistence.api.entity.group.GVirSchema;
 import org.apache.syncope.core.persistence.api.entity.group.Group;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.persistence.jpa.validation.entity.GroupCheck;
 import org.apache.syncope.core.persistence.jpa.entity.AbstractSubject;
-import org.apache.syncope.core.persistence.jpa.entity.JPAAccountPolicy;
-import org.apache.syncope.core.persistence.jpa.entity.JPAEntitlement;
 import org.apache.syncope.core.persistence.jpa.entity.JPAExternalResource;
-import org.apache.syncope.core.persistence.jpa.entity.JPAPasswordPolicy;
 import org.apache.syncope.core.persistence.jpa.entity.membership.JPAMPlainAttrTemplate;
 import org.apache.syncope.core.persistence.jpa.entity.membership.JPAMDerAttrTemplate;
 import org.apache.syncope.core.persistence.jpa.entity.membership.JPAMVirAttrTemplate;
 import org.apache.syncope.core.persistence.jpa.entity.user.JPAUser;
 
 @Entity
-@Table(name = JPAGroup.TABLE, uniqueConstraints =
-        @UniqueConstraint(columnNames = { "name", "parent_id" }))
+@Table(name = JPAGroup.TABLE)
 @Cacheable
 @GroupCheck
 public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> implements Group {
@@ -91,36 +74,27 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     @Id
     private Long id;
 
+    @Column(unique = true)
     @NotNull
     private String name;
 
-    @ManyToOne(optional = true)
-    private JPAGroup parent;
-
-    @ManyToOne(optional = true)
+    @ManyToOne
     private JPAUser userOwner;
 
-    @ManyToOne(optional = true)
+    @ManyToOne
     private JPAGroup groupOwner;
 
-    @ManyToMany(fetch = FetchType.EAGER)
-    @JoinTable(joinColumns =
-            @JoinColumn(name = "group_id"),
-            inverseJoinColumns =
-            @JoinColumn(name = "entitlement_name"))
-    private Set<JPAEntitlement> entitlements;
-
     @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
     @Valid
-    private List<JPAGPlainAttrTemplate> rAttrTemplates;
+    private List<JPAGPlainAttrTemplate> gAttrTemplates;
 
     @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
     @Valid
-    private List<JPAGDerAttrTemplate> rDerAttrTemplates;
+    private List<JPAGDerAttrTemplate> gDerAttrTemplates;
 
     @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
     @Valid
-    private List<JPAGVirAttrTemplate> rVirAttrTemplates;
+    private List<JPAGVirAttrTemplate> gVirAttrTemplates;
 
     @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
     @Valid
@@ -146,47 +120,6 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     @Valid
     private List<JPAGVirAttr> virAttrs;
 
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritOwner;
-
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritTemplates;
-
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritPlainAttrs;
-
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritDerAttrs;
-
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritVirAttrs;
-
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritPasswordPolicy;
-
-    @Basic(optional = true)
-    @Min(0)
-    @Max(1)
-    private Integer inheritAccountPolicy;
-
-    @ManyToOne(fetch = FetchType.EAGER, optional = true)
-    private JPAPasswordPolicy passwordPolicy;
-
-    @ManyToOne(fetch = FetchType.EAGER, optional = true)
-    private JPAAccountPolicy accountPolicy;
-
     /**
      * Provisioning external resources.
      */
@@ -201,11 +134,9 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     public JPAGroup() {
         super();
 
-        entitlements = new HashSet<>();
-
-        rAttrTemplates = new ArrayList<>();
-        rDerAttrTemplates = new ArrayList<>();
-        rVirAttrTemplates = new ArrayList<>();
+        gAttrTemplates = new ArrayList<>();
+        gDerAttrTemplates = new ArrayList<>();
+        gVirAttrTemplates = new ArrayList<>();
         mAttrTemplates = new ArrayList<>();
         mDerAttrTemplates = new ArrayList<>();
         mVirAttrTemplates = new ArrayList<>();
@@ -214,14 +145,6 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
         derAttrs = new ArrayList<>();
         virAttrs = new ArrayList<>();
 
-        inheritOwner = getBooleanAsInteger(false);
-        inheritTemplates = getBooleanAsInteger(false);
-        inheritPlainAttrs = getBooleanAsInteger(false);
-        inheritDerAttrs = getBooleanAsInteger(false);
-        inheritVirAttrs = getBooleanAsInteger(false);
-        inheritPasswordPolicy = getBooleanAsInteger(false);
-        inheritAccountPolicy = getBooleanAsInteger(false);
-
         resources = new HashSet<>();
     }
 
@@ -246,27 +169,6 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     }
 
     @Override
-    public Group getParent() {
-        return parent;
-    }
-
-    @Override
-    public void setParent(final Group parent) {
-        checkType(parent, JPAGroup.class);
-        this.parent = (JPAGroup) parent;
-    }
-
-    @Override
-    public boolean isInheritOwner() {
-        return isBooleanAsInteger(inheritOwner);
-    }
-
-    @Override
-    public void setInheritOwner(final boolean inheritOwner) {
-        this.inheritOwner = getBooleanAsInteger(inheritOwner);
-    }
-
-    @Override
     public User getUserOwner() {
         return userOwner;
     }
@@ -289,43 +191,16 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     }
 
     @Override
-    public boolean addEntitlement(final Entitlement entitlement) {
-        checkType(entitlement, JPAEntitlement.class);
-        return entitlements.add((JPAEntitlement) entitlement);
-    }
-
-    @Override
-    public boolean removeEntitlement(final Entitlement entitlement) {
-        checkType(entitlement, JPAEntitlement.class);
-        return entitlements.remove((JPAEntitlement) entitlement);
-    }
-
-    @Override
-    public Set<? extends Entitlement> getEntitlements() {
-        return entitlements;
-    }
-
-    @Override
-    public boolean isInheritTemplates() {
-        return isBooleanAsInteger(inheritTemplates);
-    }
-
-    @Override
-    public void setInheritTemplates(final boolean inheritAttrTemplates) {
-        this.inheritTemplates = getBooleanAsInteger(inheritAttrTemplates);
-    }
-
-    @Override
     @SuppressWarnings("unchecked")
     public <T extends AttrTemplate<K>, K extends Schema> List<T> getAttrTemplates(final Class<T> reference) {
         List<T> result = new ArrayList<>();
 
         if (GPlainAttrTemplate.class.isAssignableFrom(reference)) {
-            result = (List<T>) rAttrTemplates;
+            result = (List<T>) gAttrTemplates;
         } else if (GDerAttrTemplate.class.isAssignableFrom(reference)) {
-            result = (List<T>) rDerAttrTemplates;
+            result = (List<T>) gDerAttrTemplates;
         } else if (GVirAttrTemplate.class.isAssignableFrom(reference)) {
-            result = (List<T>) rVirAttrTemplates;
+            result = (List<T>) gVirAttrTemplates;
         } else if (MPlainAttrTemplate.class.isAssignableFrom(reference)) {
             result = (List<T>) mAttrTemplates;
         } else if (MDerAttrTemplate.class.isAssignableFrom(reference)) {
@@ -341,7 +216,7 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     public <T extends AttrTemplate<K>, K extends Schema> T getAttrTemplate(
             final Class<T> reference, final String schemaName) {
 
-        return CollectionUtils.find(findInheritedTemplates(reference), new Predicate<T>() {
+        return CollectionUtils.find(getAttrTemplates(reference), new Predicate<T>() {
 
             @Override
             public boolean evaluate(final T template) {
@@ -352,7 +227,7 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
 
     @Override
     public <T extends AttrTemplate<K>, K extends Schema> List<K> getAttrTemplateSchemas(final Class<T> reference) {
-        return CollectionUtils.collect(findInheritedTemplates(reference), new Transformer<T, K>() {
+        return CollectionUtils.collect(getAttrTemplates(reference), new Transformer<T, K>() {
 
             @Override
             public K transform(final T input) {
@@ -362,17 +237,6 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     }
 
     @Override
-    public <T extends AttrTemplate<K>, K extends Schema> List<T> findInheritedTemplates(final Class<T> reference) {
-        final List<T> result = new ArrayList<>(getAttrTemplates(reference));
-
-        if (isInheritTemplates() && getParent() != null) {
-            result.addAll(getParent().findInheritedTemplates(reference));
-        }
-
-        return result;
-    }
-
-    @Override
     public boolean addPlainAttr(final GPlainAttr attr) {
         checkType(attr, JPAGPlainAttr.class);
         return plainAttrs.add((JPAGPlainAttr) attr);
@@ -422,172 +286,4 @@ public class JPAGroup extends AbstractSubject<GPlainAttr, GDerAttr, GVirAttr> im
     public List<? extends GVirAttr> getVirAttrs() {
         return virAttrs;
     }
-
-    @Override
-    public boolean isInheritPlainAttrs() {
-        return isBooleanAsInteger(inheritPlainAttrs);
-    }
-
-    @Override
-    public void setInheritPlainAttrs(final boolean inheritPlainAttrs) {
-        this.inheritPlainAttrs = getBooleanAsInteger(inheritPlainAttrs);
-    }
-
-    /**
-     * Get all inherited attributes from the ancestors.
-     *
-     * @return a list of inherited and only inherited attributes.
-     */
-    @Override
-    public List<? extends GPlainAttr> findLastInheritedAncestorPlainAttrs() {
-        if (!isInheritPlainAttrs()) {
-            return plainAttrs;
-        }
-
-        final Map<JPAGPlainSchema, GPlainAttr> result = new HashMap<>();
-        if (isInheritPlainAttrs() && getParent() != null) {
-            final Map<PlainSchema, GPlainAttr> attrMap = getPlainAttrMap();
-
-            // Add inherit attributes
-            for (GPlainAttr attr : getParent().findLastInheritedAncestorPlainAttrs()) {
-                if (attrMap.containsKey(attr.getSchema())) {
-                    result.remove((JPAGPlainSchema) attr.getSchema());
-                }
-                result.put((JPAGPlainSchema) attr.getSchema(), attr);
-            }
-        }
-        return new ArrayList<>(result.values());
-    }
-
-    @Override
-    public boolean isInheritDerAttrs() {
-        return isBooleanAsInteger(inheritDerAttrs);
-    }
-
-    @Override
-    public void setInheritDerAttrs(final boolean inheritDerAttrs) {
-        this.inheritDerAttrs = getBooleanAsInteger(inheritDerAttrs);
-
-    }
-
-    /**
-     * Get all inherited derived attributes from the ancestors.
-     *
-     * @return a list of inherited and only inherited attributes.
-     */
-    @Override
-    public List<? extends GDerAttr> findLastInheritedAncestorDerAttrs() {
-        if (!isInheritDerAttrs()) {
-            return derAttrs;
-        }
-
-        final Map<GDerSchema, GDerAttr> result = new HashMap<>();
-        if (isInheritDerAttrs() && getParent() != null) {
-            Map<DerSchema, GDerAttr> derAttrMap = getDerAttrMap();
-
-            // Add inherit derived attributes
-            for (GDerAttr attr : getParent().findLastInheritedAncestorDerAttrs()) {
-                if (derAttrMap.containsKey(attr.getSchema())) {
-                    result.remove(attr.getSchema());
-                }
-                result.put(attr.getSchema(), attr);
-            }
-        }
-        return new ArrayList<>(result.values());
-    }
-
-    @Override
-    public boolean isInheritVirAttrs() {
-        return isBooleanAsInteger(inheritVirAttrs);
-    }
-
-    @Override
-    public void setInheritVirAttrs(final boolean inheritVirAttrs) {
-        this.inheritVirAttrs = getBooleanAsInteger(inheritVirAttrs);
-
-    }
-
-    /**
-     * Get all inherited virtual attributes from the ancestors.
-     *
-     * @return a list of inherited and only inherited attributes.
-     */
-    @Override
-    public List<? extends GVirAttr> findLastInheritedAncestorVirAttrs() {
-        if (!isInheritVirAttrs()) {
-            return virAttrs;
-        }
-
-        final Map<GVirSchema, GVirAttr> result = new HashMap<>();
-        if (isInheritVirAttrs() && getParent() != null) {
-            Map<VirSchema, GVirAttr> virAttrMap = getVirAttrMap();
-
-            // Add inherit virtual attributes
-            for (GVirAttr attr : getParent().findLastInheritedAncestorVirAttrs()) {
-                if (virAttrMap.containsKey(attr.getSchema())) {
-                    result.remove(attr.getSchema());
-                }
-                result.put(attr.getSchema(), attr);
-            }
-        }
-        return new ArrayList<>(result.values());
-    }
-
-    /**
-     * Get first valid password policy.
-     *
-     * @return parent password policy if isInheritPasswordPolicy is 'true' and parent is not null, local password policy
-     * otherwise
-     */
-    @Override
-    public PasswordPolicy getPasswordPolicy() {
-        return isInheritPasswordPolicy() && getParent() != null
-                ? getParent().getPasswordPolicy()
-                : passwordPolicy;
-    }
-
-    @Override
-    public void setPasswordPolicy(final PasswordPolicy passwordPolicy) {
-        checkType(passwordPolicy, JPAPasswordPolicy.class);
-        this.passwordPolicy = (JPAPasswordPolicy) passwordPolicy;
-    }
-
-    @Override
-    public boolean isInheritPasswordPolicy() {
-        return isBooleanAsInteger(inheritPasswordPolicy);
-    }
-
-    @Override
-    public void setInheritPasswordPolicy(final boolean inheritPasswordPolicy) {
-        this.inheritPasswordPolicy = getBooleanAsInteger(inheritPasswordPolicy);
-    }
-
-    /**
-     * Get first valid account policy.
-     *
-     * @return parent account policy if isInheritAccountPolicy is 'true' and parent is not null, local account policy
-     * otherwise.
-     */
-    @Override
-    public AccountPolicy getAccountPolicy() {
-        return isInheritAccountPolicy() && getParent() != null
-                ? getParent().getAccountPolicy()
-                : accountPolicy;
-    }
-
-    @Override
-    public void setAccountPolicy(final AccountPolicy accountPolicy) {
-        checkType(accountPolicy, JPAAccountPolicy.class);
-        this.accountPolicy = (JPAAccountPolicy) accountPolicy;
-    }
-
-    @Override
-    public boolean isInheritAccountPolicy() {
-        return isBooleanAsInteger(inheritAccountPolicy);
-    }
-
-    @Override
-    public void setInheritAccountPolicy(boolean inheritAccountPolicy) {
-        this.inheritAccountPolicy = getBooleanAsInteger(inheritAccountPolicy);
-    }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/membership/JPAMembership.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/membership/JPAMembership.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/membership/JPAMembership.java
index ad79250..dc02cf3 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/membership/JPAMembership.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/membership/JPAMembership.java
@@ -37,6 +37,7 @@ import org.apache.syncope.core.persistence.api.entity.membership.MVirAttr;
 import org.apache.syncope.core.persistence.api.entity.membership.MVirAttrTemplate;
 import org.apache.syncope.core.persistence.api.entity.membership.Membership;
 import org.apache.syncope.core.persistence.api.entity.group.Group;
+import org.apache.syncope.core.persistence.api.entity.membership.MPlainAttrTemplate;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.persistence.jpa.entity.AbstractAttributable;
 import org.apache.syncope.core.persistence.jpa.entity.group.JPAGroup;
@@ -108,9 +109,28 @@ public class JPAMembership extends AbstractAttributable<MPlainAttr, MDerAttr, MV
     }
 
     @Override
-    public boolean addPlainAttr(final MPlainAttr attr) {
-        checkType(attr, JPAMPlainAttr.class);
-        return plainAttrs.add((JPAMPlainAttr) attr);
+    public boolean addPlainAttr(final MPlainAttr plainAttr) {
+        checkType(plainAttr, JPAMPlainAttr.class);
+
+        if (getGroup() != null && plainAttr.getSchema() != null) {
+            MPlainAttrTemplate found = CollectionUtils.find(getGroup().getAttrTemplates(MPlainAttrTemplate.class),
+                    new Predicate<MPlainAttrTemplate>() {
+
+                        @Override
+                        public boolean evaluate(final MPlainAttrTemplate template) {
+                            return plainAttr.getSchema().equals(template.getSchema());
+                        }
+
+                    });
+            if (found != null) {
+                plainAttr.setTemplate(found);
+                return plainAttrs.add((JPAMPlainAttr) plainAttr);
+            }
+        }
+
+        LOG.warn("Attribute not added because either group was not yet set, "
+                + "schema was not specified or no template for that schema is available");
+        return false;
     }
 
     @Override
@@ -129,7 +149,7 @@ public class JPAMembership extends AbstractAttributable<MPlainAttr, MDerAttr, MV
         checkType(derAttr, JPAMDerAttr.class);
 
         if (getGroup() != null && derAttr.getSchema() != null) {
-            MDerAttrTemplate found = CollectionUtils.find(getGroup().findInheritedTemplates(MDerAttrTemplate.class),
+            MDerAttrTemplate found = CollectionUtils.find(getGroup().getAttrTemplates(MDerAttrTemplate.class),
                     new Predicate<MDerAttrTemplate>() {
 
                         @Override
@@ -166,7 +186,7 @@ public class JPAMembership extends AbstractAttributable<MPlainAttr, MDerAttr, MV
 
         if (getGroup() != null && virAttr.getSchema() != null) {
             MVirAttrTemplate found = null;
-            for (MVirAttrTemplate template : getGroup().findInheritedTemplates(MVirAttrTemplate.class)) {
+            for (MVirAttrTemplate template : getGroup().getAttrTemplates(MVirAttrTemplate.class)) {
                 if (virAttr.getSchema().equals(template.getSchema())) {
                     found = template;
                 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPASyncTask.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPASyncTask.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPASyncTask.java
index b26bb0c..f98074d 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPASyncTask.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPASyncTask.java
@@ -29,6 +29,7 @@ import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.JoinColumn;
 import javax.persistence.Lob;
+import javax.persistence.ManyToOne;
 import javax.validation.constraints.Max;
 import javax.validation.constraints.Min;
 import org.apache.syncope.common.lib.to.GroupTO;
@@ -37,6 +38,8 @@ import org.apache.syncope.common.lib.types.TaskType;
 import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
 import org.apache.syncope.core.provisioning.api.job.SyncJob;
 import org.apache.syncope.core.misc.serialization.POJOHelper;
+import org.apache.syncope.core.persistence.api.entity.Realm;
+import org.apache.syncope.core.persistence.jpa.entity.JPARealm;
 
 @Entity
 @DiscriminatorValue("SyncTask")
@@ -44,6 +47,9 @@ public class JPASyncTask extends AbstractProvisioningTask implements SyncTask {
 
     private static final long serialVersionUID = -4141057723006682563L;
 
+    @ManyToOne(fetch = FetchType.EAGER, optional = false)
+    private JPARealm destinationRealm;
+
     @ElementCollection(fetch = FetchType.EAGER)
     @Column(name = "actionClassName")
     @CollectionTable(name = "SyncTask_actionsClassNames",
@@ -70,6 +76,17 @@ public class JPASyncTask extends AbstractProvisioningTask implements SyncTask {
     }
 
     @Override
+    public Realm getDestinatioRealm() {
+        return destinationRealm;
+    }
+
+    @Override
+    public void setDestinationRealm(final Realm destinationRealm) {
+        checkType(destinationRealm, JPARealm.class);
+        this.destinationRealm = (JPARealm) destinationRealm;
+    }
+
+    @Override
     public List<String> getActionsClassNames() {
         return actionsClassNames;
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtil.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtil.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtil.java
deleted file mode 100644
index c2f5e86..0000000
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtil.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.persistence.jpa.entity.task;
-
-import org.apache.syncope.common.lib.to.AbstractTaskTO;
-import org.apache.syncope.common.lib.to.NotificationTaskTO;
-import org.apache.syncope.common.lib.to.PropagationTaskTO;
-import org.apache.syncope.common.lib.to.PushTaskTO;
-import org.apache.syncope.common.lib.to.SchedTaskTO;
-import org.apache.syncope.common.lib.to.SyncTaskTO;
-import org.apache.syncope.common.lib.types.TaskType;
-import org.apache.syncope.core.persistence.api.entity.task.NotificationTask;
-import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
-import org.apache.syncope.core.persistence.api.entity.task.PushTask;
-import org.apache.syncope.core.persistence.api.entity.task.SchedTask;
-import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
-import org.apache.syncope.core.persistence.api.entity.task.Task;
-import org.apache.syncope.core.persistence.api.entity.task.TaskUtil;
-
-@SuppressWarnings("unchecked")
-public final class JPATaskUtil implements TaskUtil {
-
-    private final TaskType type;
-
-    protected JPATaskUtil(final TaskType type) {
-        this.type = type;
-    }
-
-    @Override
-    public TaskType getType() {
-        return type;
-    }
-
-    @Override
-    public <T extends Task> Class<T> taskClass() {
-        Class<T> result = null;
-
-        switch (type) {
-            case PROPAGATION:
-                result = (Class<T>) PropagationTask.class;
-                break;
-
-            case SCHEDULED:
-                result = (Class<T>) SchedTask.class;
-                break;
-
-            case SYNCHRONIZATION:
-                result = (Class<T>) SyncTask.class;
-                break;
-
-            case PUSH:
-                result = (Class<T>) PushTask.class;
-                break;
-
-            case NOTIFICATION:
-                result = (Class<T>) NotificationTask.class;
-                break;
-
-            default:
-        }
-
-        return result;
-    }
-
-    @Override
-    public <T extends Task> T newTask() {
-        T result = null;
-
-        switch (type) {
-            case PROPAGATION:
-                result = (T) new JPAPropagationTask();
-                break;
-
-            case SCHEDULED:
-                result = (T) new JPASchedTask();
-                break;
-
-            case SYNCHRONIZATION:
-                result = (T) new JPASyncTask();
-                break;
-
-            case PUSH:
-                result = (T) new JPAPushTask();
-                break;
-
-            case NOTIFICATION:
-                result = (T) new JPANotificationTask();
-                break;
-
-            default:
-        }
-
-        return result;
-    }
-
-    @Override
-    public <T extends AbstractTaskTO> Class<T> taskTOClass() {
-        Class<T> result = null;
-
-        switch (type) {
-            case PROPAGATION:
-                result = (Class<T>) PropagationTaskTO.class;
-                break;
-
-            case SCHEDULED:
-                result = (Class<T>) SchedTaskTO.class;
-                break;
-
-            case SYNCHRONIZATION:
-                result = (Class<T>) SyncTaskTO.class;
-                break;
-
-            case PUSH:
-                result = (Class<T>) PushTaskTO.class;
-                break;
-
-            case NOTIFICATION:
-                result = (Class<T>) NotificationTaskTO.class;
-                break;
-
-            default:
-        }
-
-        return result;
-    }
-
-    @Override
-    public <T extends AbstractTaskTO> T newTaskTO() {
-        final Class<T> taskClass = taskTOClass();
-        try {
-            return taskClass == null ? null : taskClass.newInstance();
-        } catch (Exception e) {
-            return null;
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilFactory.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilFactory.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilFactory.java
deleted file mode 100644
index bdda208..0000000
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilFactory.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.persistence.jpa.entity.task;
-
-import org.apache.syncope.common.lib.to.AbstractTaskTO;
-import org.apache.syncope.common.lib.to.NotificationTaskTO;
-import org.apache.syncope.common.lib.to.PropagationTaskTO;
-import org.apache.syncope.common.lib.to.PushTaskTO;
-import org.apache.syncope.common.lib.to.SchedTaskTO;
-import org.apache.syncope.common.lib.to.SyncTaskTO;
-import org.apache.syncope.common.lib.types.TaskType;
-import org.apache.syncope.core.persistence.api.entity.task.NotificationTask;
-import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
-import org.apache.syncope.core.persistence.api.entity.task.PushTask;
-import org.apache.syncope.core.persistence.api.entity.task.SchedTask;
-import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
-import org.apache.syncope.core.persistence.api.entity.task.Task;
-import org.apache.syncope.core.persistence.api.entity.task.TaskUtil;
-import org.apache.syncope.core.persistence.api.entity.task.TaskUtilFactory;
-import org.springframework.stereotype.Component;
-
-@Component
-public class JPATaskUtilFactory implements TaskUtilFactory {
-
-    @Override
-    public TaskUtil getInstance(final TaskType type) {
-        return new JPATaskUtil(type);
-    }
-
-    @Override
-    public TaskUtil getInstance(final Task task) {
-        TaskType type;
-        if (task instanceof SyncTask) {
-            type = TaskType.SYNCHRONIZATION;
-        } else if (task instanceof PushTask) {
-            type = TaskType.PUSH;
-        } else if (task instanceof SchedTask) {
-            type = TaskType.SCHEDULED;
-        } else if (task instanceof PropagationTask) {
-            type = TaskType.PROPAGATION;
-        } else if (task instanceof NotificationTask) {
-            type = TaskType.NOTIFICATION;
-        } else {
-            throw new IllegalArgumentException("Invalid task: " + task);
-        }
-
-        return getInstance(type);
-    }
-
-    @Override
-    public TaskUtil getInstance(final Class<? extends AbstractTaskTO> taskClass) {
-        TaskType type;
-        if (taskClass == PropagationTaskTO.class) {
-            type = TaskType.PROPAGATION;
-        } else if (taskClass == NotificationTaskTO.class) {
-            type = TaskType.NOTIFICATION;
-        } else if (taskClass == SchedTaskTO.class) {
-            type = TaskType.SCHEDULED;
-        } else if (taskClass == SyncTaskTO.class) {
-            type = TaskType.SYNCHRONIZATION;
-        } else if (taskClass == PushTaskTO.class) {
-            type = TaskType.PUSH;
-        } else {
-            throw new IllegalArgumentException("Invalid TaskTO class: " + taskClass.getName());
-        }
-
-        return getInstance(type);
-    }
-
-    @Override
-    public TaskUtil getInstance(final AbstractTaskTO taskTO) {
-        return getInstance(taskTO.getClass());
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtils.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtils.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtils.java
new file mode 100644
index 0000000..484af1e
--- /dev/null
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtils.java
@@ -0,0 +1,152 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.entity.task;
+
+import org.apache.syncope.common.lib.to.AbstractTaskTO;
+import org.apache.syncope.common.lib.to.NotificationTaskTO;
+import org.apache.syncope.common.lib.to.PropagationTaskTO;
+import org.apache.syncope.common.lib.to.PushTaskTO;
+import org.apache.syncope.common.lib.to.SchedTaskTO;
+import org.apache.syncope.common.lib.to.SyncTaskTO;
+import org.apache.syncope.common.lib.types.TaskType;
+import org.apache.syncope.core.persistence.api.entity.task.NotificationTask;
+import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
+import org.apache.syncope.core.persistence.api.entity.task.PushTask;
+import org.apache.syncope.core.persistence.api.entity.task.SchedTask;
+import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
+import org.apache.syncope.core.persistence.api.entity.task.Task;
+import org.apache.syncope.core.persistence.api.entity.task.TaskUtils;
+
+@SuppressWarnings("unchecked")
+public final class JPATaskUtils implements TaskUtils {
+
+    private final TaskType type;
+
+    protected JPATaskUtils(final TaskType type) {
+        this.type = type;
+    }
+
+    @Override
+    public TaskType getType() {
+        return type;
+    }
+
+    @Override
+    public <T extends Task> Class<T> taskClass() {
+        Class<T> result = null;
+
+        switch (type) {
+            case PROPAGATION:
+                result = (Class<T>) PropagationTask.class;
+                break;
+
+            case SCHEDULED:
+                result = (Class<T>) SchedTask.class;
+                break;
+
+            case SYNCHRONIZATION:
+                result = (Class<T>) SyncTask.class;
+                break;
+
+            case PUSH:
+                result = (Class<T>) PushTask.class;
+                break;
+
+            case NOTIFICATION:
+                result = (Class<T>) NotificationTask.class;
+                break;
+
+            default:
+        }
+
+        return result;
+    }
+
+    @Override
+    public <T extends Task> T newTask() {
+        T result = null;
+
+        switch (type) {
+            case PROPAGATION:
+                result = (T) new JPAPropagationTask();
+                break;
+
+            case SCHEDULED:
+                result = (T) new JPASchedTask();
+                break;
+
+            case SYNCHRONIZATION:
+                result = (T) new JPASyncTask();
+                break;
+
+            case PUSH:
+                result = (T) new JPAPushTask();
+                break;
+
+            case NOTIFICATION:
+                result = (T) new JPANotificationTask();
+                break;
+
+            default:
+        }
+
+        return result;
+    }
+
+    @Override
+    public <T extends AbstractTaskTO> Class<T> taskTOClass() {
+        Class<T> result = null;
+
+        switch (type) {
+            case PROPAGATION:
+                result = (Class<T>) PropagationTaskTO.class;
+                break;
+
+            case SCHEDULED:
+                result = (Class<T>) SchedTaskTO.class;
+                break;
+
+            case SYNCHRONIZATION:
+                result = (Class<T>) SyncTaskTO.class;
+                break;
+
+            case PUSH:
+                result = (Class<T>) PushTaskTO.class;
+                break;
+
+            case NOTIFICATION:
+                result = (Class<T>) NotificationTaskTO.class;
+                break;
+
+            default:
+        }
+
+        return result;
+    }
+
+    @Override
+    public <T extends AbstractTaskTO> T newTaskTO() {
+        final Class<T> taskClass = taskTOClass();
+        try {
+            return taskClass == null ? null : taskClass.newInstance();
+        } catch (Exception e) {
+            return null;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilsFactory.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilsFactory.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilsFactory.java
new file mode 100644
index 0000000..26a1d4f
--- /dev/null
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/task/JPATaskUtilsFactory.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.entity.task;
+
+import org.apache.syncope.common.lib.to.AbstractTaskTO;
+import org.apache.syncope.common.lib.to.NotificationTaskTO;
+import org.apache.syncope.common.lib.to.PropagationTaskTO;
+import org.apache.syncope.common.lib.to.PushTaskTO;
+import org.apache.syncope.common.lib.to.SchedTaskTO;
+import org.apache.syncope.common.lib.to.SyncTaskTO;
+import org.apache.syncope.common.lib.types.TaskType;
+import org.apache.syncope.core.persistence.api.entity.task.NotificationTask;
+import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
+import org.apache.syncope.core.persistence.api.entity.task.PushTask;
+import org.apache.syncope.core.persistence.api.entity.task.SchedTask;
+import org.apache.syncope.core.persistence.api.entity.task.SyncTask;
+import org.apache.syncope.core.persistence.api.entity.task.Task;
+import org.apache.syncope.core.persistence.api.entity.task.TaskUtils;
+import org.apache.syncope.core.persistence.api.entity.task.TaskUtilsFactory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class JPATaskUtilsFactory implements TaskUtilsFactory {
+
+    @Override
+    public TaskUtils getInstance(final TaskType type) {
+        return new JPATaskUtils(type);
+    }
+
+    @Override
+    public TaskUtils getInstance(final Task task) {
+        TaskType type;
+        if (task instanceof SyncTask) {
+            type = TaskType.SYNCHRONIZATION;
+        } else if (task instanceof PushTask) {
+            type = TaskType.PUSH;
+        } else if (task instanceof SchedTask) {
+            type = TaskType.SCHEDULED;
+        } else if (task instanceof PropagationTask) {
+            type = TaskType.PROPAGATION;
+        } else if (task instanceof NotificationTask) {
+            type = TaskType.NOTIFICATION;
+        } else {
+            throw new IllegalArgumentException("Invalid task: " + task);
+        }
+
+        return getInstance(type);
+    }
+
+    @Override
+    public TaskUtils getInstance(final Class<? extends AbstractTaskTO> taskClass) {
+        TaskType type;
+        if (taskClass == PropagationTaskTO.class) {
+            type = TaskType.PROPAGATION;
+        } else if (taskClass == NotificationTaskTO.class) {
+            type = TaskType.NOTIFICATION;
+        } else if (taskClass == SchedTaskTO.class) {
+            type = TaskType.SCHEDULED;
+        } else if (taskClass == SyncTaskTO.class) {
+            type = TaskType.SYNCHRONIZATION;
+        } else if (taskClass == PushTaskTO.class) {
+            type = TaskType.PUSH;
+        } else {
+            throw new IllegalArgumentException("Invalid TaskTO class: " + taskClass.getName());
+        }
+
+        return getInstance(type);
+    }
+
+    @Override
+    public TaskUtils getInstance(final AbstractTaskTO taskTO) {
+        return getInstance(taskTO.getClass());
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
index a5e3f28..d12f46f 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
@@ -67,7 +67,9 @@ import org.apache.syncope.core.persistence.jpa.entity.JPAExternalResource;
 import org.apache.syncope.core.persistence.jpa.entity.JPASecurityQuestion;
 import org.apache.syncope.core.persistence.jpa.entity.membership.JPAMembership;
 import org.apache.syncope.core.misc.security.Encryptor;
-import org.apache.syncope.core.misc.security.SecureRandomUtil;
+import org.apache.syncope.core.misc.security.SecureRandomUtils;
+import org.apache.syncope.core.persistence.api.entity.Role;
+import org.apache.syncope.core.persistence.jpa.entity.JPARole;
 
 /**
  * JPA user bean.
@@ -91,6 +93,13 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
     @Transient
     private String clearPassword;
 
+    @ManyToMany(fetch = FetchType.EAGER)
+    @JoinTable(joinColumns =
+            @JoinColumn(name = "user_id"),
+            inverseJoinColumns =
+            @JoinColumn(name = "role_id"))
+    private List<JPARole> roles;
+
     @OneToMany(cascade = CascadeType.MERGE, mappedBy = "user")
     @Valid
     private List<JPAMembership> memberships;
@@ -124,8 +133,7 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
 
     @ElementCollection
     @Column(name = "passwordHistoryValue")
-    @CollectionTable(name = "SyncopeUser_passwordHistory",
-            joinColumns =
+    @CollectionTable(name = "SyncopeUser_passwordHistory", joinColumns =
             @JoinColumn(name = "SyncopeUser_id", referencedColumnName = "id"))
     private List<String> passwordHistory;
 
@@ -172,7 +180,7 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
     @Valid
     private Set<JPAExternalResource> resources;
 
-    @ManyToOne(fetch = FetchType.EAGER, optional = true)
+    @ManyToOne(fetch = FetchType.EAGER)
     private JPASecurityQuestion securityQuestion;
 
     @Column(nullable = true)
@@ -181,6 +189,7 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
     public JPAUser() {
         super();
 
+        roles = new ArrayList<>();
         memberships = new ArrayList<>();
         plainAttrs = new ArrayList<>();
         derAttrs = new ArrayList<>();
@@ -202,6 +211,23 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
     }
 
     @Override
+    public boolean addRole(final Role role) {
+        checkType(role, JPARole.class);
+        return roles.contains((JPARole) role) || roles.add((JPARole) role);
+    }
+
+    @Override
+    public boolean removeRole(final Role role) {
+        checkType(role, JPARole.class);
+        return roles.remove((JPARole) role);
+    }
+
+    @Override
+    public List<? extends Role> getRoles() {
+        return roles;
+    }
+
+    @Override
     public boolean addMembership(final Membership membership) {
         checkType(membership, JPAMembership.class);
         return memberships.contains((JPAMembership) membership) || memberships.add((JPAMembership) membership);
@@ -209,7 +235,8 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
 
     @Override
     public boolean removeMembership(final Membership membership) {
-        return memberships.remove(membership);
+        checkType(membership, JPAMembership.class);
+        return memberships.remove((JPAMembership) membership);
     }
 
     @Override
@@ -387,7 +414,7 @@ public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> imp
 
     @Override
     public void generateToken(final int tokenLength, final int tokenExpireTime) {
-        this.token = SecureRandomUtil.generateRandomPassword(tokenLength);
+        this.token = SecureRandomUtils.generateRandomPassword(tokenLength);
 
         Calendar calendar = Calendar.getInstance();
         calendar.add(Calendar.MINUTE, tokenExpireTime);

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
index 2393975..1ce2190 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
@@ -21,8 +21,8 @@ package org.apache.syncope.core.persistence.jpa.validation.entity;
 import javax.validation.ConstraintValidatorContext;
 import org.apache.syncope.common.lib.types.EntityViolationType;
 import org.apache.syncope.core.persistence.api.entity.ConnInstance;
-import org.apache.syncope.core.provisioning.api.URIUtil;
-import org.apache.syncope.core.provisioning.api.ConnPoolConfUtil;
+import org.apache.syncope.core.provisioning.api.URIUtils;
+import org.apache.syncope.core.provisioning.api.ConnPoolConfUtils;
 
 public class ConnInstanceValidator extends AbstractValidator<ConnInstanceCheck, ConnInstance> {
 
@@ -31,7 +31,7 @@ public class ConnInstanceValidator extends AbstractValidator<ConnInstanceCheck,
         boolean isValid = true;
 
         try {
-            URIUtil.buildForConnId(connInstance.getLocation());
+            URIUtils.buildForConnId(connInstance.getLocation());
         } catch (Exception e) {
             LOG.error("While validating {}", connInstance.getLocation(), e);
 
@@ -45,7 +45,7 @@ public class ConnInstanceValidator extends AbstractValidator<ConnInstanceCheck,
 
         if (isValid && connInstance.getPoolConf() != null) {
             try {
-                ConnPoolConfUtil.getObjectPoolConfiguration(connInstance.getPoolConf()).validate();
+                ConnPoolConfUtils.getObjectPoolConfiguration(connInstance.getPoolConf()).validate();
             } catch (Exception e) {
                 LOG.error("Invalid pool configuration", e);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
index aa92d00..76bdb2b 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
@@ -20,6 +20,7 @@ package org.apache.syncope.core.persistence.jpa.validation.entity;
 
 import java.util.regex.Pattern;
 import javax.validation.ConstraintValidatorContext;
+import org.apache.syncope.common.lib.SyncopeConstants;
 import org.apache.syncope.common.lib.types.EntityViolationType;
 import org.apache.syncope.core.persistence.api.entity.Realm;
 
@@ -33,7 +34,7 @@ public class RealmValidator extends AbstractValidator<RealmCheck, Realm> {
 
         boolean isValid = true;
 
-        if ("/".equals(object.getName())) {
+        if (SyncopeConstants.ROOT_REALM.equals(object.getName())) {
             if (object.getParent() != null) {
                 isValid = false;
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java
index 0b5ac42..fac60cb 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/UserValidator.java
@@ -30,12 +30,13 @@ import org.apache.syncope.core.persistence.api.entity.AccountPolicy;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
 import org.apache.syncope.core.persistence.api.entity.PasswordPolicy;
 import org.apache.syncope.core.persistence.api.entity.Policy;
-import org.apache.syncope.core.persistence.api.entity.group.Group;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.misc.policy.AccountPolicyEnforcer;
 import org.apache.syncope.core.misc.policy.AccountPolicyException;
 import org.apache.syncope.core.misc.policy.PasswordPolicyEnforcer;
 import org.apache.syncope.core.misc.policy.PolicyEvaluator;
+import org.apache.syncope.core.persistence.api.dao.RealmDAO;
+import org.apache.syncope.core.persistence.api.entity.Realm;
 import org.springframework.beans.factory.annotation.Autowired;
 
 public class UserValidator extends AbstractValidator<UserCheck, User> {
@@ -50,6 +51,9 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
     private PolicyDAO policyDAO;
 
     @Autowired
+    private RealmDAO realmDAO;
+
+    @Autowired
     private PolicyEvaluator evaluator;
 
     @Autowired
@@ -62,6 +66,15 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
     public boolean isValid(final User user, final ConstraintValidatorContext context) {
         context.disableDefaultConstraintViolation();
 
+        // need to treat it explicitly, otherwise policy evaluation will silently fail
+        if (user.getRealm() == null) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidRealm, "realm not specified")).
+                    addPropertyNode("realm").addConstraintViolation();
+
+            return false;
+        }
+
         // ------------------------------
         // Verify password policies
         // ------------------------------
@@ -71,7 +84,7 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
             int maxPPSpecHistory = 0;
             for (Policy policy : getPasswordPolicies(user)) {
                 // evaluate policy
-                final PasswordPolicySpec ppSpec = evaluator.evaluate(policy, user);
+                PasswordPolicySpec ppSpec = evaluator.evaluate(policy, user);
                 // enforce policy
                 ppEnforcer.enforce(ppSpec, policy.getType(), user);
 
@@ -117,7 +130,7 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
             // invalid username
             for (Policy policy : getAccountPolicies(user)) {
                 // evaluate policy
-                final AccountPolicySpec accountPolicy = evaluator.evaluate(policy, user);
+                AccountPolicySpec accountPolicy = evaluator.evaluate(policy, user);
 
                 // enforce policy
                 apEnforcer.enforce(accountPolicy, policy.getType(), user);
@@ -137,13 +150,9 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
     }
 
     private List<PasswordPolicy> getPasswordPolicies(final User user) {
-        final List<PasswordPolicy> policies = new ArrayList<>();
+        List<PasswordPolicy> policies = new ArrayList<>();
 
-        // Add global policy
-        PasswordPolicy policy = policyDAO.getGlobalPasswordPolicy();
-        if (policy != null) {
-            policies.add(policy);
-        }
+        PasswordPolicy policy;
 
         // add resource policies
         for (ExternalResource resource : user.getResources()) {
@@ -153,9 +162,9 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
             }
         }
 
-        // add group policies
-        for (Group group : user.getGroups()) {
-            policy = group.getPasswordPolicy();
+        // add realm policies
+        for (Realm realm : realmDAO.findAncestors(user.getRealm())) {
+            policy = realm.getPasswordPolicy();
             if (policy != null) {
                 policies.add(policy);
             }
@@ -165,13 +174,9 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
     }
 
     private List<AccountPolicy> getAccountPolicies(final User user) {
-        final List<AccountPolicy> policies = new ArrayList<>();
+        List<AccountPolicy> policies = new ArrayList<>();
 
-        // add global policy
-        AccountPolicy policy = policyDAO.getGlobalAccountPolicy();
-        if (policy != null) {
-            policies.add(policy);
-        }
+        AccountPolicy policy;
 
         // add resource policies
         for (ExternalResource resource : user.getResources()) {
@@ -181,9 +186,9 @@ public class UserValidator extends AbstractValidator<UserCheck, User> {
             }
         }
 
-        // add group policies
-        for (Group group : user.getGroups()) {
-            policy = group.getAccountPolicy();
+        // add realm policies
+        for (Realm realm : realmDAO.findAncestors(user.getRealm())) {
+            policy = realm.getAccountPolicy();
             if (policy != null) {
                 policies.add(policy);
             }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/resources/content.xml
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/resources/content.xml b/core/persistence-jpa/src/main/resources/content.xml
index 6b6c287..0f4ab83 100644
--- a/core/persistence-jpa/src/main/resources/content.xml
+++ b/core/persistence-jpa/src/main/resources/content.xml
@@ -108,87 +108,6 @@ under the License.
   <Notification id="2" active="1" recipientAttrName="email" recipientAttrType="UserPlainSchema" selfAsRecipient="1" 
                 sender="admin@syncope.apache.org" subject="Password Reset successful" template="confirmPasswordReset" 
                 traceLevel="FAILURES" userAbout="token!=$null"/> 
-  <Notification_events Notification_id="2" event="[CUSTOM]:[]:[]:[confirmPasswordReset]:[SUCCESS]"/>  
-  
-  <!-- Authentication and authorization -->
-  <Entitlement name="REALM_LIST"/>
-  <Entitlement name="REALM_CREATE"/>
-  <Entitlement name="REALM_UPDATE"/>
-  <Entitlement name="REALM_DELETE"/>
-  <Entitlement name="ROLE_LIST"/>
-  <Entitlement name="ROLE_CREATE"/>
-  <Entitlement name="ROLE_READ"/>
-  <Entitlement name="ROLE_UPDATE"/>
-  <Entitlement name="ROLE_DELETE"/>
-  <Entitlement name="SCHEMA_LIST"/>
-  <Entitlement name="SCHEMA_CREATE"/>
-  <Entitlement name="SCHEMA_READ"/>
-  <Entitlement name="SCHEMA_UPDATE"/>
-  <Entitlement name="SCHEMA_DELETE"/>
-  <Entitlement name="USER_LIST"/>
-  <Entitlement name="USER_CREATE"/>
-  <Entitlement name="USER_READ"/>
-  <Entitlement name="USER_UPDATE"/>
-  <Entitlement name="USER_DELETE"/>
-  <Entitlement name="USER_VIEW"/>
-  <Entitlement name="GROUP_LIST"/>
-  <Entitlement name="GROUP_CREATE"/>
-  <Entitlement name="GROUP_READ"/>
-  <Entitlement name="GROUP_UPDATE"/>
-  <Entitlement name="GROUP_DELETE"/>
-  <Entitlement name="RESOURCE_LIST"/>
-  <Entitlement name="RESOURCE_CREATE"/>
-  <Entitlement name="RESOURCE_READ"/>
-  <Entitlement name="RESOURCE_UPDATE"/>
-  <Entitlement name="RESOURCE_DELETE"/>
-  <Entitlement name="RESOURCE_GETCONNECTOROBJECT"/>
-  <Entitlement name="CONNECTOR_LIST"/>
-  <Entitlement name="CONNECTOR_CREATE"/>
-  <Entitlement name="CONNECTOR_READ"/>
-  <Entitlement name="CONNECTOR_UPDATE"/>
-  <Entitlement name="CONNECTOR_DELETE"/>
-  <Entitlement name="CONNECTOR_RELOAD"/>
-  <Entitlement name="CONFIGURATION_EXPORT"/>
-  <Entitlement name="CONFIGURATION_LIST"/>
-  <Entitlement name="CONFIGURATION_SET"/>
-  <Entitlement name="CONFIGURATION_DELETE"/>
-  <Entitlement name="TASK_LIST"/>
-  <Entitlement name="TASK_CREATE"/>
-  <Entitlement name="TASK_READ"/>
-  <Entitlement name="TASK_UPDATE"/>
-  <Entitlement name="TASK_DELETE"/>
-  <Entitlement name="TASK_EXECUTE"/>
-  <Entitlement name="POLICY_LIST"/>
-  <Entitlement name="POLICY_CREATE"/>
-  <Entitlement name="POLICY_READ"/>
-  <Entitlement name="POLICY_UPDATE"/>
-  <Entitlement name="POLICY_DELETE"/>
-  <Entitlement name="WORKFLOW_DEF_READ"/>
-  <Entitlement name="WORKFLOW_DEF_UPDATE"/>
-  <Entitlement name="WORKFLOW_TASK_LIST"/> 
-  <Entitlement name="WORKFLOW_FORM_LIST"/>
-  <Entitlement name="WORKFLOW_FORM_READ"/>
-  <Entitlement name="WORKFLOW_FORM_CLAIM"/>
-  <Entitlement name="WORKFLOW_FORM_SUBMIT"/>
-  <Entitlement name="NOTIFICATION_LIST"/>
-  <Entitlement name="NOTIFICATION_CREATE"/>
-  <Entitlement name="NOTIFICATION_READ"/>
-  <Entitlement name="NOTIFICATION_UPDATE"/>
-  <Entitlement name="NOTIFICATION_DELETE"/>
-  <Entitlement name="REPORT_LIST"/>
-  <Entitlement name="REPORT_READ"/>
-  <Entitlement name="REPORT_CREATE"/>
-  <Entitlement name="REPORT_UPDATE"/>
-  <Entitlement name="REPORT_DELETE"/>
-  <Entitlement name="REPORT_EXECUTE"/>
-  <Entitlement name="LOG_LIST"/>
-  <Entitlement name="LOG_SET_LEVEL"/>
-  <Entitlement name="LOG_DELETE"/>
-  <Entitlement name="AUDIT_LIST"/>
-  <Entitlement name="AUDIT_ENABLE"/>
-  <Entitlement name="AUDIT_DISABLE"/>
-  <Entitlement name="SECURITY_QUESTION_CREATE"/>
-  <Entitlement name="SECURITY_QUESTION_UPDATE"/>
-  <Entitlement name="SECURITY_QUESTION_DELETE"/>
+  <Notification_events Notification_id="2" event="[CUSTOM]:[]:[]:[confirmPasswordReset]:[SUCCESS]"/>
 
 </dataset>

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/main/resources/views.xml
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/resources/views.xml b/core/persistence-jpa/src/main/resources/views.xml
index aa0ec48..8cd392d 100644
--- a/core/persistence-jpa/src/main/resources/views.xml
+++ b/core/persistence-jpa/src/main/resources/views.xml
@@ -139,11 +139,5 @@ under the License.
     SELECT st.group_id AS subject_id, st.resource_name AS resource_name
     FROM SyncopeGroup_ExternalResource st
   </entry>
-  <entry key="group_search_entitlements">
-    CREATE VIEW group_search_entitlements AS
-
-    SELECT st.group_id AS subject_id, st.entitlement_name AS entitlement_name
-    FROM SyncopeGroup_Entitlement st
-  </entry>
 
 </properties>

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/AbstractTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/AbstractTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/AbstractTest.java
index 29a28de..668c868 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/AbstractTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/AbstractTest.java
@@ -18,7 +18,7 @@
  */
 package org.apache.syncope.core.persistence.jpa;
 
-import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory;
+import org.apache.syncope.core.persistence.api.entity.AttributableUtilsFactory;
 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -33,6 +33,6 @@ public abstract class AbstractTest {
     protected EntityFactory entityFactory;
 
     @Autowired
-    protected AttributableUtilFactory attrUtilFactory;
+    protected AttributableUtilsFactory attrUtilsFactory;
 
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttrTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttrTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttrTest.java
index 39e4cd2..289f898 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttrTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttrTest.java
@@ -87,15 +87,15 @@ public class AttrTest extends AbstractTest {
 
         Exception thrown = null;
         try {
-            attribute.addValue("john.doe@gmail.com", attrUtilFactory.getInstance(AttributableType.USER));
-            attribute.addValue("mario.rossi@gmail.com", attrUtilFactory.getInstance(AttributableType.USER));
+            attribute.addValue("john.doe@gmail.com", attrUtilsFactory.getInstance(AttributableType.USER));
+            attribute.addValue("mario.rossi@gmail.com", attrUtilsFactory.getInstance(AttributableType.USER));
         } catch (ValidationException e) {
             thrown = e;
         }
         assertNull("no validation exception expected here ", thrown);
 
         try {
-            attribute.addValue("http://www.apache.org", attrUtilFactory.getInstance(AttributableType.USER));
+            attribute.addValue("http://www.apache.org", attrUtilsFactory.getInstance(AttributableType.USER));
         } catch (ValidationException e) {
             thrown = e;
         }
@@ -119,13 +119,13 @@ public class AttrTest extends AbstractTest {
         Exception thrown = null;
 
         try {
-            attribute.addValue("A", attrUtilFactory.getInstance(AttributableType.USER));
+            attribute.addValue("A", attrUtilsFactory.getInstance(AttributableType.USER));
         } catch (ValidationException e) {
             thrown = e;
         }
         assertNotNull("validation exception expected here ", thrown);
 
-        attribute.addValue("M", attrUtilFactory.getInstance(AttributableType.USER));
+        attribute.addValue("M", attrUtilsFactory.getInstance(AttributableType.USER));
 
         InvalidEntityException iee = null;
         try {
@@ -183,7 +183,7 @@ public class AttrTest extends AbstractTest {
 
         UPlainAttr attribute = entityFactory.newEntity(UPlainAttr.class);
         attribute.setSchema(obscureSchema);
-        attribute.addValue("testvalue", attrUtilFactory.getInstance(AttributableType.USER));
+        attribute.addValue("testvalue", attrUtilsFactory.getInstance(AttributableType.USER));
         attribute.setOwner(user);
         user.addPlainAttr(attribute);
 
@@ -210,7 +210,7 @@ public class AttrTest extends AbstractTest {
 
         UPlainAttr attribute = entityFactory.newEntity(UPlainAttr.class);
         attribute.setSchema(photoSchema);
-        attribute.addValue(photoB64Value, attrUtilFactory.getInstance(AttributableType.USER));
+        attribute.addValue(photoB64Value, attrUtilsFactory.getInstance(AttributableType.USER));
         attribute.setOwner(user);
         user.addPlainAttr(attribute);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttributableSearchTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttributableSearchTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttributableSearchTest.java
index dc338b6..ea93dae 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttributableSearchTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/AttributableSearchTest.java
@@ -28,9 +28,10 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.Predicate;
+import org.apache.syncope.common.lib.SyncopeConstants;
 import org.apache.syncope.common.lib.types.SubjectType;
-import org.apache.syncope.core.persistence.api.GroupEntitlementUtil;
-import org.apache.syncope.core.persistence.api.dao.EntitlementDAO;
 import org.apache.syncope.core.persistence.api.dao.GroupDAO;
 import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
@@ -59,9 +60,6 @@ public class AttributableSearchTest extends AbstractTest {
     @Autowired
     private SubjectSearchDAO searchDAO;
 
-    @Autowired
-    private EntitlementDAO entitlementDAO;
-
     @Test
     public void userMatch() {
         User user = userDAO.find(1L);
@@ -111,8 +109,7 @@ public class AttributableSearchTest extends AbstractTest {
 
         assertTrue(cond.isValid());
 
-        List<User> users =
-                searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), cond, SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, cond, SubjectType.USER);
         assertNotNull(users);
         assertEquals(1, users.size());
     }
@@ -126,8 +123,7 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond cond = SearchCond.getNotLeafCond(fullnameLeafCond);
         assertTrue(cond.isValid());
 
-        List<User> users =
-                searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), cond, SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, cond, SubjectType.USER);
         assertNotNull(users);
         assertEquals(4, users.size());
 
@@ -148,8 +144,7 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond cond = SearchCond.getLeafCond(coolLeafCond);
         assertTrue(cond.isValid());
 
-        List<User> users =
-                searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), cond, SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, cond, SubjectType.USER);
         assertNotNull(users);
         assertEquals(1, users.size());
 
@@ -169,8 +164,8 @@ public class AttributableSearchTest extends AbstractTest {
         loginDateCond.setSchema("loginDate");
         loginDateCond.setExpression("2009-05-26");
 
-        SearchCond subCond = SearchCond.getAndCond(SearchCond.getLeafCond(fullnameLeafCond), SearchCond.getLeafCond(
-                membershipCond));
+        SearchCond subCond = SearchCond.getAndCond(
+                SearchCond.getLeafCond(fullnameLeafCond), SearchCond.getLeafCond(membershipCond));
 
         assertTrue(subCond.isValid());
 
@@ -178,13 +173,13 @@ public class AttributableSearchTest extends AbstractTest {
 
         assertTrue(cond.isValid());
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
                 cond, 1, 2, Collections.<OrderByClause>emptyList(),
                 SubjectType.USER);
         assertNotNull(users);
         assertEquals(1, users.size());
 
-        users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
+        users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
                 cond, 2, 2, Collections.<OrderByClause>emptyList(),
                 SubjectType.USER);
         assertNotNull(users);
@@ -196,16 +191,16 @@ public class AttributableSearchTest extends AbstractTest {
         MembershipCond membershipCond = new MembershipCond();
         membershipCond.setGroupId(1L);
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), SearchCond.getLeafCond(membershipCond),
-                SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
+                SearchCond.getLeafCond(membershipCond), SubjectType.USER);
         assertNotNull(users);
         assertEquals(2, users.size());
 
         membershipCond = new MembershipCond();
         membershipCond.setGroupId(5L);
 
-        users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), SearchCond.getNotLeafCond(membershipCond),
-                SubjectType.USER);
+        users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
+                SearchCond.getNotLeafCond(membershipCond), SubjectType.USER);
         assertNotNull(users);
         assertEquals(5, users.size());
     }
@@ -215,16 +210,16 @@ public class AttributableSearchTest extends AbstractTest {
         AttributeCond coolLeafCond = new AttributeCond(AttributeCond.Type.ISNULL);
         coolLeafCond.setSchema("cool");
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), SearchCond.getLeafCond(coolLeafCond),
-                SubjectType.USER);
+        List<User> users = searchDAO.search(
+                SyncopeConstants.FULL_ADMIN_REALMS, SearchCond.getLeafCond(coolLeafCond), SubjectType.USER);
         assertNotNull(users);
         assertEquals(4, users.size());
 
         coolLeafCond = new AttributeCond(AttributeCond.Type.ISNOTNULL);
         coolLeafCond.setSchema("cool");
 
-        users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), SearchCond.getLeafCond(coolLeafCond),
-                SubjectType.USER);
+        users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
+                SearchCond.getLeafCond(coolLeafCond), SubjectType.USER);
         assertNotNull(users);
         assertEquals(1, users.size());
     }
@@ -241,8 +236,7 @@ public class AttributableSearchTest extends AbstractTest {
 
         assertTrue(searchCondition.isValid());
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), searchCondition,
-                SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER);
 
         assertNotNull(users);
         assertEquals(1, users.size());
@@ -250,14 +244,12 @@ public class AttributableSearchTest extends AbstractTest {
 
     @Test
     public void searchByBooleanSubjectCond() {
-        SubjectCond booleanCond = new SubjectCond(SubjectCond.Type.EQ);
-        booleanCond.setSchema("inheritPlainAttrs");
+        AttributeCond booleanCond = new AttributeCond(SubjectCond.Type.EQ);
+        booleanCond.setSchema("show");
         booleanCond.setExpression("true");
 
-        SearchCond searchCondition = SearchCond.getLeafCond(booleanCond);
-
-        List<Group> matchingGroups = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCondition, SubjectType.GROUP);
+        List<Group> matchingGroups = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
+                SearchCond.getLeafCond(booleanCond), SubjectType.GROUP);
         assertNotNull(matchingGroups);
         assertFalse(matchingGroups.isEmpty());
     }
@@ -272,16 +264,17 @@ public class AttributableSearchTest extends AbstractTest {
         idRightCond.setSchema("key");
         idRightCond.setExpression("2");
 
-        SearchCond searchCondition = SearchCond.getAndCond(SearchCond.getLeafCond(usernameLeafCond),
+        SearchCond searchCondition = SearchCond.getAndCond(
+                SearchCond.getLeafCond(usernameLeafCond),
                 SearchCond.getLeafCond(idRightCond));
 
-        List<User> matchingUsers = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
+        List<User> matchingUsers = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
                 searchCondition, SubjectType.USER);
 
         assertNotNull(matchingUsers);
         assertEquals(1, matchingUsers.size());
         assertEquals("rossini", matchingUsers.iterator().next().getUsername());
-        assertEquals(1L, matchingUsers.iterator().next().getKey().longValue());
+        assertEquals(1L, matchingUsers.iterator().next().getKey(), 0);
     }
 
     @Test
@@ -294,18 +287,19 @@ public class AttributableSearchTest extends AbstractTest {
         idRightCond.setSchema("key");
         idRightCond.setExpression("2");
 
-        SearchCond searchCondition = SearchCond.getAndCond(SearchCond.getLeafCond(groupNameLeafCond),
+        SearchCond searchCondition = SearchCond.getAndCond(
+                SearchCond.getLeafCond(groupNameLeafCond),
                 SearchCond.getLeafCond(idRightCond));
 
         assertTrue(searchCondition.isValid());
 
-        List<Group> matchingGroups = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
+        List<Group> matchingGroups = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
                 searchCondition, SubjectType.GROUP);
 
         assertNotNull(matchingGroups);
         assertEquals(1, matchingGroups.size());
         assertEquals("root", matchingGroups.iterator().next().getName());
-        assertEquals(1L, matchingGroups.iterator().next().getKey().longValue());
+        assertEquals(1L, matchingGroups.iterator().next().getKey(), 0);
     }
 
     @Test
@@ -318,13 +312,12 @@ public class AttributableSearchTest extends AbstractTest {
         idRightCond.setSchema("fullname");
         idRightCond.setExpression("Giuseppe V%");
 
-        SearchCond searchCondition = SearchCond.getOrCond(SearchCond.getLeafCond(usernameLeafCond),
+        SearchCond searchCondition = SearchCond.getOrCond(
+                SearchCond.getLeafCond(usernameLeafCond),
                 SearchCond.getLeafCond(idRightCond));
 
-        List<User> matchingUsers =
-                searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), searchCondition,
-                        SubjectType.USER);
-
+        List<User> matchingUsers = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
+                searchCondition, SubjectType.USER);
         assertNotNull(matchingUsers);
         assertEquals(2, matchingUsers.size());
     }
@@ -338,13 +331,10 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond searchCondition = SearchCond.getLeafCond(idLeafCond);
         assertTrue(searchCondition.isValid());
 
-        List<User> users =
-                searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), searchCondition,
-                        SubjectType.USER);
-
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER);
         assertNotNull(users);
         assertEquals(1, users.size());
-        assertEquals(1L, users.iterator().next().getKey().longValue());
+        assertEquals(1L, users.iterator().next().getKey(), 0);
 
         idLeafCond = new SubjectCond(SubjectCond.Type.LT);
         idLeafCond.setSchema("id");
@@ -353,18 +343,16 @@ public class AttributableSearchTest extends AbstractTest {
         searchCondition = SearchCond.getNotLeafCond(idLeafCond);
         assertTrue(searchCondition.isValid());
 
-        users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), searchCondition,
-                SubjectType.USER);
-
+        users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER);
         assertNotNull(users);
         assertEquals(2, users.size());
-        boolean found = false;
-        for (User user : users) {
-            if (user.getKey() == 4) {
-                found = true;
+        assertTrue(CollectionUtils.exists(users, new Predicate<User>() {
+
+            @Override
+            public boolean evaluate(User user) {
+                return user.getKey() == 4;
             }
-        }
-        assertTrue(found);
+        }));
     }
 
     @Test
@@ -378,7 +366,7 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond searchCondition = SearchCond.getOrCond(
                 SearchCond.getLeafCond(usernameLeafCond), SearchCond.getLeafCond(idRightCond));
 
-        List<OrderByClause> orderByClauses = new ArrayList<OrderByClause>();
+        List<OrderByClause> orderByClauses = new ArrayList<>();
         OrderByClause orderByClause = new OrderByClause();
         orderByClause.setField("username");
         orderByClause.setDirection(OrderByClause.Direction.DESC);
@@ -388,11 +376,9 @@ public class AttributableSearchTest extends AbstractTest {
         orderByClause.setDirection(OrderByClause.Direction.ASC);
         orderByClauses.add(orderByClause);
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCondition, Collections.singletonList(orderByClause),
-                SubjectType.USER);
-        assertEquals(searchDAO.count(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCondition, SubjectType.USER),
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
+                searchCondition, orderByClauses, SubjectType.USER);
+        assertEquals(searchDAO.count(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER),
                 users.size());
     }
 
@@ -407,9 +393,9 @@ public class AttributableSearchTest extends AbstractTest {
         OrderByClause orderByClause = new OrderByClause();
         orderByClause.setField("name");
 
-        List<Group> groups = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
+        List<Group> groups = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS,
                 searchCondition, Collections.singletonList(orderByClause), SubjectType.GROUP);
-        assertEquals(searchDAO.count(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
+        assertEquals(searchDAO.count(SyncopeConstants.FULL_ADMIN_REALMS,
                 searchCondition, SubjectType.GROUP),
                 groups.size());
     }
@@ -426,17 +412,16 @@ public class AttributableSearchTest extends AbstractTest {
                 SearchCond.getAndCond(SearchCond.getNotLeafCond(ws2), SearchCond.getNotLeafCond(ws1));
         assertTrue(searchCondition.isValid());
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCondition, SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER);
         assertNotNull(users);
         assertEquals(2, users.size());
-        boolean found = false;
-        for (User user : users) {
-            if (user.getKey() == 4) {
-                found = true;
+        assertTrue(CollectionUtils.exists(users, new Predicate<User>() {
+
+            @Override
+            public boolean evaluate(User user) {
+                return user.getKey() == 4;
             }
-        }
-        assertTrue(found);
+        }));
     }
 
     @Test
@@ -448,8 +433,7 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond searchCondition = SearchCond.getLeafCond(cond);
         assertTrue(searchCondition.isValid());
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCondition, SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER);
         assertNotNull(users);
         assertTrue(users.isEmpty());
     }
@@ -463,8 +447,7 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond searchCondition = SearchCond.getLeafCond(cond);
         assertTrue(searchCondition.isValid());
 
-        List<User> users = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()),
-                searchCondition, SubjectType.USER);
+        List<User> users = searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, searchCondition, SubjectType.USER);
         assertNotNull(users);
         assertEquals(1, users.size());
     }
@@ -481,8 +464,7 @@ public class AttributableSearchTest extends AbstractTest {
         SearchCond searchCond = SearchCond.getOrCond(
                 SearchCond.getLeafCond(isNullCond), SearchCond.getLeafCond(likeCond));
 
-        Integer count = searchDAO.count(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), searchCond,
-                SubjectType.USER);
+        Integer count = searchDAO.count(SyncopeConstants.FULL_ADMIN_REALMS, searchCond, SubjectType.USER);
         assertNotNull(count);
         assertTrue(count > 0);
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/ConfTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/ConfTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/ConfTest.java
index e5e1ecc..2539a44 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/ConfTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/ConfTest.java
@@ -72,7 +72,7 @@ public class ConfTest extends AbstractTest {
         // 2. create conf
         CPlainAttr newConf = entityFactory.newEntity(CPlainAttr.class);
         newConf.setSchema(useless);
-        newConf.addValue("2014-06-20", attrUtilFactory.getInstance(AttributableType.CONFIGURATION));
+        newConf.addValue("2014-06-20", attrUtilsFactory.getInstance(AttributableType.CONFIGURATION));
         confDAO.save(newConf);
 
         CPlainAttr actual = confDAO.find("useless");
@@ -80,7 +80,7 @@ public class ConfTest extends AbstractTest {
 
         // 3. update conf
         newConf.getValues().clear();
-        newConf.addValue("2014-06-20", attrUtilFactory.getInstance(AttributableType.CONFIGURATION));
+        newConf.addValue("2014-06-20", attrUtilsFactory.getInstance(AttributableType.CONFIGURATION));
         confDAO.save(newConf);
 
         actual = confDAO.find("useless");

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/DerSchemaTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/DerSchemaTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/DerSchemaTest.java
index e7f7533..8b4090b 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/DerSchemaTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/entity/DerSchemaTest.java
@@ -73,7 +73,7 @@ public class DerSchemaTest extends AbstractTest {
         UDerSchema cn = derSchemaDAO.find("cn", UDerSchema.class);
         assertNotNull(cn);
 
-        derSchemaDAO.delete(cn.getKey(), attrUtilFactory.getInstance(AttributableType.USER));
+        derSchemaDAO.delete(cn.getKey(), attrUtilsFactory.getInstance(AttributableType.USER));
 
         DerSchema actual = derSchemaDAO.find("cn", UDerSchema.class);
         assertNull("delete did not work", actual);
@@ -82,7 +82,7 @@ public class DerSchemaTest extends AbstractTest {
         GDerSchema rderiveddata = derSchemaDAO.find("rderiveddata", GDerSchema.class);
         assertNotNull(rderiveddata);
 
-        derSchemaDAO.delete(rderiveddata.getKey(), attrUtilFactory.getInstance(AttributableType.GROUP));
+        derSchemaDAO.delete(rderiveddata.getKey(), attrUtilsFactory.getInstance(AttributableType.GROUP));
 
         actual = derSchemaDAO.find("rderiveddata", GDerSchema.class);
         assertNull("delete did not work", actual);


Mime
View raw message