syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [2/2] syncope git commit: Clarifying about default account and password rules with Syncope 2.1 and later
Date Tue, 31 Jul 2018 14:24:32 GMT
Clarifying about default account and password rules with Syncope 2.1 and later


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/348f1506
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/348f1506
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/348f1506

Branch: refs/heads/master
Commit: 348f150640e49bec33165e3cd214a1297b783780
Parents: 0de2236
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Tue Jul 31 16:21:42 2018 +0200
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Tue Jul 31 16:24:19 2018 +0200

----------------------------------------------------------------------
 .../reference-guide/concepts/policies.adoc      | 109 ++++++++++++-------
 .../concepts/typemanagement.adoc                |   6 +-
 2 files changed, 75 insertions(+), 40 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/348f1506/src/main/asciidoc/reference-guide/concepts/policies.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/policies.adoc b/src/main/asciidoc/reference-guide/concepts/policies.adoc
index d5463ce..9909fcb 100644
--- a/src/main/asciidoc/reference-guide/concepts/policies.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/policies.adoc
@@ -58,6 +58,46 @@ suspended on associated resources or not?
 
 Account rules define constraints to apply to username values.
 
+Some implementations are provided out-of-the-box, custom ones can be provided on given deployment.
+
+[TIP]
+====
+As `JAVA` <<implementations,implementation>>, writing custom account rules means:
+
+. providing configuration parameters in an implementation of
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/master/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^]
+endif::[]
+. enforcing in an implementation of
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
+endif::[]
+annotated via
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^]
+endif::[]
+referring to the configuration class.
+
+As `GROOVY` <<implementations,implementation>>, writing custom account rules
means implementing
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
+endif::[]
+====
+
+====== Default Account Rule
+
 The default account rule (enforced by
 ifeval::["{snapshotOrRelease}" == "release"]
 https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/DefaultAccountRule.java[DefaultAccountRule^]
@@ -76,7 +116,7 @@ endif::[]
 
 * maximum length - the maximum length to allow; `0` means no limit set;
 * minimum length - the minimum length to allow; `0` means no limit set;
-* pattern - http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html[Java regular
expression pattern^] to
+* pattern - http://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html[Java regular
expression pattern^] to
 match; `NULL` means no match is attempted;
 * all uppercase - are lowercase characters allowed?
 * all lowercase - are uppercase characters allowed?
@@ -85,33 +125,10 @@ match; `NULL` means no match is attempted;
 * prefixes not permitted - list of strings that cannot be present as a prefix;
 * suffixes not permitted - list of strings that cannot be present as a suffix.
 
-[TIP]
-====
-Writing custom account rules means:
-
-. providing configuration parameters in an implementation of
-ifeval::["{snapshotOrRelease}" == "release"]
-https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^]
-endif::[]
-ifeval::["{snapshotOrRelease}" == "snapshot"]
-https://github.com/apache/syncope/blob/master/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^]
-endif::[]
-. implementing enforcement in an implementation of
-ifeval::["{snapshotOrRelease}" == "release"]
-https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
-endif::[]
-ifeval::["{snapshotOrRelease}" == "snapshot"]
-https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
-endif::[]
-annotated via
-ifeval::["{snapshotOrRelease}" == "release"]
-https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^]
-endif::[]
-ifeval::["{snapshotOrRelease}" == "snapshot"]
-https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^]
-endif::[]
-referring to the configuration class
-====
+[NOTE]
+Before being able to configure the default account rule as mentioned above, you will need
to first create a `JAVA`
+`ACCOUNT_RULE` <<implementations,implementation>> for the `org.apache.syncope.common.lib.policy.DefaultAccountRuleConf`
+class.
 
 ===== Pass-through Authentication
 
@@ -149,30 +166,38 @@ Some implementations are provided out-of-the-box, custom ones can be
provided on
 
 [TIP]
 ====
-Writing custom account rules means:
+As `JAVA` <<implementations,implementation>>, writing custom password rules means:
 
 . providing configuration parameters in an implementation of
 ifeval::["{snapshotOrRelease}" == "release"]
-https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/common/lib/src/main/java/org/apache/syncope/common/lib/policy/PasswordRuleConf.java[PasswordRuleConf^]
 endif::[]
 ifeval::["{snapshotOrRelease}" == "snapshot"]
-https://github.com/apache/syncope/blob/master/common/lib/src/main/java/org/apache/syncope/common/lib/policy/AccountRuleConf.java[AccountRuleConf^]
+https://github.com/apache/syncope/blob/master/common/lib/src/main/java/org/apache/syncope/common/lib/policy/PasswordRuleConf.java[PasswordRuleConf^]
 endif::[]
-. implementing enforcement in an implementation of
+. enforcing in an implementation of
 ifeval::["{snapshotOrRelease}" == "release"]
-https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^]
 endif::[]
 ifeval::["{snapshotOrRelease}" == "snapshot"]
-https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRule.java[AccountRule^]
+https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^]
 endif::[]
 annotated via
 ifeval::["{snapshotOrRelease}" == "release"]
-https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRuleConfClass.java[@PasswordRuleConfClass^]
 endif::[]
 ifeval::["{snapshotOrRelease}" == "snapshot"]
-https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AccountRuleConfClass.java[@AccountRuleConfClass^]
+https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRuleConfClass.java[@PasswordRuleConfClass^]
+endif::[]
+referring to the configuration class.
+
+As `GROOVY` <<implementations,implementation>>, writing custom account rules
means implementing
+ifeval::["{snapshotOrRelease}" == "release"]
+https://github.com/apache/syncope/blob/syncope-{docVersion}/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^]
+endif::[]
+ifeval::["{snapshotOrRelease}" == "snapshot"]
+https://github.com/apache/syncope/blob/master/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PasswordRule.java[PasswordRule^]
 endif::[]
-referring to the configuration class
 ====
 
 ====== Default Password Rule
@@ -218,6 +243,11 @@ endif::[]
 * prefixes not permitted - list of strings that cannot be present as a prefix;
 * suffixes not permitted - list of strings that cannot be present as a suffix.
 
+[NOTE]
+Before being able to configure the default password rule as mentioned above, you will need
to first create a `JAVA`
+`PASSWORD_RULE` <<implementations,implementation>> for the `org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf`
+class.
+
 ====== "Have I Been Pwned?" Password Rule
 
 This password rule (enforced by
@@ -237,6 +267,11 @@ endif::[]
 ) checks the provided password values against the popular
 https://haveibeenpwned.com["Have I Been Pwned?"^] service.
 
+[NOTE]
+Before being able to configure the "Have I Been Pwned?" password rule as mentioned above,
you will need to first create
+a `JAVA` `PASSWORD_RULE` <<implementations,implementation>> for the
+`org.apache.syncope.common.lib.policy.HaveIBeenPwnedPasswordRuleConf` class.
+
 [[policies-pull]]
 ==== Pull
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/348f1506/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc b/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc
index a38c33b..ea7f6d6 100644
--- a/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/typemanagement.adoc
@@ -36,12 +36,12 @@ When defining a plain schema, the following information must be provided:
 * Type
 ** `String`
 ** `Long` - allows to specify a _conversion pattern_ to / from string, according to 
-http://docs.oracle.com/javase/7/docs/api/java/text/DecimalFormat.html[DecimalFormat^]
+http://docs.oracle.com/javase/8/docs/api/java/text/DecimalFormat.html[DecimalFormat^]
 ** `Double` - allows to specify a _conversion pattern_ to / from string, according to 
-http://docs.oracle.com/javase/7/docs/api/java/text/DecimalFormat.html[DecimalFormat^]
+http://docs.oracle.com/javase/8/docs/api/java/text/DecimalFormat.html[DecimalFormat^]
 ** `Boolean`
 ** `Date` - allows to specify a _conversion pattern_ to / from string, according to 
-http://docs.oracle.com/javase/7/docs/api/java/text/DateFormat.html[DateFormat^]
+http://docs.oracle.com/javase/8/docs/api/java/text/DateFormat.html[DateFormat^]
 ** `Enum`
 *** enumeration values (mandatory)
 *** enumeration labels (optional, values will be used alternatively)


Mime
View raw message