syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [2/3] syncope git commit: Fixing some missing JPA entities' validation
Date Mon, 22 Oct 2018 07:02:22 GMT
Fixing some missing JPA entities' validation


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/b25a8834
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/b25a8834
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/b25a8834

Branch: refs/heads/2_1_X
Commit: b25a8834db2cc7ea45707a1218e85e0475684270
Parents: f863108
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Fri Oct 19 13:26:52 2018 +0200
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Mon Oct 22 08:59:36 2018 +0200

----------------------------------------------------------------------
 .../resources/UserSelfCreateResource.java       |  4 +-
 .../resources/UserSelfUpdateResource.java       |  4 +-
 .../client/enduser/util/SaltGenerator.java      |  1 +
 .../enduser/util/UserRequestValidator.java      | 95 -------------------
 .../syncope/client/enduser/util/Validation.java | 96 +++++++++++++++++++
 .../enduser/util/UserRequestValidatorTest.java  | 98 --------------------
 .../client/enduser/util/ValidationTest.java     | 98 ++++++++++++++++++++
 .../jpa/entity/policy/AbstractPolicy.java       |  2 +
 .../validation/entity/AbstractValidator.java    |  4 +
 .../validation/entity/AnyTypeClassCheck.java    | 41 ++++++++
 .../entity/AnyTypeClassValidator.java           | 43 +++++++++
 .../jpa/validation/entity/AnyTypeValidator.java | 31 ++++---
 .../entity/ConnInstanceValidator.java           | 10 ++
 .../jpa/validation/entity/PolicyCheck.java      | 41 ++++++++
 .../jpa/validation/entity/PolicyValidator.java  | 40 ++++++++
 .../jpa/validation/entity/RealmValidator.java   |  9 +-
 .../entity/RelationshipTypeValidator.java       | 19 +++-
 .../jpa/validation/entity/ReportValidator.java  | 22 +++--
 .../entity/OIDCProviderValidator.java           | 24 +++--
 .../validation/entity/SAML2IdPValidator.java    | 27 ++++--
 20 files changed, 470 insertions(+), 239 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfCreateResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfCreateResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfCreateResource.java
index e017d45..acc1577 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfCreateResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfCreateResource.java
@@ -28,7 +28,7 @@ import org.apache.syncope.client.enduser.SyncopeEnduserApplication;
 import org.apache.syncope.client.enduser.SyncopeEnduserConstants;
 import org.apache.syncope.client.enduser.SyncopeEnduserSession;
 import org.apache.syncope.client.enduser.annotations.Resource;
-import org.apache.syncope.client.enduser.util.UserRequestValidator;
+import org.apache.syncope.client.enduser.util.Validation;
 import org.apache.syncope.common.lib.SyncopeClientException;
 import org.apache.syncope.common.lib.to.AttrTO;
 import org.apache.syncope.common.lib.to.MembershipTO;
@@ -81,7 +81,7 @@ public class UserSelfCreateResource extends BaseUserSelfResource {
                 LOG.trace("Request is [{}]", userTO);
 
                 // check if request is compliant with customization form rules
-                if (UserRequestValidator.compliant(userTO,
+                if (Validation.isCompliant(userTO,
                         SyncopeEnduserApplication.get().getCustomFormAttributes(), true)) {
 
                     // 1. membership attributes management

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfUpdateResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfUpdateResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfUpdateResource.java
index 3cccb8f..1ea8530 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfUpdateResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfUpdateResource.java
@@ -30,7 +30,7 @@ import org.apache.syncope.client.enduser.SyncopeEnduserConstants;
 import org.apache.syncope.client.enduser.SyncopeEnduserSession;
 import org.apache.syncope.client.enduser.annotations.Resource;
 import org.apache.syncope.client.enduser.model.CustomAttributesInfo;
-import org.apache.syncope.client.enduser.util.UserRequestValidator;
+import org.apache.syncope.client.enduser.util.Validation;
 import org.apache.syncope.common.lib.AnyOperations;
 import org.apache.syncope.common.lib.EntityTOUtils;
 import org.apache.syncope.common.lib.patch.UserPatch;
@@ -70,7 +70,7 @@ public class UserSelfUpdateResource extends BaseUserSelfResource {
                     SyncopeEnduserApplication.get().getCustomFormAttributes();
 
             // check if request is compliant with customization form rules
-            if (UserRequestValidator.compliant(userTO, customFormAttributes, false)) {
+            if (Validation.isCompliant(userTO, customFormAttributes, false)) {
                 // 1. membership attributes management
                 Set<AttrTO> membAttrs = new HashSet<>();
                 userTO.getPlainAttrs().stream().

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
index 00d784d..acb3f13 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/SaltGenerator.java
@@ -43,5 +43,6 @@ public final class SaltGenerator {
     }
 
     private SaltGenerator() {
+        // private constructor for static utility class
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/UserRequestValidator.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/UserRequestValidator.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/UserRequestValidator.java
deleted file mode 100644
index 7772fcb..0000000
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/UserRequestValidator.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.enduser.util;
-
-import java.util.Map;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.syncope.client.enduser.model.CustomAttribute;
-import org.apache.syncope.client.enduser.model.CustomAttributesInfo;
-import org.apache.syncope.client.enduser.model.CustomTemplateInfo;
-import org.apache.syncope.common.lib.EntityTOUtils;
-import org.apache.syncope.common.lib.to.AttrTO;
-import org.apache.syncope.common.lib.to.UserTO;
-import org.apache.syncope.common.lib.types.SchemaType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public final class UserRequestValidator {
-
-    private static final Logger LOG = LoggerFactory.getLogger(UserRequestValidator.class);
-
-    private UserRequestValidator() {
-    }
-
-    public static boolean compliant(final UserTO userTO, final Map<String, CustomAttributesInfo> customFormAttributes,
-            final boolean checkDefaultValues) {
-
-        if (customFormAttributes == null || customFormAttributes.isEmpty()) {
-            return true;
-        }
-
-        return validateAttributes(EntityTOUtils.buildAttrMap(userTO.getPlainAttrs()),
-                customFormAttributes.get(SchemaType.PLAIN.name()), checkDefaultValues)
-                && validateAttributes(EntityTOUtils.buildAttrMap(userTO.getDerAttrs()),
-                        customFormAttributes.get(SchemaType.DERIVED.name()), checkDefaultValues)
-                && validateAttributes(EntityTOUtils.buildAttrMap(userTO.getVirAttrs()),
-                        customFormAttributes.get(SchemaType.VIRTUAL.name()), checkDefaultValues);
-    }
-
-    private static boolean validateAttributes(final Map<String, AttrTO> attrMap,
-            final CustomAttributesInfo customAttrInfo, final boolean checkDefaultValues) {
-
-        return customAttrInfo == null
-                || customAttrInfo.getAttributes().isEmpty()
-                || attrMap.entrySet().stream().allMatch(entry -> {
-                    String schemaKey = entry.getKey();
-                    AttrTO attrTO = entry.getValue();
-                    CustomAttribute customAttr = customAttrInfo.getAttributes().get(schemaKey);
-                    boolean compliant = customAttr != null && (!checkDefaultValues || isValid(attrTO, customAttr));
-                    if (!compliant) {
-                        LOG.trace("Attribute [{}] or its values [{}] are not allowed by form customization rules",
-                                attrTO.getSchema(), attrTO.getValues());
-                    }
-                    return compliant;
-                });
-
-    }
-
-    public static boolean validateSteps(final CustomTemplateInfo customTemplateInfo) {
-        return customTemplateInfo != null
-                && StringUtils.isNotBlank(customTemplateInfo.getWizard().getFirstStep())
-                && !customTemplateInfo.getWizard().getSteps().isEmpty();
-
-    }
-
-    public static boolean validateStep(final String stepName, final CustomTemplateInfo customTemplateInfo) {
-        return customTemplateInfo != null
-                && !customTemplateInfo.getWizard().getSteps().isEmpty()
-                && customTemplateInfo.getWizard().getSteps().containsKey(stepName)
-                && StringUtils.isNotBlank(customTemplateInfo.getWizard().getSteps().get(stepName).getUrl());
-
-    }
-
-    private static boolean isValid(final AttrTO attrTO, final CustomAttribute customAttribute) {
-        return customAttribute.isReadonly()
-                ? attrTO.getValues().stream().allMatch(value -> customAttribute.getDefaultValues().contains(value))
-                : true;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/Validation.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/Validation.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/Validation.java
new file mode 100644
index 0000000..4924a53
--- /dev/null
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/util/Validation.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.enduser.util;
+
+import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.client.enduser.model.CustomAttribute;
+import org.apache.syncope.client.enduser.model.CustomAttributesInfo;
+import org.apache.syncope.client.enduser.model.CustomTemplateInfo;
+import org.apache.syncope.common.lib.EntityTOUtils;
+import org.apache.syncope.common.lib.to.AttrTO;
+import org.apache.syncope.common.lib.to.UserTO;
+import org.apache.syncope.common.lib.types.SchemaType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class Validation {
+
+    private static final Logger LOG = LoggerFactory.getLogger(Validation.class);
+
+    public static boolean isCompliant(
+            final UserTO userTO,
+            final Map<String, CustomAttributesInfo> customFormAttributes,
+            final boolean checkDefaultValues) {
+
+        if (customFormAttributes == null || customFormAttributes.isEmpty()) {
+            return true;
+        }
+
+        return validateAttributes(EntityTOUtils.buildAttrMap(userTO.getPlainAttrs()),
+                customFormAttributes.get(SchemaType.PLAIN.name()), checkDefaultValues)
+                && validateAttributes(EntityTOUtils.buildAttrMap(userTO.getDerAttrs()),
+                        customFormAttributes.get(SchemaType.DERIVED.name()), checkDefaultValues)
+                && validateAttributes(EntityTOUtils.buildAttrMap(userTO.getVirAttrs()),
+                        customFormAttributes.get(SchemaType.VIRTUAL.name()), checkDefaultValues);
+    }
+
+    private static boolean validateAttributes(final Map<String, AttrTO> attrMap,
+            final CustomAttributesInfo customAttrInfo, final boolean checkDefaultValues) {
+
+        return customAttrInfo == null
+                || customAttrInfo.getAttributes().isEmpty()
+                || attrMap.entrySet().stream().allMatch(entry -> {
+                    String schemaKey = entry.getKey();
+                    AttrTO attrTO = entry.getValue();
+                    CustomAttribute customAttr = customAttrInfo.getAttributes().get(schemaKey);
+                    boolean compliant = customAttr != null && (!checkDefaultValues || isValid(attrTO, customAttr));
+                    if (!compliant) {
+                        LOG.trace("Attribute [{}] or its values [{}] are not allowed by form customization rules",
+                                attrTO.getSchema(), attrTO.getValues());
+                    }
+                    return compliant;
+                });
+    }
+
+    public static boolean validateSteps(final CustomTemplateInfo customTemplateInfo) {
+        return customTemplateInfo != null
+                && StringUtils.isNotBlank(customTemplateInfo.getWizard().getFirstStep())
+                && !customTemplateInfo.getWizard().getSteps().isEmpty();
+
+    }
+
+    public static boolean validateStep(final String stepName, final CustomTemplateInfo customTemplateInfo) {
+        return customTemplateInfo != null
+                && !customTemplateInfo.getWizard().getSteps().isEmpty()
+                && customTemplateInfo.getWizard().getSteps().containsKey(stepName)
+                && StringUtils.isNotBlank(customTemplateInfo.getWizard().getSteps().get(stepName).getUrl());
+
+    }
+
+    private static boolean isValid(final AttrTO attrTO, final CustomAttribute customAttribute) {
+        return customAttribute.isReadonly()
+                ? attrTO.getValues().stream().allMatch(value -> customAttribute.getDefaultValues().contains(value))
+                : true;
+    }
+
+    private Validation() {
+        // private constructor for static utility class
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java b/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java
deleted file mode 100644
index c1e37e6..0000000
--- a/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.enduser.util;
-
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
-import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import org.apache.syncope.client.enduser.model.CustomAttributesInfo;
-import org.apache.syncope.client.enduser.model.CustomTemplateInfo;
-import org.apache.syncope.common.lib.to.AttrTO;
-import org.apache.syncope.common.lib.to.UserTO;
-import org.junit.jupiter.api.Test;
-import org.springframework.core.io.ClassPathResource;
-
-public class UserRequestValidatorTest {
-
-    private AttrTO attrTO(String schemaKey, String... values) {
-        return new AttrTO.Builder().schema(schemaKey).values(values).build();
-    }
-
-    @Test
-    public void testCompliant() throws IOException {
-        UserTO userTO = new UserTO();
-        // plain
-        AttrTO firstname = attrTO("firstname", "defaultFirstname");
-        AttrTO surname = attrTO("surname", "surnameValue");
-        AttrTO additionalCtype = attrTO("additional#ctype", "ctypeValue");
-        AttrTO notAllowed = attrTO("not_allowed", "notAllowedValue");
-        userTO.getPlainAttrs().addAll(Arrays.asList(firstname, surname, notAllowed, additionalCtype));
-
-        Map<String, CustomAttributesInfo> customFormAttributes = new ObjectMapper().readValue(new ClassPathResource(
-                "customFormAttributes.json").getFile(), new TypeReference<HashMap<String, CustomAttributesInfo>>() {
-        });
-
-        CustomTemplateInfo customTemplate = new ObjectMapper().readValue(new ClassPathResource(
-                "customTemplate.json").getFile(), CustomTemplateInfo.class);
-
-        // not allowed because of presence of notAllowed attribute
-        assertFalse(UserRequestValidator.compliant(userTO, customFormAttributes, true));
-
-        // remove notAllowed attribute and make it compliant
-        userTO.getPlainAttrs().remove(notAllowed);
-        assertTrue(UserRequestValidator.compliant(userTO, customFormAttributes, true));
-
-        // firstname must have only one defaultValue
-        userTO.getPlainAttr("firstname").get().getValues().add("notAllowedFirstnameValue");
-        assertFalse(UserRequestValidator.compliant(userTO, customFormAttributes, true));
-        assertTrue(UserRequestValidator.compliant(userTO, customFormAttributes, false));
-
-        // clean
-        userTO.getPlainAttr("firstname").get().getValues().remove("notAllowedFirstnameValue");
-
-        // virtual
-        AttrTO virtualdata = attrTO("virtualdata", "defaultVirtualData");
-        userTO.getVirAttrs().add(virtualdata);
-        assertTrue(UserRequestValidator.compliant(userTO, customFormAttributes, true));
-
-        // with empty form is compliant by definition
-        assertTrue(UserRequestValidator.compliant(userTO, new HashMap<>(), true));
-
-        // check wizard steps
-        // only "credentials", "plainSchemas" and "finish" steps must be visible
-        assertTrue(UserRequestValidator.validateSteps(customTemplate));
-
-        assertTrue(UserRequestValidator.validateStep("credentials", customTemplate));
-        assertTrue(UserRequestValidator.validateStep("plainSchemas", customTemplate));
-        assertTrue(UserRequestValidator.validateStep("finish", customTemplate));
-
-        assertFalse(UserRequestValidator.validateStep("test", customTemplate));
-        assertFalse(UserRequestValidator.validateStep("resources", customTemplate));
-        assertFalse(UserRequestValidator.validateStep("virtualSchemas", customTemplate));
-        assertFalse(UserRequestValidator.validateStep("derivedSchemas", customTemplate));
-        assertFalse(UserRequestValidator.validateStep("groups", customTemplate));
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/ValidationTest.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/ValidationTest.java b/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/ValidationTest.java
new file mode 100644
index 0000000..6eb5a0b
--- /dev/null
+++ b/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/ValidationTest.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.enduser.util;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.syncope.client.enduser.model.CustomAttributesInfo;
+import org.apache.syncope.client.enduser.model.CustomTemplateInfo;
+import org.apache.syncope.common.lib.to.AttrTO;
+import org.apache.syncope.common.lib.to.UserTO;
+import org.junit.jupiter.api.Test;
+import org.springframework.core.io.ClassPathResource;
+
+public class ValidationTest {
+
+    private AttrTO attrTO(String schemaKey, String... values) {
+        return new AttrTO.Builder().schema(schemaKey).values(values).build();
+    }
+
+    @Test
+    public void testCompliant() throws IOException {
+        UserTO userTO = new UserTO();
+        // plain
+        AttrTO firstname = attrTO("firstname", "defaultFirstname");
+        AttrTO surname = attrTO("surname", "surnameValue");
+        AttrTO additionalCtype = attrTO("additional#ctype", "ctypeValue");
+        AttrTO notAllowed = attrTO("not_allowed", "notAllowedValue");
+        userTO.getPlainAttrs().addAll(Arrays.asList(firstname, surname, notAllowed, additionalCtype));
+
+        Map<String, CustomAttributesInfo> customFormAttributes = new ObjectMapper().readValue(new ClassPathResource(
+                "customFormAttributes.json").getFile(), new TypeReference<HashMap<String, CustomAttributesInfo>>() {
+        });
+
+        CustomTemplateInfo customTemplate = new ObjectMapper().readValue(new ClassPathResource(
+                "customTemplate.json").getFile(), CustomTemplateInfo.class);
+
+        // not allowed because of presence of notAllowed attribute
+        assertFalse(Validation.isCompliant(userTO, customFormAttributes, true));
+
+        // remove notAllowed attribute and make it compliant
+        userTO.getPlainAttrs().remove(notAllowed);
+        assertTrue(Validation.isCompliant(userTO, customFormAttributes, true));
+
+        // firstname must have only one defaultValue
+        userTO.getPlainAttr("firstname").get().getValues().add("notAllowedFirstnameValue");
+        assertFalse(Validation.isCompliant(userTO, customFormAttributes, true));
+        assertTrue(Validation.isCompliant(userTO, customFormAttributes, false));
+
+        // clean
+        userTO.getPlainAttr("firstname").get().getValues().remove("notAllowedFirstnameValue");
+
+        // virtual
+        AttrTO virtualdata = attrTO("virtualdata", "defaultVirtualData");
+        userTO.getVirAttrs().add(virtualdata);
+        assertTrue(Validation.isCompliant(userTO, customFormAttributes, true));
+
+        // with empty form is compliant by definition
+        assertTrue(Validation.isCompliant(userTO, new HashMap<>(), true));
+
+        // check wizard steps
+        // only "credentials", "plainSchemas" and "finish" steps must be visible
+        assertTrue(Validation.validateSteps(customTemplate));
+
+        assertTrue(Validation.validateStep("credentials", customTemplate));
+        assertTrue(Validation.validateStep("plainSchemas", customTemplate));
+        assertTrue(Validation.validateStep("finish", customTemplate));
+
+        assertFalse(Validation.validateStep("test", customTemplate));
+        assertFalse(Validation.validateStep("resources", customTemplate));
+        assertFalse(Validation.validateStep("virtualSchemas", customTemplate));
+        assertFalse(Validation.validateStep("derivedSchemas", customTemplate));
+        assertFalse(Validation.validateStep("groups", customTemplate));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/AbstractPolicy.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/AbstractPolicy.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/AbstractPolicy.java
index 27fcb85..5344a1e 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/AbstractPolicy.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/policy/AbstractPolicy.java
@@ -24,9 +24,11 @@ import javax.persistence.InheritanceType;
 import javax.validation.constraints.NotNull;
 import org.apache.syncope.core.persistence.api.entity.policy.Policy;
 import org.apache.syncope.core.persistence.jpa.entity.AbstractGeneratedKeyEntity;
+import org.apache.syncope.core.persistence.jpa.validation.entity.PolicyCheck;
 
 @Entity
 @Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
+@PolicyCheck
 public abstract class AbstractPolicy extends AbstractGeneratedKeyEntity implements Policy {
 
     private static final long serialVersionUID = -5844833125843247458L;

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AbstractValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AbstractValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AbstractValidator.java
index 5b12d14..b06d5ea 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AbstractValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AbstractValidator.java
@@ -41,4 +41,8 @@ public abstract class AbstractValidator<A extends Annotation, T> implements Cons
     protected final String getTemplate(final EntityViolationType type, final String message) {
         return type.name() + ";" + message;
     }
+
+    protected boolean isHtml(final String text) {
+        return text != null && (text.indexOf('<') != -1 || text.indexOf('>') != -1);
+    }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassCheck.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassCheck.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassCheck.java
new file mode 100644
index 0000000..01572b3
--- /dev/null
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassCheck.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.validation.entity;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+
+@Target({ ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Constraint(validatedBy = AnyTypeClassValidator.class)
+@Documented
+public @interface AnyTypeClassCheck {
+
+    String message() default "{org.apache.syncope.core.persistence.validation.anytypeclass}";
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassValidator.java
new file mode 100644
index 0000000..baf8d71
--- /dev/null
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeClassValidator.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.validation.entity;
+
+import javax.validation.ConstraintValidatorContext;
+import org.apache.syncope.common.lib.types.EntityViolationType;
+import org.apache.syncope.core.persistence.api.entity.AnyTypeClass;
+
+public class AnyTypeClassValidator extends AbstractValidator<AnyTypeClassCheck, AnyTypeClass> {
+
+    @Override
+    public boolean isValid(final AnyTypeClass anyTypeClass, final ConstraintValidatorContext context) {
+        context.disableDefaultConstraintViolation();
+
+        boolean isValid = true;
+
+        if (isHtml(anyTypeClass.getKey())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidKey, "Invalid key")).
+                    addPropertyNode("key").addConstraintViolation();
+
+            isValid = false;
+        }
+
+        return isValid;
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeValidator.java
index 639061a..6fb7078 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/AnyTypeValidator.java
@@ -27,32 +27,41 @@ import org.apache.syncope.core.persistence.api.entity.AnyType;
 public class AnyTypeValidator extends AbstractValidator<AnyTypeCheck, AnyType> {
 
     @Override
-    public boolean isValid(final AnyType object, final ConstraintValidatorContext context) {
+    public boolean isValid(final AnyType anyType, final ConstraintValidatorContext context) {
         context.disableDefaultConstraintViolation();
 
-        boolean isValid;
-        switch (object.getKind()) {
+        boolean isValid = true;
+
+        if (isHtml(anyType.getKey())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidKey, "Invalid key")).
+                    addPropertyNode("key").addConstraintViolation();
+
+            isValid = false;
+        }
+
+        boolean nameKindMatch;
+        switch (anyType.getKind()) {
             case USER:
-                isValid = AnyTypeKind.USER.name().equalsIgnoreCase(object.getKey());
+                nameKindMatch = AnyTypeKind.USER.name().equalsIgnoreCase(anyType.getKey());
                 break;
 
             case GROUP:
-                isValid = AnyTypeKind.GROUP.name().equalsIgnoreCase(object.getKey());
+                nameKindMatch = AnyTypeKind.GROUP.name().equalsIgnoreCase(anyType.getKey());
                 break;
 
             case ANY_OBJECT:
             default:
-                isValid = !AnyTypeKind.USER.name().equalsIgnoreCase(object.getKey())
-                        && !AnyTypeKind.GROUP.name().equalsIgnoreCase(object.getKey())
-                        && !SyncopeConstants.REALM_ANYTYPE.equalsIgnoreCase(object.getKey());
+                nameKindMatch = !AnyTypeKind.USER.name().equalsIgnoreCase(anyType.getKey())
+                        && !AnyTypeKind.GROUP.name().equalsIgnoreCase(anyType.getKey())
+                        && !SyncopeConstants.REALM_ANYTYPE.equalsIgnoreCase(anyType.getKey());
         }
-
-        if (!isValid) {
+        if (!nameKindMatch) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.InvalidAnyType, "Name / kind mismatch")).
                     addPropertyNode("name").addConstraintViolation();
         }
 
-        return isValid;
+        return isValid && nameKindMatch;
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
index ecb0edb..ffbe438 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ConnInstanceValidator.java
@@ -28,8 +28,18 @@ public class ConnInstanceValidator extends AbstractValidator<ConnInstanceCheck,
 
     @Override
     public boolean isValid(final ConnInstance connInstance, final ConstraintValidatorContext context) {
+        context.disableDefaultConstraintViolation();
+
         boolean isValid = true;
 
+        if (isHtml(connInstance.getDisplayName())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidName, "Invalid display name")).
+                    addPropertyNode("displayName").addConstraintViolation();
+
+            isValid = false;
+        }
+
         try {
             URIUtils.buildForConnId(connInstance.getLocation());
         } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyCheck.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyCheck.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyCheck.java
new file mode 100644
index 0000000..45873be
--- /dev/null
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyCheck.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.validation.entity;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+
+@Target({ ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@Constraint(validatedBy = PolicyValidator.class)
+@Documented
+public @interface PolicyCheck {
+
+    String message() default "{org.apache.syncope.core.persistence.validation.policy}";
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyValidator.java
new file mode 100644
index 0000000..47a06e9
--- /dev/null
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/PolicyValidator.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.validation.entity;
+
+import javax.validation.ConstraintValidatorContext;
+import org.apache.syncope.common.lib.types.EntityViolationType;
+import org.apache.syncope.core.persistence.api.entity.policy.Policy;
+
+public class PolicyValidator extends AbstractValidator<RoleCheck, Policy> {
+
+    @Override
+    public boolean isValid(final Policy policy, final ConstraintValidatorContext context) {
+        context.disableDefaultConstraintViolation();
+
+        if (isHtml(policy.getDescription())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidName, "Invalid description")).
+                    addPropertyNode("description").addConstraintViolation();
+            return false;
+        }
+
+        return true;
+    }
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
index 6b542d0..7a05ea8 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RealmValidator.java
@@ -39,8 +39,7 @@ public class RealmValidator extends AbstractValidator<RealmCheck, Realm> {
                 isValid = false;
 
                 context.buildConstraintViolationWithTemplate(
-                        getTemplate(EntityViolationType.InvalidRealm,
-                                "Root realm cannot have a parent realm")).
+                        getTemplate(EntityViolationType.InvalidRealm, "Root realm cannot have a parent realm")).
                         addPropertyNode("parent").addConstraintViolation();
             }
         } else {
@@ -48,8 +47,7 @@ public class RealmValidator extends AbstractValidator<RealmCheck, Realm> {
                 isValid = false;
 
                 context.buildConstraintViolationWithTemplate(
-                        getTemplate(EntityViolationType.InvalidRealm,
-                                "A realm needs to reference a parent realm")).
+                        getTemplate(EntityViolationType.InvalidRealm, "A realm needs to reference a parent realm")).
                         addPropertyNode("parent").addConstraintViolation();
             }
 
@@ -57,8 +55,7 @@ public class RealmValidator extends AbstractValidator<RealmCheck, Realm> {
                 isValid = false;
 
                 context.buildConstraintViolationWithTemplate(
-                        getTemplate(EntityViolationType.InvalidRealm,
-                                "Only letters and numbers are allowed in realm name")).
+                        getTemplate(EntityViolationType.InvalidRealm, "Only alphanumeric chars allowed in realm name")).
                         addPropertyNode("name").addConstraintViolation();
             }
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RelationshipTypeValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RelationshipTypeValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RelationshipTypeValidator.java
index 9953859..550b153 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RelationshipTypeValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/RelationshipTypeValidator.java
@@ -26,16 +26,27 @@ import org.apache.syncope.core.persistence.api.entity.RelationshipType;
 public class RelationshipTypeValidator extends AbstractValidator<RelationshipTypeCheck, RelationshipType> {
 
     @Override
-    public boolean isValid(final RelationshipType object, final ConstraintValidatorContext context) {
+    public boolean isValid(final RelationshipType relationShipType, final ConstraintValidatorContext context) {
         context.disableDefaultConstraintViolation();
 
-        if (MembershipType.getInstance().getKey().equalsIgnoreCase(object.getKey())) {
+        boolean isValid = true;
+
+        if (isHtml(relationShipType.getKey())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidKey, "Invalid key")).
+                    addPropertyNode("key").addConstraintViolation();
+
+            isValid = false;
+        }
+
+        if (MembershipType.getInstance().getKey().equalsIgnoreCase(relationShipType.getKey())) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.InvalidKey, "Invalid relationshipType name")).
                     addPropertyNode("key").addConstraintViolation();
-            return false;
+
+            isValid = false;
         }
 
-        return true;
+        return isValid;
     }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ReportValidator.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ReportValidator.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ReportValidator.java
index e58a889..2be2072 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ReportValidator.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/ReportValidator.java
@@ -31,14 +31,24 @@ public class ReportValidator extends AbstractValidator<ReportCheck, Report> {
 
     @Override
     @SuppressWarnings("ResultOfObjectAllocationIgnored")
-    public boolean isValid(final Report object, final ConstraintValidatorContext context) {
+    public boolean isValid(final Report report, final ConstraintValidatorContext context) {
+        context.disableDefaultConstraintViolation();
+
         boolean isValid = true;
 
-        if (object.getCronExpression() != null) {
+        if (isHtml(report.getName())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidName, "Invalid name")).
+                    addPropertyNode("name").addConstraintViolation();
+
+            isValid = false;
+        }
+
+        if (report.getCronExpression() != null) {
             try {
-                new CronExpression(object.getCronExpression());
+                new CronExpression(report.getCronExpression());
             } catch (ParseException e) {
-                LOG.error("Invalid cron expression '" + object.getCronExpression() + "'", e);
+                LOG.error("Invalid cron expression '" + report.getCronExpression() + "'", e);
                 isValid = false;
 
                 context.disableDefaultConstraintViolation();
@@ -48,9 +58,9 @@ public class ReportValidator extends AbstractValidator<ReportCheck, Report> {
             }
         }
 
-        Set<String> reportletKeys = object.getReportlets().stream().
+        Set<String> reportletKeys = report.getReportlets().stream().
                 map(Entity::getKey).collect(Collectors.toSet());
-        if (reportletKeys.size() != object.getReportlets().size()) {
+        if (reportletKeys.size() != report.getReportlets().size()) {
             LOG.error("Reportlet key must be unique");
             isValid = false;
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/ext/oidcclient/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/OIDCProviderValidator.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/OIDCProviderValidator.java b/ext/oidcclient/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/OIDCProviderValidator.java
index 9e9d687..90cf59b 100644
--- a/ext/oidcclient/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/OIDCProviderValidator.java
+++ b/ext/oidcclient/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/OIDCProviderValidator.java
@@ -22,24 +22,35 @@ import javax.validation.ConstraintValidatorContext;
 import org.apache.syncope.common.lib.types.EntityViolationType;
 import org.apache.syncope.common.lib.types.ImplementationEngine;
 import org.apache.syncope.core.persistence.api.entity.OIDCProvider;
+import org.apache.syncope.core.persistence.api.entity.resource.Item;
 import org.apache.syncope.core.provisioning.api.data.ItemTransformer;
 
 public class OIDCProviderValidator extends AbstractValidator<OIDCProviderCheck, OIDCProvider> {
 
     @Override
-    public boolean isValid(final OIDCProvider value, final ConstraintValidatorContext context) {
+    public boolean isValid(final OIDCProvider oidcProvider, final ConstraintValidatorContext context) {
+        context.disableDefaultConstraintViolation();
 
-        if (value.isSelfRegUnmatching() && value.isCreateUnmatching()) {
+        if (isHtml(oidcProvider.getKey())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidKey, "Invalid key")).
+                    addPropertyNode("key").addConstraintViolation();
+
+            return false;
+        }
+
+        if (oidcProvider.isSelfRegUnmatching() && oidcProvider.isCreateUnmatching()) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.Standard,
                             "Either selfRegUnmatching or createUnmatching, not both")).
                     addPropertyNode("selfRegUnmatching").
                     addPropertyNode("createUnmatching").addConstraintViolation();
+
             return false;
         }
 
-        long connObjectKeys = value.getItems().stream().filter(item -> item.isConnObjectKey()).count();
-        if (!value.getItems().isEmpty() && connObjectKeys != 1) {
+        long connObjectKeys = oidcProvider.getItems().stream().filter(Item::isConnObjectKey).count();
+        if (!oidcProvider.getItems().isEmpty() && connObjectKeys != 1) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.InvalidMapping, "Single ConnObjectKey mapping is required")).
                     addPropertyNode("connObjectKey.size").addConstraintViolation();
@@ -48,7 +59,7 @@ public class OIDCProviderValidator extends AbstractValidator<OIDCProviderCheck,
 
         final boolean[] isValid = new boolean[] { true };
 
-        long passwords = value.getItems().stream().filter(item -> item.isPassword()).count();
+        long passwords = oidcProvider.getItems().stream().filter(Item::isPassword).count();
         if (passwords > 0) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.InvalidMapping, "No password mapping is allowed")).
@@ -56,11 +67,10 @@ public class OIDCProviderValidator extends AbstractValidator<OIDCProviderCheck,
             isValid[0] = false;
         }
 
-        value.getItems().forEach(item -> {
+        oidcProvider.getItems().forEach(item -> {
             item.getTransformers().stream().
                     filter(transformer -> transformer.getEngine() == ImplementationEngine.JAVA).
                     forEach(transformer -> {
-
                         Class<?> actionsClass = null;
                         boolean isAssignable = false;
                         try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/b25a8834/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
index ab2f112..a14d420 100644
--- a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
+++ b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
@@ -22,32 +22,45 @@ import javax.validation.ConstraintValidatorContext;
 import org.apache.syncope.common.lib.types.EntityViolationType;
 import org.apache.syncope.common.lib.types.ImplementationEngine;
 import org.apache.syncope.core.persistence.api.entity.SAML2IdP;
+import org.apache.syncope.core.persistence.api.entity.resource.Item;
 import org.apache.syncope.core.provisioning.api.data.ItemTransformer;
 
 public class SAML2IdPValidator extends AbstractValidator<SAML2IdPCheck, SAML2IdP> {
 
     @Override
-    public boolean isValid(final SAML2IdP value, final ConstraintValidatorContext context) {
-        if (value.isSelfRegUnmatching() && value.isCreateUnmatching()) {
+    public boolean isValid(final SAML2IdP saml2IdP, final ConstraintValidatorContext context) {
+        context.disableDefaultConstraintViolation();
+
+        if (isHtml(saml2IdP.getKey())) {
+            context.buildConstraintViolationWithTemplate(
+                    getTemplate(EntityViolationType.InvalidKey, "Invalid key")).
+                    addPropertyNode("key").addConstraintViolation();
+
+            return false;
+        }
+
+        if (saml2IdP.isSelfRegUnmatching() && saml2IdP.isCreateUnmatching()) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.Standard,
                             "Either selfRegUnmatching or createUnmatching, not both")).
                     addPropertyNode("selfRegUnmatching").
                     addPropertyNode("createUnmatching").addConstraintViolation();
+
             return false;
         }
 
-        long connObjectKeys = value.getItems().stream().filter(item -> item.isConnObjectKey()).count();
-        if (!value.getItems().isEmpty() && connObjectKeys != 1) {
+        long connObjectKeys = saml2IdP.getItems().stream().filter(Item::isConnObjectKey).count();
+        if (!saml2IdP.getItems().isEmpty() && connObjectKeys != 1) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.InvalidMapping, "Single ConnObjectKey mapping is required")).
                     addPropertyNode("connObjectKey.size").addConstraintViolation();
+
             return false;
         }
 
         final boolean[] isValid = new boolean[] { true };
 
-        long passwords = value.getItems().stream().filter(item -> item.isPassword()).count();
+        long passwords = saml2IdP.getItems().stream().filter(Item::isPassword).count();
         if (passwords > 0) {
             context.buildConstraintViolationWithTemplate(
                     getTemplate(EntityViolationType.InvalidMapping, "No password mapping is allowed")).
@@ -55,11 +68,10 @@ public class SAML2IdPValidator extends AbstractValidator<SAML2IdPCheck, SAML2IdP
             isValid[0] = false;
         }
 
-        value.getItems().forEach(item -> {
+        saml2IdP.getItems().forEach(item -> {
             item.getTransformers().stream().
                     filter(transformer -> transformer.getEngine() == ImplementationEngine.JAVA).
                     forEach(transformer -> {
-
                         Class<?> actionsClass = null;
                         boolean isAssignable = false;
                         try {
@@ -81,5 +93,4 @@ public class SAML2IdPValidator extends AbstractValidator<SAML2IdPCheck, SAML2IdP
 
         return isValid[0];
     }
-
 }


Mime
View raw message