syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [16/17] syncope git commit: Further refactoring as per SYNCOPE-620
Date Wed, 09 Mar 2016 11:52:52 GMT
http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/jexl/JexlUtils.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/jexl/JexlUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/jexl/JexlUtils.java
deleted file mode 100644
index 9c64734..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/jexl/JexlUtils.java
+++ /dev/null
@@ -1,241 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.jexl;
-
-import java.beans.IntrospectionException;
-import java.beans.Introspector;
-import java.beans.PropertyDescriptor;
-import java.lang.reflect.Field;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-import org.apache.commons.jexl3.JexlBuilder;
-import org.apache.commons.jexl3.JexlContext;
-import org.apache.commons.jexl3.JexlEngine;
-import org.apache.commons.jexl3.JexlException;
-import org.apache.commons.jexl3.JexlExpression;
-import org.apache.commons.jexl3.JxltEngine;
-import org.apache.commons.jexl3.MapContext;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.lib.to.AnyTO;
-import org.apache.syncope.common.lib.to.AttrTO;
-import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
-import org.apache.syncope.core.misc.utils.FormatUtils;
-import org.apache.syncope.core.persistence.api.entity.Any;
-import org.apache.syncope.core.persistence.api.entity.DerSchema;
-import org.apache.syncope.core.persistence.api.entity.PlainAttr;
-import org.apache.syncope.core.provisioning.api.DerAttrHandler;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * JEXL <a href="http://commons.apache.org/jexl/reference/index.html">reference</a> is available.
- */
-public final class JexlUtils {
-
-    private static final Logger LOG = LoggerFactory.getLogger(JexlUtils.class);
-
-    private static final String[] IGNORE_FIELDS = { "password", "clearPassword", "serialVersionUID", "class" };
-
-    private static JexlEngine JEXL_ENGINE;
-
-    private static JexlEngine getEngine() {
-        synchronized (LOG) {
-            if (JEXL_ENGINE == null) {
-                JEXL_ENGINE = new JexlBuilder().
-                        uberspect(new ClassFreeUberspect()).
-                        loader(new EmptyClassLoader()).
-                        cache(512).
-                        silent(false).
-                        strict(false).
-                        create();
-            }
-        }
-
-        return JEXL_ENGINE;
-    }
-
-    public static JxltEngine newJxltEngine() {
-        return getEngine().createJxltEngine(false);
-    }
-
-    public static boolean isExpressionValid(final String expression) {
-        boolean result;
-        try {
-            getEngine().createExpression(expression);
-            result = true;
-        } catch (JexlException e) {
-            LOG.error("Invalid jexl expression: " + expression, e);
-            result = false;
-        }
-
-        return result;
-    }
-
-    public static String evaluate(final String expression, final JexlContext jexlContext) {
-        String result = StringUtils.EMPTY;
-
-        if (StringUtils.isNotBlank(expression) && jexlContext != null) {
-            try {
-                JexlExpression jexlExpression = getEngine().createExpression(expression);
-                Object evaluated = jexlExpression.evaluate(jexlContext);
-                if (evaluated != null) {
-                    result = evaluated.toString();
-                }
-            } catch (Exception e) {
-                LOG.error("Error while evaluating JEXL expression: " + expression, e);
-            }
-        } else {
-            LOG.debug("Expression not provided or invalid context");
-        }
-
-        return result;
-    }
-
-    public static JexlContext addFieldsToContext(final Object object, final JexlContext jexlContext) {
-        JexlContext context = jexlContext == null ? new MapContext() : jexlContext;
-
-        try {
-            for (PropertyDescriptor desc : Introspector.getBeanInfo(object.getClass()).getPropertyDescriptors()) {
-                Class<?> type = desc.getPropertyType();
-                String fieldName = desc.getName();
-
-                if ((!fieldName.startsWith("pc"))
-                        && (!ArrayUtils.contains(IGNORE_FIELDS, fieldName))
-                        && (!Iterable.class.isAssignableFrom(type))
-                        && (!type.isArray())) {
-
-                    try {
-                        Object fieldValue;
-                        if (desc.getReadMethod() == null) {
-                            final Field field = object.getClass().getDeclaredField(fieldName);
-                            field.setAccessible(true);
-                            fieldValue = field.get(object);
-                        } else {
-                            fieldValue = desc.getReadMethod().invoke(object);
-                        }
-
-                        context.set(fieldName, fieldValue == null
-                                ? StringUtils.EMPTY
-                                : (type.equals(Date.class)
-                                ? FormatUtils.format((Date) fieldValue, false)
-                                : fieldValue));
-
-                        LOG.debug("Add field {} with value {}", fieldName, fieldValue);
-                    } catch (Exception iae) {
-                        LOG.error("Reading '{}' value error", fieldName, iae);
-                    }
-                }
-            }
-        } catch (IntrospectionException ie) {
-            LOG.error("Reading class attributes error", ie);
-        }
-
-        if (object instanceof Any) {
-            Any<?> any = (Any<?>) object;
-            if (any.getRealm() != null) {
-                context.set("realm", any.getRealm().getName());
-            }
-        }
-
-        return context;
-    }
-
-    public static void addPlainAttrsToContext(
-            final Collection<? extends PlainAttr<?>> attrs, final JexlContext jexlContext) {
-
-        for (PlainAttr<?> attr : attrs) {
-            if (attr.getSchema() != null) {
-                List<String> attrValues = attr.getValuesAsStrings();
-                String expressionValue = attrValues.isEmpty()
-                        ? StringUtils.EMPTY
-                        : attrValues.get(0);
-
-                LOG.debug("Add attribute {} with value {}", attr.getSchema().getKey(), expressionValue);
-
-                jexlContext.set(attr.getSchema().getKey(), expressionValue);
-            }
-        }
-    }
-
-    public static void addDerAttrsToContext(final Any<?> any, final JexlContext jexlContext) {
-        Map<DerSchema, String> derAttrs =
-                ApplicationContextProvider.getBeanFactory().getBean(DerAttrHandler.class).getValues(any);
-
-        for (Map.Entry<DerSchema, String> entry : derAttrs.entrySet()) {
-            jexlContext.set(entry.getKey().getKey(), entry.getValue());
-        }
-    }
-
-    public static boolean evaluateMandatoryCondition(final String mandatoryCondition, final Any<?> any) {
-        JexlContext jexlContext = new MapContext();
-        addPlainAttrsToContext(any.getPlainAttrs(), jexlContext);
-        addDerAttrsToContext(any, jexlContext);
-
-        return Boolean.parseBoolean(evaluate(mandatoryCondition, jexlContext));
-    }
-
-    public static String evaluate(final String expression, final AnyTO anyTO) {
-        final JexlContext context = new MapContext();
-
-        addFieldsToContext(anyTO, context);
-
-        for (AttrTO plainAttr : anyTO.getPlainAttrs()) {
-            List<String> values = plainAttr.getValues();
-            String expressionValue = values.isEmpty()
-                    ? StringUtils.EMPTY
-                    : values.get(0);
-
-            LOG.debug("Add plain attribute {} with value {}", plainAttr.getSchema(), expressionValue);
-
-            context.set(plainAttr.getSchema(), expressionValue);
-        }
-        for (AttrTO derAttr : anyTO.getDerAttrs()) {
-            List<String> values = derAttr.getValues();
-            String expressionValue = values.isEmpty()
-                    ? StringUtils.EMPTY
-                    : values.get(0);
-
-            LOG.debug("Add derived attribute {} with value {}", derAttr.getSchema(), expressionValue);
-
-            context.set(derAttr.getSchema(), expressionValue);
-        }
-        for (AttrTO virAttr : anyTO.getVirAttrs()) {
-            List<String> values = virAttr.getValues();
-            String expressionValue = values.isEmpty()
-                    ? StringUtils.EMPTY
-                    : values.get(0);
-
-            LOG.debug("Add virtual attribute {} with value {}", virAttr.getSchema(), expressionValue);
-
-            context.set(virAttr.getSchema(), expressionValue);
-        }
-
-        // Evaluate expression using the context prepared before
-        return evaluate(expression, context);
-    }
-
-    /**
-     * Private default constructor, for static-only classes.
-     */
-    private JexlUtils() {
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/policy/AccountPolicyException.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/AccountPolicyException.java b/core/misc/src/main/java/org/apache/syncope/core/misc/policy/AccountPolicyException.java
deleted file mode 100644
index 0d3eff7..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/AccountPolicyException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.policy;
-
-public class AccountPolicyException extends PolicyException {
-
-    private static final long serialVersionUID = 2779416455067691813L;
-
-    public AccountPolicyException() {
-        super();
-    }
-
-    public AccountPolicyException(final String message) {
-        super(message);
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/policy/InvalidPasswordRuleConf.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/InvalidPasswordRuleConf.java b/core/misc/src/main/java/org/apache/syncope/core/misc/policy/InvalidPasswordRuleConf.java
deleted file mode 100644
index 4b13807..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/InvalidPasswordRuleConf.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.policy;
-
-/**
- * Raise when the merge of two or more PasswordRuleconf instances led to an inconsistent condition.
- *
- * @see org.apache.syncope.common.lib.policy.PasswordRuleConf
- */
-public class InvalidPasswordRuleConf extends Exception {
-
-    private static final long serialVersionUID = 4810651743226663580L;
-
-    public InvalidPasswordRuleConf(final String msg) {
-        super(msg);
-    }
-
-    public InvalidPasswordRuleConf(final String msg, final Exception e) {
-        super(msg, e);
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PasswordPolicyException.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PasswordPolicyException.java b/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PasswordPolicyException.java
deleted file mode 100644
index 7bf530b..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PasswordPolicyException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.policy;
-
-public class PasswordPolicyException extends PolicyException {
-
-    private static final long serialVersionUID = 8072104484395278469L;
-
-    public PasswordPolicyException() {
-        super();
-    }
-
-    public PasswordPolicyException(final String message) {
-        super(message);
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyException.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyException.java b/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyException.java
deleted file mode 100644
index 5a2ef36..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.policy;
-
-public class PolicyException extends RuntimeException {
-
-    private static final long serialVersionUID = -6082115004491662910L;
-
-    public PolicyException() {
-        super();
-    }
-
-    public PolicyException(final String message) {
-        super(message);
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyPattern.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyPattern.java b/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyPattern.java
deleted file mode 100644
index ecb4e6c..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/policy/PolicyPattern.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.policy;
-
-import java.util.regex.Pattern;
-
-public final class PolicyPattern {
-
-    public static final Pattern DIGIT = Pattern.compile(".*\\d+.*");
-
-    public static final Pattern ALPHA_LOWERCASE = Pattern.compile(".*[a-z]+.*");
-
-    public static final Pattern ALPHA_UPPERCASE = Pattern.compile(".*[A-Z]+.*");
-
-    public static final Pattern FIRST_DIGIT = Pattern.compile("\\d.*");
-
-    public static final Pattern LAST_DIGIT = Pattern.compile(".*\\d");
-
-    public static final Pattern ALPHANUMERIC = Pattern.compile(".*\\w.*");
-
-    public static final Pattern FIRST_ALPHANUMERIC = Pattern.compile("\\w.*");
-
-    public static final Pattern LAST_ALPHANUMERIC = Pattern.compile(".*\\w");
-
-    public static final Pattern NON_ALPHANUMERIC = Pattern.compile(".*\\W.*");
-
-    public static final Pattern FIRST_NON_ALPHANUMERIC = Pattern.compile("\\W.*");
-
-    public static final Pattern LAST_NON_ALPHANUMERIC = Pattern.compile(".*\\W");
-
-    private PolicyPattern() {
-        // private constructor for static utility class
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondConverter.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondConverter.java b/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondConverter.java
deleted file mode 100644
index 77b959b..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondConverter.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.search;
-
-import org.apache.commons.lang3.exception.ExceptionUtils;
-import org.apache.cxf.jaxrs.ext.search.SearchBean;
-import org.apache.cxf.jaxrs.ext.search.fiql.FiqlParser;
-import org.apache.syncope.common.lib.SyncopeClientException;
-import org.apache.syncope.common.lib.search.AbstractFiqlSearchConditionBuilder;
-import org.apache.syncope.common.lib.types.ClientExceptionType;
-import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
-
-/**
- * Converts FIQL expressions to Syncope's {@link SearchCond}.
- */
-public final class SearchCondConverter {
-
-    /**
-     * Parses a FIQL expression into Syncope's <tt>SearchCond</tt>, using CXF's <tt>FiqlParser</tt>.
-     *
-     * @param fiqlExpression FIQL string
-     * @param realms optional realm to provide to {@link SearchCondVisitor}
-     * @return {@link SearchCond} instance for given FIQL expression
-     * @see FiqlParser
-     */
-    public static SearchCond convert(final String fiqlExpression, final String... realms) {
-        FiqlParser<SearchBean> fiqlParser = new FiqlParser<>(
-                SearchBean.class, AbstractFiqlSearchConditionBuilder.CONTEXTUAL_PROPERTIES);
-
-        try {
-            SearchCondVisitor searchCondVisitor = new SearchCondVisitor();
-            if (realms != null && realms.length > 0) {
-                searchCondVisitor.setRealm(realms[0]);
-            }
-            searchCondVisitor.visit(fiqlParser.parse(fiqlExpression));
-            return searchCondVisitor.getQuery();
-        } catch (Exception e) {
-            SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidSearchExpression);
-            sce.getElements().add(fiqlExpression);
-            sce.getElements().add(ExceptionUtils.getRootCauseMessage(e));
-            throw sce;
-        }
-    }
-
-    private SearchCondConverter() {
-        // empty constructor for static utility class        
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondVisitor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondVisitor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondVisitor.java
deleted file mode 100644
index 2e281cf..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/search/SearchCondVisitor.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.search;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.cxf.jaxrs.ext.search.ConditionType;
-import org.apache.cxf.jaxrs.ext.search.SearchBean;
-import org.apache.cxf.jaxrs.ext.search.SearchCondition;
-import org.apache.cxf.jaxrs.ext.search.SearchUtils;
-import org.apache.cxf.jaxrs.ext.search.visitor.AbstractSearchConditionVisitor;
-import org.apache.syncope.common.lib.EntityTOUtils;
-import org.apache.syncope.common.lib.search.SpecialAttr;
-import org.apache.syncope.core.persistence.api.dao.search.AttributeCond;
-import org.apache.syncope.core.persistence.api.dao.search.MembershipCond;
-import org.apache.syncope.core.persistence.api.dao.search.ResourceCond;
-import org.apache.syncope.core.persistence.api.dao.search.RoleCond;
-import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
-import org.apache.syncope.core.persistence.api.dao.search.AnyCond;
-import org.apache.syncope.core.persistence.api.dao.search.AnyTypeCond;
-import org.apache.syncope.core.persistence.api.dao.search.AssignableCond;
-import org.apache.syncope.core.persistence.api.dao.search.RelationshipCond;
-import org.apache.syncope.core.persistence.api.dao.search.RelationshipTypeCond;
-
-/**
- * Converts CXF's <tt>SearchCondition</tt> into internal <tt>SearchCond</tt>.
- */
-public class SearchCondVisitor extends AbstractSearchConditionVisitor<SearchBean, SearchCond> {
-
-    private String realm;
-
-    private SearchCond searchCond;
-
-    public SearchCondVisitor() {
-        super(null);
-    }
-
-    public void setRealm(final String realm) {
-        this.realm = realm;
-    }
-
-    private AttributeCond createAttributeCond(final String schema) {
-        AttributeCond attributeCond = EntityTOUtils.ANY_FIELDS.contains(schema)
-                ? new AnyCond()
-                : new AttributeCond();
-        attributeCond.setSchema(schema);
-        return attributeCond;
-    }
-
-    private SearchCond visitPrimitive(final SearchCondition<SearchBean> sc) {
-        String name = getRealPropertyName(sc.getStatement().getProperty());
-        SpecialAttr specialAttrName = SpecialAttr.fromString(name);
-
-        String value = SearchUtils.toSqlWildcardString(sc.getStatement().getValue().toString(), false).
-                replaceAll("\\\\_", "_");
-        SpecialAttr specialAttrValue = SpecialAttr.fromString(value);
-
-        AttributeCond attributeCond = createAttributeCond(name);
-        attributeCond.setExpression(value);
-
-        SearchCond leaf;
-        switch (sc.getConditionType()) {
-            case EQUALS:
-            case NOT_EQUALS:
-                if (specialAttrName == null) {
-                    if (specialAttrValue != null && specialAttrValue == SpecialAttr.NULL) {
-                        attributeCond.setType(AttributeCond.Type.ISNULL);
-                        attributeCond.setExpression(null);
-                    } else if (value.indexOf('%') == -1) {
-                        attributeCond.setType(AttributeCond.Type.EQ);
-                    } else {
-                        attributeCond.setType(AttributeCond.Type.LIKE);
-                    }
-
-                    leaf = SearchCond.getLeafCond(attributeCond);
-                } else {
-                    switch (specialAttrName) {
-                        case TYPE:
-                            AnyTypeCond typeCond = new AnyTypeCond();
-                            typeCond.setAnyTypeName(value);
-                            leaf = SearchCond.getLeafCond(typeCond);
-                            break;
-
-                        case RESOURCES:
-                            ResourceCond resourceCond = new ResourceCond();
-                            resourceCond.setResourceName(value);
-                            leaf = SearchCond.getLeafCond(resourceCond);
-                            break;
-
-                        case GROUPS:
-                            MembershipCond groupCond = new MembershipCond();
-                            groupCond.setGroupKey(Long.valueOf(value));
-                            leaf = SearchCond.getLeafCond(groupCond);
-                            break;
-
-                        case RELATIONSHIPS:
-                            RelationshipCond relationshipCond = new RelationshipCond();
-                            relationshipCond.setAnyObjectKey(Long.valueOf(value));
-                            leaf = SearchCond.getLeafCond(relationshipCond);
-                            break;
-
-                        case RELATIONSHIP_TYPES:
-                            RelationshipTypeCond relationshipTypeCond = new RelationshipTypeCond();
-                            relationshipTypeCond.setRelationshipTypeKey(value);
-                            leaf = SearchCond.getLeafCond(relationshipTypeCond);
-                            break;
-
-                        case ROLES:
-                            RoleCond roleCond = new RoleCond();
-                            roleCond.setRoleKey(value);
-                            leaf = SearchCond.getLeafCond(roleCond);
-                            break;
-
-                        case ASSIGNABLE:
-                            AssignableCond assignableCond = new AssignableCond();
-                            assignableCond.setRealmFullPath(realm);
-                            leaf = SearchCond.getLeafCond(assignableCond);
-                            break;
-
-                        default:
-                            throw new IllegalArgumentException(
-                                    String.format("Special attr name %s is not supported", specialAttrName));
-                    }
-                }
-                if (sc.getConditionType() == ConditionType.NOT_EQUALS) {
-                    if (leaf.getAttributeCond() != null
-                            && leaf.getAttributeCond().getType() == AttributeCond.Type.ISNULL) {
-
-                        leaf.getAttributeCond().setType(AttributeCond.Type.ISNOTNULL);
-                    } else if (leaf.getAnyCond() != null
-                            && leaf.getAnyCond().getType() == AnyCond.Type.ISNULL) {
-
-                        leaf.getAnyCond().setType(AttributeCond.Type.ISNOTNULL);
-                    } else {
-                        leaf = SearchCond.getNotLeafCond(leaf);
-                    }
-                }
-                break;
-
-            case GREATER_OR_EQUALS:
-                attributeCond.setType(AttributeCond.Type.GE);
-                leaf = SearchCond.getLeafCond(attributeCond);
-                break;
-
-            case GREATER_THAN:
-                attributeCond.setType(AttributeCond.Type.GT);
-                leaf = SearchCond.getLeafCond(attributeCond);
-                break;
-
-            case LESS_OR_EQUALS:
-                attributeCond.setType(AttributeCond.Type.LE);
-                leaf = SearchCond.getLeafCond(attributeCond);
-                break;
-
-            case LESS_THAN:
-                attributeCond.setType(AttributeCond.Type.LT);
-                leaf = SearchCond.getLeafCond(attributeCond);
-                break;
-
-            default:
-                throw new IllegalArgumentException(
-                        String.format("Condition type %s is not supported", sc.getConditionType().name()));
-        }
-
-        return leaf;
-    }
-
-    private SearchCond visitCompount(final SearchCondition<SearchBean> sc) {
-        List<SearchCond> searchConds = new ArrayList<>();
-        for (SearchCondition<SearchBean> searchCondition : sc.getSearchConditions()) {
-            searchConds.add(searchCondition.getStatement() == null
-                    ? visitCompount(searchCondition)
-                    : visitPrimitive(searchCondition));
-        }
-
-        SearchCond compound;
-        switch (sc.getConditionType()) {
-            case AND:
-                compound = SearchCond.getAndCond(searchConds);
-                break;
-
-            case OR:
-                compound = SearchCond.getOrCond(searchConds);
-                break;
-
-            default:
-                throw new IllegalArgumentException(
-                        String.format("Condition type %s is not supported", sc.getConditionType().name()));
-        }
-
-        return compound;
-    }
-
-    @Override
-    public void visit(final SearchCondition<SearchBean> sc) {
-        searchCond = sc.getStatement() == null
-                ? visitCompount(sc)
-                : visitPrimitive(sc);
-    }
-
-    @Override
-    public SearchCond getQuery() {
-        return searchCond;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
deleted file mode 100644
index e7b9fc0..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.commons.collections4.MapUtils;
-import org.apache.commons.collections4.Transformer;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.core.misc.EntitlementsHolder;
-import org.apache.syncope.core.misc.spring.ApplicationContextProvider;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.User;
-
-public final class AuthContextUtils {
-
-    public interface Executable<T> {
-
-        T exec();
-    }
-
-    public static String getUsername() {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        return authentication == null ? SyncopeConstants.UNAUTHENTICATED : authentication.getName();
-    }
-
-    public static void updateUsername(final String newUsername) {
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
-        UsernamePasswordAuthenticationToken newAuth = new UsernamePasswordAuthenticationToken(
-                new User(newUsername, "FAKE_PASSWORD", auth.getAuthorities()),
-                auth.getCredentials(), auth.getAuthorities());
-        newAuth.setDetails(auth.getDetails());
-        SecurityContextHolder.getContext().setAuthentication(newAuth);
-    }
-
-    public static Map<String, Set<String>> getAuthorizations() {
-        Map<String, Set<String>> result = null;
-
-        SecurityContext ctx = SecurityContextHolder.getContext();
-        if (ctx != null && ctx.getAuthentication() != null && ctx.getAuthentication().getAuthorities() != null) {
-            result = new HashMap<>();
-            for (GrantedAuthority authority : ctx.getAuthentication().getAuthorities()) {
-                if (authority instanceof SyncopeGrantedAuthority) {
-                    result.put(
-                            SyncopeGrantedAuthority.class.cast(authority).getAuthority(),
-                            SyncopeGrantedAuthority.class.cast(authority).getRealms());
-                }
-            }
-        }
-
-        return MapUtils.emptyIfNull(result);
-    }
-
-    public static String getDomain() {
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
-        String domainKey = auth != null && auth.getDetails() instanceof SyncopeAuthenticationDetails
-                ? SyncopeAuthenticationDetails.class.cast(auth.getDetails()).getDomain()
-                : null;
-        if (StringUtils.isBlank(domainKey)) {
-            domainKey = SyncopeConstants.MASTER_DOMAIN;
-        }
-
-        return domainKey;
-    }
-
-    private static void setFakeAuth(final String domain) {
-        List<GrantedAuthority> authorities = CollectionUtils.collect(EntitlementsHolder.getInstance().getValues(),
-                new Transformer<String, GrantedAuthority>() {
-
-            @Override
-            public GrantedAuthority transform(final String entitlement) {
-                return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM);
-            }
-        }, new ArrayList<GrantedAuthority>());
-
-        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-                new User(ApplicationContextProvider.getBeanFactory().getBean("adminUser", String.class),
-                        "FAKE_PASSWORD", authorities), "FAKE_PASSWORD", authorities);
-        auth.setDetails(new SyncopeAuthenticationDetails(domain));
-        SecurityContextHolder.getContext().setAuthentication(auth);
-    }
-
-    public static <T> T execWithAuthContext(final String domainKey, final Executable<T> executable) {
-        SecurityContext ctx = SecurityContextHolder.getContext();
-        setFakeAuth(domainKey);
-        try {
-            return executable.exec();
-        } finally {
-            SecurityContextHolder.clearContext();
-            SecurityContextHolder.setContext(ctx);
-        }
-    }
-
-    /**
-     * Private default constructor, for static-only classes.
-     */
-    private AuthContextUtils() {
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
deleted file mode 100644
index 7e880b4..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import javax.annotation.Resource;
-import org.apache.commons.collections4.Closure;
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.commons.collections4.IterableUtils;
-import org.apache.commons.collections4.SetUtils;
-import org.apache.commons.collections4.Transformer;
-import org.apache.commons.lang3.tuple.ImmutablePair;
-import org.apache.commons.lang3.tuple.Pair;
-import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.common.lib.types.AuditElements;
-import org.apache.syncope.common.lib.types.StandardEntitlement;
-import org.apache.syncope.core.misc.AuditManager;
-import org.apache.syncope.core.misc.EntitlementsHolder;
-import org.apache.syncope.core.misc.utils.MappingUtils;
-import org.apache.syncope.core.misc.utils.RealmUtils;
-import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO;
-import org.apache.syncope.core.persistence.api.dao.ConfDAO;
-import org.apache.syncope.core.persistence.api.dao.DomainDAO;
-import org.apache.syncope.core.persistence.api.dao.GroupDAO;
-import org.apache.syncope.core.persistence.api.dao.RealmDAO;
-import org.apache.syncope.core.persistence.api.dao.UserDAO;
-import org.apache.syncope.core.persistence.api.entity.Domain;
-import org.apache.syncope.core.persistence.api.entity.Realm;
-import org.apache.syncope.core.persistence.api.entity.Role;
-import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr;
-import org.apache.syncope.core.persistence.api.entity.group.Group;
-import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.user.User;
-import org.apache.syncope.core.provisioning.api.ConnectorFactory;
-import org.identityconnectors.framework.common.objects.Uid;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.authentication.DisabledException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * Domain-sensible (via {@code @Transactional} access to authentication / authorization data.
- *
- * @see SyncopeAuthenticationProvider
- * @see SyncopeAuthenticationDetails
- */
-public class AuthDataAccessor {
-
-    protected static final Logger LOG = LoggerFactory.getLogger(AuthDataAccessor.class);
-
-    protected static final Encryptor ENCRYPTOR = Encryptor.getInstance();
-
-    @Resource(name = "adminUser")
-    protected String adminUser;
-
-    @Resource(name = "anonymousUser")
-    protected String anonymousUser;
-
-    @Autowired
-    protected DomainDAO domainDAO;
-
-    @Autowired
-    protected ConfDAO confDAO;
-
-    @Autowired
-    protected RealmDAO realmDAO;
-
-    @Autowired
-    protected UserDAO userDAO;
-
-    @Autowired
-    protected GroupDAO groupDAO;
-
-    @Autowired
-    protected AnyTypeDAO anyTypeDAO;
-
-    @Autowired
-    protected ConnectorFactory connFactory;
-
-    @Autowired
-    protected AuditManager auditManager;
-
-    @Autowired
-    protected MappingUtils mappingUtils;
-
-    @Transactional(readOnly = true)
-    public Domain findDomain(final String key) {
-        Domain domain = domainDAO.find(key);
-        if (domain == null) {
-            throw new AuthenticationServiceException("Could not find domain " + key);
-        }
-        return domain;
-    }
-
-    /**
-     * Attempts to authenticate the given credentials against internal storage and pass-through resources (if
-     * configured): the first succeeding causes global success.
-     *
-     * @param authentication given credentials
-     * @return {@code null} if no matching user was found, authentication result otherwise
-     */
-    @Transactional(noRollbackFor = DisabledException.class)
-    public Pair<Long, Boolean> authenticate(final Authentication authentication) {
-        Long key = null;
-        Boolean authenticated = null;
-
-        User user = userDAO.find(authentication.getName());
-        if (user != null) {
-            key = user.getKey();
-            authenticated = false;
-
-            if (user.isSuspended() != null && user.isSuspended()) {
-                throw new DisabledException("User " + user.getUsername() + " is suspended");
-            }
-
-            CPlainAttr authStatuses = confDAO.find("authentication.statuses");
-            if (authStatuses != null && !authStatuses.getValuesAsStrings().contains(user.getStatus())) {
-                throw new DisabledException("User " + user.getUsername() + " not allowed to authenticate");
-            }
-
-            boolean userModified = false;
-            authenticated = authenticate(user, authentication.getCredentials().toString());
-            if (authenticated) {
-                if (confDAO.find("log.lastlogindate", Boolean.toString(true)).getValues().get(0).getBooleanValue()) {
-                    user.setLastLoginDate(new Date());
-                    userModified = true;
-                }
-
-                if (user.getFailedLogins() != 0) {
-                    user.setFailedLogins(0);
-                    userModified = true;
-                }
-
-            } else {
-                user.setFailedLogins(user.getFailedLogins() + 1);
-                userModified = true;
-            }
-
-            if (userModified) {
-                userDAO.save(user);
-            }
-        }
-
-        return ImmutablePair.of(key, authenticated);
-    }
-
-    protected boolean authenticate(final User user, final String password) {
-        boolean authenticated = ENCRYPTOR.verify(password, user.getCipherAlgorithm(), user.getPassword());
-        LOG.debug("{} authenticated on internal storage: {}", user.getUsername(), authenticated);
-
-        for (Iterator<? extends ExternalResource> itor = getPassthroughResources(user).iterator();
-                itor.hasNext() && !authenticated;) {
-
-            ExternalResource resource = itor.next();
-            String connObjectKey = null;
-            try {
-                connObjectKey = mappingUtils.getConnObjectKeyValue(user, resource.getProvision(anyTypeDAO.findUser()));
-                Uid uid = connFactory.getConnector(resource).authenticate(connObjectKey, password, null);
-                if (uid != null) {
-                    authenticated = true;
-                }
-            } catch (Exception e) {
-                LOG.debug("Could not authenticate {} on {}", user.getUsername(), resource.getKey(), e);
-            }
-            LOG.debug("{} authenticated on {} as {}: {}",
-                    user.getUsername(), resource.getKey(), connObjectKey, authenticated);
-        }
-
-        return authenticated;
-    }
-
-    protected Set<? extends ExternalResource> getPassthroughResources(final User user) {
-        Set<? extends ExternalResource> result = null;
-
-        // 1. look for assigned resources, pick the ones whose account policy has authentication resources
-        for (ExternalResource resource : userDAO.findAllResources(user)) {
-            if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) {
-                if (result == null) {
-                    result = resource.getAccountPolicy().getResources();
-                } else {
-                    result.retainAll(resource.getAccountPolicy().getResources());
-                }
-            }
-        }
-
-        // 2. look for realms, pick the ones whose account policy has authentication resources
-        for (Realm realm : realmDAO.findAncestors(user.getRealm())) {
-            if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) {
-                if (result == null) {
-                    result = realm.getAccountPolicy().getResources();
-                } else {
-                    result.retainAll(realm.getAccountPolicy().getResources());
-                }
-            }
-        }
-
-        return SetUtils.emptyIfNull(result);
-    }
-
-    @Transactional(readOnly = true)
-    public void audit(
-            final AuditElements.EventCategoryType type,
-            final String category,
-            final String subcategory,
-            final String event,
-            final AuditElements.Result result,
-            final Object before,
-            final Object output,
-            final Object... input) {
-
-        auditManager.audit(type, category, subcategory, event, result, before, output, input);
-    }
-
-    @Transactional
-    public Set<SyncopeGrantedAuthority> load(final String username) {
-        final Set<SyncopeGrantedAuthority> authorities = new HashSet<>();
-        if (anonymousUser.equals(username)) {
-            authorities.add(new SyncopeGrantedAuthority(StandardEntitlement.ANONYMOUS));
-        } else if (adminUser.equals(username)) {
-            CollectionUtils.collect(
-                    EntitlementsHolder.getInstance().getValues(),
-                    new Transformer<String, SyncopeGrantedAuthority>() {
-
-                @Override
-                public SyncopeGrantedAuthority transform(final String entitlement) {
-                    return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM);
-                }
-            }, authorities);
-        } else {
-            User user = userDAO.find(username);
-            if (user == null) {
-                throw new UsernameNotFoundException("Could not find any user with id " + username);
-            }
-
-            if (user.isMustChangePassword()) {
-                authorities.add(new SyncopeGrantedAuthority(StandardEntitlement.MUST_CHANGE_PASSWORD));
-            } else {
-                final Map<String, Set<String>> entForRealms = new HashMap<>();
-
-                // Give entitlements as assigned by roles (with realms, where applicable) - assigned either
-                // statically and dynamically
-                for (final Role role : userDAO.findAllRoles(user)) {
-                    IterableUtils.forEach(role.getEntitlements(), new Closure<String>() {
-
-                        @Override
-                        public void execute(final String entitlement) {
-                            Set<String> realms = entForRealms.get(entitlement);
-                            if (realms == null) {
-                                realms = new HashSet<>();
-                                entForRealms.put(entitlement, realms);
-                            }
-
-                            CollectionUtils.collect(role.getRealms(), new Transformer<Realm, String>() {
-
-                                @Override
-                                public String transform(final Realm realm) {
-                                    return realm.getFullPath();
-                                }
-                            }, realms);
-                        }
-                    });
-                }
-
-                // Give group entitlements for owned groups
-                for (Group group : groupDAO.findOwnedByUser(user.getKey())) {
-                    for (String entitlement : Arrays.asList(
-                            StandardEntitlement.GROUP_READ,
-                            StandardEntitlement.GROUP_UPDATE,
-                            StandardEntitlement.GROUP_DELETE)) {
-
-                        Set<String> realms = entForRealms.get(entitlement);
-                        if (realms == null) {
-                            realms = new HashSet<>();
-                            entForRealms.put(entitlement, realms);
-                        }
-
-                        realms.add(RealmUtils.getGroupOwnerRealm(group.getRealm().getFullPath(), group.getKey()));
-                    }
-                }
-
-                // Finally normalize realms for each given entitlement and generate authorities
-                for (Map.Entry<String, Set<String>> entry : entForRealms.entrySet()) {
-                    SyncopeGrantedAuthority authority = new SyncopeGrantedAuthority(entry.getKey());
-                    authority.addRealms(RealmUtils.normalize(entry.getValue()));
-                    authorities.add(authority);
-                }
-            }
-        }
-
-        return authorities;
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/DefaultPasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/DefaultPasswordGenerator.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/DefaultPasswordGenerator.java
deleted file mode 100644
index 9652f73..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/DefaultPasswordGenerator.java
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf;
-import org.apache.syncope.common.lib.policy.PasswordRuleConf;
-import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.user.User;
-import org.apache.syncope.core.misc.policy.InvalidPasswordRuleConf;
-import org.apache.syncope.core.misc.policy.PolicyPattern;
-import org.apache.syncope.core.persistence.api.dao.RealmDAO;
-import org.apache.syncope.core.persistence.api.dao.UserDAO;
-import org.apache.syncope.core.persistence.api.entity.Realm;
-import org.springframework.beans.factory.annotation.Autowired;
-
-/**
- * Generate random passwords according to given policies.
- * When no minimum and / or maximum length are specified, default values are set.
- *
- * <strong>WARNING</strong>: This class only takes {@link DefaultPasswordRuleConf} into account.
- */
-public class DefaultPasswordGenerator implements PasswordGenerator {
-
-    private static final char[] SPECIAL_CHARS = { '!', '£', '%', '&', '(', ')', '?', '#', '$' };
-
-    private static final int VERY_MIN_LENGTH = 0;
-
-    private static final int VERY_MAX_LENGTH = 64;
-
-    private static final int MIN_LENGTH_IF_ZERO = 6;
-
-    @Autowired
-    private UserDAO userDAO;
-
-    @Autowired
-    private RealmDAO realmDAO;
-
-    @Override
-    public String generate(final User user) throws InvalidPasswordRuleConf {
-        List<PasswordRuleConf> ruleConfs = new ArrayList<>();
-
-        for (Realm ancestor : realmDAO.findAncestors(user.getRealm())) {
-            if (ancestor.getPasswordPolicy() != null) {
-                ruleConfs.addAll(ancestor.getPasswordPolicy().getRuleConfs());
-            }
-        }
-
-        for (ExternalResource resource : userDAO.findAllResources(user)) {
-            if (resource.getPasswordPolicy() != null) {
-                ruleConfs.addAll(resource.getPasswordPolicy().getRuleConfs());
-            }
-        }
-
-        return generate(ruleConfs);
-    }
-
-    @Override
-    public String generate(final List<PasswordRuleConf> ruleConfs) throws InvalidPasswordRuleConf {
-        List<DefaultPasswordRuleConf> defaultRuleConfs = new ArrayList<>();
-        for (PasswordRuleConf ruleConf : ruleConfs) {
-            if (ruleConf instanceof DefaultPasswordRuleConf) {
-                defaultRuleConfs.add((DefaultPasswordRuleConf) ruleConf);
-            }
-        }
-
-        DefaultPasswordRuleConf ruleConf = merge(defaultRuleConfs);
-        check(ruleConf);
-        return generate(ruleConf);
-    }
-
-    private DefaultPasswordRuleConf merge(final List<DefaultPasswordRuleConf> defaultRuleConfs) {
-        DefaultPasswordRuleConf result = new DefaultPasswordRuleConf();
-        result.setMinLength(VERY_MIN_LENGTH);
-        result.setMaxLength(VERY_MAX_LENGTH);
-
-        for (DefaultPasswordRuleConf ruleConf : defaultRuleConfs) {
-            if (ruleConf.getMinLength() > result.getMinLength()) {
-                result.setMinLength(ruleConf.getMinLength());
-            }
-
-            if ((ruleConf.getMaxLength() != 0) && ((ruleConf.getMaxLength() < result.getMaxLength()))) {
-                result.setMaxLength(ruleConf.getMaxLength());
-            }
-            result.getPrefixesNotPermitted().addAll(ruleConf.getPrefixesNotPermitted());
-            result.getSuffixesNotPermitted().addAll(ruleConf.getSuffixesNotPermitted());
-
-            if (!result.isNonAlphanumericRequired()) {
-                result.setNonAlphanumericRequired(ruleConf.isNonAlphanumericRequired());
-            }
-
-            if (!result.isAlphanumericRequired()) {
-                result.setAlphanumericRequired(ruleConf.isAlphanumericRequired());
-            }
-            if (!result.isDigitRequired()) {
-                result.setDigitRequired(ruleConf.isDigitRequired());
-            }
-
-            if (!result.isLowercaseRequired()) {
-                result.setLowercaseRequired(ruleConf.isLowercaseRequired());
-            }
-            if (!result.isUppercaseRequired()) {
-                result.setUppercaseRequired(ruleConf.isUppercaseRequired());
-            }
-            if (!result.isMustStartWithDigit()) {
-                result.setMustStartWithDigit(ruleConf.isMustStartWithDigit());
-            }
-            if (!result.isMustntStartWithDigit()) {
-                result.setMustntStartWithDigit(ruleConf.isMustntStartWithDigit());
-            }
-            if (!result.isMustEndWithDigit()) {
-                result.setMustEndWithDigit(ruleConf.isMustEndWithDigit());
-            }
-            if (result.isMustntEndWithDigit()) {
-                result.setMustntEndWithDigit(ruleConf.isMustntEndWithDigit());
-            }
-            if (!result.isMustStartWithAlpha()) {
-                result.setMustStartWithAlpha(ruleConf.isMustStartWithAlpha());
-            }
-            if (!result.isMustntStartWithAlpha()) {
-                result.setMustntStartWithAlpha(ruleConf.isMustntStartWithAlpha());
-            }
-            if (!result.isMustStartWithNonAlpha()) {
-                result.setMustStartWithNonAlpha(ruleConf.isMustStartWithNonAlpha());
-            }
-            if (!result.isMustntStartWithNonAlpha()) {
-                result.setMustntStartWithNonAlpha(ruleConf.isMustntStartWithNonAlpha());
-            }
-            if (!result.isMustEndWithNonAlpha()) {
-                result.setMustEndWithNonAlpha(ruleConf.isMustEndWithNonAlpha());
-            }
-            if (!result.isMustntEndWithNonAlpha()) {
-                result.setMustntEndWithNonAlpha(ruleConf.isMustntEndWithNonAlpha());
-            }
-            if (!result.isMustEndWithAlpha()) {
-                result.setMustEndWithAlpha(ruleConf.isMustEndWithAlpha());
-            }
-            if (!result.isMustntEndWithAlpha()) {
-                result.setMustntEndWithAlpha(ruleConf.isMustntEndWithAlpha());
-            }
-            if (!result.isUsernameAllowed()) {
-                result.setUsernameAllowed(ruleConf.isUsernameAllowed());
-            }
-        }
-
-        if (result.getMinLength() == 0) {
-            result.setMinLength(
-                    result.getMaxLength() < MIN_LENGTH_IF_ZERO ? result.getMaxLength() : MIN_LENGTH_IF_ZERO);
-        }
-
-        return result;
-    }
-
-    private void check(final DefaultPasswordRuleConf defaultPasswordRuleConf)
-            throws InvalidPasswordRuleConf {
-
-        if (defaultPasswordRuleConf.isMustEndWithAlpha() && defaultPasswordRuleConf.isMustntEndWithAlpha()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustEndWithAlpha and mustntEndWithAlpha are both true");
-        }
-        if (defaultPasswordRuleConf.isMustEndWithAlpha() && defaultPasswordRuleConf.isMustEndWithDigit()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustEndWithAlpha and mustEndWithDigit are both true");
-        }
-        if (defaultPasswordRuleConf.isMustEndWithDigit() && defaultPasswordRuleConf.isMustntEndWithDigit()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustEndWithDigit and mustntEndWithDigit are both true");
-        }
-        if (defaultPasswordRuleConf.isMustEndWithNonAlpha() && defaultPasswordRuleConf.isMustntEndWithNonAlpha()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustEndWithNonAlpha and mustntEndWithNonAlpha are both true");
-        }
-        if (defaultPasswordRuleConf.isMustStartWithAlpha() && defaultPasswordRuleConf.isMustntStartWithAlpha()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustStartWithAlpha and mustntStartWithAlpha are both true");
-        }
-        if (defaultPasswordRuleConf.isMustStartWithAlpha() && defaultPasswordRuleConf.isMustStartWithDigit()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustStartWithAlpha and mustStartWithDigit are both true");
-        }
-        if (defaultPasswordRuleConf.isMustStartWithDigit() && defaultPasswordRuleConf.isMustntStartWithDigit()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustStartWithDigit and mustntStartWithDigit are both true");
-        }
-        if (defaultPasswordRuleConf.isMustStartWithNonAlpha() && defaultPasswordRuleConf.isMustntStartWithNonAlpha()) {
-            throw new InvalidPasswordRuleConf(
-                    "mustStartWithNonAlpha and mustntStartWithNonAlpha are both true");
-        }
-        if (defaultPasswordRuleConf.getMinLength() > defaultPasswordRuleConf.getMaxLength()) {
-            throw new InvalidPasswordRuleConf(
-                    "Minimun length (" + defaultPasswordRuleConf.getMinLength() + ")"
-                    + "is greater than maximum length (" + defaultPasswordRuleConf.getMaxLength() + ")");
-        }
-    }
-
-    private String generate(final DefaultPasswordRuleConf ruleConf) {
-        String[] generatedPassword = new String[ruleConf.getMinLength()];
-
-        for (int i = 0; i < generatedPassword.length; i++) {
-            generatedPassword[i] = StringUtils.EMPTY;
-        }
-
-        checkStartChar(generatedPassword, ruleConf);
-
-        checkEndChar(generatedPassword, ruleConf);
-
-        checkRequired(generatedPassword, ruleConf);
-
-        for (int firstEmptyChar = firstEmptyChar(generatedPassword);
-                firstEmptyChar < generatedPassword.length - 1; firstEmptyChar++) {
-
-            generatedPassword[firstEmptyChar] = SecureRandomUtils.generateRandomLetter();
-        }
-
-        checkPrefixAndSuffix(generatedPassword, ruleConf);
-
-        return StringUtils.join(generatedPassword);
-    }
-
-    private void checkStartChar(final String[] generatedPassword, final DefaultPasswordRuleConf ruleConf) {
-        if (ruleConf.isMustStartWithAlpha()) {
-            generatedPassword[0] = SecureRandomUtils.generateRandomLetter();
-        }
-        if (ruleConf.isMustStartWithNonAlpha() || ruleConf.isMustStartWithDigit()) {
-            generatedPassword[0] = SecureRandomUtils.generateRandomNumber();
-        }
-        if (ruleConf.isMustntStartWithAlpha()) {
-            generatedPassword[0] = SecureRandomUtils.generateRandomNumber();
-        }
-        if (ruleConf.isMustntStartWithDigit()) {
-            generatedPassword[0] = SecureRandomUtils.generateRandomLetter();
-        }
-        if (ruleConf.isMustntStartWithNonAlpha()) {
-            generatedPassword[0] = SecureRandomUtils.generateRandomLetter();
-        }
-
-        if (StringUtils.EMPTY.equals(generatedPassword[0])) {
-            generatedPassword[0] = SecureRandomUtils.generateRandomLetter();
-        }
-    }
-
-    private void checkEndChar(final String[] generatedPassword, final DefaultPasswordRuleConf ruleConf) {
-        if (ruleConf.isMustEndWithAlpha()) {
-            generatedPassword[ruleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
-        }
-        if (ruleConf.isMustEndWithNonAlpha() || ruleConf.isMustEndWithDigit()) {
-            generatedPassword[ruleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomNumber();
-        }
-
-        if (ruleConf.isMustntEndWithAlpha()) {
-            generatedPassword[ruleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomNumber();
-        }
-        if (ruleConf.isMustntEndWithDigit()) {
-            generatedPassword[ruleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
-        }
-        if (ruleConf.isMustntEndWithNonAlpha()) {
-            generatedPassword[ruleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
-        }
-
-        if (StringUtils.EMPTY.equals(generatedPassword[ruleConf.getMinLength() - 1])) {
-            generatedPassword[ruleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
-        }
-    }
-
-    private int firstEmptyChar(final String[] generatedPStrings) {
-        int index = 0;
-        while (!generatedPStrings[index].isEmpty()) {
-            index++;
-        }
-        return index;
-    }
-
-    private void checkRequired(final String[] generatedPassword, final DefaultPasswordRuleConf ruleConf) {
-        if (ruleConf.isDigitRequired()
-                && !PolicyPattern.DIGIT.matcher(StringUtils.join(generatedPassword)).matches()) {
-
-            generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtils.generateRandomNumber();
-        }
-
-        if (ruleConf.isUppercaseRequired()
-                && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(generatedPassword)).matches()) {
-
-            generatedPassword[firstEmptyChar(generatedPassword)] =
-                    SecureRandomUtils.generateRandomLetter().toUpperCase();
-        }
-
-        if (ruleConf.isLowercaseRequired()
-                && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(generatedPassword)).matches()) {
-
-            generatedPassword[firstEmptyChar(generatedPassword)] =
-                    SecureRandomUtils.generateRandomLetter().toLowerCase();
-        }
-
-        if (ruleConf.isNonAlphanumericRequired()
-                && !PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(generatedPassword)).matches()) {
-
-            generatedPassword[firstEmptyChar(generatedPassword)] =
-                    SecureRandomUtils.generateRandomSpecialCharacter(SPECIAL_CHARS);
-        }
-    }
-
-    private void checkPrefixAndSuffix(final String[] generatedPassword, final DefaultPasswordRuleConf ruleConf) {
-        for (String prefix : ruleConf.getPrefixesNotPermitted()) {
-            if (StringUtils.join(generatedPassword).startsWith(prefix)) {
-                checkStartChar(generatedPassword, ruleConf);
-            }
-        }
-
-        for (String suffix : ruleConf.getSuffixesNotPermitted()) {
-            if (StringUtils.join(generatedPassword).endsWith(suffix)) {
-                checkEndChar(generatedPassword, ruleConf);
-            }
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/DelegatedAdministrationException.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/DelegatedAdministrationException.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/DelegatedAdministrationException.java
deleted file mode 100644
index 13a449f..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/DelegatedAdministrationException.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import org.apache.syncope.common.lib.types.AnyTypeKind;
-
-public class DelegatedAdministrationException extends RuntimeException {
-
-    private static final long serialVersionUID = 7540587364235915081L;
-
-    public DelegatedAdministrationException(final AnyTypeKind type, final Long key) {
-        super("Missing entitlement or realm administration for "
-                + (key == null
-                        ? "new " + type
-                        : type + " " + key));
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
deleted file mode 100644
index 4c55513..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/Encryptor.java
+++ /dev/null
@@ -1,256 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.util.Map;
-import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.SecretKeySpec;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.common.lib.types.CipherAlgorithm;
-import org.jasypt.commons.CommonUtils;
-import org.jasypt.digest.StandardStringDigester;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.crypto.bcrypt.BCrypt;
-import org.springframework.security.crypto.codec.Base64;
-
-public final class Encryptor {
-
-    private static final Logger LOG = LoggerFactory.getLogger(Encryptor.class);
-
-    private static final Map<String, Encryptor> INSTANCES = new ConcurrentHashMap<>();
-
-    private static final String DEFAULT_SECRET_KEY = "1abcdefghilmnopqrstuvz2!";
-
-    /**
-     * Default value for salted {@link StandardStringDigester#setIterations(int)}.
-     */
-    private static final int DEFAULT_SALT_ITERATIONS = 1;
-
-    /**
-     * Default value for {@link StandardStringDigester#setSaltSizeBytes(int)}.
-     */
-    private static final int DEFAULT_SALT_SIZE_BYTES = 8;
-
-    /**
-     * Default value for {@link StandardStringDigester#setInvertPositionOfPlainSaltInEncryptionResults(boolean)}.
-     */
-    private static final boolean DEFAULT_IPOPSIER = true;
-
-    /**
-     * Default value for salted {@link StandardStringDigester#setInvertPositionOfSaltInMessageBeforeDigesting(boolean)}.
-     */
-    private static final boolean DEFAULT_IPOSIMBD = true;
-
-    /**
-     * Default value for salted {@link StandardStringDigester#setUseLenientSaltSizeCheck(boolean)}.
-     */
-    private static final boolean DEFAULT_ULSSC = true;
-
-    private static String SECRET_KEY;
-
-    private static Integer SALT_ITERATIONS;
-
-    private static Integer SALT_SIZE_BYTES;
-
-    private static Boolean IPOPSIER;
-
-    private static Boolean IPOSIMBD;
-
-    private static Boolean ULSSC;
-
-    static {
-        InputStream propStream = null;
-        try {
-            propStream = Encryptor.class.getResourceAsStream("/security.properties");
-            Properties props = new Properties();
-            props.load(propStream);
-
-            SECRET_KEY = props.getProperty("secretKey");
-            SALT_ITERATIONS = Integer.valueOf(props.getProperty("digester.saltIterations"));
-            SALT_SIZE_BYTES = Integer.valueOf(props.getProperty("digester.saltSizeBytes"));
-            IPOPSIER = Boolean.valueOf(props.getProperty("digester.invertPositionOfPlainSaltInEncryptionResults"));
-            IPOSIMBD = Boolean.valueOf(props.getProperty("digester.invertPositionOfSaltInMessageBeforeDigesting"));
-            ULSSC = Boolean.valueOf(props.getProperty("digester.useLenientSaltSizeCheck"));
-        } catch (Exception e) {
-            LOG.error("Could not read security parameters", e);
-        } finally {
-            IOUtils.closeQuietly(propStream);
-        }
-
-        if (SECRET_KEY == null) {
-            SECRET_KEY = DEFAULT_SECRET_KEY;
-            LOG.debug("secretKey not found, reverting to default");
-        }
-        if (SALT_ITERATIONS == null) {
-            SALT_ITERATIONS = DEFAULT_SALT_ITERATIONS;
-            LOG.debug("digester.saltIterations not found, reverting to default");
-        }
-        if (SALT_SIZE_BYTES == null) {
-            SALT_SIZE_BYTES = DEFAULT_SALT_SIZE_BYTES;
-            LOG.debug("digester.saltSizeBytes not found, reverting to default");
-        }
-        if (IPOPSIER == null) {
-            IPOPSIER = DEFAULT_IPOPSIER;
-            LOG.debug("digester.invertPositionOfPlainSaltInEncryptionResults not found, reverting to default");
-        }
-        if (IPOSIMBD == null) {
-            IPOSIMBD = DEFAULT_IPOSIMBD;
-            LOG.debug("digester.invertPositionOfSaltInMessageBeforeDigesting not found, reverting to default");
-        }
-        if (ULSSC == null) {
-            ULSSC = DEFAULT_ULSSC;
-            LOG.debug("digester.useLenientSaltSizeCheck not found, reverting to default");
-        }
-    }
-
-    public static Encryptor getInstance() {
-        return getInstance(SECRET_KEY);
-    }
-
-    public static Encryptor getInstance(final String secretKey) {
-        String actualKey = StringUtils.isBlank(secretKey) ? DEFAULT_SECRET_KEY : secretKey;
-
-        Encryptor instance = INSTANCES.get(actualKey);
-        if (instance == null) {
-            instance = new Encryptor(actualKey);
-            INSTANCES.put(actualKey, instance);
-        }
-
-        return instance;
-    }
-
-    private SecretKeySpec keySpec;
-
-    private Encryptor(final String secretKey) {
-        String actualKey = secretKey;
-        if (actualKey.length() < 16) {
-            StringBuilder actualKeyPadding = new StringBuilder(actualKey);
-            for (int i = 0; i < 16 - actualKey.length(); i++) {
-                actualKeyPadding.append('0');
-            }
-            actualKey = actualKeyPadding.toString();
-            LOG.debug("actualKey too short, adding some random characters");
-        }
-
-        try {
-            keySpec = new SecretKeySpec(ArrayUtils.subarray(
-                    actualKey.getBytes(SyncopeConstants.DEFAULT_CHARSET), 0, 16),
-                    CipherAlgorithm.AES.getAlgorithm());
-        } catch (Exception e) {
-            LOG.error("Error during key specification", e);
-        }
-    }
-
-    public String encode(final String value, final CipherAlgorithm cipherAlgorithm)
-            throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
-            IllegalBlockSizeException, BadPaddingException {
-
-        String encodedValue = null;
-
-        if (value != null) {
-            if (cipherAlgorithm == null || cipherAlgorithm == CipherAlgorithm.AES) {
-                final byte[] cleartext = value.getBytes(SyncopeConstants.DEFAULT_CHARSET);
-
-                final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm());
-                cipher.init(Cipher.ENCRYPT_MODE, keySpec);
-
-                encodedValue = new String(Base64.encode(cipher.doFinal(cleartext)));
-            } else if (cipherAlgorithm == CipherAlgorithm.BCRYPT) {
-                encodedValue = BCrypt.hashpw(value, BCrypt.gensalt());
-            } else {
-                encodedValue = getDigester(cipherAlgorithm).digest(value);
-            }
-        }
-
-        return encodedValue;
-    }
-
-    public boolean verify(final String value, final CipherAlgorithm cipherAlgorithm, final String encodedValue) {
-        boolean res = false;
-
-        try {
-            if (value != null) {
-                if (cipherAlgorithm == null || cipherAlgorithm == CipherAlgorithm.AES) {
-                    res = encode(value, cipherAlgorithm).equals(encodedValue);
-                } else if (cipherAlgorithm == CipherAlgorithm.BCRYPT) {
-                    res = BCrypt.checkpw(value, encodedValue);
-                } else {
-                    res = getDigester(cipherAlgorithm).matches(value, encodedValue);
-                }
-            }
-        } catch (Exception e) {
-            LOG.error("Could not verify encoded value", e);
-        }
-
-        return res;
-    }
-
-    public String decode(final String encodedValue, final CipherAlgorithm cipherAlgorithm)
-            throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
-            IllegalBlockSizeException, BadPaddingException {
-
-        String value = null;
-
-        if (encodedValue != null && cipherAlgorithm == CipherAlgorithm.AES) {
-            final byte[] encoded = encodedValue.getBytes(SyncopeConstants.DEFAULT_CHARSET);
-
-            final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm());
-            cipher.init(Cipher.DECRYPT_MODE, keySpec);
-
-            value = new String(cipher.doFinal(Base64.decode(encoded)), SyncopeConstants.DEFAULT_CHARSET);
-        }
-
-        return value;
-    }
-
-    private StandardStringDigester getDigester(final CipherAlgorithm cipherAlgorithm) {
-        StandardStringDigester digester = new StandardStringDigester();
-
-        if (cipherAlgorithm.getAlgorithm().startsWith("S-")) {
-            // Salted ...
-            digester.setAlgorithm(cipherAlgorithm.getAlgorithm().replaceFirst("S\\-", ""));
-            digester.setIterations(SALT_ITERATIONS);
-            digester.setSaltSizeBytes(SALT_SIZE_BYTES);
-            digester.setInvertPositionOfPlainSaltInEncryptionResults(IPOPSIER);
-            digester.setInvertPositionOfSaltInMessageBeforeDigesting(IPOSIMBD);
-            digester.setUseLenientSaltSizeCheck(ULSSC);
-        } else {
-            // Not salted ...
-            digester.setAlgorithm(cipherAlgorithm.getAlgorithm());
-            digester.setIterations(1);
-            digester.setSaltSizeBytes(0);
-        }
-
-        digester.setStringOutputType(CommonUtils.STRING_OUTPUT_TYPE_HEXADECIMAL);
-        return digester;
-    }
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
deleted file mode 100644
index c52d355..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.io.IOException;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import org.apache.commons.collections4.IterableUtils;
-import org.apache.commons.collections4.Predicate;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.syncope.common.lib.types.StandardEntitlement;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
-
-public class MustChangePasswordFilter implements Filter {
-
-    private static final String[] ALLOWED = new String[] {
-        "/users/self", "/users/self/changePassword"
-    };
-
-    @Override
-    public void init(final FilterConfig filterConfig) throws ServletException {
-        // not used
-    }
-
-    @Override
-    public void destroy() {
-        // not used
-    }
-
-    @Override
-    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
-            throws IOException, ServletException {
-
-        if (request instanceof SecurityContextHolderAwareRequestWrapper) {
-            boolean isMustChangePassword = IterableUtils.matchesAny(
-                    SecurityContextHolder.getContext().getAuthentication().getAuthorities(),
-                    new Predicate<GrantedAuthority>() {
-
-                @Override
-                public boolean evaluate(final GrantedAuthority authority) {
-                    return StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority());
-                }
-            });
-
-            SecurityContextHolderAwareRequestWrapper wrapper =
-                    SecurityContextHolderAwareRequestWrapper.class.cast(request);
-            if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod())
-                    && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {
-
-                throw new AccessDeniedException("Please change your password first");
-            }
-        }
-
-        chain.doFilter(request, response);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
deleted file mode 100644
index 936dae5..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/PasswordGenerator.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.util.List;
-import org.apache.syncope.common.lib.policy.PasswordRuleConf;
-import org.apache.syncope.core.misc.policy.InvalidPasswordRuleConf;
-import org.apache.syncope.core.persistence.api.entity.user.User;
-
-public interface PasswordGenerator {
-
-    String generate(User user) throws InvalidPasswordRuleConf;
-
-    String generate(List<PasswordRuleConf> ruleConfs) throws InvalidPasswordRuleConf;
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/28569df5/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtils.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtils.java
deleted file mode 100644
index f41207b..0000000
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SecureRandomUtils.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.misc.security;
-
-import java.security.SecureRandom;
-
-import org.apache.commons.lang3.RandomStringUtils;
-
-public final class SecureRandomUtils {
-
-    private static final SecureRandom RANDOM = new SecureRandom();
-
-    public static String generateRandomPassword(final int tokenLength) {
-        return RandomStringUtils.random(tokenLength, 0, 0, true, false, null, RANDOM);
-    }
-
-    public static String generateRandomLetter() {
-        return RandomStringUtils.random(1, 0, 0, true, false, null, RANDOM);
-    }
-
-    public static String generateRandomNumber() {
-        return RandomStringUtils.random(1, 0, 0, false, true, null, RANDOM);
-    }
-
-    public static String generateRandomSpecialCharacter(final char[] characters) {
-        return RandomStringUtils.random(1, 0, 0, false, false, characters, RANDOM);
-    }
-
-    private SecureRandomUtils() {
-        // private constructor for static utility class
-    }
-}


Mime
View raw message