syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [16/57] syncope git commit: [SYNCOPE-119] Renaming Role to Group
Date Tue, 21 Apr 2015 09:33:45 GMT
http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
index aac337a..ce3b36c 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
@@ -75,17 +75,17 @@ public final class Encryptor {
      */
     private static final boolean DEFAULT_ULSSC = true;
 
-    private static String secretKey;
+    private static String SECRET_KEY;
 
-    private static Integer saltIterations;
+    private static Integer SALT_ITERATIONS;
 
-    private static Integer saltSizeBytes;
+    private static Integer SALT_SIZE_BYTES;
 
-    private static Boolean ipopsier;
+    private static Boolean IPOPSIER;
 
-    private static Boolean iposimbd;
+    private static Boolean IPOSIMBD;
 
-    private static Boolean ulssc;
+    private static Boolean ULSSC;
 
     static {
         InputStream propStream = null;
@@ -94,46 +94,46 @@ public final class Encryptor {
             Properties props = new Properties();
             props.load(propStream);
 
-            secretKey = props.getProperty("secretKey");
-            saltIterations = Integer.valueOf(props.getProperty("digester.saltIterations"));
-            saltSizeBytes = Integer.valueOf(props.getProperty("digester.saltSizeBytes"));
-            ipopsier = Boolean.valueOf(props.getProperty("digester.invertPositionOfPlainSaltInEncryptionResults"));
-            iposimbd = Boolean.valueOf(props.getProperty("digester.invertPositionOfSaltInMessageBeforeDigesting"));
-            ulssc = Boolean.valueOf(props.getProperty("digester.useLenientSaltSizeCheck"));
+            SECRET_KEY = props.getProperty("secretKey");
+            SALT_ITERATIONS = Integer.valueOf(props.getProperty("digester.saltIterations"));
+            SALT_SIZE_BYTES = Integer.valueOf(props.getProperty("digester.saltSizeBytes"));
+            IPOPSIER = Boolean.valueOf(props.getProperty("digester.invertPositionOfPlainSaltInEncryptionResults"));
+            IPOSIMBD = Boolean.valueOf(props.getProperty("digester.invertPositionOfSaltInMessageBeforeDigesting"));
+            ULSSC = Boolean.valueOf(props.getProperty("digester.useLenientSaltSizeCheck"));
         } catch (Exception e) {
             LOG.error("Could not read security parameters", e);
         } finally {
             IOUtils.closeQuietly(propStream);
         }
 
-        if (secretKey == null) {
-            secretKey = DEFAULT_SECRET_KEY;
+        if (SECRET_KEY == null) {
+            SECRET_KEY = DEFAULT_SECRET_KEY;
             LOG.debug("secretKey not found, reverting to default");
         }
-        if (saltIterations == null) {
-            saltIterations = DEFAULT_SALT_ITERATIONS;
+        if (SALT_ITERATIONS == null) {
+            SALT_ITERATIONS = DEFAULT_SALT_ITERATIONS;
             LOG.debug("digester.saltIterations not found, reverting to default");
         }
-        if (saltSizeBytes == null) {
-            saltSizeBytes = DEFAULT_SALT_SIZE_BYTES;
+        if (SALT_SIZE_BYTES == null) {
+            SALT_SIZE_BYTES = DEFAULT_SALT_SIZE_BYTES;
             LOG.debug("digester.saltSizeBytes not found, reverting to default");
         }
-        if (ipopsier == null) {
-            ipopsier = DEFAULT_IPOPSIER;
+        if (IPOPSIER == null) {
+            IPOPSIER = DEFAULT_IPOPSIER;
             LOG.debug("digester.invertPositionOfPlainSaltInEncryptionResults not found, reverting to default");
         }
-        if (iposimbd == null) {
-            iposimbd = DEFAULT_IPOSIMBD;
+        if (IPOSIMBD == null) {
+            IPOSIMBD = DEFAULT_IPOSIMBD;
             LOG.debug("digester.invertPositionOfSaltInMessageBeforeDigesting not found, reverting to default");
         }
-        if (ulssc == null) {
-            ulssc = DEFAULT_ULSSC;
+        if (ULSSC == null) {
+            ULSSC = DEFAULT_ULSSC;
             LOG.debug("digester.useLenientSaltSizeCheck not found, reverting to default");
         }
     }
 
     public static Encryptor getInstance() {
-        return getInstance(secretKey);
+        return getInstance(SECRET_KEY);
     }
 
     public static Encryptor getInstance(final String secretKey) {
@@ -163,7 +163,7 @@ public final class Encryptor {
 
         try {
             keySpec = new SecretKeySpec(ArrayUtils.subarray(
-                    actualKey.getBytes(SyncopeConstants.DEFAULT_ENCODING), 0, 16),
+                    actualKey.getBytes(SyncopeConstants.DEFAULT_CHARSET), 0, 16),
                     CipherAlgorithm.AES.getAlgorithm());
         } catch (Exception e) {
             LOG.error("Error during key specification", e);
@@ -178,7 +178,7 @@ public final class Encryptor {
 
         if (value != null) {
             if (cipherAlgorithm == null || cipherAlgorithm == CipherAlgorithm.AES) {
-                final byte[] cleartext = value.getBytes(SyncopeConstants.DEFAULT_ENCODING);
+                final byte[] cleartext = value.getBytes(SyncopeConstants.DEFAULT_CHARSET);
 
                 final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm());
                 cipher.init(Cipher.ENCRYPT_MODE, keySpec);
@@ -221,12 +221,12 @@ public final class Encryptor {
         String value = null;
 
         if (encodedValue != null && cipherAlgorithm == CipherAlgorithm.AES) {
-            final byte[] encoded = encodedValue.getBytes(SyncopeConstants.DEFAULT_ENCODING);
+            final byte[] encoded = encodedValue.getBytes(SyncopeConstants.DEFAULT_CHARSET);
 
             final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm());
             cipher.init(Cipher.DECRYPT_MODE, keySpec);
 
-            value = new String(cipher.doFinal(Base64.decode(encoded)), SyncopeConstants.DEFAULT_ENCODING);
+            value = new String(cipher.doFinal(Base64.decode(encoded)), SyncopeConstants.DEFAULT_CHARSET);
         }
 
         return value;
@@ -238,11 +238,11 @@ public final class Encryptor {
         if (cipherAlgorithm.getAlgorithm().startsWith("S-")) {
             // Salted ...
             digester.setAlgorithm(cipherAlgorithm.getAlgorithm().replaceFirst("S\\-", ""));
-            digester.setIterations(saltIterations);
-            digester.setSaltSizeBytes(saltSizeBytes);
-            digester.setInvertPositionOfPlainSaltInEncryptionResults(ipopsier);
-            digester.setInvertPositionOfSaltInMessageBeforeDigesting(iposimbd);
-            digester.setUseLenientSaltSizeCheck(ulssc);
+            digester.setIterations(SALT_ITERATIONS);
+            digester.setSaltSizeBytes(SALT_SIZE_BYTES);
+            digester.setInvertPositionOfPlainSaltInEncryptionResults(IPOPSIER);
+            digester.setInvertPositionOfSaltInMessageBeforeDigesting(IPOSIMBD);
+            digester.setUseLenientSaltSizeCheck(ULSSC);
         } else {
             // Not salted ...
             digester.setAlgorithm(cipherAlgorithm.getAlgorithm());

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
index 3f8060e..8ed136b 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
@@ -26,7 +26,7 @@ import org.apache.syncope.common.lib.types.PasswordPolicySpec;
 import org.apache.syncope.core.persistence.api.dao.PolicyDAO;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
 import org.apache.syncope.core.persistence.api.entity.PasswordPolicy;
-import org.apache.syncope.core.persistence.api.entity.role.Role;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.misc.policy.InvalidPasswordPolicySpecException;
 import org.apache.syncope.core.misc.policy.PolicyPattern;
@@ -66,11 +66,11 @@ public class PasswordGenerator {
             ppSpecs.add(globalPP.getSpecification(PasswordPolicySpec.class));
         }
 
-        for (Role role : user.getRoles()) {
-            if (role.getPasswordPolicy() != null
-                    && role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
+        for (Group group : user.getGroups()) {
+            if (group.getPasswordPolicy() != null
+                    && group.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
 
-                ppSpecs.add(role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
+                ppSpecs.add(group.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
             }
         }
 
@@ -287,13 +287,15 @@ public class PasswordGenerator {
         if (policySpec.isUppercaseRequired()
                 && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(generatedPassword)).matches()) {
 
-            generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomLetter().toUpperCase();
+            generatedPassword[firstEmptyChar(generatedPassword)] =
+                    SecureRandomUtil.generateRandomLetter().toUpperCase();
         }
 
         if (policySpec.isLowercaseRequired()
                 && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(generatedPassword)).matches()) {
 
-            generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomLetter().toLowerCase();
+            generatedPassword[firstEmptyChar(generatedPassword)] =
+                    SecureRandomUtil.generateRandomLetter().toLowerCase();
         }
 
         if (policySpec.isNonAlphanumericRequired()

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtil.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtil.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtil.java
index 39a0112..7939a83 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtil.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtil.java
@@ -38,7 +38,7 @@ public final class SecureRandomUtil {
         return RandomStringUtils.random(1, 0, 0, false, true, null, RANDOM);
     }
 
-    public static String generateRandomSpecialCharacter(char[] characters) {
+    public static String generateRandomSpecialCharacter(final char[] characters) {
         return RandomStringUtils.random(1, 0, 0, false, false, characters, RANDOM);
     }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
index 607deb6..0094aef 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
@@ -35,7 +35,7 @@ import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
 import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
 import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr;
-import org.apache.syncope.core.persistence.api.entity.role.Role;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.provisioning.api.ConnectorFactory;
 import org.apache.syncope.core.misc.AuditManager;
@@ -50,7 +50,6 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -123,9 +122,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
 
     @Override
     @Transactional(noRollbackFor = { BadCredentialsException.class, DisabledException.class })
-    public Authentication authenticate(final Authentication authentication)
-            throws AuthenticationException {
-
+    public Authentication authenticate(final Authentication authentication) {
         boolean authenticated = false;
         User user = null;
 
@@ -174,9 +171,9 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
                     null,
                     authenticated,
                     authentication,
-                    "Successfully authenticated, with roles: " + token.getAuthorities());
+                    "Successfully authenticated, with groups: " + token.getAuthorities());
 
-            LOG.debug("User {} successfully authenticated, with roles {}",
+            LOG.debug("User {} successfully authenticated, with groups {}",
                     authentication.getPrincipal(), token.getAuthorities());
         } else {
             auditManager.audit(
@@ -198,7 +195,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
         return token;
     }
 
-    protected void updateLoginAttributes(User user, boolean authenticated) {
+    protected void updateLoginAttributes(final User user, final boolean authenticated) {
         boolean userModified = false;
 
         if (authenticated) {
@@ -235,13 +232,13 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
             }
         }
 
-        // 2. look for owned roles, pick the ones whose account policy has authentication resources
-        for (Role role : user.getRoles()) {
-            if (role.getAccountPolicy() != null && !role.getAccountPolicy().getResources().isEmpty()) {
+        // 2. look for owned groups, pick the ones whose account policy has authentication resources
+        for (Group group : user.getGroups()) {
+            if (group.getAccountPolicy() != null && !group.getAccountPolicy().getResources().isEmpty()) {
                 if (result == null) {
-                    result = role.getAccountPolicy().getResources();
+                    result = group.getAccountPolicy().getResources();
                 } else {
-                    result.retainAll(role.getAccountPolicy().getResources());
+                    result.retainAll(group.getAccountPolicy().getResources());
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeUserDetailsService.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeUserDetailsService.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeUserDetailsService.java
index 16eecf7..d617ae2 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeUserDetailsService.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeUserDetailsService.java
@@ -23,15 +23,14 @@ import java.util.List;
 import java.util.Set;
 import javax.annotation.Resource;
 import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.core.persistence.api.RoleEntitlementUtil;
+import org.apache.syncope.core.persistence.api.GroupEntitlementUtil;
 import org.apache.syncope.core.persistence.api.dao.EntitlementDAO;
-import org.apache.syncope.core.persistence.api.dao.RoleDAO;
+import org.apache.syncope.core.persistence.api.dao.GroupDAO;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
 import org.apache.syncope.core.persistence.api.entity.Entitlement;
-import org.apache.syncope.core.persistence.api.entity.role.Role;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Configurable;
-import org.springframework.dao.DataAccessException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -45,7 +44,7 @@ public class SyncopeUserDetailsService implements UserDetailsService {
     protected UserDAO userDAO;
 
     @Autowired
-    protected RoleDAO roleDAO;
+    protected GroupDAO groupDAO;
 
     @Autowired
     protected EntitlementDAO entitlementDAO;
@@ -57,7 +56,7 @@ public class SyncopeUserDetailsService implements UserDetailsService {
     protected String anonymousUser;
 
     @Override
-    public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException, DataAccessException {
+    public UserDetails loadUserByUsername(final String username) {
         final Set<SimpleGrantedAuthority> authorities = new HashSet<>();
         if (anonymousUser.equals(username)) {
             authorities.add(new SimpleGrantedAuthority(SyncopeConstants.ANONYMOUS_ENTITLEMENT));
@@ -72,27 +71,27 @@ public class SyncopeUserDetailsService implements UserDetailsService {
                 throw new UsernameNotFoundException("Could not find any user with id " + username);
             }
 
-            // Give entitlements based on roles assigned to user (and their ancestors)
-            final Set<Role> roles = new HashSet<>(user.getRoles());
-            for (Role role : user.getRoles()) {
-                roles.addAll(roleDAO.findAncestors(role));
+            // Give entitlements based on groups assigned to user (and their ancestors)
+            final Set<Group> groups = new HashSet<>(user.getGroups());
+            for (Group group : user.getGroups()) {
+                groups.addAll(groupDAO.findAncestors(group));
             }
-            for (Role role : roles) {
-                for (Entitlement entitlement : role.getEntitlements()) {
+            for (Group group : groups) {
+                for (Entitlement entitlement : group.getEntitlements()) {
                     authorities.add(new SimpleGrantedAuthority(entitlement.getKey()));
                 }
             }
-            // Give role operational entitlements for owned roles
-            List<Role> ownedRoles = roleDAO.findOwnedByUser(user.getKey());
-            if (!ownedRoles.isEmpty()) {
-                authorities.add(new SimpleGrantedAuthority("ROLE_CREATE"));
-                authorities.add(new SimpleGrantedAuthority("ROLE_READ"));
-                authorities.add(new SimpleGrantedAuthority("ROLE_UPDATE"));
-                authorities.add(new SimpleGrantedAuthority("ROLE_DELETE"));
+            // Give group operational entitlements for owned groups
+            List<Group> ownedGroups = groupDAO.findOwnedByUser(user.getKey());
+            if (!ownedGroups.isEmpty()) {
+                authorities.add(new SimpleGrantedAuthority("GROUP_CREATE"));
+                authorities.add(new SimpleGrantedAuthority("GROUP_READ"));
+                authorities.add(new SimpleGrantedAuthority("GROUP_UPDATE"));
+                authorities.add(new SimpleGrantedAuthority("GROUP_DELETE"));
 
-                for (Role role : ownedRoles) {
+                for (Group group : ownedGroups) {
                     authorities.add(new SimpleGrantedAuthority(
-                            RoleEntitlementUtil.getEntitlementNameFromRoleKey(role.getKey())));
+                            GroupEntitlementUtil.getEntitlementNameFromGroupKey(group.getKey())));
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedGroupException.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedGroupException.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedGroupException.java
new file mode 100644
index 0000000..006be64
--- /dev/null
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedGroupException.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.misc.security;
+
+import java.util.Collections;
+import java.util.Set;
+
+public class UnauthorizedGroupException extends RuntimeException {
+
+    private static final long serialVersionUID = 7540587364235915081L;
+
+    private final Set<Long> groupIds;
+
+    public UnauthorizedGroupException(final Set<Long> groupIds) {
+        super("Missing entitlement for group(s) " + groupIds);
+        this.groupIds = groupIds;
+    }
+
+    public UnauthorizedGroupException(final Long groupId) {
+        this(Collections.singleton(groupId));
+    }
+
+    public Set<Long> getGroupIds() {
+        return groupIds;
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedRoleException.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedRoleException.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedRoleException.java
deleted file mode 100644
index 8c29871..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/UnauthorizedRoleException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.util.Collections;
-import java.util.Set;
-
-public class UnauthorizedRoleException extends RuntimeException {
-
-    private static final long serialVersionUID = 7540587364235915081L;
-
-    private final Set<Long> roleIds;
-
-    public UnauthorizedRoleException(final Set<Long> roleIds) {
-        super("Missing entitlement for role(s) " + roleIds);
-        this.roleIds = roleIds;
-    }
-
-    public UnauthorizedRoleException(final Long roleId) {
-        this(Collections.singleton(roleId));
-    }
-
-    public Set<Long> getRoleIds() {
-        return roleIds;
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeDeserializer.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeDeserializer.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeDeserializer.java
index 3da92ee..5c2ab51 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeDeserializer.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeDeserializer.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.misc.serialization;
 
 import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -40,7 +39,7 @@ class AttributeDeserializer extends JsonDeserializer<Attribute> {
 
     @Override
     public Attribute deserialize(final JsonParser jp, final DeserializationContext ctx)
-            throws IOException, JsonProcessingException {
+            throws IOException {
 
         ObjectNode tree = jp.readValueAsTree();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeSerializer.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeSerializer.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeSerializer.java
index 2fff021..3c79c28 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeSerializer.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/AttributeSerializer.java
@@ -19,27 +19,22 @@
 package org.apache.syncope.core.misc.serialization;
 
 import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import java.io.IOException;
 import org.identityconnectors.common.Base64;
 import org.identityconnectors.common.security.GuardedString;
 import org.identityconnectors.framework.common.objects.Attribute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 class AttributeSerializer extends JsonSerializer<Attribute> {
 
-    private static final Logger LOG = LoggerFactory.getLogger(AttributeSerializer.class);
-
     public static final String BYTE_ARRAY_PREFIX = "<binary>";
 
     public static final String BYTE_ARRAY_SUFFIX = "</binary>";
 
     @Override
     public void serialize(final Attribute source, final JsonGenerator jgen, final SerializerProvider sp)
-            throws IOException, JsonProcessingException {
+            throws IOException {
 
         jgen.writeStartObject();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringDeserializer.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringDeserializer.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringDeserializer.java
index d8c372d..1cd0ec0 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringDeserializer.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringDeserializer.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.misc.serialization;
 
 import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -37,7 +36,7 @@ class GuardedStringDeserializer extends JsonDeserializer<GuardedString> {
 
     @Override
     public GuardedString deserialize(final JsonParser jp, final DeserializationContext ctx)
-            throws IOException, JsonProcessingException {
+            throws IOException {
 
         ObjectNode tree = jp.readValueAsTree();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringSerializer.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringSerializer.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringSerializer.java
index de9f60a..c86fb2e 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringSerializer.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/GuardedStringSerializer.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.misc.serialization;
 
 import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import java.io.IOException;
@@ -36,7 +35,7 @@ class GuardedStringSerializer extends JsonSerializer<GuardedString> {
 
     @Override
     public void serialize(final GuardedString source, final JsonGenerator jgen, final SerializerProvider sp)
-            throws IOException, JsonProcessingException {
+            throws IOException {
 
         jgen.writeStartObject();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenDeserializer.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenDeserializer.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenDeserializer.java
index 3497373..cc25ef3 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenDeserializer.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenDeserializer.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.misc.serialization;
 
 import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -32,7 +31,7 @@ class SyncTokenDeserializer extends JsonDeserializer<SyncToken> {
 
     @Override
     public SyncToken deserialize(final JsonParser jp, final DeserializationContext ctx)
-            throws IOException, JsonProcessingException {
+            throws IOException {
 
         ObjectNode tree = jp.readValueAsTree();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenSerializer.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenSerializer.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenSerializer.java
index c2f2183..eb75eb2 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenSerializer.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/SyncTokenSerializer.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.misc.serialization;
 
 import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import java.io.IOException;
@@ -30,7 +29,7 @@ class SyncTokenSerializer extends JsonSerializer<SyncToken> {
 
     @Override
     public void serialize(final SyncToken source, final JsonGenerator jgen, final SerializerProvider sp)
-            throws IOException, JsonProcessingException {
+            throws IOException {
 
         jgen.writeStartObject();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/UnwrappedObjectMapper.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/UnwrappedObjectMapper.java b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/UnwrappedObjectMapper.java
index b79b6bd..61770e0 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/UnwrappedObjectMapper.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/serialization/UnwrappedObjectMapper.java
@@ -18,10 +18,8 @@
  */
 package org.apache.syncope.core.misc.serialization;
 
-import com.fasterxml.jackson.core.JsonGenerationException;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import java.io.File;
 import java.io.IOException;
@@ -57,28 +55,28 @@ public class UnwrappedObjectMapper extends ObjectMapper {
 
     @Override
     public void writeValue(final JsonGenerator jgen, final Object value)
-            throws IOException, JsonGenerationException, JsonMappingException {
+            throws IOException {
 
         super.writeValue(jgen, unwrapMap(value));
     }
 
     @Override
     public void writeValue(final File resultFile, final Object value)
-            throws IOException, JsonGenerationException, JsonMappingException {
+            throws IOException {
 
         super.writeValue(resultFile, unwrapMap(value));
     }
 
     @Override
     public void writeValue(final OutputStream out, final Object value)
-            throws IOException, JsonGenerationException, JsonMappingException {
+            throws IOException {
 
         super.writeValue(out, unwrapMap(value));
     }
 
     @Override
     public void writeValue(final Writer w, final Object value)
-            throws IOException, JsonGenerationException, JsonMappingException {
+            throws IOException {
 
         super.writeValue(w, unwrapMap(value));
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/spring/ApplicationContextProvider.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/spring/ApplicationContextProvider.java b/core/misc/src/main/java/org/apache/syncope/core/misc/spring/ApplicationContextProvider.java
index dfbcbe4..1aa4367 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/spring/ApplicationContextProvider.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/spring/ApplicationContextProvider.java
@@ -25,14 +25,14 @@ import org.springframework.context.ConfigurableApplicationContext;
 
 public class ApplicationContextProvider implements ApplicationContextAware {
 
-    private static ConfigurableApplicationContext ctx;
+    private static ConfigurableApplicationContext CTX;
 
     public static ConfigurableApplicationContext getApplicationContext() {
-        return ctx;
+        return CTX;
     }
 
     public static DefaultListableBeanFactory getBeanFactory() {
-        return (DefaultListableBeanFactory) ctx.getBeanFactory();
+        return (DefaultListableBeanFactory) CTX.getBeanFactory();
     }
 
     /**
@@ -42,6 +42,6 @@ public class ApplicationContextProvider implements ApplicationContextAware {
      */
     @Override
     public void setApplicationContext(final ApplicationContext ctx) {
-        ApplicationContextProvider.ctx = (ConfigurableApplicationContext) ctx;
+        CTX = (ConfigurableApplicationContext) ctx;
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/java/org/apache/syncope/core/misc/spring/BeanUtils.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/spring/BeanUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/spring/BeanUtils.java
index 97b57db..5f9fd4d 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/spring/BeanUtils.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/spring/BeanUtils.java
@@ -29,7 +29,6 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import org.springframework.beans.BeansException;
 import org.springframework.beans.FatalBeanException;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
@@ -58,12 +57,12 @@ public final class BeanUtils {
      * This is just a convenience method. For more complex transfer needs,
      * consider using a full BeanWrapper.
      * </p>
+     *
      * @param source the source bean
      * @param target the target bean
-     * @throws BeansException if the copying failed
      * @see org.springframework.beans.BeanWrapper
      */
-    public static void copyProperties(final Object source, final Object target) throws BeansException {
+    public static void copyProperties(final Object source, final Object target) {
         copyProperties(source, target, null, (String[]) null);
     }
 
@@ -82,12 +81,9 @@ public final class BeanUtils {
      * @param source the source bean
      * @param target the target bean
      * @param editable the class (or interface) to restrict property setting to
-     * @throws BeansException if the copying failed
      * @see org.springframework.beans.BeanWrapper
      */
-    public static void copyProperties(final Object source, final Object target, final Class<?> editable)
-            throws BeansException {
-
+    public static void copyProperties(final Object source, final Object target, final Class<?> editable) {
         copyProperties(source, target, editable, (String[]) null);
     }
 
@@ -106,12 +102,9 @@ public final class BeanUtils {
      * @param source the source bean
      * @param target the target bean
      * @param ignoreProperties array of property names to ignore
-     * @throws BeansException if the copying failed
      * @see org.springframework.beans.BeanWrapper
      */
-    public static void copyProperties(final Object source, final Object target, final String... ignoreProperties)
-            throws BeansException {
-
+    public static void copyProperties(final Object source, final Object target, final String... ignoreProperties) {
         copyProperties(source, target, null, ignoreProperties);
     }
 
@@ -127,12 +120,11 @@ public final class BeanUtils {
      * @param target the target bean
      * @param editable the class (or interface) to restrict property setting to
      * @param ignoreProperties array of property names to ignore
-     * @throws BeansException if the copying failed
      * @see org.springframework.beans.BeanWrapper
      */
     @SuppressWarnings("unchecked")
-    private static void copyProperties(final Object source, final Object target, final Class<?> editable,
-            final String... ignoreProperties) throws BeansException {
+    private static void copyProperties(
+            final Object source, final Object target, final Class<?> editable, final String... ignoreProperties) {
 
         Assert.notNull(source, "Source must not be null");
         Assert.notNull(target, "Target must not be null");

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/main/resources/security.properties
----------------------------------------------------------------------
diff --git a/core/misc/src/main/resources/security.properties b/core/misc/src/main/resources/security.properties
index c0fcd37..a0557b5 100644
--- a/core/misc/src/main/resources/security.properties
+++ b/core/misc/src/main/resources/security.properties
@@ -27,4 +27,5 @@ digester.saltIterations=1
 digester.saltSizeBytes=8
 digester.invertPositionOfPlainSaltInEncryptionResults=true
 digester.invertPositionOfSaltInMessageBeforeDigesting=true
-digester.useLenientSaltSizeCheck=true
\ No newline at end of file
+digester.useLenientSaltSizeCheck=true
+

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/misc/src/test/java/org/apache/syncope/core/misc/search/SearchCondConverterTest.java
----------------------------------------------------------------------
diff --git a/core/misc/src/test/java/org/apache/syncope/core/misc/search/SearchCondConverterTest.java b/core/misc/src/test/java/org/apache/syncope/core/misc/search/SearchCondConverterTest.java
index 27cd0b6..f358de2 100644
--- a/core/misc/src/test/java/org/apache/syncope/core/misc/search/SearchCondConverterTest.java
+++ b/core/misc/src/test/java/org/apache/syncope/core/misc/search/SearchCondConverterTest.java
@@ -20,7 +20,7 @@ package org.apache.syncope.core.misc.search;
 
 import static org.junit.Assert.assertEquals;
 
-import org.apache.syncope.common.lib.search.RoleFiqlSearchConditionBuilder;
+import org.apache.syncope.common.lib.search.GroupFiqlSearchConditionBuilder;
 import org.apache.syncope.common.lib.search.SpecialAttr;
 import org.apache.syncope.common.lib.search.UserFiqlSearchConditionBuilder;
 import org.apache.syncope.core.persistence.api.dao.search.AttributeCond;
@@ -84,12 +84,12 @@ public class SearchCondConverterTest {
     }
 
     @Test
-    public void roles() {
-        String fiqlExpression = new UserFiqlSearchConditionBuilder().hasRoles(1L).query();
-        assertEquals(SpecialAttr.ROLES + "==1", fiqlExpression);
+    public void groups() {
+        String fiqlExpression = new UserFiqlSearchConditionBuilder().inGroups(1L).query();
+        assertEquals(SpecialAttr.GROUPS + "==1", fiqlExpression);
 
         MembershipCond membCond = new MembershipCond();
-        membCond.setRoleId(1L);
+        membCond.setGroupId(1L);
         SearchCond simpleCond = SearchCond.getLeafCond(membCond);
 
         assertEquals(simpleCond, SearchCondConverter.convert(fiqlExpression));
@@ -109,7 +109,7 @@ public class SearchCondConverterTest {
 
     @Test
     public void entitlements() {
-        String fiqlExpression = new RoleFiqlSearchConditionBuilder().hasEntitlements("USER_LIST").query();
+        String fiqlExpression = new GroupFiqlSearchConditionBuilder().hasEntitlements("USER_LIST").query();
         assertEquals(SpecialAttr.ENTITLEMENTS + "==USER_LIST", fiqlExpression);
 
         EntitlementCond entCond = new EntitlementCond();

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/GroupEntitlementUtil.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/GroupEntitlementUtil.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/GroupEntitlementUtil.java
new file mode 100644
index 0000000..b0f104a
--- /dev/null
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/GroupEntitlementUtil.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.api;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+import org.apache.syncope.core.persistence.api.entity.Entitlement;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utility class for manipulating entitlements.
+ */
+public final class GroupEntitlementUtil {
+
+    private static final Pattern GROUP_ENTITLEMENT_NAME_PATTERN = Pattern.compile("^GROUP_([\\d])+");
+
+    private static final Logger LOG = LoggerFactory.getLogger(GroupEntitlementUtil.class);
+
+    public static String getEntitlementNameFromGroupKey(final Long groupKey) {
+        return "GROUP_" + groupKey;
+    }
+
+    public static boolean isGroupEntitlement(final String entitlementName) {
+        return GROUP_ENTITLEMENT_NAME_PATTERN.matcher(entitlementName).matches();
+    }
+
+    public static Long getGroupKey(final String entitlementName) {
+        Long result = null;
+
+        if (isGroupEntitlement(entitlementName)) {
+            try {
+                result = Long.valueOf(entitlementName.substring(entitlementName.indexOf('_') + 1));
+            } catch (Exception e) {
+                LOG.error("unable to parse {} to Long", entitlementName, e);
+            }
+        }
+
+        return result;
+    }
+
+    public static Set<Long> getGroupKeys(final Set<String> entitlements) {
+        Set<Long> result = new HashSet<>();
+
+        for (String entitlement : entitlements) {
+            if (isGroupEntitlement(entitlement)) {
+                Long groupId = getGroupKey(entitlement);
+                if (groupId != null) {
+                    result.add(groupId);
+                }
+            }
+        }
+
+        return result;
+    }
+
+    public static Set<Long> getGroupKeys(final List<Entitlement> entitlements) {
+        Set<String> names = new HashSet<>(entitlements.size());
+        for (Entitlement entitlement : entitlements) {
+            names.add(entitlement.getKey());
+        }
+        return GroupEntitlementUtil.getGroupKeys(names);
+    }
+
+    /**
+     * Private default constructor, for static-only classes.
+     */
+    private GroupEntitlementUtil() {
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/RoleEntitlementUtil.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/RoleEntitlementUtil.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/RoleEntitlementUtil.java
deleted file mode 100644
index f395828..0000000
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/RoleEntitlementUtil.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.persistence.api;
-
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.regex.Pattern;
-import org.apache.syncope.core.persistence.api.entity.Entitlement;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Utility class for manipulating entitlements.
- */
-public final class RoleEntitlementUtil {
-
-    private static final Pattern ROLE_ENTITLEMENT_NAME_PATTERN = Pattern.compile("^ROLE_([\\d])+");
-
-    private static final Logger LOG = LoggerFactory.getLogger(RoleEntitlementUtil.class);
-
-    public static String getEntitlementNameFromRoleKey(final Long roleKey) {
-        return "ROLE_" + roleKey;
-    }
-
-    public static boolean isRoleEntitlement(final String entitlementName) {
-        return ROLE_ENTITLEMENT_NAME_PATTERN.matcher(entitlementName).matches();
-    }
-
-    public static Long getRoleKey(final String entitlementName) {
-        Long result = null;
-
-        if (isRoleEntitlement(entitlementName)) {
-            try {
-                result = Long.valueOf(entitlementName.substring(entitlementName.indexOf('_') + 1));
-            } catch (Exception e) {
-                LOG.error("unable to parse {} to Long", entitlementName, e);
-            }
-        }
-
-        return result;
-    }
-
-    public static Set<Long> getRoleKeys(final Set<String> entitlements) {
-        Set<Long> result = new HashSet<>();
-
-        for (String entitlement : entitlements) {
-            if (isRoleEntitlement(entitlement)) {
-                Long roleId = getRoleKey(entitlement);
-                if (roleId != null) {
-                    result.add(roleId);
-                }
-            }
-        }
-
-        return result;
-    }
-
-    public static Set<Long> getRoleKeys(final List<Entitlement> entitlements) {
-        Set<String> names = new HashSet<>(entitlements.size());
-        for (Entitlement entitlement : entitlements) {
-            names.add(entitlement.getKey());
-        }
-        return getRoleKeys(names);
-    }
-
-    /**
-     * Private default constructor, for static-only classes.
-     */
-    private RoleEntitlementUtil() {
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidEntityException.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidEntityException.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidEntityException.java
index 213e947..818fb61 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidEntityException.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidEntityException.java
@@ -120,7 +120,7 @@ public class InvalidEntityException extends ValidationException {
         StringBuilder sb = new StringBuilder();
 
         for (Class<?> entity : violations.keySet()) {
-            sb.append(entity.getSimpleName()).append(" ").append(violations.get(entity).toString()).append(", ");
+            sb.append(entity.getSimpleName()).append(' ').append(violations.get(entity).toString()).append(", ");
         }
         sb.delete(sb.lastIndexOf(", "), sb.length());
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidPlainAttrValueException.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidPlainAttrValueException.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidPlainAttrValueException.java
index d529973..0f92150 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidPlainAttrValueException.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/InvalidPlainAttrValueException.java
@@ -37,7 +37,7 @@ public class InvalidPlainAttrValueException extends ValidationException {
         this("Could not validate " + value.getValue());
     }
 
-    public InvalidPlainAttrValueException(final PlainAttrValue value, Throwable cause) {
+    public InvalidPlainAttrValueException(final PlainAttrValue value, final Throwable cause) {
         this("Could not validate " + value.getValue(), cause);
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/Validator.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/Validator.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/Validator.java
index 2f55132..c9fad02 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/Validator.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/attrvalue/validation/Validator.java
@@ -22,6 +22,5 @@ import org.apache.syncope.core.persistence.api.entity.PlainAttrValue;
 
 public interface Validator {
 
-    void validate(String value, PlainAttrValue attrValue)
-            throws ParsingValidationException, InvalidPlainAttrValueException;
+    void validate(String value, PlainAttrValue attrValue);
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ConnInstanceDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ConnInstanceDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ConnInstanceDAO.java
index a263df7..b669338 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ConnInstanceDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ConnInstanceDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.ConnInstance;
 
 public interface ConnInstanceDAO extends DAO<ConnInstance, Long> {
@@ -28,7 +27,7 @@ public interface ConnInstanceDAO extends DAO<ConnInstance, Long> {
 
     List<ConnInstance> findAll();
 
-    ConnInstance save(ConnInstance connector) throws InvalidEntityException;
+    ConnInstance save(ConnInstance connector);
 
     void delete(Long key);
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerAttrDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerAttrDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerAttrDAO.java
index 49d6748..9aa3ac3 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerAttrDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerAttrDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.DerAttr;
 
 public interface DerAttrDAO extends DAO<DerAttr, Long> {
@@ -28,7 +27,7 @@ public interface DerAttrDAO extends DAO<DerAttr, Long> {
 
     <T extends DerAttr> List<T> findAll(Class<T> reference);
 
-    <T extends DerAttr> T save(T derAttr) throws InvalidEntityException;
+    <T extends DerAttr> T save(T derAttr);
 
     <T extends DerAttr> void delete(Long key, Class<T> reference);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerSchemaDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerSchemaDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerSchemaDAO.java
index 78a481f..3376e3f 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerSchemaDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/DerSchemaDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
 import org.apache.syncope.core.persistence.api.entity.DerAttr;
 import org.apache.syncope.core.persistence.api.entity.DerSchema;
@@ -32,7 +31,7 @@ public interface DerSchemaDAO extends DAO<DerSchema, String> {
 
     <T extends DerAttr> List<T> findAttrs(DerSchema schema, Class<T> reference);
 
-    <T extends DerSchema> T save(T derSchema) throws InvalidEntityException;
+    <T extends DerSchema> T save(T derSchema);
 
     void delete(String name, AttributableUtil attributableUtil);
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/EntitlementDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/EntitlementDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/EntitlementDAO.java
index e1ef492..560ff91 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/EntitlementDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/EntitlementDAO.java
@@ -19,9 +19,8 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.Entitlement;
-import org.apache.syncope.core.persistence.api.entity.role.Role;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
 
 public interface EntitlementDAO extends DAO<Entitlement, String> {
 
@@ -29,9 +28,9 @@ public interface EntitlementDAO extends DAO<Entitlement, String> {
 
     List<Entitlement> findAll();
 
-    Entitlement save(Entitlement entitlement) throws InvalidEntityException;
+    Entitlement save(Entitlement entitlement);
 
-    Entitlement saveRoleEntitlement(Role role);
+    Entitlement saveGroupEntitlement(Group group);
 
     void delete(String key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ExternalResourceDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ExternalResourceDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ExternalResourceDAO.java
index 18cb51b..01f4f63 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ExternalResourceDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ExternalResourceDAO.java
@@ -21,7 +21,6 @@ package org.apache.syncope.core.persistence.api.dao;
 import java.util.List;
 import org.apache.syncope.common.lib.types.IntMappingType;
 import org.apache.syncope.common.lib.types.PolicyType;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
 import org.apache.syncope.core.persistence.api.entity.MappingItem;
 import org.apache.syncope.core.persistence.api.entity.Policy;
@@ -38,7 +37,7 @@ public interface ExternalResourceDAO extends DAO<ExternalResource, String> {
 
     List<ExternalResource> findAllByPriority();
 
-    ExternalResource save(ExternalResource resource) throws InvalidEntityException;
+    ExternalResource save(ExternalResource resource);
 
     <T extends MappingItem> void deleteMapping(
             String schemaName, IntMappingType intMappingType, Class<T> reference);

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
new file mode 100644
index 0000000..56ea6c2
--- /dev/null
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.api.dao;
+
+import java.util.List;
+import java.util.Map;
+import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.common.lib.types.PropagationByResource;
+import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
+import org.apache.syncope.core.persistence.api.entity.Entitlement;
+import org.apache.syncope.core.persistence.api.entity.ExternalResource;
+import org.apache.syncope.core.persistence.api.entity.Policy;
+import org.apache.syncope.core.persistence.api.entity.membership.Membership;
+import org.apache.syncope.core.persistence.api.entity.group.GDerAttr;
+import org.apache.syncope.core.persistence.api.entity.group.GPlainAttr;
+import org.apache.syncope.core.persistence.api.entity.group.GPlainAttrValue;
+import org.apache.syncope.core.persistence.api.entity.group.GVirAttr;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
+
+public interface GroupDAO extends SubjectDAO<GPlainAttr, GDerAttr, GVirAttr> {
+
+    Group find(Long key);
+
+    List<Group> find(String name);
+
+    Group find(String name, Long parent);
+
+    List<Group> findOwnedByUser(Long userId);
+
+    List<Group> findOwnedByGroup(Long groupId);
+
+    List<Group> findByEntitlement(Entitlement entitlement);
+
+    List<Group> findByPolicy(Policy policy);
+
+    List<Group> findWithoutPolicy(PolicyType type);
+
+    List<Group> findAncestors(Group group);
+
+    List<Group> findChildren(Group group);
+
+    List<Group> findDescendants(Group group);
+
+    List<Group> findByDerAttrValue(String schemaName, String value);
+
+    List<Group> findByAttrValue(String schemaName, GPlainAttrValue attrValue);
+
+    Group findByAttrUniqueValue(String schemaName, GPlainAttrValue attrUniqueValue);
+
+    List<Group> findByResource(ExternalResource resource);
+
+    List<Group> findAll();
+
+    List<Group> findAll(int page, int itemsPerPage, List<OrderByClause> orderBy);
+
+    List<Membership> findMemberships(Group group);
+
+    int count();
+
+    Group save(Group group);
+
+    void delete(Group group);
+
+    void delete(Long key);
+
+    Group authFetch(Long key);
+
+    /**
+     * Finds users having resources assigned exclusively because of memberships of the given group.
+     *
+     * @param groupKey group key
+     * @return map containing pairs with user key and operations to be performed on those resources (DELETE, typically).
+     */
+    Map<Long, PropagationByResource> findUsersWithIndirectResources(Long groupKey);
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/LoggerDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/LoggerDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/LoggerDAO.java
index 3ba7f3f..0ce4b6a 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/LoggerDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/LoggerDAO.java
@@ -20,7 +20,6 @@ package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
 import org.apache.syncope.common.lib.types.LoggerType;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.Logger;
 
 public interface LoggerDAO extends DAO<Logger, String> {
@@ -29,7 +28,7 @@ public interface LoggerDAO extends DAO<Logger, String> {
 
     List<Logger> findAll(LoggerType type);
 
-    Logger save(Logger logger) throws InvalidEntityException;
+    Logger save(Logger logger);
 
     void delete(String key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MembershipDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MembershipDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MembershipDAO.java
index 62d50fe..964e0e8 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MembershipDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MembershipDAO.java
@@ -19,20 +19,19 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.membership.Membership;
-import org.apache.syncope.core.persistence.api.entity.role.Role;
+import org.apache.syncope.core.persistence.api.entity.group.Group;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 
 public interface MembershipDAO extends DAO<Membership, Long> {
 
     Membership find(Long key);
 
-    Membership find(User user, Role role);
+    Membership find(User user, Group group);
 
     List<Membership> findAll();
 
-    Membership save(Membership membership) throws InvalidEntityException;
+    Membership save(Membership membership);
 
     void delete(Long key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/NotificationDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/NotificationDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/NotificationDAO.java
index a70489c..866e588 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/NotificationDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/NotificationDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.Notification;
 
 public interface NotificationDAO extends DAO<Notification, Long> {
@@ -28,7 +27,7 @@ public interface NotificationDAO extends DAO<Notification, Long> {
 
     List<Notification> findAll();
 
-    Notification save(Notification notification) throws InvalidEntityException;
+    Notification save(Notification notification);
 
     void delete(Long key);
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainAttrValueDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainAttrValueDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainAttrValueDAO.java
index d20a253..b554442 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainAttrValueDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainAttrValueDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.PlainAttrValue;
 
 public interface PlainAttrValueDAO extends DAO<PlainAttrValue, Long> {
@@ -28,7 +27,7 @@ public interface PlainAttrValueDAO extends DAO<PlainAttrValue, Long> {
 
     <T extends PlainAttrValue> List<T> findAll(Class<T> reference);
 
-    <T extends PlainAttrValue> T save(T attributeValue) throws InvalidEntityException;
+    <T extends PlainAttrValue> T save(T attributeValue);
 
     <T extends PlainAttrValue> void delete(Long key, Class<T> reference);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainSchemaDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainSchemaDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainSchemaDAO.java
index 791ddaf..717a3c4 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainSchemaDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PlainSchemaDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.AttributableUtil;
 import org.apache.syncope.core.persistence.api.entity.PlainAttr;
 import org.apache.syncope.core.persistence.api.entity.PlainSchema;
@@ -32,7 +31,7 @@ public interface PlainSchemaDAO extends DAO<PlainSchema, String> {
 
     <T extends PlainAttr> List<T> findAttrs(PlainSchema schema, Class<T> reference);
 
-    <T extends PlainSchema> T save(T schema) throws InvalidEntityException;
+    <T extends PlainSchema> T save(T schema);
 
     void delete(String name, AttributableUtil attributableUtil);
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportDAO.java
index 3be0df7..f94b5a4 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportDAO.java
@@ -20,7 +20,6 @@ package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
 import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.Report;
 
 public interface ReportDAO extends DAO<Report, Long> {
@@ -33,7 +32,7 @@ public interface ReportDAO extends DAO<Report, Long> {
 
     int count();
 
-    Report save(Report report) throws InvalidEntityException;
+    Report save(Report report);
 
     void delete(Long key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportExecDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportExecDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportExecDAO.java
index 726628f..1adcd87 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportExecDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/ReportExecDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.Report;
 import org.apache.syncope.core.persistence.api.entity.ReportExec;
 
@@ -33,7 +32,7 @@ public interface ReportExecDAO extends DAO<ReportExec, Long> {
 
     List<ReportExec> findAll();
 
-    ReportExec save(ReportExec execution) throws InvalidEntityException;
+    ReportExec save(ReportExec execution);
 
     void delete(Long key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/RoleDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/RoleDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/RoleDAO.java
deleted file mode 100644
index bad9b47..0000000
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/RoleDAO.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.persistence.api.dao;
-
-import java.util.List;
-import java.util.Map;
-import org.apache.syncope.common.lib.types.PolicyType;
-import org.apache.syncope.common.lib.types.PropagationByResource;
-import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
-import org.apache.syncope.core.persistence.api.entity.Entitlement;
-import org.apache.syncope.core.persistence.api.entity.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.Policy;
-import org.apache.syncope.core.persistence.api.entity.membership.Membership;
-import org.apache.syncope.core.persistence.api.entity.role.RDerAttr;
-import org.apache.syncope.core.persistence.api.entity.role.RPlainAttr;
-import org.apache.syncope.core.persistence.api.entity.role.RPlainAttrValue;
-import org.apache.syncope.core.persistence.api.entity.role.RVirAttr;
-import org.apache.syncope.core.persistence.api.entity.role.Role;
-
-public interface RoleDAO extends SubjectDAO<RPlainAttr, RDerAttr, RVirAttr> {
-
-    Role find(Long key);
-
-    List<Role> find(String name);
-
-    Role find(String name, Long parent);
-
-    List<Role> findOwnedByUser(Long userId);
-
-    List<Role> findOwnedByRole(Long roleId);
-
-    List<Role> findByEntitlement(Entitlement entitlement);
-
-    List<Role> findByPolicy(Policy policy);
-
-    List<Role> findWithoutPolicy(PolicyType type);
-
-    List<Role> findAncestors(Role role);
-
-    List<Role> findChildren(Role role);
-
-    List<Role> findDescendants(Role role);
-
-    List<Role> findByDerAttrValue(String schemaName, String value);
-
-    List<Role> findByAttrValue(String schemaName, RPlainAttrValue attrValue);
-
-    Role findByAttrUniqueValue(String schemaName, RPlainAttrValue attrUniqueValue);
-
-    List<Role> findByResource(ExternalResource resource);
-
-    List<Role> findAll();
-
-    List<Role> findAll(int page, int itemsPerPage, List<OrderByClause> orderBy);
-
-    List<Membership> findMemberships(Role role);
-
-    int count();
-
-    Role save(Role role) throws InvalidEntityException;
-
-    void delete(Role role);
-
-    void delete(Long key);
-
-    Role authFetch(Long key);
-
-    /**
-     * Finds users having resources assigned exclusively because of memberships of the given role.
-     *
-     * @param roleKey role key
-     * @return map containing pairs with user key and operations to be performed on those resources (DELETE, typically).
-     */
-    Map<Long, PropagationByResource> findUsersWithIndirectResources(Long roleKey);
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SecurityQuestionDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SecurityQuestionDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SecurityQuestionDAO.java
index ba66a4b..e001f41 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SecurityQuestionDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SecurityQuestionDAO.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion;
 
 public interface SecurityQuestionDAO extends DAO<SecurityQuestion, Long> {
@@ -28,7 +27,7 @@ public interface SecurityQuestionDAO extends DAO<SecurityQuestion, Long> {
 
     List<SecurityQuestion> findAll();
 
-    SecurityQuestion save(SecurityQuestion securityQuestion) throws InvalidEntityException;
+    SecurityQuestion save(SecurityQuestion securityQuestion);
 
     void delete(Long key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SubjectSearchDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SubjectSearchDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SubjectSearchDAO.java
index 08e1851..c90cdf8 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SubjectSearchDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/SubjectSearchDAO.java
@@ -23,64 +23,61 @@ import java.util.Set;
 import org.apache.syncope.common.lib.types.SubjectType;
 import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
 import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
-import org.apache.syncope.core.persistence.api.entity.DerAttr;
-import org.apache.syncope.core.persistence.api.entity.PlainAttr;
 import org.apache.syncope.core.persistence.api.entity.Subject;
-import org.apache.syncope.core.persistence.api.entity.VirAttr;
 
 public interface SubjectSearchDAO extends DAO<Subject<?, ?, ?>, Long> {
 
     /**
-     * @param adminRoles the set of admin roles owned by the caller
+     * @param adminGroups the set of admin groups owned by the caller
      * @param searchCondition the search condition
-     * @param type user or role
+     * @param type user or group
      * @return size of search result
      */
-    int count(Set<Long> adminRoles, SearchCond searchCondition, SubjectType type);
+    int count(Set<Long> adminGroups, SearchCond searchCondition, SubjectType type);
 
     /**
-     * @param adminRoles the set of admin roles owned by the caller
+     * @param adminGroups the set of admin groups owned by the caller
      * @param searchCondition the search condition
-     * @param type user or role
-     * @param <T> user/role
-     * @return the list of users/roles matching the given search condition
+     * @param type user or group
+     * @param <T> user/group
+     * @return the list of users/groups matching the given search condition
      */
     <T extends Subject<?, ?, ?>> List<T> search(
-            Set<Long> adminRoles, SearchCond searchCondition, SubjectType type);
+            Set<Long> adminGroups, SearchCond searchCondition, SubjectType type);
 
     /**
-     * @param adminRoles the set of admin roles owned by the caller
+     * @param adminGroups the set of admin groups owned by the caller
      * @param searchCondition the search condition
      * @param orderBy list of ordering clauses
-     * @param type user or role
-     * @param <T> user/role
-     * @return the list of users/roles matching the given search condition
+     * @param type user or group
+     * @param <T> user/group
+     * @return the list of users/groups matching the given search condition
      */
     <T extends Subject<?, ?, ?>> List<T> search(
-            Set<Long> adminRoles, SearchCond searchCondition, List<OrderByClause> orderBy, SubjectType type);
+            Set<Long> adminGroups, SearchCond searchCondition, List<OrderByClause> orderBy, SubjectType type);
 
     /**
-     * @param adminRoles the set of admin roles owned by the caller
+     * @param adminGroups the set of admin groups owned by the caller
      * @param searchCondition the search condition
      * @param page position of the first result, start from 1
      * @param itemsPerPage number of results per page
      * @param orderBy list of ordering clauses
-     * @param type user or role
-     * @param <T> user/role
-     * @return the list of users/roles matching the given search condition (in the given page)
+     * @param type user or group
+     * @param <T> user/group
+     * @return the list of users/groups matching the given search condition (in the given page)
      */
     <T extends Subject<?, ?, ?>> List<T> search(
-            Set<Long> adminRoles, SearchCond searchCondition, int page, int itemsPerPage,
+            Set<Long> adminGroups, SearchCond searchCondition, int page, int itemsPerPage,
             List<OrderByClause> orderBy, SubjectType type);
 
     /**
-     * Verify if user/role matches the given search condition.
+     * Verify if user/group matches the given search condition.
      *
      * @param subject to be checked
      * @param searchCondition to be verified
-     * @param type user or role
-     * @param <T> user/role
-     * @return true if user/role matches searchCondition
+     * @param type user or group
+     * @param <T> user/group
+     * @return true if user/group matches searchCondition
      */
     <T extends Subject<?, ?, ?>> boolean matches(T subject, SearchCond searchCondition, SubjectType type);
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskDAO.java
index 28c90a6..0b82276 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskDAO.java
@@ -21,7 +21,6 @@ package org.apache.syncope.core.persistence.api.dao;
 import java.util.List;
 import org.apache.syncope.common.lib.types.TaskType;
 import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.ExternalResource;
 import org.apache.syncope.core.persistence.api.entity.task.Task;
 
@@ -42,7 +41,7 @@ public interface TaskDAO extends DAO<Task, Long> {
 
     int count(TaskType type);
 
-    <T extends Task> T save(T task) throws InvalidEntityException;
+    <T extends Task> T save(T task);
 
     void delete(Long key);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/4095f1e8/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskExecDAO.java
----------------------------------------------------------------------
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskExecDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskExecDAO.java
index e0f58ff..103016d 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskExecDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/TaskExecDAO.java
@@ -20,7 +20,6 @@ package org.apache.syncope.core.persistence.api.dao;
 
 import java.util.List;
 import org.apache.syncope.common.lib.types.TaskType;
-import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
 import org.apache.syncope.core.persistence.api.entity.task.Task;
 import org.apache.syncope.core.persistence.api.entity.task.TaskExec;
 
@@ -34,9 +33,9 @@ public interface TaskExecDAO extends DAO<TaskExec, Long> {
 
     List<TaskExec> findAll(TaskType type);
 
-    TaskExec save(TaskExec execution) throws InvalidEntityException;
+    TaskExec save(TaskExec execution);
 
-    void saveAndAdd(Long taskId, TaskExec execution) throws InvalidEntityException;
+    void saveAndAdd(Long taskId, TaskExec execution);
 
     void delete(Long key);
 


Mime
View raw message