syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [22/40] syncope git commit: [SYNCOPE-119] New security model implemented
Date Tue, 21 Apr 2015 07:49:37 GMT
http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeleteProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeleteProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeleteProcessor.java
index 7b1ece2..0aca43b 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeleteProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeleteProcessor.java
@@ -59,23 +59,12 @@ public class GroupDeleteProcessor implements Processor {
 
     @Override
     public void process(final Exchange exchange) throws Exception {
-        final List<Group> toBeDeprovisioned = new ArrayList<>();
-
         Long subjectKey = exchange.getIn().getBody(Long.class);
-        final Group syncopeGroup = groupDAO.find(subjectKey);
-
-        if (syncopeGroup != null) {
-            toBeDeprovisioned.add(syncopeGroup);
-
-            final List<Group> descendants = groupDAO.findDescendants(toBeDeprovisioned.get(0));
-            if (descendants != null) {
-                toBeDeprovisioned.addAll(descendants);
-            }
-        }
+        Group group = groupDAO.find(subjectKey);
 
         final List<PropagationTask> tasks = new ArrayList<>();
 
-        for (Group group : toBeDeprovisioned) {
+        if (group != null) {
             // Generate propagation tasks for deleting users from group resources, if they are on those resources only
             // because of the reason being deleted (see SYNCOPE-357)
             for (Map.Entry<Long, PropagationByResource> entry
@@ -83,11 +72,11 @@ public class GroupDeleteProcessor implements Processor {
 
                 WorkflowResult<Long> wfResult =
                         new WorkflowResult<>(entry.getKey(), entry.getValue(), Collections.<String>emptySet());
-                tasks.addAll(propagationManager.getUserDeleteTaskIds(wfResult));
+                tasks.addAll(propagationManager.getUserDeleteTasks(wfResult));
             }
 
             // Generate propagation tasks for deleting this group from resources
-            tasks.addAll(propagationManager.getGroupDeleteTaskIds(group.getKey()));
+            tasks.addAll(propagationManager.getGroupDeleteTasks(group.getKey()));
         }
 
         PropagationReporter propagationReporter =

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeprovisionProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeprovisionProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeprovisionProcessor.java
index 7953703..f27a113 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeprovisionProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupDeprovisionProcessor.java
@@ -18,11 +18,12 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.persistence.api.dao.GroupDAO;
 import org.apache.syncope.core.persistence.api.entity.group.Group;
@@ -58,11 +59,10 @@ public class GroupDeprovisionProcessor implements Processor {
 
         Group group = groupDAO.authFetch(groupKey);
 
-        Set<String> noPropResourceName = group.getResourceNames();
-        noPropResourceName.removeAll(resources);
+        Collection<String> noPropResourceNames = CollectionUtils.removeAll(group.getResourceNames(), resources);
 
         List<PropagationTask> tasks =
-                propagationManager.getGroupDeleteTaskIds(groupKey, new HashSet<>(resources), noPropResourceName);
+                propagationManager.getGroupDeleteTasks(groupKey, new HashSet<>(resources), noPropResourceNames);
         PropagationReporter propagationReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
         try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupUpdateProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupUpdateProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupUpdateProcessor.java
index a4c073a..fc18e83 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupUpdateProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/GroupUpdateProcessor.java
@@ -18,11 +18,11 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
-import java.util.AbstractMap;
 import java.util.List;
 import java.util.Set;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.apache.syncope.common.lib.mod.GroupMod;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
@@ -52,10 +52,10 @@ public class GroupUpdateProcessor implements Processor {
     public void process(final Exchange exchange) {
         WorkflowResult<Long> updated = (WorkflowResult) exchange.getIn().getBody();
         GroupMod subjectMod = exchange.getProperty("subjectMod", GroupMod.class);
-        Set<String> excludedResource = exchange.getProperty("excludedResources", Set.class);
+        Set<String> excludedResources = exchange.getProperty("excludedResources", Set.class);
 
-        List<PropagationTask> tasks = propagationManager.getGroupUpdateTaskIds(updated,
-                subjectMod.getVirAttrsToRemove(), subjectMod.getVirAttrsToUpdate(), excludedResource);
+        List<PropagationTask> tasks = propagationManager.getGroupUpdateTasks(updated,
+                subjectMod.getVirAttrsToRemove(), subjectMod.getVirAttrsToUpdate(), excludedResources);
         PropagationReporter propagationReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
         try {
@@ -65,7 +65,7 @@ public class GroupUpdateProcessor implements Processor {
             propagationReporter.onPrimaryResourceFailure(tasks);
         }
 
-        exchange.getOut().setBody(new AbstractMap.SimpleEntry<>(updated.getResult(), propagationReporter.getStatuses()));
+        exchange.getOut().setBody(new ImmutablePair<>(updated.getResult(), propagationReporter.getStatuses()));
     }
 
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserConfirmPwdResetProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserConfirmPwdResetProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserConfirmPwdResetProcessor.java
index 6b63a85..903f882 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserConfirmPwdResetProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserConfirmPwdResetProcessor.java
@@ -48,7 +48,7 @@ public class UserConfirmPwdResetProcessor implements Processor {
     public void process(final Exchange exchange) {
         User user = exchange.getProperty("user", User.class);
 
-        List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(user, null, null);
+        List<PropagationTask> tasks = propagationManager.getUserUpdateTasks(user, null, null);
         PropagationReporter propReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
         try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserCreateProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserCreateProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserCreateProcessor.java
index 34d9a9e..9f6804e 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserCreateProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserCreateProcessor.java
@@ -18,12 +18,12 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
-import java.util.AbstractMap;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
@@ -53,12 +53,18 @@ public class UserCreateProcessor implements Processor {
     public void process(final Exchange exchange) {
         if ((exchange.getIn().getBody() instanceof WorkflowResult)) {
 
-            WorkflowResult<Map.Entry<Long, Boolean>> created = (WorkflowResult) exchange.getIn().getBody();
+            WorkflowResult<Pair<Long, Boolean>> created = (WorkflowResult) exchange.getIn().getBody();
             UserTO actual = exchange.getProperty("actual", UserTO.class);
-            Set<String> excludedResource = exchange.getProperty("excludedResources", Set.class);
+            Set<String> excludedResources = exchange.getProperty("excludedResources", Set.class);
 
-            List<PropagationTask> tasks = propagationManager.getUserCreateTaskIds(
-                    created, actual.getPassword(), actual.getVirAttrs(), excludedResource, actual.getMemberships());
+            List<PropagationTask> tasks = propagationManager.getUserCreateTasks(
+                    created.getResult().getKey(),
+                    created.getResult().getValue(),
+                    created.getPropByRes(),
+                    actual.getPassword(),
+                    actual.getVirAttrs(),
+                    actual.getMemberships(),
+                    excludedResources);
             PropagationReporter propagationReporter =
                     ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
             try {
@@ -69,7 +75,7 @@ public class UserCreateProcessor implements Processor {
             }
 
             exchange.getOut().setBody(
-                    new AbstractMap.SimpleEntry<>(created.getResult().getKey(), propagationReporter.getStatuses()));
+                    new ImmutablePair<>(created.getResult().getKey(), propagationReporter.getStatuses()));
         }
     }
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeleteProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeleteProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeleteProcessor.java
index 45474a2..8d94d76 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeleteProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeleteProcessor.java
@@ -55,7 +55,7 @@ public class UserDeleteProcessor implements Processor {
         // information could only be available after uwfAdapter.delete(), which
         // will also effectively remove user from db, thus making virtually
         // impossible by NotificationManager to fetch required user information
-        List<PropagationTask> tasks = propagationManager.getUserDeleteTaskIds(userKey, excludedResource);
+        List<PropagationTask> tasks = propagationManager.getUserDeleteTasks(userKey, excludedResource);
 
         PropagationReporter propagationReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java
index 66cc795..e59bec6 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserDeprovisionProcessor.java
@@ -18,11 +18,12 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
@@ -56,14 +57,13 @@ public class UserDeprovisionProcessor implements Processor {
         @SuppressWarnings("unchecked")
         List<String> resources = exchange.getProperty("resources", List.class);
 
-        final User user = userDAO.authFetch(userKey);
+        User user = userDAO.authFetch(userKey);
 
-        final Set<String> noPropResourceName = user.getResourceNames();
-        noPropResourceName.removeAll(resources);
+        Collection<String> noPropResourceNames = CollectionUtils.removeAll(user.getResourceNames(), resources);
 
-        final List<PropagationTask> tasks =
-                propagationManager.getUserDeleteTaskIds(userKey, new HashSet<>(resources), noPropResourceName);
-        final PropagationReporter propagationReporter =
+        List<PropagationTask> tasks =
+                propagationManager.getUserDeleteTasks(userKey, new HashSet<>(resources), noPropResourceNames);
+        PropagationReporter propagationReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
         try {
             taskExecutor.execute(tasks, propagationReporter);

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserInnerSuspendProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserInnerSuspendProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserInnerSuspendProcessor.java
index c4d648f..be3e6ac 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserInnerSuspendProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserInnerSuspendProcessor.java
@@ -18,11 +18,11 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
-import java.util.AbstractMap.SimpleEntry;
 import java.util.List;
-import java.util.Map;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.mod.UserMod;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
 import org.apache.syncope.core.provisioning.api.WorkflowResult;
@@ -40,9 +40,9 @@ public class UserInnerSuspendProcessor implements Processor {
     @Autowired
     protected PropagationTaskExecutor taskExecutor;
 
-    @SuppressWarnings("unchecked")
     @Override
     public void process(final Exchange exchange) {
+        @SuppressWarnings("unchecked")
         WorkflowResult<Long> updated = (WorkflowResult) exchange.getIn().getBody();
         Boolean propagate = exchange.getProperty("propagate", Boolean.class);
 
@@ -50,9 +50,9 @@ public class UserInnerSuspendProcessor implements Processor {
             UserMod userMod = new UserMod();
             userMod.setKey(updated.getResult());
 
-            final List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(
-                    new WorkflowResult<Map.Entry<UserMod, Boolean>>(
-                            new SimpleEntry<>(userMod, Boolean.FALSE),
+            List<PropagationTask> tasks = propagationManager.getUserUpdateTasks(
+                    new WorkflowResult<Pair<UserMod, Boolean>>(
+                            new ImmutablePair<>(userMod, Boolean.FALSE),
                             updated.getPropByRes(), updated.getPerformedTasks()));
             taskExecutor.execute(tasks);
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserSetStatusInSyncProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserSetStatusInSyncProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserSetStatusInSyncProcessor.java
index ba6edfb..cf9d709 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserSetStatusInSyncProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserSetStatusInSyncProcessor.java
@@ -26,16 +26,12 @@ import org.apache.syncope.core.persistence.api.dao.UserDAO;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.provisioning.api.WorkflowResult;
 import org.apache.syncope.core.workflow.api.UserWorkflowAdapter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 @Component
 public class UserSetStatusInSyncProcessor implements Processor {
 
-    private static final Logger LOG = LoggerFactory.getLogger(UserSetStatusInSyncProcessor.class);
-
     @Autowired
     protected UserDAO userDAO;
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java
index 5c0366c..0df97b8 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserStatusPropagationProcessor.java
@@ -18,12 +18,12 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
-import java.util.AbstractMap;
-import java.util.HashSet;
+import java.util.Collection;
 import java.util.List;
-import java.util.Set;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.apache.syncope.common.lib.mod.StatusMod;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
@@ -57,10 +57,10 @@ public class UserStatusPropagationProcessor implements Processor {
         User user = exchange.getProperty("user", User.class);
         StatusMod statusMod = exchange.getProperty("statusMod", StatusMod.class);
 
-        Set<String> resourcesToBeExcluded = new HashSet<>(user.getResourceNames());
-        resourcesToBeExcluded.removeAll(statusMod.getResourceNames());
+        Collection<String> resourcesToBeExcluded =
+                CollectionUtils.removeAll(user.getResourceNames(), statusMod.getResourceNames());
 
-        List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(
+        List<PropagationTask> tasks = propagationManager.getUserUpdateTasks(
                 user, statusMod.getType() != StatusMod.ModType.SUSPEND, resourcesToBeExcluded);
         PropagationReporter propReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
@@ -71,6 +71,6 @@ public class UserStatusPropagationProcessor implements Processor {
             propReporter.onPrimaryResourceFailure(tasks);
         }
 
-        exchange.getOut().setBody(new AbstractMap.SimpleEntry<>(updated.getResult(), propReporter.getStatuses()));
+        exchange.getOut().setBody(new ImmutablePair<>(updated.getResult(), propReporter.getStatuses()));
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateInSyncProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateInSyncProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateInSyncProcessor.java
index b7bfcf0..829999f 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateInSyncProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateInSyncProcessor.java
@@ -18,12 +18,12 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
-import java.util.AbstractMap;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.mod.UserMod;
 import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationTask;
@@ -51,14 +51,14 @@ public class UserUpdateInSyncProcessor implements Processor {
     @SuppressWarnings("unchecked")
     @Override
     public void process(final Exchange exchange) {
-        WorkflowResult<Map.Entry<UserMod, Boolean>> updated = (WorkflowResult) exchange.getIn().getBody();
-        Set<String> excludedResource = exchange.getProperty("excludedResources", Set.class);
+        WorkflowResult<Pair<UserMod, Boolean>> updated = (WorkflowResult) exchange.getIn().getBody();
+        Set<String> excludedResources = exchange.getProperty("excludedResources", Set.class);
 
         PropagationReporter propagationReporter =
                 ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
 
-        List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(updated, updated.getResult().getKey().
-                getPassword() != null, excludedResource);
+        List<PropagationTask> tasks = propagationManager.getUserUpdateTasks(updated, updated.getResult().getKey().
+                getPassword() != null, excludedResources);
 
         try {
             taskExecutor.execute(tasks, propagationReporter);
@@ -67,7 +67,7 @@ public class UserUpdateInSyncProcessor implements Processor {
             propagationReporter.onPrimaryResourceFailure(tasks);
         }
 
-        exchange.getOut().setBody(new AbstractMap.SimpleEntry<>(
+        exchange.getOut().setBody(new ImmutablePair<>(
                 updated.getResult().getKey().getKey(), propagationReporter.getStatuses()));
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateProcessor.java
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateProcessor.java b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateProcessor.java
index 1ff28c8..84f8a2d 100644
--- a/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateProcessor.java
+++ b/ext/camel/provisioning-camel/src/main/java/org/apache/syncope/core/provisioning/camel/processor/UserUpdateProcessor.java
@@ -18,12 +18,12 @@
  */
 package org.apache.syncope.core.provisioning.camel.processor;
 
-import java.util.AbstractMap;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.mod.MembershipMod;
 import org.apache.syncope.common.lib.mod.UserMod;
 import org.apache.syncope.common.lib.types.PropagationByResource;
@@ -57,11 +57,11 @@ public class UserUpdateProcessor implements Processor {
     @Override
     @SuppressWarnings("unchecked")
     public void process(final Exchange exchange) {
-        WorkflowResult<Map.Entry<UserMod, Boolean>> updated = (WorkflowResult) exchange.getIn().getBody();
+        WorkflowResult<Pair<UserMod, Boolean>> updated = (WorkflowResult) exchange.getIn().getBody();
         UserMod actual = exchange.getProperty("actual", UserMod.class);
         boolean removeMemberships = exchange.getProperty("removeMemberships", boolean.class);
 
-        List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(updated);
+        List<PropagationTask> tasks = propagationManager.getUserUpdateTasks(updated);
         if (tasks.isEmpty()) {
             // SYNCOPE-459: take care of user virtual attributes ...
             final PropagationByResource propByResVirAttr = virtAttrHandler.fillVirtual(
@@ -84,7 +84,7 @@ public class UserUpdateProcessor implements Processor {
                 }
             }
             tasks.addAll(!propByResVirAttr.isEmpty() || addOrUpdateMemberships || removeMemberships
-                    ? propagationManager.getUserUpdateTaskIds(updated, false, null)
+                    ? propagationManager.getUserUpdateTasks(updated, false, null)
                     : Collections.<PropagationTask>emptyList());
         }
 
@@ -99,7 +99,7 @@ public class UserUpdateProcessor implements Processor {
             }
         }
 
-        exchange.getOut().setBody(new AbstractMap.SimpleEntry<>(
+        exchange.getOut().setBody(new ImmutablePair<>(
                 updated.getResult().getKey().getKey(), propagationReporter.getStatuses()));
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/ext/camel/provisioning-camel/src/main/resources/provisioning.properties
----------------------------------------------------------------------
diff --git a/ext/camel/provisioning-camel/src/main/resources/provisioning.properties b/ext/camel/provisioning-camel/src/main/resources/provisioning.properties
index 40dd3ea..32fa5af 100644
--- a/ext/camel/provisioning-camel/src/main/resources/provisioning.properties
+++ b/ext/camel/provisioning-camel/src/main/resources/provisioning.properties
@@ -17,3 +17,4 @@
 camel.directory=${conf.directory}
 userProvisioningManager=org.apache.syncope.core.provisioning.camel.CamelUserProvisioningManager
 groupProvisioningManager=org.apache.syncope.core.provisioning.camel.CamelGroupProvisioningManager
+virAttrCache=org.apache.syncope.core.provisioning.java.cache.MemoryVirAttrCache

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/main/java/org/apache/syncope/fit/core/reference/TestSyncActions.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/main/java/org/apache/syncope/fit/core/reference/TestSyncActions.java b/fit/core-reference/src/main/java/org/apache/syncope/fit/core/reference/TestSyncActions.java
index 2103059..9cdfa5d 100644
--- a/fit/core-reference/src/main/java/org/apache/syncope/fit/core/reference/TestSyncActions.java
+++ b/fit/core-reference/src/main/java/org/apache/syncope/fit/core/reference/TestSyncActions.java
@@ -18,6 +18,7 @@
  */
 package org.apache.syncope.fit.core.reference;
 
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.syncope.common.lib.mod.AbstractSubjectMod;
 import org.apache.syncope.common.lib.mod.AttrMod;
 import org.apache.syncope.common.lib.to.AbstractSubjectTO;
@@ -42,8 +43,9 @@ public class TestSyncActions extends DefaultSyncActions {
 
         AttrTO attrTO = null;
         for (int i = 0; i < subject.getPlainAttrs().size(); i++) {
-            if ("fullname".equals(subject.getPlainAttrs().get(i).getSchema())) {
-                attrTO = subject.getPlainAttrs().get(i);
+            AttrTO _attrTO = CollectionUtils.get(subject.getPlainAttrs(), i);
+            if ("fullname".equals(_attrTO.getSchema())) {
+                attrTO = _attrTO;
             }
         }
         if (attrTO == null) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/main/resources/all/provisioning.properties
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/main/resources/all/provisioning.properties b/fit/core-reference/src/main/resources/all/provisioning.properties
index 40dd3ea..32fa5af 100644
--- a/fit/core-reference/src/main/resources/all/provisioning.properties
+++ b/fit/core-reference/src/main/resources/all/provisioning.properties
@@ -17,3 +17,4 @@
 camel.directory=${conf.directory}
 userProvisioningManager=org.apache.syncope.core.provisioning.camel.CamelUserProvisioningManager
 groupProvisioningManager=org.apache.syncope.core.provisioning.camel.CamelGroupProvisioningManager
+virAttrCache=org.apache.syncope.core.provisioning.java.cache.MemoryVirAttrCache

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/main/resources/log4j2.xml
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/main/resources/log4j2.xml b/fit/core-reference/src/main/resources/log4j2.xml
index 1bff199..46d15f5 100644
--- a/fit/core-reference/src/main/resources/log4j2.xml
+++ b/fit/core-reference/src/main/resources/log4j2.xml
@@ -116,6 +116,9 @@ under the License.
     <asyncLogger name="org.apache.syncope.core.provisioning" additivity="false" level="INFO">
       <appender-ref ref="main"/>
     </asyncLogger>
+    <asyncLogger name="org.apache.syncope.core.logic" additivity="false" level="INFO">
+      <appender-ref ref="main"/>
+    </asyncLogger>
     <asyncLogger name="org.springframework" additivity="false" level="INFO">
       <appender-ref ref="main"/>
     </asyncLogger>

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/main/resources/provisioning.properties
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/main/resources/provisioning.properties b/fit/core-reference/src/main/resources/provisioning.properties
index 4b87d44..9c0abff 100644
--- a/fit/core-reference/src/main/resources/provisioning.properties
+++ b/fit/core-reference/src/main/resources/provisioning.properties
@@ -16,3 +16,4 @@
 # under the License.
 userProvisioningManager=org.apache.syncope.core.provisioning.java.DefaultUserProvisioningManager
 groupProvisioningManager=org.apache.syncope.core.provisioning.java.DefaultGroupProvisioningManager
+virAttrCache=org.apache.syncope.core.provisioning.java.cache.MemoryVirAttrCache

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractITCase.java
index cd8ce6f..07882b4 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AbstractITCase.java
@@ -43,6 +43,7 @@ import org.apache.syncope.common.lib.to.AbstractSchemaTO;
 import org.apache.syncope.common.lib.to.AttrTO;
 import org.apache.syncope.common.lib.to.ResourceTO;
 import org.apache.syncope.common.lib.to.GroupTO;
+import org.apache.syncope.common.lib.to.RoleTO;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.lib.types.AttributableType;
 import org.apache.syncope.common.lib.types.ConnConfProperty;
@@ -51,7 +52,6 @@ import org.apache.syncope.common.rest.api.RESTHeaders;
 import org.apache.syncope.common.rest.api.service.CamelRouteService;
 import org.apache.syncope.common.rest.api.service.ConfigurationService;
 import org.apache.syncope.common.rest.api.service.ConnectorService;
-import org.apache.syncope.common.rest.api.service.EntitlementService;
 import org.apache.syncope.common.rest.api.service.LoggerService;
 import org.apache.syncope.common.rest.api.service.NotificationService;
 import org.apache.syncope.common.rest.api.service.PolicyService;
@@ -162,8 +162,6 @@ public abstract class AbstractITCase {
 
     protected static ResourceService resourceService;
 
-    protected static EntitlementService entitlementService;
-
     protected static ConfigurationService configurationService;
 
     protected static ConnectorService connectorService;
@@ -227,7 +225,6 @@ public abstract class AbstractITCase {
         userWorkflowService = adminClient.getService(UserWorkflowService.class);
         groupService = adminClient.getService(GroupService.class);
         resourceService = adminClient.getService(ResourceService.class);
-        entitlementService = adminClient.getService(EntitlementService.class);
         configurationService = adminClient.getService(ConfigurationService.class);
         connectorService = adminClient.getService(ConnectorService.class);
         loggerService = adminClient.getService(LoggerService.class);
@@ -309,8 +306,19 @@ public abstract class AbstractITCase {
         return (T) getObject(response.getLocation(), SchemaService.class, schemaTO.getClass());
     }
 
-    protected GroupTO createGroup(final GroupTO newGroupTO) {
-        Response response = groupService.create(newGroupTO);
+    protected RoleTO createRole(final RoleTO roleTO) {
+        Response response = roleService.create(roleTO);
+        if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
+            Exception ex = clientFactory.getExceptionMapper().fromResponse(response);
+            if (ex != null) {
+                throw (RuntimeException) ex;
+            }
+        }
+        return getObject(response.getLocation(), RoleService.class, RoleTO.class);
+    }
+
+    protected GroupTO createGroup(final GroupTO groupTO) {
+        Response response = groupService.create(groupTO);
         if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
             Exception ex = clientFactory.getExceptionMapper().fromResponse(response);
             if (ex != null) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
index ef99feb..79503a3 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
@@ -25,22 +25,22 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.security.AccessControlException;
-import java.util.HashSet;
-import java.util.List;
+import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 
-import javax.ws.rs.core.Response;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.Predicate;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.client.lib.SyncopeClient;
 import org.apache.syncope.common.lib.SyncopeClientException;
 import org.apache.syncope.common.lib.mod.StatusMod;
 import org.apache.syncope.common.lib.mod.UserMod;
-import org.apache.syncope.common.lib.to.AttrTO;
 import org.apache.syncope.common.lib.to.BulkActionResult;
 import org.apache.syncope.common.lib.to.MembershipTO;
 import org.apache.syncope.common.lib.to.PagedResult;
 import org.apache.syncope.common.lib.to.PlainSchemaTO;
-import org.apache.syncope.common.lib.to.GroupTO;
+import org.apache.syncope.common.lib.to.RoleTO;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.lib.to.WorkflowFormPropertyTO;
 import org.apache.syncope.common.lib.to.WorkflowFormTO;
@@ -48,14 +48,12 @@ import org.apache.syncope.common.lib.types.AttrSchemaType;
 import org.apache.syncope.common.lib.types.AttributableType;
 import org.apache.syncope.common.lib.types.CipherAlgorithm;
 import org.apache.syncope.common.lib.types.ClientExceptionType;
+import org.apache.syncope.common.lib.types.Entitlement;
 import org.apache.syncope.common.lib.types.ResourceDeassociationActionType;
 import org.apache.syncope.common.lib.types.SchemaType;
-import org.apache.syncope.common.lib.wrap.EntitlementTO;
 import org.apache.syncope.common.lib.wrap.ResourceName;
 import org.apache.syncope.common.rest.api.CollectionWrapper;
-import org.apache.syncope.common.rest.api.service.EntitlementService;
 import org.apache.syncope.common.rest.api.service.SchemaService;
-import org.apache.syncope.common.rest.api.service.UserSelfService;
 import org.apache.syncope.common.rest.api.service.UserService;
 import org.apache.syncope.core.misc.security.Encryptor;
 import org.junit.Assume;
@@ -67,16 +65,16 @@ import org.springframework.jdbc.core.JdbcTemplate;
 @FixMethodOrder(MethodSorters.JVM)
 public class AuthenticationITCase extends AbstractITCase {
 
-    private int getFailedLogins(UserService testUserService, long userId) {
-        UserTO readUserTO = testUserService.read(userId);
+    private int getFailedLogins(final UserService userService, final long userId) {
+        UserTO readUserTO = userService.read(userId);
         assertNotNull(readUserTO);
         assertNotNull(readUserTO.getFailedLogins());
         return readUserTO.getFailedLogins();
     }
 
-    private void assertReadFails(UserService userService, long id) {
+    private void assertReadFails(final SyncopeClient client) {
         try {
-            userService.read(id);
+            client.self();
             fail("access should not work");
         } catch (Exception e) {
             assertNotNull(e);
@@ -84,29 +82,44 @@ public class AuthenticationITCase extends AbstractITCase {
     }
 
     @Test
-    public void testAdminEntitlements() {
-        // 1. as anonymous, read all available entitlements
-        List<EntitlementTO> allEntitlements = entitlementService.getAllEntitlements();
-        assertNotNull(allEntitlements);
-        assertFalse(allEntitlements.isEmpty());
-
-        // 2. as admin, read own entitlements
-        List<EntitlementTO> adminEntitlements = entitlementService.getOwnEntitlements();
+    public void testReadEntitlements() {
+        // 1. as anonymous (not allowed)
+        try {
+            clientFactory.createAnonymous().self();
+            fail();
+        } catch (AccessControlException e) {
+            assertNotNull(e);
+        }
 
-        assertEquals(new HashSet<String>(CollectionWrapper.unwrap(allEntitlements)),
-                new HashSet<String>(CollectionWrapper.unwrap(adminEntitlements)));
+        // 2. as authenticated anonymous (used by admin console)
+        Pair<Map<Entitlement, Set<String>>, UserTO> self = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).self();
+        assertEquals(1, self.getKey().size());
+        assertTrue(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
+        assertEquals(ANONYMOUS_UNAME, self.getValue().getUsername());
+
+        // 3. as admin
+        self = adminClient.self();
+        assertEquals(Entitlement.values().length - 1, self.getKey().size());
+        assertFalse(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
+        assertEquals(ADMIN_UNAME, self.getValue().getUsername());
+
+        // 4. as user
+        self = clientFactory.create("verdi", ADMIN_PWD).self();
+        assertFalse(self.getKey().isEmpty());
+        assertFalse(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
+        assertEquals("verdi", self.getValue().getUsername());
     }
 
     @Test
     public void testUserSchemaAuthorization() {
-        // 0. create a group that can only read schemas
-        GroupTO authGroupTO = new GroupTO();
-        authGroupTO.setName("authGroup" + getUUIDString());
-        authGroupTO.setParent(8L);
-        authGroupTO.getEntitlements().add("SCHEMA_READ");
+        // 0. create a role that can only read schemas
+        RoleTO roleTO = new RoleTO();
+        roleTO.setName("authRole" + getUUIDString());
+        roleTO.getEntitlements().add(Entitlement.SCHEMA_READ);
+        roleTO.getRealms().add("/odd");
 
-        authGroupTO = createGroup(authGroupTO);
-        assertNotNull(authGroupTO);
+        roleTO = createRole(roleTO);
+        assertNotNull(roleTO);
 
         String schemaName = "authTestSchema" + getUUIDString();
 
@@ -119,16 +132,9 @@ public class AuthenticationITCase extends AbstractITCase {
         PlainSchemaTO newPlainSchemaTO = createSchema(AttributableType.USER, SchemaType.PLAIN, schemaTO);
         assertEquals(schemaTO, newPlainSchemaTO);
 
-        // 2. create an user with the group created above (as admin)
+        // 2. create an user with the role created above (as admin)
         UserTO userTO = UserITCase.getUniqueSampleTO("auth@test.org");
-
-        MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(authGroupTO.getKey());
-        AttrTO testAttrTO = new AttrTO();
-        testAttrTO.setSchema("testAttribute");
-        testAttrTO.getValues().add("a value");
-        membershipTO.getPlainAttrs().add(testAttrTO);
-        userTO.getMemberships().add(membershipTO);
+        userTO.getRoles().add(roleTO.getKey());
 
         userTO = createUser(userTO);
         assertNotNull(userTO);
@@ -138,19 +144,15 @@ public class AuthenticationITCase extends AbstractITCase {
         assertNotNull(schemaTO);
 
         // 4. read the schema created above (as user) - success
-        SchemaService schemaService2 = clientFactory.create(userTO.getUsername(), "password123").getService(
-                SchemaService.class);
-
+        SchemaService schemaService2 = clientFactory.create(userTO.getUsername(), "password123").
+                getService(SchemaService.class);
         schemaTO = schemaService2.read(AttributableType.USER, SchemaType.PLAIN, schemaName);
         assertNotNull(schemaTO);
 
         // 5. update the schema create above (as user) - failure
         try {
             schemaService2.update(AttributableType.GROUP, SchemaType.PLAIN, schemaName, schemaTO);
-            fail("Schemaupdate as user schould not work");
-        } catch (SyncopeClientException e) {
-            assertNotNull(e);
-            assertEquals(Response.Status.UNAUTHORIZED, e.getType().getResponseStatus());
+            fail("Schemaupdate as user should not work");
         } catch (AccessControlException e) {
             // CXF Service will throw this exception
             assertNotNull(e);
@@ -162,14 +164,7 @@ public class AuthenticationITCase extends AbstractITCase {
     @Test
     public void testUserRead() {
         UserTO userTO = UserITCase.getUniqueSampleTO("testuserread@test.org");
-
-        MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(7L);
-        AttrTO testAttrTO = new AttrTO();
-        testAttrTO.setSchema("testAttribute");
-        testAttrTO.getValues().add("a value");
-        membershipTO.getPlainAttrs().add(testAttrTO);
-        userTO.getMemberships().add(membershipTO);
+        userTO.getRoles().add(2L);
 
         userTO = createUser(userTO);
         assertNotNull(userTO);
@@ -190,20 +185,13 @@ public class AuthenticationITCase extends AbstractITCase {
             exception = e;
         }
         assertNotNull(exception);
-        assertEquals(ClientExceptionType.UnauthorizedGroup, exception.getType());
+        assertEquals(ClientExceptionType.Unauthorized, exception.getType());
     }
 
     @Test
     public void testUserSearch() {
         UserTO userTO = UserITCase.getUniqueSampleTO("testusersearch@test.org");
-
-        MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(7L);
-        AttrTO testAttrTO = new AttrTO();
-        testAttrTO.setSchema("testAttribute");
-        testAttrTO.getValues().add("a value");
-        membershipTO.getPlainAttrs().add(testAttrTO);
-        userTO.getMemberships().add(membershipTO);
+        userTO.getRoles().add(2L);
 
         userTO = createUser(userTO);
         assertNotNull(userTO);
@@ -212,93 +200,80 @@ public class AuthenticationITCase extends AbstractITCase {
                 getService(UserService.class);
 
         PagedResult<UserTO> matchedUsers = userService2.search(
+                Collections.singletonList("/"),
                 SyncopeClient.getUserSearchConditionBuilder().isNotNull("loginDate").query());
         assertNotNull(matchedUsers);
         assertFalse(matchedUsers.getResult().isEmpty());
-        Set<Long> userIds = new HashSet<Long>(matchedUsers.getResult().size());
-        for (UserTO user : matchedUsers.getResult()) {
-            userIds.add(user.getKey());
-        }
-        assertTrue(userIds.contains(1L));
+        assertTrue(CollectionUtils.exists(matchedUsers.getResult(), new Predicate<UserTO>() {
+
+            @Override
+            public boolean evaluate(final UserTO user) {
+                return user.getKey() == 1;
+            }
+        }));
 
         UserService userService3 = clientFactory.create("verdi", "password").getService(UserService.class);
 
         matchedUsers = userService3.search(
+                Collections.singletonList("/even/two"),
                 SyncopeClient.getUserSearchConditionBuilder().isNotNull("loginDate").query());
         assertNotNull(matchedUsers);
+        assertFalse(CollectionUtils.exists(matchedUsers.getResult(), new Predicate<UserTO>() {
 
-        userIds = new HashSet<>(matchedUsers.getResult().size());
-
-        for (UserTO user : matchedUsers.getResult()) {
-            userIds.add(user.getKey());
-        }
-        assertFalse(userIds.contains(1L));
+            @Override
+            public boolean evaluate(final UserTO user) {
+                return user.getKey() == 1;
+            }
+        }));
     }
 
     @Test
     public void checkFailedLogins() {
         UserTO userTO = UserITCase.getUniqueSampleTO("checkFailedLogin@syncope.apache.org");
-
-        MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(7L);
-        AttrTO testAttrTO = new AttrTO();
-        testAttrTO.setSchema("testAttribute");
-        testAttrTO.getValues().add("a value");
-        membershipTO.getPlainAttrs().add(testAttrTO);
-        userTO.getMemberships().add(membershipTO);
+        userTO.getRoles().add(2L);
 
         userTO = createUser(userTO);
         assertNotNull(userTO);
         long userId = userTO.getKey();
 
-        UserService userService2 = clientFactory.create(userTO.getUsername(), "password123").getService(
-                UserService.class);
+        UserService userService2 = clientFactory.create(userTO.getUsername(), "password123").
+                getService(UserService.class);
         assertEquals(0, getFailedLogins(userService2, userId));
 
         // authentications failed ...
-        UserService userService3 = clientFactory.create(userTO.getUsername(), "wrongpwd1").getService(
-                UserService.class);
-        assertReadFails(userService3, userId);
-        assertReadFails(userService3, userId);
+        SyncopeClient badPwdClient = clientFactory.create(userTO.getUsername(), "wrongpwd1");
+        assertReadFails(badPwdClient);
+        assertReadFails(badPwdClient);
 
         assertEquals(2, getFailedLogins(userService, userId));
 
-        UserService userService4 = clientFactory.create(userTO.getUsername(), "password123").getService(
-                UserService.class);
+        UserService userService4 = clientFactory.create(userTO.getUsername(), "password123").
+                getService(UserService.class);
         assertEquals(0, getFailedLogins(userService4, userId));
     }
 
     @Test
     public void checkUserSuspension() {
         UserTO userTO = UserITCase.getUniqueSampleTO("checkSuspension@syncope.apache.org");
-
-        MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(7L);
-        AttrTO testAttrTO = new AttrTO();
-        testAttrTO.setSchema("testAttribute");
-        testAttrTO.getValues().add("a value");
-        membershipTO.getPlainAttrs().add(testAttrTO);
-        userTO.getMemberships().add(membershipTO);
+        userTO.setRealm("/odd");
+        userTO.getRoles().add(2L);
 
         userTO = createUser(userTO);
         long userId = userTO.getKey();
         assertNotNull(userTO);
 
-        UserService userService2 = clientFactory.create(userTO.getUsername(), "password123").
-                getService(UserService.class);
-        assertEquals(0, getFailedLogins(userService2, userId));
+        assertEquals(0, getFailedLogins(userService, userId));
 
         // authentications failed ...
-        UserService userService3 = clientFactory.create(userTO.getUsername(), "wrongpwd1").
-                getService(UserService.class);
-        assertReadFails(userService3, userId);
-        assertReadFails(userService3, userId);
-        assertReadFails(userService3, userId);
+        SyncopeClient badPwdClient = clientFactory.create(userTO.getUsername(), "wrongpwd1");
+        assertReadFails(badPwdClient);
+        assertReadFails(badPwdClient);
+        assertReadFails(badPwdClient);
 
         assertEquals(3, getFailedLogins(userService, userId));
 
         // last authentication before suspension
-        assertReadFails(userService3, userId);
+        assertReadFails(badPwdClient);
 
         userTO = userService.read(userTO.getKey());
         assertNotNull(userTO);
@@ -307,8 +282,8 @@ public class AuthenticationITCase extends AbstractITCase {
         assertEquals("suspended", userTO.getStatus());
 
         // Access with correct credentials should fail as user is suspended
-        userService2 = clientFactory.create(userTO.getUsername(), "password123").getService(UserService.class);
-        assertReadFails(userService2, userId);
+        SyncopeClient goodPwdClient = clientFactory.create(userTO.getUsername(), "password123");
+        assertReadFails(goodPwdClient);
 
         StatusMod reactivate = new StatusMod();
         reactivate.setType(StatusMod.ModType.REACTIVATE);
@@ -316,52 +291,7 @@ public class AuthenticationITCase extends AbstractITCase {
         assertNotNull(userTO);
         assertEquals("active", userTO.getStatus());
 
-        userService2 = clientFactory.create(userTO.getUsername(), "password123").getService(UserService.class);
-        assertEquals(0, getFailedLogins(userService2, userId));
-    }
-
-    @Test
-    public void issueSYNCOPE48() {
-        // Parent group, able to create users with group 1
-        GroupTO parentGroup = new GroupTO();
-        parentGroup.setName("parentAdminGroup" + getUUIDString());
-        parentGroup.getEntitlements().add("USER_CREATE");
-        parentGroup.getEntitlements().add("GROUP_1");
-        parentGroup.setParent(1L);
-        parentGroup = createGroup(parentGroup);
-        assertNotNull(parentGroup);
-
-        // Child group, with no entitlements
-        GroupTO childGroup = new GroupTO();
-        childGroup.setName("childAdminGroup");
-        childGroup.setParent(parentGroup.getKey());
-
-        childGroup = createGroup(childGroup);
-        assertNotNull(childGroup);
-
-        // User with child group, created by admin
-        UserTO group1Admin = UserITCase.getUniqueSampleTO("syncope48admin@apache.org");
-        group1Admin.setPassword("password");
-        MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(childGroup.getKey());
-        group1Admin.getMemberships().add(membershipTO);
-
-        group1Admin = createUser(group1Admin);
-        assertNotNull(group1Admin);
-
-        UserService userService2 = clientFactory.create(group1Admin.getUsername(), "password").getService(
-                UserService.class);
-
-        // User with group 1, created by user with child group created above
-        UserTO group1User = UserITCase.getUniqueSampleTO("syncope48user@apache.org");
-        membershipTO = new MembershipTO();
-        membershipTO.setGroupId(1L);
-        group1User.getMemberships().add(membershipTO);
-
-        Response response = userService2.create(group1User, true);
-        assertNotNull(response);
-        group1User = response.readEntity(UserTO.class);
-        assertNotNull(group1User);
+        assertEquals(0, goodPwdClient.self().getValue().getFailedLogins(), 0);
     }
 
     @Test
@@ -371,7 +301,7 @@ public class AuthenticationITCase extends AbstractITCase {
         // 1. create user with group 9 (users with group 9 are defined in workflow as subject to approval)
         UserTO userTO = UserITCase.getUniqueSampleTO("createWithReject@syncope.apache.org");
         MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(9L);
+        membershipTO.setGroupKey(9L);
         userTO.getMemberships().add(membershipTO);
 
         userTO = createUser(userTO);
@@ -379,10 +309,8 @@ public class AuthenticationITCase extends AbstractITCase {
         assertEquals("createApproval", userTO.getStatus());
 
         // 2. try to authenticate: fail
-        EntitlementService myEntitlementService = clientFactory.create(userTO.getUsername(), "password123").
-                getService(EntitlementService.class);
         try {
-            myEntitlementService.getOwnEntitlements();
+            clientFactory.create(userTO.getUsername(), "password123").self();
             fail();
         } catch (AccessControlException e) {
             assertNotNull(e);
@@ -400,14 +328,19 @@ public class AuthenticationITCase extends AbstractITCase {
         assertEquals("active", userTO.getStatus());
 
         // 4. try to authenticate again: success
-        assertNotNull(myEntitlementService.getOwnEntitlements());
+        Pair<Map<Entitlement, Set<String>>, UserTO> self =
+                clientFactory.create(userTO.getUsername(), "password123").self();
+        assertNotNull(self);
+        assertNotNull(self.getKey());
+        assertNotNull(self.getValue());
     }
 
     @Test
     public void issueSYNCOPE164() throws Exception {
         // 1. create user with db resource
         UserTO user = UserITCase.getUniqueSampleTO("syncope164@syncope.apache.org");
-        user.setPassword("password1");
+        user.setRealm("/even/two");
+        user.setPassword("password123");
         user.getResources().add(RESOURCE_NAME_TESTDB);
         user = createUser(user);
         assertNotNull(user);
@@ -421,7 +354,7 @@ public class AuthenticationITCase extends AbstractITCase {
         // 3. change password on Syncope
         UserMod userMod = new UserMod();
         userMod.setKey(user.getKey());
-        userMod.setPassword("password2");
+        userMod.setPassword("password234");
         user = updateUser(userMod);
         assertNotNull(user);
 
@@ -429,12 +362,13 @@ public class AuthenticationITCase extends AbstractITCase {
         final JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
         String value = jdbcTemplate.queryForObject(
                 "SELECT PASSWORD FROM test WHERE ID=?", String.class, user.getUsername());
-        assertEquals(Encryptor.getInstance().encode("password1", CipherAlgorithm.SHA1), value.toUpperCase());
+        assertEquals(Encryptor.getInstance().encode("password123", CipherAlgorithm.SHA1), value.toUpperCase());
 
         // 5. successfully authenticate with old (on db resource) and new (on internal storage) password values
-        user = clientFactory.create(user.getUsername(), "password1").getService(UserSelfService.class).read();
-        assertNotNull(user);
-        user = clientFactory.create(user.getUsername(), "password2").getService(UserSelfService.class).read();
-        assertNotNull(user);
+        Pair<Map<Entitlement, Set<String>>, UserTO> self =
+                clientFactory.create(user.getUsername(), "password123").self();
+        assertNotNull(self);
+        self = clientFactory.create(user.getUsername(), "password234").self();
+        assertNotNull(self);
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/CamelRouteITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/CamelRouteITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/CamelRouteITCase.java
index 35f270c..4681834 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/CamelRouteITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/CamelRouteITCase.java
@@ -22,6 +22,8 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
 import java.util.List;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.syncope.common.lib.SyncopeConstants;
 import org.apache.syncope.common.lib.to.CamelRouteTO;
 import org.apache.syncope.common.lib.to.PlainSchemaTO;
 import org.apache.syncope.common.lib.to.UserTO;
@@ -61,11 +63,11 @@ public class CamelRouteITCase extends AbstractITCase {
         }
     }
 
-    private CamelRouteTO doUpdate(final String key, String content) {
+    private CamelRouteTO doUpdate(final String key, final String content) {
         CamelRouteTO route = camelRouteService.read(key);
         route.setContent(content);
         camelRouteService.update(route.getKey(), route);
-        //getting new route definition
+        // getting new route definition
         return camelRouteService.read(key);
     }
 
@@ -108,45 +110,49 @@ public class CamelRouteITCase extends AbstractITCase {
         Assume.assumeTrue(CamelDetector.isCamelEnabledForUsers(syncopeService));
 
         CamelRouteTO oldRoute = camelRouteService.read("createUser");
-        //updating route content including new attribute management
-        String routeContent = "<route id=\"createUser\">\n"
-                + "  <from uri=\"direct:createUser\"/>\n"
-                + "  <setProperty propertyName=\"actual\">\n"
-                + "    <simple>${body}</simple>\n"
-                + "  </setProperty>\n"
-                + "  <setBody>\n"
-                + "   <groovy>\n"
-                + "       request.body.getPlainAttrs().get(3).getValues().set(0,\"true\")\n"
+        // updating route content including new attribute management
+
+        String routeContent = ""
+                + "  <route id=\"createUser\">\n"
+                + "    <from uri=\"direct:createUser\"/>\n"
+                + "    <setProperty propertyName=\"actual\">\n"
+                + "      <simple>${body}</simple>\n"
+                + "    </setProperty>\n"
+                + "    <setBody>\n"
+                + "     <groovy>\n"
+                + "       org.apache.commons.collections4."
+                + "CollectionUtils.get(request.body.getPlainAttrs(), 3).getValues().set(0,\"true\")\n"
                 + "       return request.body\n"
-                + "   </groovy>\n"
-                + "  </setBody>\n"
-                + "  <doTry>\n"
+                + "     </groovy>\n"
+                + "    </setBody>\n"
+                + "    <doTry>\n"
                 + "      <bean ref=\"uwfAdapter\" method=\"create(${body},${property.disablePwdPolicyCheck},\n"
-                + "                            ${property.enabled},${property.storePassword})\"/>\n"
-                + "      <process ref=\"userCreateProcessor\" />\n"
+                + "                                     ${property.enabled},${property.storePassword})\"/>\n"
+                + "      <process ref=\"userCreateProcessor\"/>\n"
                 + "      <to uri=\"direct:createPort\"/>\n"
                 + "      <doCatch>        \n"
-                + "      <exception>java.lang.RuntimeException</exception>\n"
-                + "          <handled>\n"
-                + "           <constant>false</constant>\n"
-                + "          </handled>\n"
-                + "      <to uri=\"direct:createPort\"/>\n"
+                + "        <exception>java.lang.RuntimeException</exception>\n"
+                + "        <handled>\n"
+                + "          <constant>false</constant>\n"
+                + "        </handled>\n"
+                + "        <to uri=\"direct:createPort\"/>\n"
                 + "      </doCatch>\n"
-                + "   </doTry>\n"
-                + "</route>";
+                + "    </doTry>\n"
+                + "  </route> ";
         try {
             doUpdate("createUser", routeContent);
 
-            //creating new schema attribute for user
+            // creating new schema attribute for user
             PlainSchemaTO schemaTO = new PlainSchemaTO();
             schemaTO.setKey("camelAttribute");
             schemaTO.setType(AttrSchemaType.String);
             createSchema(AttributableType.USER, SchemaType.PLAIN, schemaTO);
 
             UserTO userTO = new UserTO();
+            userTO.setRealm(SyncopeConstants.ROOT_REALM);
             String userId = getUUIDString() + "camelUser@syncope.apache.org";
             userTO.setUsername(userId);
-            userTO.setPassword("password");
+            userTO.setPassword("password123");
             userTO.getPlainAttrs().add(attrTO("userId", userId));
             userTO.getPlainAttrs().add(attrTO("fullname", userId));
             userTO.getPlainAttrs().add(attrTO("surname", userId));
@@ -154,7 +160,7 @@ public class CamelRouteITCase extends AbstractITCase {
 
             userTO = createUser(userTO);
             assertNotNull(userTO);
-            assertEquals("true", userTO.getPlainAttrs().get(3).getValues().get(0));
+            assertEquals("true", CollectionUtils.get(userTO.getPlainAttrs(), 3).getValues().get(0));
         } finally {
             doUpdate(oldRoute.getKey(), oldRoute.getContent());
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java
index 3277305..5dd5ce8 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConfigurationITCase.java
@@ -57,12 +57,12 @@ public class ConfigurationITCase extends AbstractITCase {
     @Test
     public void create() {
         PlainSchemaTO testKey = new PlainSchemaTO();
-        testKey.setKey("testKey");
+        testKey.setKey("testKey" + getUUIDString());
         testKey.setType(AttrSchemaType.String);
         createSchema(AttributableType.CONFIGURATION, SchemaType.PLAIN, testKey);
 
         AttrTO conf = new AttrTO();
-        conf.setSchema("testKey");
+        conf.setSchema(testKey.getKey());
         conf.getValues().add("testValue");
 
         configurationService.set(conf.getSchema(), conf);
@@ -201,6 +201,7 @@ public class ConfigurationITCase extends AbstractITCase {
         createSchema(AttributableType.GROUP, SchemaType.PLAIN, groupKey);
 
         GroupTO groupTO = new GroupTO();
+        groupTO.setRealm("/");
         groupTO.setName("aGroup" + getUUIDString());
         groupTO.getMPlainAttrTemplates().add(membershipKey.getKey());
         groupTO.getGPlainAttrTemplates().add(groupKey.getKey());

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConnectorITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConnectorITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConnectorITCase.java
index de54fd5..4fdad8d 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConnectorITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ConnectorITCase.java
@@ -295,7 +295,7 @@ public class ConnectorITCase extends AbstractITCase {
         ResourceTO resourceTO = resources.get(0);
 
         // Make it new.
-        resourceTO.setKey("newAbout103");
+        resourceTO.setKey("newAbout103" + getUUIDString());
 
         // Make it new.
         connInstanceTO.setKey(0);

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
index ce2cbd5..7fac061 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
@@ -28,6 +28,7 @@ import static org.junit.Assert.fail;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.AccessControlException;
+import java.util.Collections;
 import java.util.List;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -62,7 +63,6 @@ import org.apache.syncope.common.rest.api.CollectionWrapper;
 import org.apache.syncope.common.rest.api.Preference;
 import org.apache.syncope.common.rest.api.RESTHeaders;
 import org.apache.syncope.common.rest.api.service.GroupService;
-import org.identityconnectors.framework.common.objects.Name;
 import org.junit.FixMethodOrder;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -73,23 +73,14 @@ public class GroupITCase extends AbstractITCase {
 
     private GroupTO buildBasicGroupTO(final String name) {
         GroupTO groupTO = new GroupTO();
+        groupTO.setRealm("/");
         groupTO.setName(name + getUUIDString());
-        groupTO.setParent(8L);
         return groupTO;
     }
 
     private GroupTO buildGroupTO(final String name) {
         GroupTO groupTO = buildBasicGroupTO(name);
 
-        // verify inheritance password and account policies
-        groupTO.setInheritAccountPolicy(false);
-        // not inherited so setter execution shouldn't be ignored
-        groupTO.setAccountPolicy(6L);
-
-        groupTO.setInheritPasswordPolicy(true);
-        // inherited so setter execution should be ignored
-        groupTO.setPasswordPolicy(2L);
-
         groupTO.getGPlainAttrTemplates().add("icon");
         groupTO.getPlainAttrs().add(attrTO("icon", "anIcon"));
 
@@ -98,19 +89,6 @@ public class GroupITCase extends AbstractITCase {
     }
 
     @Test
-    public void createWithException() {
-        GroupTO newGroupTO = new GroupTO();
-        newGroupTO.getPlainAttrs().add(attrTO("attr1", "value1"));
-
-        try {
-            createGroup(newGroupTO);
-            fail();
-        } catch (SyncopeClientException e) {
-            assertEquals(ClientExceptionType.InvalidGroup, e.getType());
-        }
-    }
-
-    @Test
     @Ignore
     public void create() {
         GroupTO groupTO = buildGroupTO("lastGroup");
@@ -126,12 +104,6 @@ public class GroupITCase extends AbstractITCase {
         assertFalse(groupTO.getVirAttrMap().get("rvirtualdata").getValues().isEmpty());
         assertEquals("rvirtualvalue", groupTO.getVirAttrMap().get("rvirtualdata").getValues().get(0));
 
-        assertNotNull(groupTO.getAccountPolicy());
-        assertEquals(6L, (long) groupTO.getAccountPolicy());
-
-        assertNotNull(groupTO.getPasswordPolicy());
-        assertEquals(4L, (long) groupTO.getPasswordPolicy());
-
         assertTrue(groupTO.getResources().contains(RESOURCE_NAME_LDAP));
 
         ConnObjectTO connObjectTO =
@@ -148,22 +120,6 @@ public class GroupITCase extends AbstractITCase {
     }
 
     @Test
-    public void createWithPasswordPolicy() {
-        GroupTO groupTO = new GroupTO();
-        groupTO.setName("groupWithPassword" + getUUIDString());
-        groupTO.setParent(8L);
-        groupTO.setPasswordPolicy(4L);
-
-        GroupTO actual = createGroup(groupTO);
-        assertNotNull(actual);
-
-        actual = groupService.read(actual.getKey());
-        assertNotNull(actual);
-        assertNotNull(actual.getPasswordPolicy());
-        assertEquals(4L, (long) actual.getPasswordPolicy());
-    }
-
-    @Test
     public void delete() {
         try {
             groupService.delete(0L);
@@ -173,7 +129,7 @@ public class GroupITCase extends AbstractITCase {
 
         GroupTO groupTO = new GroupTO();
         groupTO.setName("toBeDeleted" + getUUIDString());
-        groupTO.setParent(8L);
+        groupTO.setRealm("/even");
 
         groupTO.getResources().add(RESOURCE_NAME_LDAP);
 
@@ -192,7 +148,7 @@ public class GroupITCase extends AbstractITCase {
 
     @Test
     public void list() {
-        PagedResult<GroupTO> groupTOs = groupService.list();
+        PagedResult<GroupTO> groupTOs = groupService.list(Collections.singletonList("/"));
         assertNotNull(groupTOs);
         assertTrue(groupTOs.getResult().size() >= 8);
         for (GroupTO groupTO : groupTOs.getResult()) {
@@ -201,14 +157,6 @@ public class GroupITCase extends AbstractITCase {
     }
 
     @Test
-    public void parent() {
-        GroupTO groupTO = groupService.parent(7L);
-
-        assertNotNull(groupTO);
-        assertEquals(groupTO.getKey(), 6L);
-    }
-
-    @Test
     public void read() {
         GroupTO groupTO = groupService.read(1L);
 
@@ -228,16 +176,17 @@ public class GroupITCase extends AbstractITCase {
         GroupService groupService2 = clientFactory.create("rossini", ADMIN_PWD).getService(GroupService.class);
 
         try {
-            groupService2.readSelf(3L);
+            groupService2.read(3L);
             fail();
         } catch (SyncopeClientException e) {
-            assertEquals(ClientExceptionType.UnauthorizedGroup, e.getType());
+            assertEquals(ClientExceptionType.Unauthorized, e.getType());
         }
 
-        GroupTO groupTO = groupService2.readSelf(1L);
-        assertNotNull(groupTO);
-        assertNotNull(groupTO.getPlainAttrs());
-        assertFalse(groupTO.getPlainAttrs().isEmpty());
+        List<GroupTO> groups = groupService2.own();
+        assertNotNull(groups);
+        assertFalse(groups.isEmpty());
+        assertNotNull(groups.get(0).getPlainAttrs());
+        assertFalse(groups.get(0).getPlainAttrs().isEmpty());
     }
 
     @Test
@@ -248,12 +197,6 @@ public class GroupITCase extends AbstractITCase {
 
         assertEquals(1, groupTO.getPlainAttrs().size());
 
-        assertNotNull(groupTO.getAccountPolicy());
-        assertEquals(6L, (long) groupTO.getAccountPolicy());
-
-        assertNotNull(groupTO.getPasswordPolicy());
-        assertEquals(4L, (long) groupTO.getPasswordPolicy());
-
         GroupMod groupMod = new GroupMod();
         groupMod.setKey(groupTO.getKey());
         String modName = "finalGroup" + getUUIDString();
@@ -267,13 +210,6 @@ public class GroupITCase extends AbstractITCase {
 
         assertEquals(modName, groupTO.getName());
         assertEquals(2, groupTO.getPlainAttrs().size());
-
-        // changes ignored because not requested (null ReferenceMod)
-        assertNotNull(groupTO.getAccountPolicy());
-        assertEquals(6L, (long) groupTO.getAccountPolicy());
-
-        // password policy null because not inherited
-        assertNull(groupTO.getPasswordPolicy());
     }
 
     @Test
@@ -319,7 +255,7 @@ public class GroupITCase extends AbstractITCase {
     @Test
     public void updateAsGroupOwner() {
         // 1. read group as admin
-        GroupTO groupTO = groupService.read(7L);
+        GroupTO groupTO = groupService.read(6L);
 
         // issue SYNCOPE-15
         assertNotNull(groupTO.getCreationDate());
@@ -330,9 +266,9 @@ public class GroupITCase extends AbstractITCase {
         // 2. prepare update
         GroupMod groupMod = new GroupMod();
         groupMod.setKey(groupTO.getKey());
-        groupMod.setName("Managing Director");
+        groupMod.setName("Director");
 
-        // 3. try to update as verdi, not owner of group 7 - fail
+        // 3. try to update as verdi, not owner of group 6 - fail
         GroupService groupService2 = clientFactory.create("verdi", ADMIN_PWD).getService(GroupService.class);
 
         try {
@@ -344,11 +280,11 @@ public class GroupITCase extends AbstractITCase {
             assertNotNull(e);
         }
 
-        // 4. update as puccini, owner of group 7 because owner of group 6 with inheritance - success
+        // 4. update as puccini, owner of group 6 - success
         GroupService groupService3 = clientFactory.create("puccini", ADMIN_PWD).getService(GroupService.class);
 
         groupTO = groupService3.update(groupMod.getKey(), groupMod).readEntity(GroupTO.class);
-        assertEquals("Managing Director", groupTO.getName());
+        assertEquals("Director", groupTO.getName());
 
         // issue SYNCOPE-15
         assertNotNull(groupTO.getCreationDate());
@@ -358,20 +294,17 @@ public class GroupITCase extends AbstractITCase {
         assertTrue(groupTO.getCreationDate().before(groupTO.getLastChangeDate()));
     }
 
-    /**
-     * Group rename used to fail in case of parent null.
-     */
     @Test
     public void issue178() {
         GroupTO groupTO = new GroupTO();
         String groupName = "torename" + getUUIDString();
         groupTO.setName(groupName);
+        groupTO.setRealm("/");
 
         GroupTO actual = createGroup(groupTO);
 
         assertNotNull(actual);
         assertEquals(groupName, actual.getName());
-        assertEquals(0L, actual.getParent());
 
         GroupMod groupMod = new GroupMod();
         groupMod.setKey(actual.getKey());
@@ -381,38 +314,6 @@ public class GroupITCase extends AbstractITCase {
         actual = updateGroup(groupMod);
         assertNotNull(actual);
         assertEquals(renamedGroup, actual.getName());
-        assertEquals(0L, actual.getParent());
-    }
-
-    @Test
-    public void issueSYNCOPE228() {
-        GroupTO groupTO = buildGroupTO("issueSYNCOPE228");
-        groupTO.getEntitlements().add("USER_READ");
-        groupTO.getEntitlements().add("SCHEMA_READ");
-
-        groupTO = createGroup(groupTO);
-        assertNotNull(groupTO);
-        assertNotNull(groupTO.getEntitlements());
-        assertFalse(groupTO.getEntitlements().isEmpty());
-
-        List<String> entitlements = groupTO.getEntitlements();
-
-        GroupMod groupMod = new GroupMod();
-        groupMod.setKey(groupTO.getKey());
-        groupMod.setInheritDerAttrs(Boolean.TRUE);
-
-        groupTO = updateGroup(groupMod);
-        assertNotNull(groupTO);
-        assertEquals(entitlements, groupTO.getEntitlements());
-
-        groupMod = new GroupMod();
-        groupMod.setKey(groupTO.getKey());
-        groupMod.setModEntitlements(true);
-        groupMod.getEntitlements().clear();
-
-        groupTO = updateGroup(groupMod);
-        assertNotNull(groupTO);
-        assertTrue(groupTO.getEntitlements().isEmpty());
     }
 
     @Test
@@ -610,7 +511,7 @@ public class GroupITCase extends AbstractITCase {
     public void createWithMandatorySchemaNotTemplate() {
         // 1. create a group mandatory schema
         PlainSchemaTO badge = new PlainSchemaTO();
-        badge.setKey("badge");
+        badge.setKey("badge" + getUUIDString());
         badge.setMandatoryCondition("true");
         schemaService.create(AttributableType.GROUP, SchemaType.PLAIN, badge);
 
@@ -625,8 +526,8 @@ public class GroupITCase extends AbstractITCase {
         // failure since no values are provided and it is mandatory
         GroupMod groupMod = new GroupMod();
         groupMod.setKey(groupTO.getKey());
-        groupMod.setModRAttrTemplates(true);
-        groupMod.getRPlainAttrTemplates().add("badge");
+        groupMod.setModGAttrTemplates(true);
+        groupMod.getGPlainAttrTemplates().add(badge.getKey());
 
         try {
             updateGroup(groupMod);
@@ -647,14 +548,14 @@ public class GroupITCase extends AbstractITCase {
     public void anonymous() {
         GroupService unauthenticated = clientFactory.createAnonymous().getService(GroupService.class);
         try {
-            unauthenticated.list();
+            unauthenticated.list(Collections.singletonList("/"));
             fail();
         } catch (AccessControlException e) {
             assertNotNull(e);
         }
 
         GroupService anonymous = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).getService(GroupService.class);
-        assertFalse(anonymous.list().getResult().isEmpty());
+        assertFalse(anonymous.list(Collections.singletonList("/")).getResult().isEmpty());
     }
 
     @Test
@@ -687,122 +588,6 @@ public class GroupITCase extends AbstractITCase {
     }
 
     @Test
-    public void issueSYNCOPE455() {
-        final String parentName = "issueSYNCOPE455-PGroup";
-        final String childName = "issueSYNCOPE455-CGroup";
-
-        // 1. create parent group
-        GroupTO parent = buildBasicGroupTO(parentName);
-        parent.getResources().add(RESOURCE_NAME_LDAP);
-
-        parent = createGroup(parent);
-        assertTrue(parent.getResources().contains(RESOURCE_NAME_LDAP));
-
-        final ConnObjectTO parentRemoteObject =
-                resourceService.getConnectorObject(RESOURCE_NAME_LDAP, SubjectType.GROUP, parent.getKey());
-        assertNotNull(parentRemoteObject);
-        assertNotNull(getLdapRemoteObject(parentRemoteObject.getPlainAttrMap().get(Name.NAME).getValues().get(0)));
-
-        // 2. create child group
-        GroupTO child = buildBasicGroupTO(childName);
-        child.getResources().add(RESOURCE_NAME_LDAP);
-        child.setParent(parent.getKey());
-
-        child = createGroup(child);
-        assertTrue(child.getResources().contains(RESOURCE_NAME_LDAP));
-
-        final ConnObjectTO childRemoteObject =
-                resourceService.getConnectorObject(RESOURCE_NAME_LDAP, SubjectType.GROUP, child.getKey());
-        assertNotNull(childRemoteObject);
-        assertNotNull(getLdapRemoteObject(childRemoteObject.getPlainAttrMap().get(Name.NAME).getValues().get(0)));
-
-        // 3. remove parent group
-        groupService.delete(parent.getKey());
-
-        // 4. asserts for issue 455
-        try {
-            groupService.read(parent.getKey());
-            fail();
-        } catch (SyncopeClientException scce) {
-            assertNotNull(scce);
-        }
-
-        try {
-            groupService.read(child.getKey());
-            fail();
-        } catch (SyncopeClientException scce) {
-            assertNotNull(scce);
-        }
-
-        assertNull(getLdapRemoteObject(parentRemoteObject.getPlainAttrMap().get(Name.NAME).getValues().get(0)));
-        assertNull(getLdapRemoteObject(childRemoteObject.getPlainAttrMap().get(Name.NAME).getValues().get(0)));
-    }
-
-    @Test
-    public void issueSYNCOPE543() {
-        final String ancestorName = "issueSYNCOPE543-AGroup";
-        final String parentName = "issueSYNCOPE543-PGroup";
-        final String childName = "issueSYNCOPE543-CGroup";
-
-        // 1. create ancestor group
-        GroupTO ancestor = buildBasicGroupTO(ancestorName);
-        ancestor.setParent(0L);
-        ancestor.getGPlainAttrTemplates().add("icon");
-        ancestor.getPlainAttrs().add(attrTO("icon", "ancestorIcon"));
-        ancestor = createGroup(ancestor);
-        assertEquals("ancestorIcon", ancestor.getPlainAttrMap().get("icon").getValues().get(0));
-
-        // 2. create parent group
-        GroupTO parent = buildBasicGroupTO(parentName);
-        parent.setParent(ancestor.getKey());
-        parent.getGPlainAttrTemplates().add("icon");
-        parent.getPlainAttrs().add(attrTO("icon", "parentIcon"));
-        parent = createGroup(parent);
-        assertEquals("parentIcon", parent.getPlainAttrMap().get("icon").getValues().get(0));
-
-        // 3. create child group
-        GroupTO child = buildBasicGroupTO(childName);
-        child.setParent(parent.getKey());
-        child.getGPlainAttrTemplates().add("icon");
-        child.getPlainAttrs().add(attrTO("icon", "childIcon"));
-        child = createGroup(child);
-        assertEquals("childIcon", child.getPlainAttrMap().get("icon").getValues().get(0));
-
-        final GroupMod groupChildMod = new GroupMod();
-        groupChildMod.setKey(child.getKey());
-        groupChildMod.setInheritPlainAttrs(Boolean.TRUE);
-        updateGroup(groupChildMod);
-
-        child = groupService.read(child.getKey());
-        assertNotNull(child);
-        assertNotNull(child.getPlainAttrMap().get("icon").getValues());
-        assertEquals("parentIcon", child.getPlainAttrMap().get("icon").getValues().get(0));
-
-        final GroupMod groupParentMod = new GroupMod();
-        groupParentMod.setKey(parent.getKey());
-        groupParentMod.setInheritPlainAttrs(Boolean.TRUE);
-        updateGroup(groupParentMod);
-
-        child = groupService.read(child.getKey());
-        assertNotNull(child);
-        assertNotNull(child.getPlainAttrMap().get("icon").getValues());
-        assertEquals("ancestorIcon", child.getPlainAttrMap().get("icon").getValues().get(0));
-
-        parent = groupService.read(parent.getKey());
-        assertNotNull(parent);
-        assertNotNull(parent.getPlainAttrMap().get("icon").getValues());
-        assertEquals("ancestorIcon", parent.getPlainAttrMap().get("icon").getValues().get(0));
-
-        groupParentMod.setInheritPlainAttrs(Boolean.FALSE);
-        updateGroup(groupParentMod);
-
-        child = groupService.read(child.getKey());
-        assertNotNull(child);
-        assertNotNull(child.getPlainAttrMap().get("icon").getValues());
-        assertEquals("parentIcon", child.getPlainAttrMap().get("icon").getValues().get(0));
-    }
-
-    @Test
     public void issueSYNCOPE632() {
         GroupTO groupTO = null;
         try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationITCase.java
index 955a216..18abb97 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationITCase.java
@@ -155,7 +155,7 @@ public class NotificationITCase extends AbstractITCase {
         NotificationTO notificationTO = buildNotificationTO();
         notificationTO.getStaticRecipients().add("syncope446@syncope.apache.org");
         notificationTO.setGroupAbout(
-                SyncopeClient.getGroupSearchConditionBuilder().hasEntitlements("GROUP_READ").query());
+                SyncopeClient.getGroupSearchConditionBuilder().is("name").equalTo("citizen").query());
 
         NotificationTO actual = null;
         try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationTaskITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationTaskITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationTaskITCase.java
index 1fb1a93..b3ca9ab 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationTaskITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/NotificationTaskITCase.java
@@ -130,7 +130,7 @@ public class NotificationTaskITCase extends AbstractTaskITCase {
         // 2. create user
         UserTO userTO = UserITCase.getUniqueSampleTO("syncope@syncope.apache.org");
         MembershipTO membershipTO = new MembershipTO();
-        membershipTO.setGroupId(7);
+        membershipTO.setGroupKey(7);
         userTO.getMemberships().add(membershipTO);
 
         userTO = createUser(userTO);

http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
index 1968206..5f317ed 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
@@ -233,7 +233,7 @@ public class PlainSchemaITCase extends AbstractITCase {
 
         UserTO newUserTO = SerializationUtils.clone(userTO);
         MembershipTO membership = new MembershipTO();
-        membership.setGroupId(2L);
+        membership.setGroupKey(2L);
         newUserTO.getMemberships().add(membership);
 
         UserMod userMod = AttributableOperations.diff(newUserTO, userTO);


Mime
View raw message