diff --git a/gui/admin-gui/src/main/resources/initial-objects/010-value-policy.xml b/gui/admin-gui/src/main/resources/initial-objects/010-value-policy.xml
index 46d33fbca92..7bb2ce27362 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/010-value-policy.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/010-value-policy.xml
@@ -58,4 +58,5 @@
+ 0
diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/policy/PasswordPolicyUtils.java b/infra/common/src/main/java/com/evolveum/midpoint/common/policy/PasswordPolicyUtils.java
index b4a90b5e81d..58bb1400d67 100644
--- a/infra/common/src/main/java/com/evolveum/midpoint/common/policy/PasswordPolicyUtils.java
+++ b/infra/common/src/main/java/com/evolveum/midpoint/common/policy/PasswordPolicyUtils.java
@@ -22,6 +22,7 @@
import org.apache.commons.lang.Validate;
import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.prism.xml.XsdTypeMapper;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.util.logging.Trace;
@@ -159,21 +160,23 @@ public static boolean validatePassword(String password, ValuePolicyType pp, Oper
* @return - Operation result of this validation
*/
public static OperationResult validatePassword(String password, ValuePolicyType pp) {
- // check input params
-// if (null == pp) {
-// throw new IllegalArgumentException("No policy provided: NULL");
-// }
-//
-// if (null == password) {
-// throw new IllegalArgumentException("Password for validaiton is null.");
-// }
-
- Validate.notNull(pp, "Password policy must not be null.");
- Validate.notNull(password, "Password to validate must not be null.");
+ Validate.notNull(pp, "Password policy must not be null.");
+
OperationResult ret = new OperationResult(OPERATION_PASSWORD_VALIDATION);
ret.addParam("policyName", pp.getName());
normalize(pp);
+
+ if (password == null && pp.getMinOccurs() != null && XsdTypeMapper.multiplicityToInteger(pp.getMinOccurs()) == 0) {
+ // No password is allowed
+ ret.recordSuccess();
+ return ret;
+ }
+
+ if (password == null) {
+ password = "";
+ }
+
LimitationsType lims = pp.getStringPolicy().getLimitations();
StringBuilder message = new StringBuilder();
diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomParser.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomParser.java
index cd72d21de85..b33fe475f13 100644
--- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomParser.java
+++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomParser.java
@@ -420,6 +420,18 @@ public String serializeToString(RootXNode xnode) throws SchemaException {
Element element = serializer.serialize(xnode);
return DOMUtil.serializeDOMToString(element);
}
+
+ public Element serializeUnderElement(XNode xnode, QName rootElementName, Element parentElement) throws SchemaException {
+ DomSerializer serializer = new DomSerializer(this, schemaRegistry);
+ RootXNode xroot;
+ if (xnode instanceof RootXNode) {
+ xroot = (RootXNode) xnode;
+ } else {
+ xroot = new RootXNode(rootElementName);
+ xroot.setSubnode(xnode);
+ }
+ return serializer.serializeUnderElement(xroot, parentElement);
+ }
public Element serializeXMapToElement(MapXNode xmap, QName elementName) throws SchemaException {
DomSerializer serializer = new DomSerializer(this, schemaRegistry);
diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomSerializer.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomSerializer.java
index 54bbce85d30..3a7dfd09500 100644
--- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomSerializer.java
+++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/DomSerializer.java
@@ -86,19 +86,27 @@ private void initializeWithExistingDocument(Document document) {
public Element serialize(RootXNode rootxnode) throws SchemaException {
initialize();
- return serializeInternal(rootxnode);
+ return serializeInternal(rootxnode, null);
}
// this one is used only from within JaxbDomHack.toAny(..) - hopefully it will disappear soon
@Deprecated
public Element serialize(RootXNode rootxnode, Document document) throws SchemaException {
initializeWithExistingDocument(document);
- return serializeInternal(rootxnode);
+ return serializeInternal(rootxnode, null);
+ }
+
+ public Element serializeUnderElement(RootXNode rootxnode, Element parentElement) throws SchemaException {
+ initializeWithExistingDocument(parentElement.getOwnerDocument());
+ return serializeInternal(rootxnode, parentElement);
}
- private Element serializeInternal(RootXNode rootxnode) throws SchemaException {
+ private Element serializeInternal(RootXNode rootxnode, Element parentElement) throws SchemaException {
QName rootElementName = rootxnode.getRootElementName();
- Element topElement = createElement(rootElementName, null);
+ Element topElement = createElement(rootElementName, parentElement);
+ if (parentElement != null) {
+ parentElement.appendChild(topElement);
+ }
QName typeQName = rootxnode.getTypeQName();
if (typeQName == null && rootxnode.getSubnode().getTypeQName() != null) {
typeQName = rootxnode.getSubnode().getTypeQName();
diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/PrismBeanConverter.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/PrismBeanConverter.java
index 2d8105d8d44..aada5410dea 100644
--- a/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/PrismBeanConverter.java
+++ b/infra/prism/src/main/java/com/evolveum/midpoint/prism/parser/PrismBeanConverter.java
@@ -110,6 +110,10 @@ public boolean canProcess(Class> clazz) {
return RawType.class.equals(clazz) || clazz.getAnnotation(XmlType.class) != null;
}
+ public QName determineTypeForClass(Class> clazz) {
+ return inspector.determineTypeForClass(clazz);
+ }
+
public T unmarshall(MapXNode xnode, QName typeQName) throws SchemaException {
Class classType = getSchemaRegistry().determineCompileTimeClass(typeQName);
return unmarshall(xnode, classType);
diff --git a/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java b/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
index 2eedcb1995e..65b112c467b 100644
--- a/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
+++ b/infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
@@ -58,6 +58,7 @@ public abstract class SchemaConstants {
public static final String NS_MATCHING_RULE = NS_MIDPOINT_PUBLIC + "/common/matching-rule-3";
public static final String NS_WFCF = "http://midpoint.evolveum.com/xml/ns/model/workflow/common-forms-3";
public static final String NS_WFPIS = "http://midpoint.evolveum.com/xml/ns/model/workflow/process-instance-state-3";
+ public static final String NS_FAULT = "http://midpoint.evolveum.com/xml/ns/public/common/fault-3";
// COMMON NAMESPACE
@@ -230,4 +231,6 @@ public abstract class SchemaConstants {
public static final QName C_ASSIGNMENT = new QName(SchemaConstants.NS_C, "assignment");
public static final QName C_NAME = new QName(SchemaConstants.NS_C, "name");
+
+ public static final QName FAULT_MESSAGE_ELEMENT_NAME = new QName(NS_FAULT, "fault");
}
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd
index 39bf7a98f17..1a8c18c212c 100644
--- a/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd
+++ b/infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd
@@ -7667,6 +7667,24 @@
+
+
+
+ Minimal number of value occurences. minOccurs set to zero means that the value
+ is optional.
+ E.g. when applied to passwords the minOccurs=0 means that the policy will
+ accept no password at all. But it will still validate the password using
+ stringPolicy if a password is present.
+
+
+
+
+
+
+ Maximal number of value occurences.
+
+
+
@@ -8020,7 +8038,7 @@
TODO: better documentation
- tns:ValuePolicyType
+ tns:SecurityPolicyType
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/fault-3.wsdl b/infra/schema/src/main/resources/xml/ns/public/common/fault-3.wsdl
index eafe2583b98..a04c2767d54 100644
--- a/infra/schema/src/main/resources/xml/ns/public/common/fault-3.wsdl
+++ b/infra/schema/src/main/resources/xml/ns/public/common/fault-3.wsdl
@@ -1,6 +1,6 @@
+
+ Adder
+
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
+
+
diff --git a/testing/wstest/src/test/resources/common/role-modifier.xml b/testing/wstest/src/test/resources/common/role-modifier.xml
new file mode 100644
index 00000000000..706598c6751
--- /dev/null
+++ b/testing/wstest/src/test/resources/common/role-modifier.xml
@@ -0,0 +1,24 @@
+
+
+ Modifier
+
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
+
+
diff --git a/testing/wstest/src/test/resources/common/user-cyclops.xml b/testing/wstest/src/test/resources/common/user-cyclops.xml
index c8e1e9f5189..495108e8c4e 100644
--- a/testing/wstest/src/test/resources/common/user-cyclops.xml
+++ b/testing/wstest/src/test/resources/common/user-cyclops.xml
@@ -20,6 +20,9 @@
+
+ enabled
+
Cyclops
Cyclo
Cyclops
diff --git a/testing/wstest/src/test/resources/common/user-darthadder.xml b/testing/wstest/src/test/resources/common/user-darthadder.xml
new file mode 100644
index 00000000000..611460076db
--- /dev/null
+++ b/testing/wstest/src/test/resources/common/user-darthadder.xml
@@ -0,0 +1,45 @@
+
+
+
+ darthadder
+
+
+
+
+
+
+
+
+
+
+
+
+
+ enabled
+
+ Darth Adder
+ Darth
+ Adder
+
+
+
+ iamyouruncle
+
+
+
+
\ No newline at end of file
diff --git a/testing/wstest/src/test/resources/common/user-nobody.xml b/testing/wstest/src/test/resources/common/user-nobody.xml
index 76782641216..2417609ceba 100644
--- a/testing/wstest/src/test/resources/common/user-nobody.xml
+++ b/testing/wstest/src/test/resources/common/user-nobody.xml
@@ -17,6 +17,9 @@
nobody
+
+ enabled
+
No Body
No
Body
diff --git a/testing/wstest/src/test/resources/common/user-nopassword.xml b/testing/wstest/src/test/resources/common/user-nopassword.xml
new file mode 100644
index 00000000000..e732517ee83
--- /dev/null
+++ b/testing/wstest/src/test/resources/common/user-nopassword.xml
@@ -0,0 +1,34 @@
+
+
+
+ nopassword
+
+
+
+
+
+
+
+
+
+ enabled
+
+ No Password
+ No
+ Password
+
\ No newline at end of file
diff --git a/testing/wstest/src/test/resources/common/user-somebody.xml b/testing/wstest/src/test/resources/common/user-somebody.xml
index be706b7cce7..d809f617760 100644
--- a/testing/wstest/src/test/resources/common/user-somebody.xml
+++ b/testing/wstest/src/test/resources/common/user-somebody.xml
@@ -18,11 +18,16 @@
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
somebody
+
+
+
+ enabled
+
Some Body
Some
body