Cleaning up the fallout of schema cleanup, WIP (MID-5052)

infra/common/src/main/java/com/evolveum/midpoint/common/refinery/CompositeRefinedObjectClassDefinitionImpl.java

@@ -351,10 +351,15 @@ public AttributeFetchStrategyType getPasswordFetchStrategy() {
 	}
 
 	@Override
+	@Deprecated
 	public ObjectReferenceType getPasswordPolicy() {
 		return structuralObjectClassDefinition.getPasswordPolicy();
 	}
 
+	public ObjectReferenceType getSecurityPolicyRef() {
+		return structuralObjectClassDefinition.getSecurityPolicyRef();
+	}
+
 	@Override
 	public ResourceActivationDefinitionType getActivationSchemaHandling() {
 		return structuralObjectClassDefinition.getActivationSchemaHandling();

infra/common/src/main/java/com/evolveum/midpoint/common/refinery/LayerRefinedObjectClassDefinitionImpl.java

@@ -355,10 +355,15 @@ public List<MappingType> getPasswordOutbound() {
 	}
 
     @Override
+    @Deprecated
 	public ObjectReferenceType getPasswordPolicy() {
 		return refinedObjectClassDefinition.getPasswordPolicy();
 	}
 
+	public ObjectReferenceType getSecurityPolicyRef() {
+		return refinedObjectClassDefinition.getSecurityPolicyRef();
+	}
+
 	@Override
 	public ResourcePasswordDefinitionType getPasswordDefinition() {
 		return refinedObjectClassDefinition.getPasswordDefinition();

infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinition.java

@@ -171,7 +171,10 @@ default PrismObject<ShadowType> createBlankShadow() {
 
 	AttributeFetchStrategyType getPasswordFetchStrategy();
 
+	@Deprecated
 	ObjectReferenceType getPasswordPolicy();
+
+	ObjectReferenceType getSecurityPolicyRef();
 
 	ResourceActivationDefinitionType getActivationSchemaHandling();
 

infra/common/src/main/java/com/evolveum/midpoint/common/refinery/RefinedObjectClassDefinitionImpl.java

@@ -506,7 +506,17 @@ public AttributeFetchStrategyType getPasswordFetchStrategy() {
 		return password.getFetchStrategy();
 	}
 
+
+	@Override
+	public ObjectReferenceType getSecurityPolicyRef() {
+		if (schemaHandlingObjectTypeDefinitionType == null) {
+			return null;
+		}
+		return schemaHandlingObjectTypeDefinitionType.getSecurityPolicyRef();
+	}
+
 	@Override
+	@Deprecated
 	public ObjectReferenceType getPasswordPolicy() {
 		ResourcePasswordDefinitionType password = getPasswordDefinition();
 		if (password == null || password.getPasswordPolicyRef() == null){

infra/prism-impl/src/main/java/com/evolveum/midpoint/prism/impl/delta/PrismValueDeltaSetTripleImpl.java

@@ -170,7 +170,7 @@ private void removeEmptyValues(Collection<V> set, boolean allowEmptyRealValues)
 		Iterator<V> iterator = set.iterator();
 		while (iterator.hasNext()) {
 			V val = iterator.next();
-			if (val.isEmpty()) {
+			if (val == null || val.isEmpty()) {
 				iterator.remove();
 				continue;
 			}

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -6595,6 +6595,18 @@
                     </xsd:documentation>
                 </xsd:annotation>
             </xsd:element>
+            <xsd:element name="securityPolicyRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
+                <xsd:annotation>
+                    <xsd:documentation>
+                    	<p>
+                        	Reference to the object type security policy settings.
+                        </p>
+                    </xsd:documentation>
+                    <xsd:appinfo>
+            			<a:objectReferenceTargetType>tns:SecurityPolicyType</a:objectReferenceTargetType>
+            		</xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
             <xsd:element name="lifecycle" minOccurs="0" type="tns:ResourceObjectLifecycleDefinitionType">
                 <xsd:annotation>
                     <xsd:documentation>
@@ -8167,10 +8179,16 @@
             <xsd:element name="passwordPolicyRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
                 <xsd:annotation>
                     <xsd:documentation>
-                        Reference to the account type password policy settings.
+                    	<p>
+                        	Reference to the account type password policy settings.
+                        </p>
+                        <p>
+                        	DEPRECATED: use securityPolicyRef in objectType element instead.
+                        </p>
                     </xsd:documentation>
                     <xsd:appinfo>
             			<a:objectReferenceTargetType>tns:ValuePolicyType</a:objectReferenceTargetType>
+            			<a:deprecated>true</a:deprecated>
             		</xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>

infra/schema/src/main/resources/xml/ns/public/common/common-model-context-3.xsd

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-  ~ Copyright (c) 2010-2017 Evolveum
+  ~ Copyright (c) 2010-2019 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -443,18 +443,26 @@
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>
+                    <xsd:element name="projectionSecurityPolicyRef" type="c:ObjectReferenceType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:appinfo>
+                                <a:objectReferenceTargetType>c:SecurityPolicyType</a:objectReferenceTargetType>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
                     <xsd:element name="accountPasswordPolicy" type="c:ValuePolicyType" minOccurs="0">
                         <xsd:annotation>
                             <xsd:appinfo>
                                 <a:objectReference>tns:accountPasswordPolicyRef</a:objectReference>
+                                <a:deprecated>true</a:deprecated>
                             </xsd:appinfo>
                         </xsd:annotation>
                     </xsd:element>
                     <xsd:element name="accountPasswordPolicyRef" type="c:ObjectReferenceType" minOccurs="0">
                         <xsd:annotation>
                             <xsd:appinfo>
                                 <a:objectReferenceTargetType>c:ValuePolicyType</a:objectReferenceTargetType>
-                                <a:composite>true</a:composite>
+                                <a:deprecated>true</a:deprecated>
                             </xsd:appinfo>
                         </xsd:annotation>
                     </xsd:element>

model/model-common/src/test/resources/expression/expression/account-jack-dummy.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2017 Evolveum
+  ~ Copyright (c) 2010-2019 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
   ~ limitations under the License.
   -->
 
-<account
+<shadow
 	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
@@ -33,4 +33,4 @@
 	<activation>
 		<administrativeStatus>enabled</administrativeStatus>
 	</activation>
-</account>
+</shadow>

model/model-common/src/test/resources/expression/functions/account-jack.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2017 Evolveum
+  ~ Copyright (c) 2010-2019 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
   ~ limitations under the License.
   -->
 
-<account
+<shadow
 	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
@@ -33,4 +33,4 @@
 		<ri:weapon xsi:type="xsd:string">rum</ri:weapon>
 		<ri:weapon xsi:type="xsd:string">smell</ri:weapon>
 	</attributes>
-</account>
+</shadow>

model/model-common/src/test/resources/mapping/account-inbound-mapping.xml

@@ -15,7 +15,7 @@
   ~ limitations under the License.
   -->
 
-<account
+<shadow
 	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
@@ -30,4 +30,4 @@
 		<icfs:name>CN=Pavol Rufus/O=SEPSAS/C=SK</icfs:name>
 		<ri:uid xsi:type="xsd:string">pavolr</ri:uid>
 	</attributes>
-</account>
+</shadow>

model/model-common/src/test/resources/mapping/account-jack.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2017 Evolveum
+  ~ Copyright (c) 2010-2019 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
   ~ limitations under the License.
   -->
 
-<account
+<shadow
 	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
 	xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
@@ -33,4 +33,4 @@
 		<ri:weapon xsi:type="xsd:string">rum</ri:weapon>
 		<ri:weapon xsi:type="xsd:string">smell</ri:weapon>
 	</attributes>
-</account>
+</shadow>

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensProjectionContext.java

@@ -204,7 +204,7 @@ public class LensProjectionContext extends LensElementContext<ShadowType> implem
     private transient Collection<RefinedObjectClassDefinition> auxiliaryObjectClassDefinitions;
     private transient CompositeRefinedObjectClassDefinition compositeObjectClassDefinition;
 
-    private ValuePolicyType accountPasswordPolicy;
+    private SecurityPolicyType projectionSecurityPolicy;
 
     /**
      * Resource that hosts this projection.
@@ -736,9 +736,13 @@ public Collection<ResourceObjectTypeDependencyType> getDependencies() {
 		}
 		return dependencies;
 	}
+
+	public SecurityPolicyType getProjectionSecurityPolicy() {
+		return projectionSecurityPolicy;
+	}
 
-	public ValuePolicyType getAccountPasswordPolicy() {
-		return accountPasswordPolicy;
+	public void setProjectionSecurityPolicy(SecurityPolicyType projectionSecurityPolicy) {
+		this.projectionSecurityPolicy = projectionSecurityPolicy;
 	}
 
 	public void setCanProject(boolean canProject) {
@@ -749,10 +753,6 @@ public boolean isCanProject() {
 		return canProject;
 	}
 
-	public void setAccountPasswordPolicy(ValuePolicyType accountPasswordPolicy) {
-		this.accountPasswordPolicy = accountPasswordPolicy;
-	}
-
 	public AssignmentPolicyEnforcementType getAssignmentPolicyEnforcementType() throws SchemaException {
 		// TODO: per-resource assignment enforcement
 		ResourceType resource = getResource();
@@ -1425,8 +1425,10 @@ void addToPrismContainer(PrismContainer<LensProjectionContextType> lensProjectio
 	        lensProjectionContextType.setIsActive(isActive);
 	        lensProjectionContextType.setIsLegal(isLegal);
 	        lensProjectionContextType.setIsLegalOld(isLegalOld);
-	        if (exportType != LensContext.ExportType.REDUCED) {
-		        lensProjectionContextType.setAccountPasswordPolicy(CloneUtil.clone(accountPasswordPolicy));
+	        if (exportType != LensContext.ExportType.REDUCED && projectionSecurityPolicy != null) {
+	        	ObjectReferenceType secRef = new ObjectReferenceType();
+	        	secRef.asReferenceValue().setObject(projectionSecurityPolicy.asPrismObject());
+				lensProjectionContextType.setProjectionSecurityPolicyRef(secRef);
 	        }
 	        lensProjectionContextType.setSyncAbsoluteTrigger(syncAbsoluteTrigger);
         }
@@ -1467,7 +1469,10 @@ public static LensProjectionContext fromLensProjectionContextType(LensProjection
         projectionContext.doReconciliation = projectionContextType.isDoReconciliation() != null ? projectionContextType.isDoReconciliation() : false;
         projectionContext.synchronizationSituationDetected = projectionContextType.getSynchronizationSituationDetected();
         projectionContext.synchronizationSituationResolved = projectionContextType.getSynchronizationSituationResolved();
-        projectionContext.accountPasswordPolicy = projectionContextType.getAccountPasswordPolicy();
+        ObjectReferenceType projectionSecurityPolicyRef = projectionContextType.getProjectionSecurityPolicyRef();
+        if (projectionSecurityPolicyRef != null) {
+        	projectionContext.projectionSecurityPolicy = (SecurityPolicyType) projectionSecurityPolicyRef.getObjectable();
+        }
         projectionContext.syncAbsoluteTrigger = projectionContextType.isSyncAbsoluteTrigger();
 
         return projectionContext;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java

@@ -1337,23 +1337,9 @@ private <F extends ObjectType> void finishLoadOfProjectionContext(LensContext<F>
 		//Determine refined schema and password policies for account type
 		RefinedObjectClassDefinition structuralObjectClassDef = projContext.getStructuralObjectClassDefinition();
 		if (structuralObjectClassDef != null) {
-			LOGGER.trace("Finishing loading of projection context: password policy");
-			ObjectReferenceType passwordPolicyRef = structuralObjectClassDef.getPasswordPolicy();
-			if (passwordPolicyRef != null && passwordPolicyRef.getOid() != null) {
-				LOGGER.trace("Loading password policy {} for projection context: {}", passwordPolicyRef, projContext);
-				PrismObject<ValuePolicyType> passwordPolicy = cacheRepositoryService.getObject(
-						ValuePolicyType.class, passwordPolicyRef.getOid(), null, result);
-				if (passwordPolicy != null) {
-					LOGGER.trace("Found password policy: {}", passwordPolicy);
-					projContext.setAccountPasswordPolicy(passwordPolicy.asObjectable());
-				} else {
-					LOGGER.trace("No password policy found for projection context");
-				}
-			} else {
-				LOGGER.trace("Password policy not defined for the projection context.");
-			}
+			loadProjectionSecurityPolicy(context, projContext, task, result);
 		} else {
-			LOGGER.trace("No structural object class definition, skipping determining password policy");
+			LOGGER.trace("No structural object class definition, skipping determining security policy");
 		}
 
 		//set limitation, e.g. if this projection context should be recomputed and processed by projector
@@ -1368,6 +1354,51 @@ private <F extends ObjectType> void finishLoadOfProjectionContext(LensContext<F>
 		setPrimaryDeltaOldValue(projContext);
 	}
 
+	private <F extends ObjectType> void loadProjectionSecurityPolicy(LensContext<F> context,
+			LensProjectionContext projContext, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException {
+		LOGGER.trace("Finishing loading of projection context: security policy");
+		ObjectReferenceType securityPolicyRef = projContext.getStructuralObjectClassDefinition().getSecurityPolicyRef();
+		if (securityPolicyRef == null || securityPolicyRef.getOid() == null) {
+			LOGGER.trace("Security policy not defined for the projection context.");
+			loadProjectionLegacyPasswordPolicy(context, projContext, task, result);
+			return;
+		}
+		LOGGER.trace("Loading security policy {} for projection context: {}", securityPolicyRef, projContext);
+		PrismObject<SecurityPolicyType> securityPolicy = cacheRepositoryService.getObject(SecurityPolicyType.class, securityPolicyRef.getOid(), null, result);
+		if (securityPolicy == null) {
+			LOGGER.debug("Security policy {} defined for the projection does not exist", securityPolicyRef);
+			return;
+		}
+		LOGGER.trace("Found legacy password policy: {}", securityPolicy);
+		projContext.setProjectionSecurityPolicy(securityPolicy.asObjectable());
+	}
+
+
+	private <F extends ObjectType> void loadProjectionLegacyPasswordPolicy(LensContext<F> context,
+			LensProjectionContext projContext, Task task, OperationResult result) throws SchemaException, ObjectNotFoundException {
+		ObjectReferenceType passwordPolicyRef = projContext.getStructuralObjectClassDefinition().getPasswordPolicy();
+		if (passwordPolicyRef == null || passwordPolicyRef.getOid() == null) {
+			LOGGER.trace("Legacy password policy not defined for the projection context.");
+			return;
+		}
+		LOGGER.trace("Loading legacy password policy {} for projection context: {}", passwordPolicyRef, projContext);
+		PrismObject<ValuePolicyType> passwordPolicy = cacheRepositoryService.getObject(
+					ValuePolicyType.class, passwordPolicyRef.getOid(), null, result);
+		if (passwordPolicy == null) {
+			LOGGER.debug("Legacy password policy {} defined for the projection does not exist", passwordPolicyRef);
+			return;
+		}
+		ObjectReferenceType dummyPasswordPolicyRef = new ObjectReferenceType();
+		dummyPasswordPolicyRef.asReferenceValue().setObject(passwordPolicy);
+		PrismObject<SecurityPolicyType> securityPolicy = prismContext.createObject(SecurityPolicyType.class);
+		securityPolicy.asObjectable()
+			.beginCredentials()
+				.beginPassword()
+					.valuePolicyRef(dummyPasswordPolicyRef);
+		projContext.setProjectionSecurityPolicy(securityPolicy.asObjectable());
+	}
+
+
 	private <F extends ObjectType> boolean needToReload(LensContext<F> context,
 			LensProjectionContext projContext) {
 		ResourceShadowDiscriminator discr = projContext.getResourceShadowDiscriminator();