Adding initial objects to config directory

config/initial-objects/010-value-policy.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<valuePolicy oid="00000000-0000-0000-0000-000000000003"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
+        version="0">
+    <name>
+        <t:orig>Default Password Policy</t:orig>
+        <t:norm>default password policy</t:norm>
+    </name>
+    <description>Default password policy</description>
+    <lifetime>
+        <expiration>999</expiration>
+        <warnBeforeExpiration>9</warnBeforeExpiration>
+        <lockAfterExpiration>0</lockAfterExpiration>
+        <minPasswordAge>0</minPasswordAge>
+        <passwordHistoryLength>0</passwordHistoryLength>
+    </lifetime>
+    <stringPolicy>
+        <description>Testing string policy</description>
+        <limitations>
+            <minLength>5</minLength>
+            <!-- 			<maxLength>8</maxLength> -->
+            <minUniqueChars>3</minUniqueChars>
+            <checkAgainstDictionary>true</checkAgainstDictionary>
+            <checkPattern />
+            <!-- 			<limit> -->
+            <!-- 				<description>Alphas</description> -->
+            <!-- 				<minOccurs>1</minOccurs> -->
+            <!-- 				<maxOccurs>5</maxOccurs> -->
+            <!-- 				<mustBeFirst>false</mustBeFirst> -->
+            <!-- 				<characterClass> -->
+            <!-- 					<value>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</value> -->
+            <!-- 				</characterClass> -->
+            <!-- 			</limit> -->
+            <!-- 			<limit> -->
+            <!-- 				<description>Numbers</description> -->
+            <!-- 				<minOccurs>1</minOccurs> -->
+            <!-- 				<maxOccurs>5</maxOccurs> -->
+            <!-- 				<mustBeFirst>false</mustBeFirst> -->
+            <!-- 				<characterClass> -->
+            <!-- 					<value>1234567890</value> -->
+            <!-- 				</characterClass> -->
+            <!-- 			</limit> -->
+        </limitations>
+    </stringPolicy>
+    <minOccurs>0</minOccurs>
+</valuePolicy>

config/initial-objects/020-system-configuration.xml

@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<systemConfiguration oid="00000000-0000-0000-0000-000000000001" version="0"
+                     xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+                     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+                     xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
+    <name>SystemConfiguration</name>
+    <!--         <globalAccountSynchronizationSettings> -->
+    <!--         <assignmentPolicyEnforcement>relative</assignmentPolicyEnforcement> -->
+    <!--         </globalAccountSynchronizationSettings> -->
+    <globalPasswordPolicyRef oid="00000000-0000-0000-0000-000000000003" type="c:ValuePolicyType"/>
+    <logging>
+        <classLogger>
+            <!-- disabled because of MID-744, helper insert messages on ERROR
+            level which should not be there (probably should be on TRACE) -->
+            <level>OFF</level>
+            <package>org.hibernate.engine.jdbc.spi.SqlExceptionHelper</package>
+        </classLogger>
+        <!-- Disabled because we treat locking-related exceptions in the repository.
+             Otherwise the log is filled-in with (innocent but ugly-looking) messages like
+             "ERROR (o.h.engine.jdbc.batch.internal.BatchingBatch): HHH000315: Exception executing batch [Deadlock detected.
+             The current transaction was rolled back." -->
+        <classLogger>
+            <level>OFF</level>
+            <package>org.hibernate.engine.jdbc.batch.internal.BatchingBatch</package>
+        </classLogger>
+        <classLogger>
+            <!-- disabled because of MID-1612, jasper library needs to be fixed -->
+            <level>OFF</level>
+            <package>net.sf.jasperreports.engine.fill.JRFillDataset</package>
+        </classLogger>
+        <classLogger>
+            <!-- disabled because we don't need to see every property file
+            loading message (unnecessary log pollution) -->
+            <level>WARN</level>
+            <package>org.apache.wicket.resource.PropertiesFactory</package>
+        </classLogger>
+        <classLogger>
+            <!-- Standard useful logger -->
+            <level>INFO</level>
+            <package>com.evolveum.midpoint.model.lens.projector.Projector</package>
+        </classLogger>
+        <classLogger>
+            <!-- Standard useful logger -->
+            <level>INFO</level>
+            <package>com.evolveum.midpoint.model.lens.Clockwork</package>
+        </classLogger>
+
+        <appender xsi:type="c:FileAppenderConfigurationType" name="IDM_LOG"
+                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern>
+            <fileName>${catalina.base}/logs/idm.log</fileName>
+            <filePattern>${catalina.base}/logs/idm-%d{yyyy-MM-dd}.%i.log</filePattern>
+            <maxHistory>10</maxHistory>
+            <maxFileSize>100MB</maxFileSize>
+            <append>true</append>
+        </appender>
+        <!-- Appender for profiling purposes -->
+        <appender xsi:type="c:FileAppenderConfigurationType" name="IDM-PROFILE_LOG"
+                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <pattern>%date %level: %msg%n</pattern>
+            <fileName>${catalina.base}/logs/idm-profile.log</fileName>
+            <filePattern>${catalina.base}/logs/idm-profile-%d{yyyy-MM-dd}.%i.log</filePattern>
+            <maxHistory>10</maxHistory>
+            <maxFileSize>100MB</maxFileSize>
+            <append>true</append>
+        </appender>
+        <rootLoggerAppender>IDM_LOG</rootLoggerAppender>
+        <rootLoggerLevel>INFO</rootLoggerLevel>
+        <auditing>
+            <enabled>false</enabled>
+            <details>false</details>
+        </auditing>
+    </logging>
+    <cleanupPolicy>
+        <auditRecords>
+            <maxAge>P3M</maxAge>
+        </auditRecords>
+        <closedTasks>
+            <maxAge>P1M</maxAge>
+        </closedTasks>
+    </cleanupPolicy>
+</systemConfiguration>

config/initial-objects/030-role-superuser.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<role oid="00000000-0000-0000-0000-000000000004"
+      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+    <name>Superuser</name>
+    <description>Role that gives user full authorization in MidPoint.</description>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all</action>
+    </authorization>
+</role>

config/initial-objects/040-role-enduser.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<role oid="00000000-0000-0000-0000-000000000008"
+      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+    <name>End user</name>
+    <description>Role authorizing end users to log in, change their passwords and review assigned accounts.</description>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard</action>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords</action>
+    </authorization>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
+        <object>
+            <special>self</special>
+        </object>
+    </authorization>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
+        <object>
+            <type>ShadowType</type>
+            <owner>
+                <special>self</special>
+            </owner>
+        </object>
+    </authorization>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
+        <item>credentials</item>
+    </authorization>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
+        <object>
+            <type>ShadowType</type>
+            <owner>
+                <special>self</special>
+            </owner>
+        </object>
+
+        <item>credentials</item>
+    </authorization>
+    <authorization>
+        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
+        <object>
+            <type>OrgType</type>
+        </object>
+        <object>
+            <type>ResourceType</type>
+        </object>
+        <object>
+            <type>RoleType</type>
+        </object>
+    </authorization>
+</role>

config/initial-objects/050-user-administrator.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<c:user oid="00000000-0000-0000-0000-000000000002"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
+    <c:name>
+        <t:orig>administrator</t:orig>
+        <t:norm>administrator</t:norm>
+    </c:name>
+    <c:fullName>
+        <t:orig>midPoint Administrator</t:orig>
+        <t:norm>midpoint administrator</t:norm>
+    </c:fullName>
+    <c:givenName>
+        <t:orig>midPoint</t:orig>
+        <t:norm>midpoint</t:norm>
+    </c:givenName>
+    <c:familyName>
+        <t:orig>Administrator</t:orig>
+        <t:norm>administrator</t:norm>
+    </c:familyName>
+    <c:assignment>
+        <c:targetRef oid="00000000-0000-0000-0000-000000000004" type="c:RoleType"/>
+    </c:assignment>
+    <c:activation>
+        <c:administrativeStatus>enabled</c:administrativeStatus>
+    </c:activation>
+    <c:credentials xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+        <c:password>
+            <c:value>
+         		<t:clearValue>5ecr3t</t:clearValue>
+         	</c:value>
+        </c:password>
+    </c:credentials>
+</c:user>

config/initial-objects/060-task-cleanup.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<task oid="00000000-0000-0000-0000-000000000005"
+      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+
+    <name>Cleanup</name>
+    <description>A system task that repeatedly checks for outdated objects (e.g. closed tasks, old audit records) and removes them.</description>
+    <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
+    <executionStatus>runnable</executionStatus>
+
+    <category>System</category>
+    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/cleanup/handler-3</handlerUri>
+    <recurrence>recurring</recurrence>
+    <binding>loose</binding>
+    <schedule>
+        <interval>86400</interval>
+    </schedule>
+</task>

config/initial-objects/070-task-validity.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<task oid="00000000-0000-0000-0000-000000000006"
+      xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+
+    <name>Validity Scanner</name>
+    <description>A system task that maintains effective status of objects, based on their validity time constraints.</description>
+    <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
+    <executionStatus>runnable</executionStatus>
+
+    <category>System</category>
+    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/focus-validation-scanner/handler-3</handlerUri>
+    <recurrence>recurring</recurrence>
+    <binding>loose</binding>
+    <schedule>
+        <interval>900</interval>
+    </schedule>
+</task>