attributeDTOs = null;
+ if (StringUtils.isNotBlank(policy.getPolicy())) {
+ PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(policy.getPolicy());
+ attributeDTOs = policyAttributeBuilder.getAttributesFromPolicy();
+ }
+ if (attributeDTOs != null && !attributeDTOs.isEmpty()) {
+ policy.setAttributeDTOs(attributeDTOs.toArray(new AttributeDTO[0]));
+ }
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ policyDAO.insertPolicy(policy, tenantId);
+ }
+
+ /**
+ * Gets the requested policy.
+ *
+ * @param policyId policy ID.
+ * @return policyDTO object.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public PolicyDTO getPAPPolicy(String policyId) throws EntitlementException {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving entitlement policy %s", policyId));
+ }
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ return policyDAO.getPAPPolicy(policyId, tenantId);
+ }
+
+ /**
+ * Gets the requested policy list.
+ *
+ * Note: The `policyIds` parameter is ignored. This method retrieves the full list of PAP policies from the database
+ * regardless of the provided policy IDs.
+ *
+ *
+ * @param policyIds A list of policy IDs. This parameter is ignored.
+ * @return policyDTO.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public List getPAPPolicies(List policyIds) throws EntitlementException {
+
+ LOG.debug("Retrieving all PAP entitlement policies");
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ return policyDAO.getAllPAPPolicies(tenantId);
+ }
+
+ /**
+ * Gets the requested policy version. Returns the latest version if version is not specified.
+ *
+ * @param policyId policy ID.
+ * @param version policy version.
+ * @return policyDTO object.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ // Zero means current version
+ if (StringUtils.isBlank(version)) {
+ version = policyDAO.getLatestPolicyVersion(policyId, tenantId);
+ if (StringUtils.isBlank(version)) {
+ throw new EntitlementException("Invalid policy version");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving entitlement policy %s for the given version %s", policyId, version));
+ }
+ return policyDAO.getPapPolicyByVersion(policyId, version, tenantId);
+ }
+
+ /**
+ * Gets all versions of the given policy ID.
+ *
+ * @param policyId policy ID.
+ * @return array of policy versions.
+ */
+ @Override
+ public String[] getVersions(String policyId) {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ List versions = policyDAO.getPolicyVersions(policyId, tenantId);
+ return versions.toArray(new String[0]);
+ }
+
+ /**
+ * Lists all PAP policy IDs.
+ *
+ * @return list of policy IDs.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public List listPolicyIds() throws EntitlementException {
+
+ LOG.debug("Retrieving all entitlement policy IDs");
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ return policyDAO.getPAPPolicyIds(tenantId);
+ }
+
+ /**
+ * Removes the given policy from PAP.
+ *
+ * @param policyId policy ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public void removePolicy(String policyId) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Removing entitlement policy %s", policyId));
+ }
+ if (StringUtils.isBlank(policyId)) {
+ throw new EntitlementException("Invalid policy id. Policy id can not be null");
+ }
+ policyDAO.deletePAPPolicy(policyId, tenantId);
+ }
+
+ /**
+ * Gets the name of the module.
+ *
+ * @return name as String.
+ */
+ @Override
+ public String getModuleName() {
+
+ return MODULE_NAME;
+ }
+
+ /**
+ * Gets the published policy for the given policy ID.
+ *
+ * @param policyId policy id as a string value.
+ * @return policy as string.
+ */
+ @Override
+ public String getPolicy(String policyId) {
+
+ PolicyStoreDTO dto = getPublishedPolicy(policyId);
+ return dto.getPolicy();
+ }
+
+ /**
+ * Gets the policy order.
+ *
+ * @param policyId policy id as a string value.
+ * @return policy order.
+ */
+ @Override
+ public int getPolicyOrder(String policyId) {
+
+ PolicyStoreDTO dto = getPublishedPolicy(policyId);
+ return dto.getPolicyOrder();
+ }
+
+ /**
+ * Gets all supported active, published policies.
+ * If policy ordering is supported by the module itself, these policies must be ordered.
+ *
+ * @return array of policies as Strings.
+ */
+ @Override
+ public String[] getActivePolicies() {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Active policies has started at %s", new Date()));
+ }
+
+ List policies = new ArrayList<>();
+
+ try {
+ PolicyStoreDTO[] policyDTOs = getAllPolicies(true, true);
+ for (PolicyStoreDTO dto : policyDTOs) {
+ if (StringUtils.isNotBlank(dto.getPolicy())) {
+ policies.add(dto.getPolicy());
+ }
+ }
+ } catch (EntitlementException e) {
+ LOG.error(ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER, e);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Active policies has finished at %s", new Date()));
+ }
+
+ return policies.toArray(new String[0]);
+ }
+
+ /**
+ * Gets all supported ordered policy ids.
+ * If policy ordering is supported by the module itself, these policy ids must be ordered.
+ *
+ * @return array of policy ids as Strings.
+ */
+ @Override
+ public String[] getOrderedPolicyIdentifiers() {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Ordered Policy Ids has started at %s", new Date()));
+ }
+
+ List policies = new ArrayList<>();
+
+ try {
+ PolicyStoreDTO[] policyDTOs = getAllPolicies(false, true);
+ for (PolicyStoreDTO dto : policyDTOs) {
+ if (StringUtils.isNotBlank(dto.getPolicy())) {
+ policies.add(dto.getPolicyId());
+ }
+ }
+ } catch (EntitlementException e) {
+ LOG.error(ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER, e);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Ordered Policy Ids is finished at %s", new Date()));
+ }
+
+ return policies.toArray(new String[0]);
+ }
+
+ /**
+ * Gets all published policy ids.
+ *
+ * @return array of policy ids as Strings.
+ */
+ @Override
+ public String[] getPolicyIdentifiers() {
+
+ String[] policyIds = null;
+ try {
+ policyIds = listPublishedPolicyIds().toArray(new String[0]);
+ } catch (EntitlementException e) {
+ LOG.error("Policy identifiers can not be retrieved from the policy finder module", e);
+ }
+ return policyIds;
+ }
+
+ /**
+ * Gets reference policy for the given policy ID.
+ * Reference policy can not be with PDP policy store, may be in some external policy store.
+ * Therefore, a new method has been added to retrieve reference policies.
+ *
+ * @param policyId policy id as String value.
+ * @return reference policy as String.
+ */
+ @Override
+ public String getReferencedPolicy(String policyId) {
+
+ // Retrieve policies that are not active
+ PolicyStoreDTO dto = getPublishedPolicy(policyId);
+ if (dto != null && StringUtils.isNotBlank(dto.getPolicy()) && !dto.isActive()) {
+ return dto.getPolicy();
+ }
+ return null;
+ }
+
+ /**
+ * Gets attributes that are used for policy searching.
+ *
+ * @param identifier unique identifier to separate out search attributes.
+ * @param givenAttribute pre-given attributes to retrieve other attributes.
+ * @return return search attributes based on a given policy, Map of policy id with search attributes.
+ */
+ @Override
+ public Map> getSearchAttributes(String identifier, Set givenAttribute) {
+
+ try {
+ PolicyStoreDTO[] policyDTOs = getAllPolicies(true, true);
+ List policyDTOList = new ArrayList<>();
+ for (PolicyStoreDTO policyStoreDTO : policyDTOs) {
+ PolicyDTO policyDTO = getPAPPolicy(policyStoreDTO.getPolicyId());
+ policyDTOList.add(policyDTO);
+ }
+ if (policyDTOs.length > 0) {
+ return EntitlementUtil.getAttributesFromPolicies(policyDTOList.toArray(new PolicyDTO[0]));
+ }
+ } catch (EntitlementException e) {
+ LOG.error(ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER, e);
+ }
+ return Collections.emptyMap();
+ }
+
+ /**
+ * Gets support attribute searching scheme of the module.
+ *
+ * @return return scheme identifier value.
+ */
+ @Override
+ public int getSupportedSearchAttributesScheme() {
+
+ return PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER;
+ }
+
+ /**
+ * Publishes the given policy.
+ *
+ * @param policy policy to be published.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public void addPolicy(PolicyStoreDTO policy) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ if (policy == null || StringUtils.isBlank(policy.getPolicyId())) {
+ throw new EntitlementException("Policy and policy id can not be null");
+ }
+ if (StringUtils.isBlank(policy.getVersion())) {
+ throw new EntitlementException(String.format("Cannot publish policy %s. Invalid policy version.",
+ policy.getPolicyId()));
+ }
+ policyDAO.insertOrUpdatePolicy(policy, tenantId);
+ }
+
+ /**
+ * Updates the policy.
+ *
+ * @param policy policy.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public void updatePolicy(PolicyStoreDTO policy) throws EntitlementException {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Updating policy %s", policy.getPolicyId()));
+ }
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ if (policy == null || StringUtils.isBlank(policy.getPolicyId())) {
+ throw new EntitlementException("Policy and policy id can not be null");
+ }
+ if (policy.isSetActive() != policy.isSetOrder()) {
+ if (StringUtils.isBlank(policy.getVersion())) {
+ // Get published version
+ int version = policyDAO.getPublishedVersion(policy, tenantId);
+ if (version == -1) {
+ throw new EntitlementException(String.format("Cannot update policy %s. Invalid policy version.",
+ policy.getPolicyId()));
+ }
+ policy.setVersion(String.valueOf(version));
+ }
+ policyDAO.updateActiveStatusAndOrder(policy, tenantId);
+ } else {
+ addPolicy(policy);
+ }
+ }
+
+ /**
+ * Checks whether the given policy is published or not.
+ *
+ * @param policyId policy ID.
+ * @return whether the given policy is published or not.
+ */
+ @Override
+ public boolean isPolicyExist(String policyId) {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ if (StringUtils.isBlank(policyId)) {
+ return false;
+ }
+ return policyDAO.isPolicyPublished(policyId, tenantId);
+ }
+
+ /**
+ * Gets the requested published policy.
+ *
+ * @param policyId policy ID.
+ * @return requested policy.
+ */
+ @Override
+ public PolicyStoreDTO getPublishedPolicy(String policyId) {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving entitlement policy %s", policyId));
+ }
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ PolicyStoreDTO dto = policyDAO.getPDPPolicy(policyId, tenantId);
+ if (dto != null) {
+ return dto;
+ }
+ return new PolicyStoreDTO();
+ }
+
+ /**
+ * Lists all published policy IDs.
+ *
+ * @return list of published policy IDs.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public List listPublishedPolicyIds() throws EntitlementException {
+
+ LOG.debug("Retrieving all PDP entitlement policy ids");
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ return policyDAO.getPublishedPolicyIds(tenantId);
+ }
+
+ /**
+ * Un-publishes the policy.
+ *
+ * @param policyId policy ID.
+ */
+ @Override
+ public boolean deletePolicy(String policyId) {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ if (StringUtils.isBlank(policyId)) {
+ return false;
+ }
+ return policyDAO.unpublishPolicy(policyId, tenantId);
+ }
+
+ /**
+ * Checks the existence of the policy in PAP
+ *
+ * @param policyId policy ID.
+ * @return whether the policy exists in PAP or not.
+ */
+ public boolean isPolicyExistsInPap(String policyId) {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ if (policyId == null || policyId.trim().isEmpty()) {
+ return false;
+ }
+ return policyDAO.isPAPPolicyExists(policyId, tenantId);
+ }
+
+ /**
+ * Creates policy versions.
+ *
+ * @param policyDTO policyDTO.
+ * @return version.
+ * @throws EntitlementException throws, if fails.
+ */
+ private String createVersion(PolicyDTO policyDTO) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ PAPPolicyStoreManager manager = new PAPPolicyStoreManager();
+ String version = "0";
+
+ if (manager.isExistPolicy(policyDTO.getPolicyId())) {
+ PolicyDTO dto = manager.getLightPolicy(policyDTO.getPolicyId());
+ version = dto.getVersion();
+ }
+
+ int versionInt = Integer.parseInt(version);
+
+ // Check whether this is larger than max version
+ if (versionInt > maxVersions) {
+ // delete the older version
+ int olderVersion = versionInt - maxVersions;
+ policyDAO.deletePAPPolicyVersion(policyDTO.getPolicyId(), olderVersion, tenantId);
+ }
+
+ // New version
+ version = Integer.toString(versionInt + 1);
+ return version;
+ }
+
+ /**
+ * Reads all ordered and active policies as PolicyDTO.
+ *
+ * @param active only return active policies. Else return all policies.
+ * @param order return ordered policy.
+ * @return Array of PolicyDTO.
+ * @throws EntitlementException If an error occurs.
+ */
+ private PolicyStoreDTO[] getAllPolicies(boolean active, boolean order) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ PolicyStoreDTO[] policies;
+ policies = policyDAO.getAllPDPPolicies(tenantId);
+
+ if (policies.length == 0) {
+ return new PolicyStoreDTO[0];
+ }
+ List policyDTOList = new ArrayList<>();
+ for (PolicyStoreDTO policy : policies) {
+ if (active) {
+ if (policy.isActive()) {
+ policyDTOList.add(policy);
+ }
+ } else {
+ policyDTOList.add(policy);
+ }
+ }
+
+ PolicyStoreDTO[] policyDTOs = policyDTOList.toArray(new PolicyStoreDTO[0]);
+
+ if (order) {
+ Arrays.sort(policyDTOs, new PolicyOrderComparator());
+ }
+ return policyDTOs;
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/JDBCSimplePAPStatusDataHandler.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/JDBCSimplePAPStatusDataHandler.java
new file mode 100644
index 000000000000..05fd859f14de
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/JDBCSimplePAPStatusDataHandler.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.apache.commons.logging.Log;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.EntitlementUtil;
+import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler;
+import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.dto.StatusHolder;
+import org.wso2.carbon.identity.entitlement.persistence.dao.StatusDAO;
+
+import java.util.List;
+import java.util.Properties;
+
+/**
+ * This class handles the status data of the policies in the JDBC data store.
+ */
+public class JDBCSimplePAPStatusDataHandler implements PAPStatusDataHandler {
+
+ private static final Log AUDIT_LOG = CarbonConstants.AUDIT_LOG;
+ private static final String AUDIT_MESSAGE
+ = "Initiator : %s | Action : %s | Target : %s | Data : { %s } | Result : %s ";
+ private int maxRecords;
+ private static final StatusDAO statusDAO = new StatusDAO();
+
+ /**
+ * init entitlement status data handler module.
+ *
+ * @param properties properties.
+ */
+ @Override
+ public void init(Properties properties) {
+
+ maxRecords = EntitlementUtil.getMaxNoOfStatusRecords();
+ }
+
+ /**
+ * Handles the status data.
+ *
+ * @param about whether the status is about a policy or publisher.
+ * @param key key value of the status.
+ * @param statusHolders StatusHolder.
+ * @throws EntitlementException throws, if fails to handle.
+ */
+ @Override
+ public void handle(String about, String key, List statusHolders) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ // If the action is DELETE_POLICY, delete the policy or the subscriber status
+ for (StatusHolder holder : statusHolders) {
+ if (EntitlementConstants.StatusTypes.DELETE_POLICY.equals(holder.getType())) {
+ statusDAO.deleteStatusTrail(about, key, tenantId);
+ return;
+ }
+ }
+ amendStatusTrail(about, key, statusHolders, tenantId);
+ }
+
+ /**
+ * Returns status data.
+ *
+ * @param about indicates what is related with this admin status action.
+ * @param key key value of the status.
+ * @param type admin action type.
+ * @param searchString search string for StatusHolder.
+ * @return An array of StatusHolder.
+ * @throws EntitlementException if fails.
+ */
+ @Override
+ public StatusHolder[] getStatusData(String about, String key, String type, String searchString)
+ throws EntitlementException {
+
+ String statusAboutType = EntitlementConstants.Status.ABOUT_POLICY.equals(about)
+ ? EntitlementConstants.Status.ABOUT_POLICY
+ : EntitlementConstants.Status.ABOUT_SUBSCRIBER;
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ List holders = statusDAO.getStatus(key, statusAboutType, tenantId);
+ return EntitlementUtil.filterStatus(holders, searchString, about, type);
+ }
+
+ private void amendStatusTrail(String about, String key, List statusHolders, int tenantId)
+ throws EntitlementException {
+
+ boolean useLastStatusOnly = Boolean.parseBoolean(
+ IdentityUtil.getProperty(EntitlementConstants.PROP_USE_LAST_STATUS_ONLY));
+
+ if (statusHolders != null && !statusHolders.isEmpty()) {
+
+ if (useLastStatusOnly) {
+ // Delete all the previous statuses
+ statusDAO.deleteStatusTrail(about, key, tenantId);
+ auditAction(statusHolders.toArray(new StatusHolder[0]));
+ }
+
+ // Add new status to the database
+ statusDAO.insertStatus(about, key, statusHolders, tenantId);
+
+ if (!useLastStatusOnly) {
+ statusDAO.deleteExcessStatusData(about, key, tenantId, maxRecords);
+ }
+ }
+ }
+
+ private void auditAction(StatusHolder[] statusHolders) {
+
+ if (statusHolders != null) {
+ for (StatusHolder statusHolder : statusHolders) {
+ if (statusHolder != null) {
+ String initiator = statusHolder.getUser();
+ if (LoggerUtils.isLogMaskingEnable) {
+ initiator = LoggerUtils.getMaskedContent(initiator);
+ }
+ String action = statusHolder.getType();
+ String key = statusHolder.getKey();
+ String target = statusHolder.getTarget();
+ String targetAction = statusHolder.getTargetAction();
+ String result = "FAILURE";
+ if (statusHolder.isSuccess()) {
+ result = "SUCCESS";
+ }
+ String auditData = String.format("\"Key\" : \"%s\" , \"Target Action\" : \"%s\"",
+ key, targetAction);
+
+ AUDIT_LOG.info(String.format(AUDIT_MESSAGE, initiator, action, target, auditData, result));
+ }
+ }
+ }
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/JDBCSubscriberPersistenceManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/JDBCSubscriberPersistenceManager.java
new file mode 100644
index 000000000000..fe1b72e15c13
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/JDBCSubscriberPersistenceManager.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.core.util.CryptoException;
+import org.wso2.carbon.core.util.CryptoUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.EntitlementUtil;
+import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
+import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO;
+import org.wso2.carbon.identity.entitlement.persistence.cache.CacheBackedSubscriberDAO;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * This class handles the JDBC operations of the subscribers in the data store.
+ */
+public class JDBCSubscriberPersistenceManager implements SubscriberPersistenceManager {
+
+ private static final Log LOG = LogFactory.getLog(JDBCSubscriberPersistenceManager.class);
+ private static final String ERROR_SUBSCRIBER_ID_NULL = "Subscriber Id can not be null";
+ private static final CacheBackedSubscriberDAO subscriberDAO = CacheBackedSubscriberDAO.getInstance();
+
+ /**
+ * Gets the requested subscriber.
+ *
+ * @param subscriberId subscriber ID.
+ * @param shouldDecryptSecrets whether the subscriber should get returned with secret(decrypted) values or not.
+ * @return publisher data holder.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public PublisherDataHolder getSubscriber(String subscriberId, boolean shouldDecryptSecrets)
+ throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ PublisherDataHolder publisherDataHolder = subscriberDAO.getSubscriber(subscriberId, tenantId);
+ if (publisherDataHolder == null) {
+ return null;
+ }
+ if (shouldDecryptSecrets) {
+ decryptSecretProperties(publisherDataHolder.getPropertyDTOs());
+ }
+ return publisherDataHolder;
+ }
+
+ /**
+ * Gets all subscriber IDs.
+ *
+ * @param filter search string.
+ * @return list of subscriber IDs.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public List listSubscriberIds(String filter) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ List subscriberIdList = subscriberDAO.getSubscriberIds(tenantId);
+ return EntitlementUtil.filterSubscribers(subscriberIdList, filter);
+ }
+
+ /**
+ * Adds a subscriber.
+ *
+ * @param holder publisher data holder.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public void addSubscriber(PublisherDataHolder holder) throws EntitlementException {
+
+ String subscriberId = EntitlementUtil.resolveSubscriberId(holder);
+ if (subscriberId == null) {
+ throw new EntitlementException(ERROR_SUBSCRIBER_ID_NULL);
+ }
+
+ if (isSubscriberExists(subscriberId)) {
+ throw new EntitlementException("Subscriber ID already exists");
+ }
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ subscriberDAO.insertSubscriber(subscriberId, holder, tenantId);
+ }
+
+ /**
+ * Updates a subscriber.
+ *
+ * @param holder publisher data holder.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public void updateSubscriber(PublisherDataHolder holder) throws EntitlementException {
+
+ String subscriberId = EntitlementUtil.resolveSubscriberId(holder);
+ if (subscriberId == null) {
+ throw new EntitlementException(ERROR_SUBSCRIBER_ID_NULL);
+ }
+
+ if (isSubscriberExists(subscriberId)) {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ PublisherDataHolder oldHolder = getSubscriber(subscriberId, false);
+ String updatedModuleName = getUpdatedModuleName(holder, oldHolder);
+ PublisherPropertyDTO[] updatedPropertyDTOs = getUpdatedPropertyDTOs(holder, oldHolder);
+ updatedPropertyDTOs = encryptUpdatedSecretProperties(updatedPropertyDTOs);
+ subscriberDAO.updateSubscriber(subscriberId, updatedModuleName, updatedPropertyDTOs, tenantId);
+ } else {
+ throw new EntitlementException("Subscriber ID does not exist; update cannot be done");
+ }
+ }
+
+ /**
+ * Removes the subscriber of the given subscriber ID.
+ *
+ * @param subscriberId subscriber ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public void removeSubscriber(String subscriberId) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+ if (StringUtils.isBlank(subscriberId)) {
+ throw new EntitlementException(ERROR_SUBSCRIBER_ID_NULL);
+ }
+
+ if (EntitlementConstants.PDP_SUBSCRIBER_ID.equals(subscriberId.trim())) {
+ throw new EntitlementException("Cannot delete PDP publisher");
+ }
+
+ subscriberDAO.deleteSubscriber(subscriberId, tenantId);
+ }
+
+ /**
+ * Checks whether a subscriber exists.
+ *
+ * @param subscriberId subscriber ID.
+ * @return whether the subscriber exists or not.
+ * @throws EntitlementException If an error occurs.
+ */
+ public boolean isSubscriberExists(String subscriberId) throws EntitlementException {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ return subscriberDAO.isSubscriberExists(subscriberId, tenantId);
+ }
+
+ private String getUpdatedModuleName(PublisherDataHolder holder, PublisherDataHolder oldHolder) {
+
+ if (holder == null || oldHolder == null) {
+ return null;
+ }
+ if (!oldHolder.getModuleName().equalsIgnoreCase(holder.getModuleName())) {
+ return holder.getModuleName();
+ }
+ return null;
+ }
+
+ private PublisherPropertyDTO[] getUpdatedPropertyDTOs(PublisherDataHolder holder, PublisherDataHolder oldHolder) {
+
+ if (holder == null || oldHolder == null) {
+ return new PublisherPropertyDTO[0];
+ }
+ List updatedPropertyDTOs = new ArrayList<>();
+ for (PublisherPropertyDTO newPropertyDTO : holder.getPropertyDTOs()) {
+ if (StringUtils.isNotBlank(newPropertyDTO.getId()) && StringUtils.isNotBlank(newPropertyDTO.getValue())) {
+
+ PublisherPropertyDTO oldPropertyDTO = oldHolder.getPropertyDTO(newPropertyDTO.getId());
+ if (oldPropertyDTO == null || !oldPropertyDTO.getValue().equalsIgnoreCase(newPropertyDTO.getValue())) {
+ updatedPropertyDTOs.add(newPropertyDTO);
+ }
+ }
+ }
+ return updatedPropertyDTOs.toArray(new PublisherPropertyDTO[0]);
+ }
+
+ /**
+ * Sets the base64 encoded secret value of the secret subscriber properties, if it has been updated.
+ *
+ * @param propertyDTOs list of subscriber properties
+ */
+ private PublisherPropertyDTO[] encryptUpdatedSecretProperties(PublisherPropertyDTO[] propertyDTOs)
+ throws EntitlementException {
+
+ if (propertyDTOs == null) {
+ return new PublisherPropertyDTO[0];
+ }
+ List updatedPropertyDTOs = new ArrayList<>();
+ for (PublisherPropertyDTO propertyDTO : propertyDTOs) {
+ if (propertyDTO.isSecret()) {
+ try {
+ String encryptedValue = CryptoUtil.getDefaultCryptoUtil()
+ .encryptAndBase64Encode(propertyDTO.getValue().getBytes());
+ propertyDTO.setValue(encryptedValue);
+ } catch (CryptoException e) {
+ throw new EntitlementException("Error while encrypting secret value of subscriber. Update cannot " +
+ "proceed.", e);
+ }
+ }
+ updatedPropertyDTOs.add(propertyDTO);
+ }
+ return updatedPropertyDTOs.toArray(new PublisherPropertyDTO[0]);
+ }
+
+ /**
+ * Decrypts the secret values of the subscriber properties.
+ *
+ * @param properties list of subscriber properties
+ */
+ // TODO: check if we can use common secret table or a separate table
+ private void decryptSecretProperties(PublisherPropertyDTO[] properties) {
+
+ for (PublisherPropertyDTO dto : properties) {
+ if (dto.isSecret()) {
+ try {
+ String password = new String(CryptoUtil.getDefaultCryptoUtil()
+ .base64DecodeAndDecrypt(dto.getValue()));
+ dto.setValue(password);
+ } catch (CryptoException e) {
+ LOG.error("Error while decrypting secret value of subscriber.", e);
+ }
+ }
+ }
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PersistenceManagerConstants.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PersistenceManagerConstants.java
new file mode 100644
index 000000000000..2302c2b09fbf
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PersistenceManagerConstants.java
@@ -0,0 +1,314 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+/**
+ * DB related constant values.
+ */
+public class PersistenceManagerConstants {
+
+ private PersistenceManagerConstants() {
+
+ }
+
+ public static final String LIMIT = "LIMIT";
+ public static final String KEY = "KEY";
+ public static final String STATUS_COUNT = "COUNT";
+
+ public static class EntitlementTableColumns {
+
+ private EntitlementTableColumns() {
+
+ }
+
+ // IDN_XACML_POLICY table
+ public static final String POLICY_ID = "POLICY_ID";
+ public static final String VERSION = "VERSION";
+ public static final String TENANT_ID = "TENANT_ID";
+ public static final String LAST_MODIFIED_TIME = "LAST_MODIFIED_TIME";
+ public static final String LAST_MODIFIED_USER = "LAST_MODIFIED_USER";
+ public static final String IS_ACTIVE = "IS_ACTIVE";
+ public static final String POLICY_ORDER = "POLICY_ORDER";
+ public static final String POLICY_TYPE = "POLICY_TYPE";
+ public static final String POLICY_EDITOR = "POLICY_EDITOR";
+ public static final String POLICY = "POLICY";
+ public static final String IS_IN_PAP = "IS_IN_PAP";
+ public static final String IS_IN_PDP = "IS_IN_PDP";
+
+ // IDN_XACML_POLICY_EDITOR_DATA table
+ public static final String EDITOR_DATA_ORDER = "DATA_ORDER";
+ public static final String EDITOR_DATA = "DATA";
+
+ // IDN_XACML_POLICY_ATTRIBUTE table
+ public static final String ATTRIBUTE_ID = "ATTRIBUTE_ID";
+ public static final String ATTRIBUTE_VALUE = "ATTRIBUTE_VALUE";
+ public static final String DATA_TYPE = "DATA_TYPE";
+ public static final String CATEGORY = "CATEGORY";
+
+ // IDN_XACML_POLICY_REFERENCE table
+ public static final String REFERENCE = "REFERENCE";
+
+ // IDN_XACML_POLICY_SET_REFERENCE table
+ public static final String SET_REFERENCE = "SET_REFERENCE";
+
+ // IDN_XACML_SUBSCRIBER table
+ public static final String SUBSCRIBER_ID = "SUBSCRIBER_ID";
+ public static final String ENTITLEMENT_MODULE_NAME = "ENTITLEMENT_MODULE_NAME";
+
+ // IDN_XACML_SUBSCRIBER_PROPERTY table
+ public static final String PROPERTY_ID = "PROPERTY_ID";
+ public static final String DISPLAY_NAME = "DISPLAY_NAME";
+ public static final String IS_REQUIRED = "IS_REQUIRED";
+ public static final String DISPLAY_ORDER = "DISPLAY_ORDER";
+ public static final String IS_SECRET = "IS_SECRET";
+ public static final String MODULE = "PROPERTY_MODULE";
+ public static final String PROPERTY_VALUE = "PROPERTY_VALUE";
+
+ // IDN_XACML_POLICY_STATUS and IDN_XACML_SUBSCRIBER_STATUS tables
+ public static final String STATUS_TYPE = "TYPE";
+ public static final String IS_SUCCESS = "IS_SUCCESS";
+ public static final String USER = "USERNAME";
+ public static final String TARGET = "TARGET";
+ public static final String TARGET_ACTION = "TARGET_ACTION";
+ public static final String LOGGED_AT = "LOGGED_AT";
+ public static final String MESSAGE = "MESSAGE";
+ public static final String POLICY_VERSION = "POLICY_VERSION";
+
+ // IDN_XACML_CONFIG table
+ public static final String CONFIG_KEY = "CONFIG_KEY";
+ public static final String CONFIG_VALUE = "CONFIG_VALUE";
+ }
+
+ public static class DatabaseTypes {
+
+ private DatabaseTypes() {
+
+ }
+
+ public static final String MYSQL = "MySQL";
+ public static final String MSSQL = "Microsoft SQL Server";
+ public static final String ORACLE = "ORACLE";
+ public static final String MARIADB = "MariaDB";
+ public static final String DB2 = "DB2";
+ public static final String H2 = "H2";
+ public static final String POSTGRES = "PostgreSQL";
+ }
+
+ /**
+ * SQL queries for XACML policy storage and management.
+ */
+ public static class SQLQueries {
+
+ private SQLQueries() {
+
+ }
+
+ // TODO: revisit all queries using constants like, IN_PAP, IN_PDP, INACTIVE and check if they can be embedded
+ /**
+ * DB queries related to PAP policy store.
+ */
+ public static final String CREATE_PAP_POLICY_SQL = "INSERT INTO IDN_XACML_POLICY (POLICY_ID, VERSION, " +
+ " IS_IN_PDP, IS_IN_PAP, POLICY, IS_ACTIVE, POLICY_TYPE, POLICY_EDITOR, POLICY_ORDER, " +
+ "LAST_MODIFIED_TIME, LAST_MODIFIED_USER, TENANT_ID) VALUES (:POLICY_ID;, :VERSION;, :IS_IN_PDP;, " +
+ ":IS_IN_PAP;, :POLICY;, :IS_ACTIVE;, :POLICY_TYPE;, :POLICY_EDITOR;, :POLICY_ORDER;, " +
+ ":LAST_MODIFIED_TIME;, :LAST_MODIFIED_USER;, :TENANT_ID;)";
+ public static final String CREATE_PAP_POLICY_REFS_SQL = "INSERT INTO IDN_XACML_POLICY_REFERENCE " +
+ "(REFERENCE, POLICY_ID, VERSION, TENANT_ID) VALUES (:REFERENCE;, :POLICY_ID;, :VERSION;, :TENANT_ID;)";
+ public static final String CREATE_PAP_POLICY_SET_REFS_SQL = "INSERT INTO IDN_XACML_POLICY_SET_REFERENCE " +
+ "(SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID) VALUES (:SET_REFERENCE;, :POLICY_ID;, :VERSION;, " +
+ ":TENANT_ID;)";
+ public static final String CREATE_PAP_POLICY_ATTRIBUTES_SQL = "INSERT INTO IDN_XACML_POLICY_ATTRIBUTE " +
+ "(ATTRIBUTE_ID, ATTRIBUTE_VALUE, DATA_TYPE, CATEGORY, POLICY_ID, VERSION, TENANT_ID) VALUES " +
+ "(:ATTRIBUTE_ID;, :ATTRIBUTE_VALUE;, :DATA_TYPE;, :CATEGORY;, :POLICY_ID;, :VERSION;, :TENANT_ID;)";
+ public static final String CREATE_PAP_POLICY_EDITOR_DATA_SQL = "INSERT INTO IDN_XACML_POLICY_EDITOR_DATA " +
+ "(DATA_ORDER, DATA, POLICY_ID, VERSION, TENANT_ID) VALUES (:DATA_ORDER;, :DATA;, :POLICY_ID;, " +
+ ":VERSION;, :TENANT_ID;)";
+ public static final String GET_PAP_POLICY_IDS_SQL = "SELECT DISTINCT POLICY_ID FROM IDN_XACML_POLICY WHERE " +
+ "IS_IN_PAP= :IS_IN_PAP; AND TENANT_ID= :TENANT_ID;";
+ public static final String GET_PAP_POLICY_SQL =
+ "SELECT POLICY_ID, VERSION, LAST_MODIFIED_TIME, LAST_MODIFIED_USER, IS_ACTIVE, POLICY_ORDER, " +
+ "POLICY_TYPE, POLICY_EDITOR, POLICY, TENANT_ID FROM IDN_XACML_POLICY WHERE " +
+ "IS_IN_PAP = :IS_IN_PAP; AND POLICY_ID = :POLICY_ID; AND VERSION = (SELECT MAX(VERSION) " +
+ "FROM IDN_XACML_POLICY WHERE POLICY_ID = :POLICY_ID; AND TENANT_ID= :TENANT_ID;) " +
+ "AND TENANT_ID = :TENANT_ID;";
+ public static final String GET_PAP_POLICY_REFS_SQL = "SELECT REFERENCE FROM IDN_XACML_POLICY_REFERENCE " +
+ "WHERE POLICY_ID=:POLICY_ID; AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PAP_POLICY_SET_REFS_SQL =
+ "SELECT SET_REFERENCE FROM IDN_XACML_POLICY_SET_REFERENCE WHERE " +
+ "POLICY_ID=:POLICY_ID; AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PAP_POLICY_EDITOR_DATA_SQL =
+ "SELECT DATA_ORDER, DATA FROM IDN_XACML_POLICY_EDITOR_DATA WHERE POLICY_ID=:POLICY_ID; AND " +
+ "VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PAP_POLICY_META_DATA_SQL = "SELECT ATTRIBUTE_ID, ATTRIBUTE_VALUE, DATA_TYPE, " +
+ "CATEGORY FROM IDN_XACML_POLICY_ATTRIBUTE WHERE POLICY_ID=:POLICY_ID; AND VERSION=:VERSION; " +
+ "AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PAP_POLICY_BY_VERSION_SQL = "SELECT POLICY_ID, LAST_MODIFIED_TIME, " +
+ "LAST_MODIFIED_USER, IS_ACTIVE, POLICY_ORDER, POLICY_TYPE, POLICY_EDITOR, POLICY, VERSION, TENANT_ID " +
+ "FROM IDN_XACML_POLICY WHERE IS_IN_PAP = :IS_IN_PAP; AND POLICY_ID = :POLICY_ID; AND " +
+ "VERSION = :VERSION; AND TENANT_ID = :TENANT_ID;";
+ public static final String GET_ALL_PAP_POLICIES_SQL = "SELECT t1.POLICY_ID, t1.VERSION, t1" +
+ ".LAST_MODIFIED_TIME, t1.LAST_MODIFIED_USER, t1.IS_ACTIVE, t1.POLICY_ORDER, t1.POLICY_TYPE, " +
+ "t1.POLICY_EDITOR, t1.POLICY, t1.TENANT_ID FROM IDN_XACML_POLICY t1 WHERE t1.IS_IN_PAP = :IS_IN_PAP; " +
+ "AND t1.VERSION =(SELECT MAX(VERSION) FROM IDN_XACML_POLICY t2 WHERE " +
+ "t2.POLICY_ID = t1.POLICY_ID AND t2.TENANT_ID = :TENANT_ID;) AND t1.TENANT_ID = :TENANT_ID;";
+ public static final String DELETE_PAP_POLICY_SQL = "UPDATE IDN_XACML_POLICY SET IS_IN_PAP=:IS_IN_PAP; " +
+ "WHERE IS_IN_PDP=:IS_IN_PDP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_PAP_POLICY_BY_VERSION_SQL =
+ "UPDATE IDN_XACML_POLICY SET IS_IN_PAP=:IS_IN_PAP; " +
+ "WHERE POLICY_ID=:POLICY_ID; AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_UNPUBLISHED_POLICY_VERSIONS_SQL = "DELETE FROM IDN_XACML_POLICY " +
+ "WHERE IS_IN_PDP=:IS_IN_PDP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_POLICY_SQL =
+ "DELETE FROM IDN_XACML_POLICY WHERE POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_POLICY_VERSION_SQL =
+ "DELETE FROM IDN_XACML_POLICY WHERE POLICY_ID=:POLICY_ID; " +
+ "AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+
+ /**
+ * DB queries related to PDP policy store.
+ */
+ public static final String CREATE_POLICY_COMBINING_ALGORITHM_SQL = "INSERT INTO IDN_XACML_CONFIG " +
+ "(CONFIG_KEY, CONFIG_VALUE, TENANT_ID) VALUES (:CONFIG_KEY;, :CONFIG_VALUE;, :TENANT_ID;)";
+ public static final String GET_POLICY_PDP_PRESENCE_SQL = "SELECT POLICY_ID FROM IDN_XACML_POLICY WHERE " +
+ "IS_IN_PDP=:IS_IN_PDP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_POLICY_PAP_PRESENCE_SQL = "SELECT POLICY_ID FROM IDN_XACML_POLICY WHERE " +
+ "IS_IN_PAP=:IS_IN_PAP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PDP_POLICY_SQL =
+ "SELECT POLICY, POLICY_ORDER, IS_ACTIVE, VERSION FROM IDN_XACML_POLICY WHERE IS_IN_PDP=:IS_IN_PDP; " +
+ "AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_POLICY_PDP_PRESENCE_BY_VERSION_SQL = "SELECT POLICY_ID FROM IDN_XACML_POLICY " +
+ "WHERE IS_IN_PDP=:IS_IN_PDP; AND POLICY_ID=:POLICY_ID; AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_ALL_PDP_POLICIES_SQL = "SELECT POLICY_ID, POLICY, POLICY_ORDER, IS_ACTIVE, " +
+ "VERSION FROM IDN_XACML_POLICY WHERE IS_IN_PDP=:IS_IN_PDP; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PDP_POLICY_IDS_SQL = "SELECT DISTINCT POLICY_ID FROM IDN_XACML_POLICY WHERE " +
+ "IS_IN_PDP=:IS_IN_PDP; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_PUBLISHED_POLICY_VERSION_SQL = "SELECT VERSION FROM IDN_XACML_POLICY WHERE " +
+ "IS_IN_PDP=:IS_IN_PDP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_ACTIVE_STATUS_AND_ORDER_SQL = "SELECT IS_ACTIVE, POLICY_ORDER FROM " +
+ "IDN_XACML_POLICY WHERE IS_IN_PDP=:IS_IN_PDP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_POLICY_COMBINING_ALGORITHM_SQL =
+ "SELECT CONFIG_VALUE FROM IDN_XACML_CONFIG WHERE CONFIG_KEY=:CONFIG_KEY; AND TENANT_ID=:TENANT_ID;";
+ public static final String UPDATE_ACTIVE_STATUS_SQL =
+ "UPDATE IDN_XACML_POLICY SET IS_ACTIVE=:IS_ACTIVE; WHERE POLICY_ID=:POLICY_ID; AND " +
+ "VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String UPDATE_ORDER_SQL = "UPDATE IDN_XACML_POLICY SET POLICY_ORDER=:POLICY_ORDER; WHERE " +
+ "POLICY_ID=:POLICY_ID; AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_PUBLISHED_VERSIONS_SQL =
+ "UPDATE IDN_XACML_POLICY SET IS_IN_PDP=:IS_IN_PDP;, IS_ACTIVE=:IS_ACTIVE;, POLICY_ORDER=:POLICY_ORDER;" +
+ " WHERE IS_IN_PDP=:IS_IN_PDP_1; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String PUBLISH_POLICY_VERSION_SQL =
+ "UPDATE IDN_XACML_POLICY SET IS_IN_PDP=:IS_IN_PDP; WHERE POLICY_ID=:POLICY_ID; " +
+ "AND VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String RESTORE_ACTIVE_STATUS_AND_ORDER_SQL = "UPDATE IDN_XACML_POLICY SET " +
+ "IS_ACTIVE=:IS_ACTIVE;, POLICY_ORDER=:POLICY_ORDER; WHERE POLICY_ID=:POLICY_ID; AND " +
+ "VERSION=:VERSION; AND TENANT_ID=:TENANT_ID;";
+ public static final String UPDATE_POLICY_COMBINING_ALGORITHM_SQL = "UPDATE IDN_XACML_CONFIG SET " +
+ "CONFIG_VALUE=:CONFIG_VALUE; WHERE CONFIG_KEY=:CONFIG_KEY; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_UNUSED_POLICY_SQL =
+ "DELETE FROM IDN_XACML_POLICY WHERE IS_IN_PAP=:IS_IN_PAP; AND IS_IN_PDP=:IS_IN_PDP; AND " +
+ "POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID; ";
+
+ /**
+ * DB queries related to subscribers.
+ */
+ public static final String CREATE_SUBSCRIBER_SQL =
+ "INSERT INTO IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, ENTITLEMENT_MODULE_NAME, TENANT_ID) VALUES " +
+ "(:SUBSCRIBER_ID;, :ENTITLEMENT_MODULE_NAME;, :TENANT_ID;)";
+ public static final String CREATE_SUBSCRIBER_PROPERTIES_SQL = "INSERT INTO IDN_XACML_SUBSCRIBER_PROPERTY " +
+ "(PROPERTY_ID, DISPLAY_NAME, PROPERTY_VALUE, IS_REQUIRED, DISPLAY_ORDER, IS_SECRET, " +
+ "PROPERTY_MODULE, SUBSCRIBER_ID, TENANT_ID) VALUES (:PROPERTY_ID;, :DISPLAY_NAME;, :PROPERTY_VALUE;, " +
+ ":IS_REQUIRED;, :DISPLAY_ORDER;, :IS_SECRET;, :PROPERTY_MODULE;, :SUBSCRIBER_ID;, :TENANT_ID;)";
+ public static final String GET_SUBSCRIBER_EXISTENCE_SQL = "SELECT SUBSCRIBER_ID FROM IDN_XACML_SUBSCRIBER " +
+ "WHERE SUBSCRIBER_ID=:SUBSCRIBER_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_SUBSCRIBER_SQL = "SELECT s.SUBSCRIBER_ID, s.ENTITLEMENT_MODULE_NAME, s.TENANT_ID, " +
+ "p.PROPERTY_ID, p.DISPLAY_NAME, p.PROPERTY_VALUE, p.IS_REQUIRED, p.DISPLAY_ORDER, p.IS_SECRET, " +
+ "p.PROPERTY_MODULE FROM IDN_XACML_SUBSCRIBER s INNER JOIN " +
+ "IDN_XACML_SUBSCRIBER_PROPERTY p ON s.SUBSCRIBER_ID = p.SUBSCRIBER_ID AND s.TENANT_ID = p.TENANT_ID " +
+ "WHERE s.SUBSCRIBER_ID = :SUBSCRIBER_ID; AND s.TENANT_ID = :TENANT_ID;";
+ public static final String GET_SUBSCRIBER_IDS_SQL = "SELECT SUBSCRIBER_ID FROM IDN_XACML_SUBSCRIBER " +
+ "WHERE TENANT_ID=:TENANT_ID;";
+ public static final String UPDATE_SUBSCRIBER_MODULE_SQL = "UPDATE IDN_XACML_SUBSCRIBER " +
+ "SET ENTITLEMENT_MODULE_NAME=:ENTITLEMENT_MODULE_NAME; WHERE " +
+ "SUBSCRIBER_ID=:SUBSCRIBER_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String UPDATE_SUBSCRIBER_PROPERTIES_SQL = "UPDATE IDN_XACML_SUBSCRIBER_PROPERTY SET " +
+ "PROPERTY_VALUE=:PROPERTY_VALUE; WHERE PROPERTY_ID=:PROPERTY_ID; AND SUBSCRIBER_ID=:SUBSCRIBER_ID; AND " +
+ "TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_SUBSCRIBER_SQL = "DELETE FROM IDN_XACML_SUBSCRIBER WHERE " +
+ "SUBSCRIBER_ID=:SUBSCRIBER_ID; AND TENANT_ID=:TENANT_ID;";
+
+ /**
+ * DB queries related to status.
+ */
+ public static final String CREATE_POLICY_STATUS_SQL = "INSERT INTO IDN_XACML_POLICY_STATUS (TYPE, IS_SUCCESS, " +
+ "USERNAME, TARGET, TARGET_ACTION, LOGGED_AT, MESSAGE, POLICY_ID, POLICY_VERSION, TENANT_ID) " +
+ "VALUES (:TYPE;, :IS_SUCCESS;, :USERNAME;, :TARGET;, :TARGET_ACTION;, :LOGGED_AT;, :MESSAGE;, " +
+ ":KEY;, :VERSION;, :TENANT_ID;)";
+ public static final String CREATE_SUBSCRIBER_STATUS_SQL = "INSERT INTO IDN_XACML_SUBSCRIBER_STATUS " +
+ "(TYPE, IS_SUCCESS, USERNAME, TARGET, TARGET_ACTION, LOGGED_AT, MESSAGE, SUBSCRIBER_ID, " +
+ "TENANT_ID) VALUES (:TYPE;, :IS_SUCCESS;, :USERNAME;, :TARGET;, :TARGET_ACTION;, :LOGGED_AT;, " +
+ ":MESSAGE;, :KEY;, :TENANT_ID;)";
+ public static final String GET_POLICY_STATUS_SQL = "SELECT POLICY_ID, TYPE, IS_SUCCESS, USERNAME, TARGET, " +
+ "TARGET_ACTION, LOGGED_AT, MESSAGE, POLICY_VERSION FROM IDN_XACML_POLICY_STATUS WHERE POLICY_ID=:KEY; " +
+ "AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_SUBSCRIBER_STATUS_SQL =
+ "SELECT SUBSCRIBER_ID, TYPE, IS_SUCCESS, USERNAME, TARGET, TARGET_ACTION, LOGGED_AT, MESSAGE FROM " +
+ "IDN_XACML_SUBSCRIBER_STATUS WHERE SUBSCRIBER_ID=:KEY; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_POLICY_STATUS_COUNT_SQL =
+ "SELECT COUNT(POLICY_ID) AS COUNT FROM IDN_XACML_POLICY_STATUS WHERE POLICY_ID=:KEY; AND " +
+ "TENANT_ID=:TENANT_ID;";
+ public static final String GET_SUBSCRIBER_STATUS_COUNT_SQL = "SELECT COUNT(SUBSCRIBER_ID) AS COUNT FROM " +
+ "IDN_XACML_SUBSCRIBER_STATUS WHERE SUBSCRIBER_ID=:KEY; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_POLICY_STATUS_SQL = "DELETE FROM IDN_XACML_POLICY_STATUS WHERE POLICY_ID=:KEY; " +
+ "AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_SUBSCRIBER_STATUS_SQL = "DELETE FROM IDN_XACML_SUBSCRIBER_STATUS WHERE " +
+ "SUBSCRIBER_ID=:KEY; AND TENANT_ID=:TENANT_ID;";
+ public static final String DELETE_OLD_POLICY_STATUSES_MYSQL = "DELETE FROM IDN_XACML_POLICY_STATUS WHERE " +
+ "ID IN (SELECT ID FROM IDN_XACML_POLICY_STATUS WHERE POLICY_ID= :KEY; AND " +
+ "TENANT_ID= :TENANT_ID; ORDER BY ID ASC LIMIT :LIMIT;)";
+ public static final String DELETE_OLD_SUBSCRIBER_STATUSES_MYSQL =
+ "DELETE FROM IDN_XACML_SUBSCRIBER_STATUS WHERE ID " +
+ "IN (SELECT ID FROM IDN_XACML_SUBSCRIBER_STATUS WHERE SUBSCRIBER_ID= :KEY; AND " +
+ "TENANT_ID= :TENANT_ID; ORDER BY ID ASC LIMIT :LIMIT;)";
+ public static final String DELETE_OLD_POLICY_STATUSES_MSSQL =
+ "DELETE FROM IDN_XACML_POLICY_STATUS WHERE ID IN (SELECT ID FROM IDN_XACML_POLICY_STATUS WHERE " +
+ "POLICY_ID = :KEY; AND TENANT_ID = :TENANT_ID; ORDER BY ID ASC OFFSET 0 ROWS " +
+ "FETCH NEXT :LIMIT; ROWS ONLY)";
+ public static final String DELETE_OLD_SUBSCRIBER_STATUSES_MSSQL =
+ "DELETE FROM IDN_XACML_SUBSCRIBER_STATUS WHERE ID IN (SELECT ID FROM IDN_XACML_SUBSCRIBER_STATUS WHERE " +
+ "SUBSCRIBER_ID= :KEY; AND TENANT_ID=:TENANT_ID; ORDER BY ID ASC OFFSET 0 " +
+ "ROWS FETCH NEXT :LIMIT; ROWS ONLY)";
+ public static final String DELETE_OLD_POLICY_STATUSES_ORACLE =
+ "DELETE FROM IDN_XACML_POLICY_STATUS WHERE ID IN" +
+ " (SELECT ID FROM (SELECT ID FROM IDN_XACML_POLICY_STATUS WHERE POLICY_ID= :KEY; AND" +
+ " TENANT_ID=:TENANT_ID; ORDER BY ID ASC) WHERE ROWNUM <= :LIMIT;)";
+ public static final String DELETE_OLD_SUBSCRIBER_STATUSES_ORACLE =
+ "DELETE FROM IDN_XACML_SUBSCRIBER_STATUS WHERE ID " +
+ "IN (SELECT ID FROM (SELECT ID FROM IDN_XACML_SUBSCRIBER_STATUS WHERE SUBSCRIBER_ID= :KEY; " +
+ "AND TENANT_ID=:TENANT_ID; ORDER BY ID ASC) WHERE ROWNUM <= :LIMIT;)";
+
+ /**
+ * DB queries related to policy version management.
+ */
+ public static final String GET_LATEST_POLICY_VERSION_SQL =
+ "SELECT MAX(VERSION) AS VERSION FROM IDN_XACML_POLICY " +
+ "WHERE IS_IN_PAP=:IS_IN_PAP; AND POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ public static final String GET_POLICY_VERSIONS_SQL = "SELECT VERSION FROM IDN_XACML_POLICY WHERE " +
+ "POLICY_ID=:POLICY_ID; AND TENANT_ID=:TENANT_ID;";
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PersistenceManagerFactory.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PersistenceManagerFactory.java
new file mode 100644
index 000000000000..4dce296eca39
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PersistenceManagerFactory.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler;
+import org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler;
+
+import static org.wso2.carbon.identity.entitlement.PDPConstants.POLICY_STORAGE_CONFIG;
+
+public class PersistenceManagerFactory {
+
+ private static final String POLICY_STORAGE_TYPE = IdentityUtil.getProperty(POLICY_STORAGE_CONFIG);
+ private static final String HYBRID = "hybrid";
+ private static final String REGISTRY = "registry";
+
+ private PersistenceManagerFactory() {
+
+ }
+
+ public static PolicyPersistenceManager getPolicyPersistenceManager() {
+
+ PolicyPersistenceManager defaultPolicyPersistenceManager = new JDBCPolicyPersistenceManager();
+ if (StringUtils.isNotBlank(POLICY_STORAGE_TYPE)) {
+ switch (POLICY_STORAGE_TYPE) {
+ case HYBRID:
+ return new HybridPolicyPersistenceManager();
+ case REGISTRY:
+ return new RegistryPolicyPersistenceManager();
+ default:
+ return defaultPolicyPersistenceManager;
+ }
+ }
+ return defaultPolicyPersistenceManager;
+ }
+
+ public static ConfigPersistenceManager getConfigPersistenceManager() {
+
+ ConfigPersistenceManager defaultConfigPersistenceManager = new JDBCConfigPersistenceManager();
+ if (StringUtils.isNotBlank(POLICY_STORAGE_TYPE)) {
+ switch (POLICY_STORAGE_TYPE) {
+ case HYBRID:
+ return new HybridConfigPersistenceManager();
+ case REGISTRY:
+ return new RegistryConfigPersistenceManager();
+ default:
+ return defaultConfigPersistenceManager;
+ }
+ }
+ return defaultConfigPersistenceManager;
+ }
+
+ public static SubscriberPersistenceManager getSubscriberPersistenceManager() {
+
+ SubscriberPersistenceManager defaultSubscriberPersistenceManager = new JDBCSubscriberPersistenceManager();
+ if (StringUtils.isNotBlank(POLICY_STORAGE_TYPE)) {
+ switch (POLICY_STORAGE_TYPE) {
+ case HYBRID:
+ return new HybridSubscriberPersistenceManager();
+ case REGISTRY:
+ return new RegistrySubscriberPersistenceManager();
+ default:
+ return defaultSubscriberPersistenceManager;
+ }
+ }
+ return defaultSubscriberPersistenceManager;
+ }
+
+ public static PAPStatusDataHandler getPAPStatusDataHandler() {
+
+ PAPStatusDataHandler defaultPAPStatusDataHandler = new JDBCSimplePAPStatusDataHandler();
+ if (StringUtils.isNotBlank(POLICY_STORAGE_TYPE)) {
+ switch (POLICY_STORAGE_TYPE) {
+ case HYBRID:
+ return new HybridPAPStatusDataHandler();
+ case REGISTRY:
+ return new SimplePAPStatusDataHandler();
+ default:
+ return defaultPAPStatusDataHandler;
+ }
+ }
+ return defaultPAPStatusDataHandler;
+ }
+}
+
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PolicyPersistenceManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PolicyPersistenceManager.java
new file mode 100644
index 000000000000..4a5b9026bc86
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/PolicyPersistenceManager.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
+import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
+import org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManageModule;
+
+import java.util.List;
+
+/**
+ * This interface supports the management of XACML policies.
+ */
+public interface PolicyPersistenceManager extends PolicyStoreManageModule {
+
+ /**
+ * Adds or updates the given policy.
+ *
+ * @param policy policy
+ * @param isFromPapAction true if the operation originated from a PAP action, false if it is from a PDP action.
+ * @throws EntitlementException If an error occurs
+ */
+ void addOrUpdatePolicy(PolicyDTO policy, boolean isFromPapAction) throws EntitlementException;
+
+ /**
+ * Gets the requested policy.
+ *
+ * @param policyId policy ID
+ * @return policyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ PolicyDTO getPAPPolicy(String policyId) throws EntitlementException;
+
+ /**
+ * Gets the requested policy list.
+ *
+ * @param policyIds policy ID list
+ * @return policyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ List getPAPPolicies(List policyIds) throws EntitlementException;
+
+ /**
+ * Gets the requested policy version.
+ *
+ * @param policyId policy ID
+ * @param version policy version
+ * @return requested policy
+ * @throws EntitlementException If an error occurs
+ */
+ PolicyDTO getPolicy(String policyId, String version) throws EntitlementException;
+
+ /**
+ * Gets all versions of the given policy ID.
+ *
+ * @param policyId policy ID
+ * @return array of policy versions
+ */
+ String[] getVersions(String policyId);
+
+ /**
+ * Lists all PAP policy IDs.
+ *
+ * @return list of policy IDs
+ * @throws EntitlementException If an error occurs
+ */
+ List listPolicyIds() throws EntitlementException;
+
+ /**
+ * Removes the given policy.
+ *
+ * @param policyId policy ID
+ * @throws EntitlementException If an error occurs
+ */
+ void removePolicy(String policyId) throws EntitlementException;
+
+ /**
+ * Gets the requested published policy.
+ *
+ * @param policyId policy ID
+ * @return requested policy
+ */
+ PolicyStoreDTO getPublishedPolicy(String policyId);
+
+ /**
+ * Lists all published policy IDs.
+ *
+ * @return list of published policy IDs
+ * @throws EntitlementException If an error occurs
+ */
+ List listPublishedPolicyIds() throws EntitlementException;
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistryConfigPersistenceManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistryConfigPersistenceManager.java
new file mode 100644
index 000000000000..c3e313fe9d63
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistryConfigPersistenceManager.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.PDPConstants;
+import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
+import org.wso2.carbon.registry.core.Collection;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+
+import static org.wso2.carbon.identity.entitlement.PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM;
+
+/**
+ * This implementation handles the Global Policy Combining Algorithm management in the Registry.
+ */
+public class RegistryConfigPersistenceManager implements ConfigPersistenceManager {
+
+ // The logger that is used for all messages
+ private static final Log LOG = LogFactory.getLog(RegistryConfigPersistenceManager.class);
+ private static final String POLICY_DATA_COLLECTION = PDPConstants.ENTITLEMENT_POLICY_DATA;
+ private final Registry registry;
+
+ public RegistryConfigPersistenceManager() {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId);
+ }
+
+ /**
+ * Sets the global policy combining algorithm.
+ *
+ * @param policyCombiningAlgorithm policy combining algorithm name.
+ * @return true if the policy combining algorithm is updated, false if the policy combining algorithm is added.
+ * @throws EntitlementException If an error occurs.
+ */
+ @Override
+ public boolean addOrUpdateGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException {
+
+ boolean isUpdate = false;
+ try {
+ Collection policyCollection;
+ if (registry.resourceExists(POLICY_DATA_COLLECTION)) {
+ policyCollection = (Collection) registry.get(POLICY_DATA_COLLECTION);
+ } else {
+ policyCollection = registry.newCollection();
+ }
+ if (StringUtils.isNotBlank(policyCollection.getProperty(GLOBAL_POLICY_COMBINING_ALGORITHM))) {
+ isUpdate = true;
+ }
+ policyCollection.setProperty(GLOBAL_POLICY_COMBINING_ALGORITHM, policyCombiningAlgorithm);
+ registry.put(POLICY_DATA_COLLECTION, policyCollection);
+
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while updating global policy combining algorithm in policy store", e);
+ }
+ return isUpdate;
+ }
+
+ /**
+ * Gets the policy combining algorithm name.
+ *
+ * @return global policy combining algorithm name
+ */
+ @Override
+ public String getGlobalPolicyAlgorithmName() {
+
+ String algorithm = null;
+ try {
+ if (registry.resourceExists(POLICY_DATA_COLLECTION)) {
+ Collection collection = (Collection) registry.get(POLICY_DATA_COLLECTION);
+ algorithm = collection.getProperty(GLOBAL_POLICY_COMBINING_ALGORITHM);
+ }
+ } catch (RegistryException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(e);
+ }
+ }
+
+ // set default
+ if (algorithm == null) {
+ algorithm = PDPConstants.Algorithms.DENY_OVERRIDES;
+ }
+
+ return algorithm;
+ }
+
+ /**
+ * Deletes the global policy combining algorithm.
+ *
+ * @throws EntitlementException If an error occurs
+ */
+ public void deleteGlobalPolicyAlgorithm() throws EntitlementException {
+
+ try {
+ if (registry.resourceExists(POLICY_DATA_COLLECTION)) {
+ registry.delete(POLICY_DATA_COLLECTION);
+ }
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while deleting global policy combining algorithm in policy store", e);
+ }
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistryPolicyPersistenceManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistryPolicyPersistenceManager.java
new file mode 100644
index 000000000000..94938b1a1106
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistryPolicyPersistenceManager.java
@@ -0,0 +1,1247 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.AXIOMUtil;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.balana.AbstractPolicy;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.EntitlementUtil;
+import org.wso2.carbon.identity.entitlement.PDPConstants;
+import org.wso2.carbon.identity.entitlement.PolicyOrderComparator;
+import org.wso2.carbon.identity.entitlement.dto.AttributeDTO;
+import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
+import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
+import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
+import org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader;
+import org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder;
+import org.wso2.carbon.identity.entitlement.policy.finder.AbstractPolicyFinderModule;
+import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule;
+import org.wso2.carbon.registry.core.Collection;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.RegistryConstants;
+import org.wso2.carbon.registry.core.Resource;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException;
+import org.wso2.carbon.registry.core.utils.RegistryUtils;
+
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.xml.stream.XMLStreamException;
+
+import static org.wso2.carbon.identity.entitlement.PDPConstants.MODULE_NAME;
+
+/**
+ * This implementation handles the XACML policy management in the Registry.
+ */
+public class RegistryPolicyPersistenceManager extends AbstractPolicyFinderModule implements PolicyPersistenceManager {
+
+ // The logger that is used for all messages
+ private static final Log LOG = LogFactory.getLog(RegistryPolicyPersistenceManager.class);
+ private static final String KEY_VALUE_POLICY_META_DATA = "policyMetaData";
+ private static final String POLICY_STORE_PATH = "policyStorePath";
+ private static final String DEFAULT_POLICY_STORE_PATH = "/repository/identity/entitlement/policy/pdp/";
+ private static final String INVALID_POLICY_VERSION = "Invalid policy version";
+ private static final String ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER =
+ "Policies can not be retrieved from registry policy finder module";
+ private static final String INVALID_ENTITLEMENT_POLICY = "Trying to access an entitlement policy %s which does " +
+ "not exist";
+ private static final String ERROR_PUBLISHING_POLICY = "Error while publishing policy";
+ private String policyStorePath;
+ private final int maxVersions;
+
+ public RegistryPolicyPersistenceManager() {
+
+ maxVersions = EntitlementUtil.getMaxNoOfPolicyVersions();
+ }
+
+ @Override
+ public void init(Properties properties) {
+
+ policyStorePath = properties.getProperty(POLICY_STORE_PATH);
+ if (policyStorePath == null) {
+ policyStorePath = DEFAULT_POLICY_STORE_PATH;
+ }
+ }
+
+ /**
+ * Adds or updates the given PAP policy.
+ *
+ * @param policy policy.
+ * @param isFromPapAction true if the operation originated from a PAP action, false if it is from a PDP action.
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public void addOrUpdatePolicy(PolicyDTO policy, boolean isFromPapAction) throws EntitlementException {
+
+ if (isFromPapAction) {
+ String version = createVersion(policy);
+ policy.setVersion(version);
+ addOrUpdatePAPPolicy(policy, policy.getVersion(), PDPConstants.ENTITLEMENT_POLICY_VERSION +
+ policy.getPolicyId() + RegistryConstants.PATH_SEPARATOR);
+ }
+ addOrUpdatePAPPolicy(policy, policy.getPolicyId(), PDPConstants.ENTITLEMENT_POLICY_PAP);
+ }
+
+ /**
+ * Gets the requested policy.
+ *
+ * @param policyId policy ID
+ * @return policyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public PolicyDTO getPAPPolicy(String policyId) throws EntitlementException {
+
+ String path = PDPConstants.ENTITLEMENT_POLICY_PAP + policyId;
+ return getPolicyDTO(policyId, path);
+ }
+
+ /**
+ * Gets the requested policy list.
+ *
+ * @param policyIds policy ID list
+ * @return policyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public List getPAPPolicies(List policyIds) throws EntitlementException {
+
+ if (policyIds == null || policyIds.isEmpty()) {
+ return new ArrayList<>();
+ }
+ List policyDTOs = new ArrayList<>();
+ for (String policyId : policyIds) {
+ policyDTOs.add(getPAPPolicy(policyId));
+ }
+ return policyDTOs;
+ }
+
+ /**
+ * Gets the requested policy version.
+ *
+ * @param policyId policy ID
+ * @param version policy version
+ * @return policyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException {
+
+ // Zero indicates the current version
+ if (version == null || version.trim().isEmpty()) {
+ try {
+ Registry registry = getRegistry();
+ Collection collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId);
+ if (collection != null) {
+ version = collection.getProperty(PDPConstants.POLICY_VERSION);
+ }
+ } catch (RegistryException e) {
+ throw new EntitlementException(INVALID_POLICY_VERSION, e);
+ }
+ }
+
+ String collection = PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId + RegistryConstants.PATH_SEPARATOR;
+ String path = collection + version;
+ PolicyDTO dto = getPolicyDTO(policyId, path);
+
+ if (dto == null) {
+ throw new EntitlementException(INVALID_POLICY_VERSION);
+ }
+ return dto;
+ }
+
+ /**
+ * Gets all versions of the given policy ID.
+ *
+ * @param policyId policy ID
+ * @return array of policy versions
+ */
+ @Override
+ public String[] getVersions(String policyId) {
+
+ List versions = new ArrayList<>();
+ Collection collection = null;
+ try {
+ try {
+ Registry registry = getRegistry();
+ collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId);
+ } catch (ResourceNotFoundException e) {
+ // ignore
+ }
+ if (collection != null && collection.getChildren() != null) {
+ String[] children = collection.getChildren();
+ for (String child : children) {
+ versions.add(RegistryUtils.getResourceName(child));
+ }
+ }
+ } catch (RegistryException e) {
+ LOG.error(String.format("Error while retrieving policy versions for policy %s", policyId), e);
+ }
+ return versions.toArray(new String[0]);
+
+ }
+
+ /**
+ * Gets the name of the module.
+ *
+ * @return name as String
+ */
+ @Override
+ public String getModuleName() {
+
+ return MODULE_NAME;
+ }
+
+ /**
+ * Gets the policy for the given policy ID.
+ *
+ * @param policyId policy id as a string value
+ * @return policy as string
+ */
+ @Override
+ public String getPolicy(String policyId) {
+
+ PolicyStoreDTO dto = getPublishedPolicy(policyId);
+ return dto.getPolicy();
+ }
+
+ /**
+ * Gets the policy order.
+ *
+ * @param policyId policy id as a string value
+ * @return policy order
+ */
+ @Override
+ public int getPolicyOrder(String policyId) {
+
+ PolicyStoreDTO dto = getPublishedPolicy(policyId);
+ return dto.getPolicyOrder();
+ }
+
+ /**
+ * Gets all supported active policies.
+ * If policy ordering is supported by the module itself, these policies must be ordered.
+ *
+ * @return array of policies as Strings
+ */
+ @Override
+ public String[] getActivePolicies() {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Active policies are started at %s", new Date()));
+ }
+
+ List policies = new ArrayList<>();
+
+ try {
+ PolicyStoreDTO[] policyDTOs = getAllPolicies(true, true);
+ for (PolicyStoreDTO dto : policyDTOs) {
+ if (dto.getPolicy() != null) {
+ policies.add(dto.getPolicy());
+ }
+ }
+ } catch (EntitlementException e) {
+ LOG.error(ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER, e);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Active policies are finished at %s", new Date()));
+ }
+
+ return policies.toArray(new String[0]);
+ }
+
+ /**
+ * Gets all supported policy ids.
+ * If policy ordering is supported by the module itself, these policy ids must be ordered.
+ *
+ * @return array of policy ids as Strings
+ */
+ @Override
+ public String[] getOrderedPolicyIdentifiers() {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Order Policy Ids are started at %s ", new Date()));
+ }
+
+ List policies = new ArrayList<>();
+
+ try {
+ PolicyStoreDTO[] policyDTOs = getAllPolicies(false, true);
+ for (PolicyStoreDTO dto : policyDTOs) {
+ if (dto.getPolicy() != null) {
+ policies.add(dto.getPolicyId());
+ }
+ }
+ } catch (EntitlementException e) {
+ LOG.error(ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER, e);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving of Order Policy Ids are finished at %s ", new Date()));
+ }
+
+ return policies.toArray(new String[0]);
+
+ }
+
+ /**
+ * Gets all policy ids.
+ *
+ * @return array of policy ids as Strings
+ */
+ @Override
+ public String[] getPolicyIdentifiers() {
+
+ String[] policyIds = null;
+ try {
+ policyIds = listPublishedPolicyIds().toArray(new String[0]);
+ } catch (EntitlementException e) {
+ LOG.error("Policy identifiers can not be retrieved from registry policy finder module", e);
+ }
+ return policyIds;
+ }
+
+ /**
+ * Gets reference policy for the given policy ID.
+ * Reference policy can not be with PDP policy store, may be in some external policy store.
+ * Therefore, a new method has been added to retrieve reference policies.
+ *
+ * @param policyId policy id as String value
+ * @return reference policy as String
+ */
+ @Override
+ public String getReferencedPolicy(String policyId) {
+
+ // Retrieves for policies that are not active
+ PolicyStoreDTO dto = getPublishedPolicy(policyId);
+ if (dto != null && dto.getPolicy() != null && !dto.isActive()) {
+ return dto.getPolicy();
+ }
+
+ return null;
+ }
+
+ /**
+ * Gets attributes that are used for policy searching.
+ *
+ * @param identifier unique identifier to separate out search attributes
+ * @param givenAttribute pre-given attributes to retrieve other attributes
+ * @return return search attributes based on a given policy, Map of policy id with search attributes.
+ */
+ @Override
+ public Map> getSearchAttributes(String identifier, Set givenAttribute) {
+
+ try {
+ PolicyStoreDTO[] policyDTOs = getAllPolicies(true, true);
+ List policyIds = new ArrayList<>();
+ for (PolicyStoreDTO policyStoreDTO : policyDTOs) {
+ policyIds.add(policyStoreDTO.getPolicyId());
+ }
+ List policyDTOList = getPAPPolicies(policyIds);
+ if (policyDTOs.length > 0) {
+ return EntitlementUtil.getAttributesFromPolicies(policyDTOList.toArray(new PolicyDTO[0]));
+ }
+ } catch (EntitlementException e) {
+ LOG.error(ERROR_RETRIEVING_POLICIES_FROM_POLICY_FINDER, e);
+ }
+
+ return Collections.emptyMap();
+ }
+
+ /**
+ * Gets support attribute searching scheme of the module.
+ *
+ * @return return scheme identifier value
+ */
+ @Override
+ public int getSupportedSearchAttributesScheme() {
+
+ return PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER;
+ }
+
+ /**
+ * Lists all PAP policy IDs.
+ *
+ * @return list of policy IDs
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public List listPolicyIds() throws EntitlementException {
+
+ String path = PDPConstants.ENTITLEMENT_POLICY_PAP;
+ return listAllPolicyIds(path);
+
+ }
+
+ /**
+ * Removes the given policy from PAP.
+ *
+ * @param policyId policy ID
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public void removePolicy(String policyId) throws EntitlementException {
+
+ String path;
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Removing entitlement policy %s", policyId));
+ }
+
+ try {
+ path = PDPConstants.ENTITLEMENT_POLICY_PAP + policyId;
+ Registry registry = getRegistry();
+ if (!registry.resourceExists(path)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format(INVALID_ENTITLEMENT_POLICY, policyId));
+ }
+ return;
+ }
+ registry.delete(path);
+
+ // Removes versions
+ if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId)) {
+ registry.delete(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId);
+ }
+
+ } catch (RegistryException e) {
+ throw new EntitlementException(String.format("Error while removing policy %s from PAP policy store",
+ policyId), e);
+ }
+
+ }
+
+ /**
+ * Publishes the given policy.
+ *
+ * @param policy policy to be published
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public void addPolicy(PolicyStoreDTO policy) throws EntitlementException {
+
+ String policyPath;
+ Collection policyCollection;
+ Resource resource;
+ String papPath;
+ Resource papResource;
+
+ if (policy == null || StringUtils.isBlank(policy.getPolicyId())) {
+ throw new EntitlementException("Policy can not be null");
+ }
+
+ try {
+
+ // Restricts publishing policies that are not in PAP
+ papPath = PDPConstants.ENTITLEMENT_POLICY_PAP + policy.getPolicyId();
+ Registry registry = getRegistry();
+ if (!registry.resourceExists(papPath)) {
+ throw new EntitlementException("Policies that are not included in the PAP, cannot be published");
+ }
+
+ // Publishes policy to PDP
+ if (registry.resourceExists(policyStorePath)) {
+ policyCollection = (Collection) registry.get(policyStorePath);
+ } else {
+ policyCollection = registry.newCollection();
+ }
+ registry.put(policyStorePath, policyCollection);
+
+ policyPath = policyStorePath + policy.getPolicyId();
+ if (registry.resourceExists(policyPath)) {
+ resource = registry.get(policyPath);
+ } else {
+ resource = registry.newResource();
+ }
+
+ if (policy.getPolicy() != null && !policy.getPolicy().trim().isEmpty()) {
+ resource.setContent(policy.getPolicy());
+ resource.setMediaType(PDPConstants.REGISTRY_MEDIA_TYPE);
+ AttributeDTO[] attributeDTOs = policy.getAttributeDTOs();
+ if (attributeDTOs != null && EntitlementUtil.isPolicyMetadataStoringEnabled()) {
+ setAttributesAsProperties(attributeDTOs, resource);
+ }
+ }
+ if (policy.isSetActive()) {
+ resource.setProperty("active", Boolean.toString(policy.isActive()));
+ }
+ if (policy.isSetOrder()) {
+ int order = policy.getPolicyOrder();
+ if (order > 0) {
+ resource.setProperty("order", Integer.toString(order));
+ }
+ }
+ if (resource.getContent() == null) {
+ LOG.info(String.format("Prevented adding null content to resource %s", policyPath));
+ return;
+ }
+ // Store policy metadata based on the configured property.
+ if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) {
+ for (Map.Entry entry : resource.getProperties().entrySet()) {
+ if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) {
+ resource.getProperties().remove(entry.getKey());
+ }
+ }
+ }
+ registry.put(policyPath, resource);
+
+ // Updates the relevant resource in version store
+ String version = policy.getVersion();
+ if (version == null || version.trim().isEmpty()) {
+ try {
+ Collection collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION +
+ policy.getPolicyId());
+ if (collection != null) {
+ version = collection.getProperty(PDPConstants.POLICY_VERSION);
+ }
+ } catch (RegistryException e) {
+ throw new EntitlementException(INVALID_POLICY_VERSION, e);
+ }
+ }
+ String versionCollectionPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policy.getPolicyId() +
+ RegistryConstants.PATH_SEPARATOR;
+ String versionPolicyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policy.getPolicyId() +
+ RegistryConstants.PATH_SEPARATOR + version;
+ updateResource(policy, versionCollectionPath, versionPolicyPath);
+
+ // If the publishing version is the latest version, updates the relevant resource in PAP
+ if (registry.resourceExists(papPath)) {
+ papResource = registry.get(papPath);
+ if (Objects.equals(papResource.getProperty(PDPConstants.POLICY_VERSION), version)) {
+ updateResource(policy, PDPConstants.ENTITLEMENT_POLICY_PAP, papPath);
+ }
+ }
+
+ } catch (RegistryException e) {
+ throw new EntitlementException(ERROR_PUBLISHING_POLICY, e);
+ }
+ }
+
+ @Override
+ public void updatePolicy(PolicyStoreDTO policy) throws EntitlementException {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Updating policy %s", policy.getPolicyId()));
+ }
+ addPolicy(policy);
+ }
+
+ /**
+ * Checks whether the given policy is published or not.
+ *
+ * @param policyId policy ID
+ * @return whether the given policy is published or not
+ */
+ @Override
+ public boolean isPolicyExist(String policyId) {
+
+ String policyPath;
+ if (policyId == null || policyId.trim().isEmpty()) {
+ return false;
+ }
+ try {
+ Registry registry = getRegistry();
+ policyPath = policyStorePath + policyId;
+ return registry.resourceExists(policyPath);
+ } catch (RegistryException e) {
+ //ignore
+ return false;
+ }
+ }
+
+ /**
+ * Gets the requested published policy.
+ *
+ * @param policyId policy ID
+ * @return requested policy
+ */
+ @Override
+ public PolicyStoreDTO getPublishedPolicy(String policyId) {
+
+ try {
+ Resource resource;
+ resource = getPolicyResource(policyId);
+ if (resource == null) {
+ return new PolicyStoreDTO();
+ }
+ return readPolicy(resource);
+ } catch (EntitlementException e) {
+ LOG.error(String.format("Error while retrieving PDP policy : %s", policyId), e);
+ return new PolicyStoreDTO();
+ }
+
+ }
+
+ /**
+ * Lists all published policy IDs.
+ *
+ * @return list of published policy IDs
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public List listPublishedPolicyIds() throws EntitlementException {
+
+ return listAllPolicyIds(policyStorePath);
+ }
+
+ /**
+ * Un-publishes the policy.
+ *
+ * @param policyId policy ID
+ */
+ @Override
+ public boolean deletePolicy(String policyId) {
+
+ String policyPath;
+
+ if (policyId == null || policyId.trim().isEmpty()) {
+ return false;
+ }
+
+ try {
+ Registry registry = getRegistry();
+ // Removes from PDP
+ policyPath = policyStorePath + policyId;
+ registry.delete(policyPath);
+ return true;
+ } catch (RegistryException e) {
+ LOG.error(e);
+ return false;
+ }
+ }
+
+ /**
+ * Checks the existence of the policy in PAP
+ *
+ * @param policyId policy ID.
+ * @return whether the policy exists in PAP or not.
+ */
+ public boolean isPolicyExistsInPap(String policyId) {
+
+ String path = PDPConstants.ENTITLEMENT_POLICY_PAP + policyId;
+ try {
+ Registry registry = getRegistry();
+ return registry.resourceExists(path);
+ } catch (RegistryException e) {
+ LOG.error("Error while checking the existence of the policy in PAP", e);
+ return false;
+ }
+ }
+
+ /**
+ * Adds or updates the given policy to PAP.
+ *
+ * @param policy policyDTO
+ * @param policyId policyID
+ * @param policyPath registry destination path
+ * @throws EntitlementException If an error occurs
+ */
+ private void addOrUpdatePAPPolicy(PolicyDTO policy, String policyId, String policyPath)
+ throws EntitlementException {
+
+ String path;
+ Resource resource;
+ boolean newPolicy = false;
+ OMElement omElement = null;
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Creating or updating entitlement policy %s", policyId));
+ }
+
+ if (policyId == null) {
+ throw new EntitlementException("Invalid Entitlement Policy. Policy or policyId can not be Null");
+ }
+
+ try {
+ path = policyPath + policyId;
+ Registry registry = getRegistry();
+ if (registry.resourceExists(path)) {
+ resource = registry.get(path);
+ } else {
+ resource = registry.newResource();
+ }
+
+ Collection policyCollection;
+ if (registry.resourceExists(policyPath)) {
+ policyCollection = (Collection) registry.get(policyPath);
+ } else {
+ policyCollection = registry.newCollection();
+ }
+
+ if (policy.getPolicyOrder() > 0) {
+ String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
+ if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < policy.getPolicyOrder()) {
+ policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER,
+ Integer.toString(policy.getPolicyOrder()));
+ registry.put(policyPath, policyCollection);
+ }
+ resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policy.getPolicyOrder()));
+ } else {
+ String previousOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
+ if (previousOrder == null) {
+ if (policyCollection != null) {
+ int policyOrder = 1;
+ String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
+ if (noOfPolicies != null) {
+ policyOrder = policyOrder + Integer.parseInt(noOfPolicies);
+ }
+ policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(policyOrder));
+ resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policyOrder));
+ }
+ registry.put(policyPath, policyCollection);
+ }
+ }
+
+ if (StringUtils.isNotBlank(policy.getPolicy())) {
+ resource.setContent(policy.getPolicy());
+ newPolicy = true;
+ PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(policy.getPolicy());
+ Properties properties = policyAttributeBuilder.getPolicyMetaDataFromPolicy();
+ Properties resourceProperties = new Properties();
+ for (Object o : properties.keySet()) {
+ String key = o.toString();
+ resourceProperties.put(key, Collections.singletonList(properties.get(key)));
+ }
+ // Store policy metadata based on the configured property.
+ if (EntitlementUtil.isPolicyMetadataStoringEnabled()) {
+ resource.setProperties(resourceProperties);
+ }
+ }
+
+ resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive()));
+ resource.setProperty(PDPConstants.PROMOTED_POLICY, Boolean.toString(policy.isPromote()));
+
+ if (policy.getVersion() != null) {
+ resource.setProperty(PDPConstants.POLICY_VERSION, policy.getVersion());
+ }
+ resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis()));
+ resource.setProperty(PDPConstants.LAST_MODIFIED_USER,
+ CarbonContext.getThreadLocalCarbonContext().getUsername());
+
+ if (policy.getPolicyType() != null && !policy.getPolicyType().trim().isEmpty()) {
+ resource.setProperty(PDPConstants.POLICY_TYPE, policy.getPolicyType());
+ } else {
+ try {
+ if (newPolicy) {
+ omElement = AXIOMUtil.stringToOM(policy.getPolicy());
+ resource.setProperty(PDPConstants.POLICY_TYPE, omElement.getLocalName());
+ }
+ } catch (XMLStreamException e) {
+ policy.setPolicyType(PDPConstants.POLICY_ELEMENT);
+ LOG.warn("Policy Type can not be found. Default type is set");
+ }
+ }
+
+ if (omElement != null) {
+ Iterator iterator1 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_REFERENCE);
+ if (iterator1 != null) {
+ String policyReferences = "";
+ while (iterator1.hasNext()) {
+ OMElement policyReference = (OMElement) iterator1.next();
+ if (!"".equals(policyReferences)) {
+ policyReferences = policyReferences + PDPConstants.ATTRIBUTE_SEPARATOR +
+ policyReference.getText();
+ } else {
+ policyReferences = policyReference.getText();
+ }
+ }
+ resource.setProperty(PDPConstants.POLICY_REFERENCE, policyReferences);
+ }
+
+ Iterator iterator2 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_SET_REFERENCE);
+ if (iterator2 != null) {
+ String policySetReferences = "";
+ while (true) {
+ assert iterator1 != null;
+ if (!iterator1.hasNext()) {
+ break;
+ }
+ OMElement policySetReference = (OMElement) iterator2.next();
+ if (!"".equals(policySetReferences)) {
+ policySetReferences = policySetReferences + PDPConstants.ATTRIBUTE_SEPARATOR +
+ policySetReference.getText();
+ } else {
+ policySetReferences = policySetReference.getText();
+ }
+ }
+ resource.setProperty(PDPConstants.POLICY_SET_REFERENCE, policySetReferences);
+ }
+ }
+
+ // Before writing basic policy editor metadata as properties, deletes any properties related to them
+ String policyEditor = resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE);
+ if (newPolicy && policyEditor != null) {
+ resource.removeProperty(PDPConstants.POLICY_EDITOR_TYPE);
+ }
+
+ // Writes policy metadata that is used for basic policy editor
+ if (policy.getPolicyEditor() != null && !policy.getPolicyEditor().trim().isEmpty()) {
+ resource.setProperty(PDPConstants.POLICY_EDITOR_TYPE, policy.getPolicyEditor().trim());
+ }
+ String[] policyMetaData = policy.getPolicyEditorData();
+ if (policyMetaData != null && policyMetaData.length > 0) {
+ String basicPolicyEditorMetaDataAmount =
+ resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
+ if (newPolicy && basicPolicyEditorMetaDataAmount != null) {
+ int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount);
+ for (int i = 0; i < amount; i++) {
+ resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i);
+ }
+ resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
+ }
+
+ int i = 0;
+ for (String policyData : policyMetaData) {
+ if (policyData != null && !policyData.isEmpty()) {
+ resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i, policyData);
+ }
+ i++;
+ }
+ resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT, Integer.toString(i));
+ }
+ // Store policy metadata based on the configured property.
+ if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) {
+ for (Map.Entry entry : resource.getProperties().entrySet()) {
+ if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) {
+ resource.getProperties().remove(entry.getKey());
+ }
+ }
+ }
+
+ registry.put(path, resource);
+
+ } catch (RegistryException e) {
+ throw new EntitlementException(
+ String.format("Error while adding or updating entitlement policy %s in policy store", policyId), e);
+ }
+ }
+
+ /**
+ * Creates a new policy version.
+ *
+ * @param policyDTO policy
+ * @return new policy version
+ */
+ private String createVersion(PolicyDTO policyDTO) {
+
+ String version = "0";
+
+ try {
+ Collection collection = null;
+ Registry registry = getRegistry();
+ try {
+ collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION +
+ policyDTO.getPolicyId());
+ } catch (ResourceNotFoundException e) {
+ // ignore
+ }
+
+ if (collection != null) {
+ version = collection.getProperty(PDPConstants.POLICY_VERSION);
+ } else {
+ collection = registry.newCollection();
+ collection.setProperty(PDPConstants.POLICY_VERSION, "1");
+ registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId(), collection);
+ }
+
+ int versionInt = Integer.parseInt(version);
+ String policyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId() +
+ RegistryConstants.PATH_SEPARATOR;
+
+ // Checks whether the version is larger than the maximum version
+ if (versionInt > maxVersions) {
+ // Deletes the older version
+ int olderVersion = versionInt - maxVersions;
+ if (registry.resourceExists(policyPath + olderVersion)) {
+ registry.delete(policyPath + olderVersion);
+ }
+ }
+
+ // Creates the new version
+ version = Integer.toString(versionInt + 1);
+ policyDTO.setVersion(version);
+
+ // Sets the new version
+ collection.setProperty("version", version);
+ registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId(), collection);
+
+ } catch (RegistryException e) {
+ LOG.error("Error while creating a new version for the policy", e);
+ }
+ return version;
+ }
+
+ /**
+ * Creates a property object which contains the policy metadata.
+ *
+ * @param attributeDTOs list of AttributeDTO
+ * @param resource registry resource
+ */
+ private void setAttributesAsProperties(AttributeDTO[] attributeDTOs, Resource resource) {
+
+ int attributeElementNo = 0;
+ if (attributeDTOs != null) {
+ for (AttributeDTO attributeDTO : attributeDTOs) {
+ resource.setProperty(KEY_VALUE_POLICY_META_DATA + attributeElementNo,
+ attributeDTO.getCategory() + "," +
+ attributeDTO.getAttributeValue() + "," +
+ attributeDTO.getAttributeId() + "," +
+ attributeDTO.getAttributeDataType());
+ attributeElementNo++;
+ }
+ }
+ }
+
+ /**
+ * Gets the requested policy from PAP.
+ *
+ * @param policyId policy ID
+ * @return policyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ private PolicyDTO getPolicyDTO(String policyId, String path) throws EntitlementException {
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving entitlement policy %s", policyId));
+ }
+
+ try {
+ Registry registry = getRegistry();
+ if (!registry.resourceExists(path)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format(INVALID_ENTITLEMENT_POLICY, policyId));
+ }
+ return null;
+ }
+
+ Resource resource = registry.get(path);
+ if (resource == null) {
+ return null;
+ }
+
+ PolicyDTO dto = new PolicyDTO();
+ dto.setPolicyId(policyId);
+ dto.setPolicy(new String((byte[]) resource.getContent(), StandardCharsets.UTF_8));
+ dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY)));
+ String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
+ if (policyOrder != null) {
+ dto.setPolicyOrder(Integer.parseInt(policyOrder));
+ } else {
+ dto.setPolicyOrder(0);
+ }
+
+ String version = resource.getProperty(PDPConstants.POLICY_VERSION);
+ if (version != null) {
+ dto.setVersion(version);
+ }
+ String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME);
+ if (lastModifiedTime != null) {
+ dto.setLastModifiedTime(lastModifiedTime);
+ }
+ String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER);
+ if (lastModifiedUser != null) {
+ dto.setLastModifiedUser(lastModifiedUser);
+ }
+ dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE));
+
+ String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE);
+ if (policyReferences != null && !policyReferences.trim().isEmpty()) {
+ dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
+ }
+
+ String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE);
+ if (policySetReferences != null && !policySetReferences.trim().isEmpty()) {
+ dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
+ }
+
+ dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE));
+ String basicPolicyEditorMetaDataAmount =
+ resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
+ if (basicPolicyEditorMetaDataAmount != null) {
+ int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount);
+ String[] basicPolicyEditorMetaData = new String[amount];
+ for (int i = 0; i < amount; i++) {
+ basicPolicyEditorMetaData[i] = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i);
+ }
+ dto.setPolicyEditorData(basicPolicyEditorMetaData);
+ }
+ PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder();
+ dto.setAttributeDTOs(
+ policyAttributeBuilder.getPolicyMetaDataFromRegistryProperties(resource.getProperties()));
+
+ return dto;
+
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while retrieving entitlement policy PAP policy store", e);
+ }
+
+ }
+
+ /**
+ * Returns given policy as a registry resource.
+ *
+ * @param policyId policy id
+ * @return policy as a registry resource
+ * @throws EntitlementException If an error occurs
+ */
+ private Resource getPolicyResource(String policyId) throws EntitlementException {
+
+ String path;
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Retrieving entitlement policy %s", policyId));
+ }
+
+ try {
+ path = policyStorePath + policyId;
+ Registry registry = getRegistry();
+ if (!registry.resourceExists(path)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format(INVALID_ENTITLEMENT_POLICY, policyId));
+ }
+ return null;
+ }
+ return registry.get(path);
+ } catch (RegistryException e) {
+ throw new EntitlementException(String.format("Error while retrieving entitlement policy : %s", policyId),
+ e);
+ }
+ }
+
+ /**
+ * Reads All ordered active policies as PolicyDTO.
+ *
+ * @param active only return active policies
+ * @param order return ordered policy
+ * @return Array of PolicyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ private PolicyStoreDTO[] getAllPolicies(boolean active, boolean order) throws EntitlementException {
+
+ Resource[] resources;
+ resources = getAllPolicyResource();
+
+ if (resources.length == 0) {
+ return new PolicyStoreDTO[0];
+ }
+ List policyDTOList = new ArrayList<>();
+ for (Resource resource : resources) {
+ PolicyStoreDTO policyDTO = readPolicy(resource);
+ if (active) {
+ if (policyDTO.isActive()) {
+ policyDTOList.add(policyDTO);
+ }
+ } else {
+ policyDTOList.add(policyDTO);
+ }
+ }
+
+ PolicyStoreDTO[] policyDTOs = policyDTOList.toArray(new PolicyStoreDTO[0]);
+
+ if (order) {
+ Arrays.sort(policyDTOs, new PolicyOrderComparator());
+ }
+ return policyDTOs;
+ }
+
+ /**
+ * Returns all the policies as registry resources.
+ *
+ * @return policies as Resource[]
+ * @throws EntitlementException If an error occurs
+ */
+ private Resource[] getAllPolicyResource() throws EntitlementException {
+
+ String path;
+ Collection collection;
+ List resources = new ArrayList<>();
+ String[] children;
+
+ LOG.debug("Retrieving all entitlement policies");
+ try {
+ path = policyStorePath;
+ Registry registry = getRegistry();
+ if (!registry.resourceExists(path)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Invalid policy store path %s", path));
+ }
+ return new Resource[0];
+ }
+ collection = (Collection) registry.get(path);
+ children = collection.getChildren();
+
+ for (String aChildren : children) {
+ resources.add(registry.get(aChildren));
+ }
+
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while retrieving entitlement policies", e);
+ }
+
+ return resources.toArray(new Resource[0]);
+ }
+
+ /**
+ * Gets all policy IDs.
+ *
+ * @param path policy registry path
+ * @return list of policy IDs
+ * @throws EntitlementException If an error occurs
+ */
+ private List listAllPolicyIds(String path) throws EntitlementException {
+
+ Collection collection;
+ String[] children;
+ List resources = new ArrayList<>();
+
+ LOG.debug("Retrieving all entitlement policy ids");
+ try {
+ Registry registry = getRegistry();
+ if (!registry.resourceExists(path)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Invalid policy path %s", path));
+ }
+ return Collections.emptyList();
+ }
+ collection = (Collection) registry.get(path);
+ children = collection.getChildren();
+ for (String child : children) {
+ String id = child.substring(child.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1);
+ resources.add(id);
+ }
+
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while retrieving entitlement policy resources", e);
+ }
+
+ return resources;
+ }
+
+ /**
+ * Reads PolicyDTO for given registry resource.
+ *
+ * @param resource Registry resource
+ * @return PolicyDTO
+ * @throws EntitlementException If an error occurs
+ */
+ private PolicyStoreDTO readPolicy(Resource resource) throws EntitlementException {
+
+ String policy;
+ AbstractPolicy absPolicy;
+ PolicyStoreDTO dto;
+
+ try {
+ if (resource.getContent() == null) {
+ throw new EntitlementException("Error while loading entitlement policy. Policy content is null");
+ }
+ policy = new String((byte[]) resource.getContent(), StandardCharsets.UTF_8);
+ absPolicy = PAPPolicyReader.getInstance(null).getPolicy(policy);
+ dto = new PolicyStoreDTO();
+ dto.setPolicyId(absPolicy.getId().toASCIIString());
+ dto.setPolicy(policy);
+ String policyOrder = resource.getProperty("order");
+ if (policyOrder != null) {
+ dto.setPolicyOrder(Integer.parseInt(policyOrder));
+ } else {
+ dto.setPolicyOrder(0);
+ }
+ String policyActive = resource.getProperty("active");
+ if (policyActive != null) {
+ dto.setActive(Boolean.parseBoolean(policyActive));
+ }
+ PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder();
+ dto.setAttributeDTOs(policyAttributeBuilder.
+ getPolicyMetaDataFromRegistryProperties(resource.getProperties()));
+ return dto;
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while loading entitlement policy", e);
+ }
+ }
+
+ /**
+ * Updates the given registry resource.
+ *
+ * @param policy publishing policy
+ * @param collectionPath registry collection path
+ * @param policyPath registry resource path
+ * @throws EntitlementException If an error occurs
+ */
+ private void updateResource(PolicyStoreDTO policy, String collectionPath, String policyPath)
+ throws EntitlementException {
+
+ Collection policyCollection;
+ Resource resource;
+
+ try {
+ Registry registry = getRegistry();
+ policyCollection = (Collection) registry.get(collectionPath);
+ resource = registry.get(policyPath);
+
+ if (policy.isSetActive()) {
+ resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive()));
+ }
+ if (policy.isSetOrder()) {
+ int order = policy.getPolicyOrder();
+ if (order > 0) {
+ if (Objects.equals(collectionPath, PDPConstants.ENTITLEMENT_POLICY_PAP)) {
+ String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
+ if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < order) {
+ policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(order));
+ registry.put(PDPConstants.ENTITLEMENT_POLICY_PAP, policyCollection);
+ }
+ }
+ resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(order));
+ }
+ }
+
+ if (policy.isSetOrder() || policy.isSetActive()) {
+ resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis()));
+ resource.setProperty(PDPConstants.LAST_MODIFIED_USER,
+ CarbonContext.getThreadLocalCarbonContext().getUsername());
+ }
+
+ registry.put(policyPath, resource);
+
+ } catch (RegistryException e) {
+ throw new EntitlementException(ERROR_PUBLISHING_POLICY, e);
+ }
+ }
+
+ private Registry getRegistry() {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ return EntitlementServiceComponent.getGovernanceRegistry(tenantId);
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistrySubscriberPersistenceManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistrySubscriberPersistenceManager.java
new file mode 100644
index 000000000000..7c5d29d5e065
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/RegistrySubscriberPersistenceManager.java
@@ -0,0 +1,335 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.core.util.CryptoException;
+import org.wso2.carbon.core.util.CryptoUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.EntitlementUtil;
+import org.wso2.carbon.identity.entitlement.PDPConstants;
+import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
+import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO;
+import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
+import org.wso2.carbon.registry.core.Collection;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.RegistryConstants;
+import org.wso2.carbon.registry.core.Resource;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import static org.wso2.carbon.identity.entitlement.PDPConstants.SUBSCRIBER_ID;
+
+/**
+ * This implementation handles the subscriber management in the Registry.
+ */
+public class RegistrySubscriberPersistenceManager implements SubscriberPersistenceManager {
+
+ // The logger that is used for all messages
+ private static final Log LOG = LogFactory.getLog(RegistrySubscriberPersistenceManager.class);
+ private final Registry registry;
+
+ public RegistrySubscriberPersistenceManager() {
+
+ int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+ this.registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId);
+ }
+
+ /**
+ * Adds a subscriber.
+ *
+ * @param holder publisher data holder
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public void addSubscriber(PublisherDataHolder holder) throws EntitlementException {
+
+ persistSubscriber(holder, false);
+ }
+
+ /**
+ * Gets the requested subscriber.
+ *
+ * @param subscriberId subscriber ID
+ * @param shouldDecryptSecrets whether the subscriber should get returned with secret(decrypted) values or not
+ * @return publisher data holder
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public PublisherDataHolder getSubscriber(String subscriberId, boolean shouldDecryptSecrets)
+ throws EntitlementException {
+
+ try {
+ if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR + subscriberId)) {
+ Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR + subscriberId);
+
+ return getPublisherDataHolder(resource, shouldDecryptSecrets);
+ }
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while retrieving subscriber detail of id : " + subscriberId, e);
+ }
+
+ throw new EntitlementException("No Subscriber is defined for the given Id");
+
+ }
+
+ /**
+ * Gets all subscriber IDs.
+ *
+ * @param filter search string
+ * @return list of subscriber IDs
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public List listSubscriberIds(String filter) throws EntitlementException {
+
+ try {
+ if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR)) {
+ Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR);
+ Collection collection = (Collection) resource;
+ List list = new ArrayList<>();
+ if (collection.getChildCount() > 0) {
+ for (String path : collection.getChildren()) {
+ Resource childResource = registry.get(path);
+ if (childResource != null && childResource.getProperty(SUBSCRIBER_ID) != null) {
+ list.add(childResource.getProperty(SUBSCRIBER_ID));
+ }
+ }
+ }
+ return EntitlementUtil.filterSubscribers(list, filter);
+ }
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while retrieving subscriber ids", e);
+ }
+ return Collections.emptyList();
+ }
+
+ /**
+ * Updates a subscriber.
+ *
+ * @param holder publisher data holder
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public void updateSubscriber(PublisherDataHolder holder) throws EntitlementException {
+
+ persistSubscriber(holder, true);
+ }
+
+ /**
+ * Removes the subscriber of the given subscriber ID.
+ *
+ * @param subscriberId subscriber ID
+ * @throws EntitlementException If an error occurs
+ */
+ @Override
+ public void removeSubscriber(String subscriberId) throws EntitlementException {
+
+ String subscriberPath;
+
+ if (subscriberId == null) {
+ throw new EntitlementException("Subscriber Id can not be null");
+ }
+
+ if (EntitlementConstants.PDP_SUBSCRIBER_ID.equals(subscriberId.trim())) {
+ throw new EntitlementException("Can not delete PDP publisher");
+ }
+
+ try {
+ subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR + subscriberId;
+
+ if (registry.resourceExists(subscriberPath)) {
+ registry.delete(subscriberPath);
+ }
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while deleting subscriber details", e);
+ }
+ }
+
+ /**
+ * Checks whether a subscriber exists.
+ *
+ * @param subscriberId subscriber ID.
+ * @return whether the subscriber exists or not.
+ * @throws EntitlementException If an error occurs.
+ */
+ public boolean isSubscriberExists(String subscriberId) throws EntitlementException {
+
+ try {
+ return registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR + subscriberId);
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while checking subscriber existence", e);
+ }
+ }
+
+ /**
+ * Adds or updates a subscriber.
+ *
+ * @param holder publisher data holder
+ * @param isUpdate whether the operation is an update or an addition
+ * @throws EntitlementException If an error occurs
+ */
+ private void persistSubscriber(PublisherDataHolder holder, boolean isUpdate) throws EntitlementException {
+
+ Collection policyCollection;
+ String subscriberPath;
+ String subscriberId = EntitlementUtil.resolveSubscriberId(holder);
+ if (subscriberId == null) {
+ throw new EntitlementException("Subscriber Id can not be null");
+ }
+
+ try {
+ if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER)) {
+ policyCollection = registry.newCollection();
+ registry.put(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER, policyCollection);
+ }
+
+ subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
+ RegistryConstants.PATH_SEPARATOR + subscriberId;
+
+ Resource resource;
+
+ PublisherDataHolder oldHolder = null;
+ if (registry.resourceExists(subscriberPath)) {
+ if (isUpdate) {
+ resource = registry.get(subscriberPath);
+ oldHolder = getPublisherDataHolder(resource, false);
+ } else {
+ throw new EntitlementException("Subscriber ID already exists");
+ }
+ } else {
+ resource = registry.newResource();
+ }
+
+ populateProperties(holder, oldHolder, resource);
+ registry.put(subscriberPath, resource);
+
+ } catch (RegistryException e) {
+ throw new EntitlementException("Error while persisting subscriber details", e);
+ }
+ }
+
+ /**
+ * Populate subscriber properties.
+ *
+ * @param holder subscriber data holder
+ * @param oldHolder old publisher data holder
+ * @param resource registry resource
+ */
+ private void populateProperties(PublisherDataHolder holder, PublisherDataHolder oldHolder, Resource resource)
+ throws EntitlementException {
+
+ PublisherPropertyDTO[] propertyDTOs = holder.getPropertyDTOs();
+ for (PublisherPropertyDTO dto : propertyDTOs) {
+ if (StringUtils.isNotBlank(dto.getId()) && StringUtils.isNotBlank(dto.getValue())) {
+ ArrayList list = new ArrayList<>();
+ if (dto.isSecret()) {
+ PublisherPropertyDTO propertyDTO = null;
+ if (oldHolder != null) {
+ propertyDTO = oldHolder.getPropertyDTO(dto.getId());
+ }
+ if (propertyDTO == null || !propertyDTO.getValue().equalsIgnoreCase(dto.getValue())) {
+ try {
+ String encryptedValue = CryptoUtil.getDefaultCryptoUtil().
+ encryptAndBase64Encode(dto.getValue().getBytes());
+ dto.setValue(encryptedValue);
+ } catch (CryptoException e) {
+ throw new EntitlementException("Error while encrypting secret value of subscriber. Update" +
+ " cannot proceed.", e);
+ }
+ }
+ }
+ list.add(dto.getValue());
+ list.add(dto.getDisplayName());
+ list.add(Integer.toString(dto.getDisplayOrder()));
+ list.add(Boolean.toString(dto.isRequired()));
+ list.add(Boolean.toString(dto.isSecret()));
+ resource.setProperty(dto.getId(), list);
+ }
+ }
+ resource.setProperty(PublisherDataHolder.MODULE_NAME, holder.getModuleName());
+ }
+
+ private PublisherDataHolder getPublisherDataHolder(Resource resource, boolean returnSecrets) {
+
+ List propertyDTOs = new ArrayList<>();
+ String moduleName = null;
+ if (resource != null && resource.getProperties() != null) {
+ Properties properties = resource.getProperties();
+ for (Map.Entry entry : properties.entrySet()) {
+ PublisherPropertyDTO dto = new PublisherPropertyDTO();
+ dto.setId((String) entry.getKey());
+ Object value = entry.getValue();
+ if (value instanceof ArrayList) {
+ List list = (ArrayList) entry.getValue();
+ if (!list.isEmpty() && list.get(0) != null) {
+ dto.setValue((String) list.get(0));
+
+ if (list.size() > 1 && list.get(1) != null) {
+ dto.setDisplayName((String) list.get(1));
+ }
+ if (list.size() > 2 && list.get(2) != null) {
+ dto.setDisplayOrder(Integer.parseInt((String) list.get(2)));
+ }
+ if (list.size() > 3 && list.get(3) != null) {
+ dto.setRequired(Boolean.parseBoolean((String) list.get(3)));
+ }
+ if (list.size() > 4 && list.get(4) != null) {
+ dto.setSecret(Boolean.parseBoolean((String) list.get(4)));
+ }
+
+ if (dto.isSecret() && returnSecrets) {
+ String password = dto.getValue();
+ try {
+ password = new String(CryptoUtil.getDefaultCryptoUtil().
+ base64DecodeAndDecrypt(dto.getValue()));
+ } catch (CryptoException e) {
+ LOG.error(e);
+ // ignore
+ }
+ dto.setValue(password);
+ }
+ }
+ }
+ if (PublisherDataHolder.MODULE_NAME.equals(dto.getId())) {
+ moduleName = dto.getValue();
+ continue;
+ }
+
+ propertyDTOs.add(dto);
+ }
+ }
+ return new PublisherDataHolder(propertyDTOs, moduleName);
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/SubscriberPersistenceManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/SubscriberPersistenceManager.java
new file mode 100644
index 000000000000..196014879c48
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/SubscriberPersistenceManager.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence;
+
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
+
+import java.util.List;
+
+/**
+ * This interface supports the management of subscribers.
+ */
+public interface SubscriberPersistenceManager {
+
+ /**
+ * Adds a subscriber.
+ *
+ * @param holder publisher data holder
+ * @throws EntitlementException If an error occurs
+ */
+ void addSubscriber(PublisherDataHolder holder) throws EntitlementException;
+
+ /**
+ * Gets the requested subscriber.
+ *
+ * @param subscriberId subscriber ID
+ * @param shouldDecryptSecrets whether the subscriber should get returned with secret(decrypted) values or not
+ * @return publisher data holder
+ * @throws EntitlementException If an error occurs
+ */
+ PublisherDataHolder getSubscriber(String subscriberId, boolean shouldDecryptSecrets) throws EntitlementException;
+
+ /**
+ * Lists all subscriber IDs.
+ *
+ * @param filter search string
+ * @return list of subscriber IDs
+ * @throws EntitlementException If an error occurs
+ */
+ List listSubscriberIds(String filter) throws EntitlementException;
+
+ /**
+ * Updates a subscriber.
+ *
+ * @param holder publisher data holder
+ * @throws EntitlementException If an error occurs
+ */
+ void updateSubscriber(PublisherDataHolder holder) throws EntitlementException;
+
+ /**
+ * Removes the subscriber of the given subscriber ID.
+ *
+ * @param subscriberId subscriber ID
+ * @throws EntitlementException If an error occurs
+ */
+ void removeSubscriber(String subscriberId) throws EntitlementException;
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedConfigDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedConfigDAO.java
new file mode 100644
index 000000000000..0e19ae496ff2
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedConfigDAO.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.cache;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.PDPConstants;
+import org.wso2.carbon.identity.entitlement.cache.ConfigCache;
+import org.wso2.carbon.identity.entitlement.persistence.dao.ConfigDAO;
+
+public class CacheBackedConfigDAO extends ConfigDAO {
+
+ private static final Log LOG = LogFactory.getLog(CacheBackedConfigDAO.class);
+ private final ConfigCache configCache = ConfigCache.getInstance();
+ private static final CacheBackedConfigDAO instance = new CacheBackedConfigDAO();
+
+ private CacheBackedConfigDAO() {
+
+ }
+
+ public static CacheBackedConfigDAO getInstance() {
+
+ return instance;
+ }
+
+ @Override
+ public String getPolicyCombiningAlgorithm(int tenantId) throws EntitlementException {
+
+ String algorithm = configCache.getValueFromCache(PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM, tenantId);
+ if (algorithm != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in ConfigCache for policy combining algorithm for tenant: %s",
+ tenantId));
+ }
+ return algorithm;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in ConfigCache for policy combining algorithm for tenant: %s",
+ tenantId));
+ }
+ algorithm = super.getPolicyCombiningAlgorithm(tenantId);
+ configCache.addToCache(PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM, algorithm, tenantId);
+
+ return algorithm;
+ }
+
+ @Override
+ public void insertPolicyCombiningAlgorithm(String policyCombiningAlgorithm, int tenantId)
+ throws EntitlementException {
+
+ super.insertPolicyCombiningAlgorithm(policyCombiningAlgorithm, tenantId);
+ configCache.addToCache(PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM, policyCombiningAlgorithm, tenantId);
+ }
+
+ @Override
+ public void updatePolicyCombiningAlgorithm(String policyCombiningAlgorithm, int tenantId)
+ throws EntitlementException {
+
+ super.updatePolicyCombiningAlgorithm(policyCombiningAlgorithm, tenantId);
+ configCache.addToCache(PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM, policyCombiningAlgorithm, tenantId);
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedPolicyDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedPolicyDAO.java
new file mode 100644
index 000000000000..c1b59c1b45dd
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedPolicyDAO.java
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.cache;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.cache.PapPolicyCache;
+import org.wso2.carbon.identity.entitlement.cache.PapPolicyListCache;
+import org.wso2.carbon.identity.entitlement.cache.PdpPolicyCache;
+import org.wso2.carbon.identity.entitlement.cache.PdpPolicyListCache;
+import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
+import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
+import org.wso2.carbon.identity.entitlement.persistence.dao.PolicyDAO;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class CacheBackedPolicyDAO extends PolicyDAO {
+
+ private static final Log LOG = LogFactory.getLog(CacheBackedPolicyDAO.class);
+ private final PapPolicyCache papPolicyCache = PapPolicyCache.getInstance();
+ private final PapPolicyListCache papPolicyListCache = PapPolicyListCache.getInstance();
+ private final PdpPolicyCache pdpPolicyCache = PdpPolicyCache.getInstance();
+ private final PdpPolicyListCache pdpPolicyListCache = PdpPolicyListCache.getInstance();
+ private static final String PAP_POLICY_LIST_CACHE_KEY = "PAP_POLICY_LIST_CACHE_KEY";
+ private static final String PDP_POLICY_LIST_CACHE_KEY = "PDP_POLICY_LIST_CACHE_KEY";
+
+ private static final CacheBackedPolicyDAO instance = new CacheBackedPolicyDAO();
+
+ private CacheBackedPolicyDAO() {
+
+ }
+
+ public static CacheBackedPolicyDAO getInstance() {
+
+ return instance;
+ }
+
+ @Override
+ public void insertPolicy(PolicyDTO policy, int tenantId) throws EntitlementException {
+
+ super.insertPolicy(policy, tenantId);
+ papPolicyCache.addToCache(policy.getPolicyId(), policy, tenantId);
+ papPolicyListCache.clearCacheEntry(PAP_POLICY_LIST_CACHE_KEY, tenantId);
+ }
+
+ @Override
+ public PolicyDTO getPAPPolicy(String policyId, int tenantId) throws EntitlementException {
+
+ PolicyDTO policy = papPolicyCache.getValueFromCache(policyId, tenantId);
+ if (policy != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in PapPolicyCache for policy: %s for tenant: %s",
+ policyId, tenantId));
+ }
+ return policy;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in PapPolicyCache for policy: %s for tenant: %s", policyId, tenantId));
+ }
+ policy = super.getPAPPolicy(policyId, tenantId);
+ papPolicyCache.addToCache(policyId, policy, tenantId);
+ return policy;
+ }
+
+ @Override
+ public List getAllPAPPolicies(int tenantId) throws EntitlementException {
+
+ List policies = papPolicyListCache.getValueFromCache(PAP_POLICY_LIST_CACHE_KEY, tenantId);
+ if (policies != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in PapPolicyListCache for policies for tenant: %s", tenantId));
+ }
+ return policies;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in PapPolicyListCache for policies for tenant: %s", tenantId));
+ }
+ policies = super.getAllPAPPolicies(tenantId);
+ papPolicyListCache.addToCache(PAP_POLICY_LIST_CACHE_KEY, (ArrayList) policies, tenantId);
+ return policies;
+ }
+
+ @Override
+ public void deletePAPPolicy(String policyId, int tenantId) throws EntitlementException {
+
+ super.deletePAPPolicy(policyId, tenantId);
+ papPolicyCache.clearCacheEntry(policyId, tenantId);
+ papPolicyListCache.clearCacheEntry(PAP_POLICY_LIST_CACHE_KEY, tenantId);
+ }
+
+ @Override
+ public PolicyStoreDTO getPDPPolicy(String policyId, int tenantId) {
+
+ PolicyStoreDTO policy = pdpPolicyCache.getValueFromCache(policyId, tenantId);
+ if (policy != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in PdpPolicyCache for policy: %s for tenant: %s",
+ policyId, tenantId));
+ }
+ return policy;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in PdpPolicyCache for policy: %s for tenant: %s", policyId, tenantId));
+ }
+ policy = super.getPDPPolicy(policyId, tenantId);
+ pdpPolicyCache.addToCache(policyId, policy, tenantId);
+ return policy;
+ }
+
+ @Override
+ public PolicyStoreDTO[] getAllPDPPolicies(int tenantId) throws EntitlementException {
+
+ PolicyStoreDTO[] policies = pdpPolicyListCache.getValueFromCache(PDP_POLICY_LIST_CACHE_KEY, tenantId);
+ if (policies != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in PdpPolicyListCache for policies for tenant: %s", tenantId));
+ }
+ return policies;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in PdpPolicyListCache for policies for tenant: %s", tenantId));
+ }
+ policies = super.getAllPDPPolicies(tenantId);
+ pdpPolicyListCache.addToCache(PDP_POLICY_LIST_CACHE_KEY, policies, tenantId);
+ return policies;
+ }
+
+ @Override
+ public void insertOrUpdatePolicy(PolicyStoreDTO policy, int tenantId) throws EntitlementException {
+
+ super.insertOrUpdatePolicy(policy, tenantId);
+ pdpPolicyCache.addToCache(policy.getPolicyId(), policy, tenantId);
+ pdpPolicyListCache.clearCacheEntry(PDP_POLICY_LIST_CACHE_KEY, tenantId);
+ papPolicyCache.clearCacheEntry(policy.getPolicyId(), tenantId);
+ papPolicyListCache.clearCacheEntry(PAP_POLICY_LIST_CACHE_KEY, tenantId);
+ }
+
+ @Override
+ public void updateActiveStatusAndOrder(PolicyStoreDTO policy, int tenantId) throws EntitlementException {
+
+ super.updateActiveStatusAndOrder(policy, tenantId);
+ pdpPolicyCache.clearCacheEntry(policy.getPolicyId(), tenantId);
+ pdpPolicyListCache.clearCacheEntry(PDP_POLICY_LIST_CACHE_KEY, tenantId);
+ papPolicyCache.clearCacheEntry(policy.getPolicyId(), tenantId);
+ papPolicyListCache.clearCacheEntry(PAP_POLICY_LIST_CACHE_KEY, tenantId);
+ }
+
+ @Override
+ public int getPublishedVersion(PolicyStoreDTO policy, int tenantId) throws EntitlementException {
+
+ String policyId = policy.getPolicyId();
+ PolicyStoreDTO cachedPolicy = pdpPolicyCache.getValueFromCache(policyId, tenantId);
+ if (cachedPolicy != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in PdpPolicyCache for policy: %s for tenant: %s",
+ policyId, tenantId));
+ }
+ return Integer.parseInt(cachedPolicy.getVersion());
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in PdpPolicyCache for policy: %s for tenant: %s", policyId, tenantId));
+ }
+ return super.getPublishedVersion(policy, tenantId);
+ }
+
+ @Override
+ public boolean unpublishPolicy(String policyId, int tenantId) {
+
+ boolean isSuccess = super.unpublishPolicy(policyId, tenantId);
+ pdpPolicyCache.clearCacheEntry(policyId, tenantId);
+ pdpPolicyListCache.clearCacheEntry(PDP_POLICY_LIST_CACHE_KEY, tenantId);
+ papPolicyCache.clearCacheEntry(policyId, tenantId);
+ papPolicyListCache.clearCacheEntry(PAP_POLICY_LIST_CACHE_KEY, tenantId);
+ return isSuccess;
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedSubscriberDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedSubscriberDAO.java
new file mode 100644
index 000000000000..c8bc9bbd01fb
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/cache/CacheBackedSubscriberDAO.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.cache;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.cache.SubscriberCache;
+import org.wso2.carbon.identity.entitlement.cache.SubscriberIdListCache;
+import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
+import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO;
+import org.wso2.carbon.identity.entitlement.persistence.dao.SubscriberDAO;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class CacheBackedSubscriberDAO extends SubscriberDAO {
+
+ private static final Log LOG = LogFactory.getLog(CacheBackedSubscriberDAO.class);
+ private final SubscriberCache subscriberCache = SubscriberCache.getInstance();
+ private final SubscriberIdListCache subscriberIdListCache = SubscriberIdListCache.getInstance();
+ private static final String SUBSCRIBER_ID_LIST_CACHE_KEY = "SUBSCRIBER_ID_LIST_CACHE_KEY";
+ private static final CacheBackedSubscriberDAO instance = new CacheBackedSubscriberDAO();
+
+ private CacheBackedSubscriberDAO() {
+
+ }
+
+ public static CacheBackedSubscriberDAO getInstance() {
+
+ return instance;
+ }
+
+ @Override
+ public PublisherDataHolder getSubscriber(String subscriberId, int tenantId) throws EntitlementException {
+
+ PublisherDataHolder subscriber = subscriberCache.getValueFromCache(subscriberId, tenantId);
+ if (subscriber != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in SubscriberCache for subscriber: %s for tenant: %s",
+ subscriberId, tenantId));
+ }
+ return subscriber;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in SubscriberCache for subscriber: %s for tenant: %s",
+ subscriberId, tenantId));
+ }
+ subscriber = super.getSubscriber(subscriberId, tenantId);
+ subscriberCache.addToCache(subscriberId, subscriber, tenantId);
+ return subscriber;
+ }
+
+ @Override
+ public List getSubscriberIds(int tenantId) throws EntitlementException {
+
+ List subscriberIds = subscriberIdListCache.getValueFromCache(SUBSCRIBER_ID_LIST_CACHE_KEY, tenantId);
+ if (subscriberIds != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache hit in SubscriberIdListCache for subscriber ids for tenant: %s",
+ tenantId));
+ }
+ return subscriberIds;
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Cache miss in SubscriberIdListCache for subscriber ids for tenant: %s", tenantId));
+ }
+ subscriberIds = super.getSubscriberIds(tenantId);
+ subscriberIdListCache.addToCache(SUBSCRIBER_ID_LIST_CACHE_KEY, (ArrayList) subscriberIds, tenantId);
+ return subscriberIds;
+ }
+
+ @Override
+ public void insertSubscriber(String subscriberId, PublisherDataHolder holder, int tenantId)
+ throws EntitlementException {
+
+ super.insertSubscriber(subscriberId, holder, tenantId);
+ subscriberCache.addToCache(subscriberId, holder, tenantId);
+ subscriberIdListCache.clearCacheEntry(SUBSCRIBER_ID_LIST_CACHE_KEY, tenantId);
+ }
+
+ @Override
+ public void updateSubscriber(String subscriberId, String updatedModuleName,
+ PublisherPropertyDTO[] updatedPropertyDTOS, int tenantId)
+ throws EntitlementException {
+
+ super.updateSubscriber(subscriberId, updatedModuleName, updatedPropertyDTOS, tenantId);
+ subscriberCache.clearCacheEntry(subscriberId, tenantId);
+ }
+
+ @Override
+ public void deleteSubscriber(String subscriberId, int tenantId) throws EntitlementException {
+
+ super.deleteSubscriber(subscriberId, tenantId);
+ subscriberCache.clearCacheEntry(subscriberId, tenantId);
+ subscriberIdListCache.clearCacheEntry(SUBSCRIBER_ID_LIST_CACHE_KEY, tenantId);
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/ConfigDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/ConfigDAO.java
new file mode 100644
index 000000000000..4504d3821da4
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/ConfigDAO.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.dao;
+
+import org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement;
+import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.PDPConstants;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.CONFIG_KEY;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.CONFIG_VALUE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.TENANT_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_POLICY_COMBINING_ALGORITHM_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_COMBINING_ALGORITHM_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.UPDATE_POLICY_COMBINING_ALGORITHM_SQL;
+
+/**
+ * This class handles the JDBC operations related to the global policy combining algorithm.
+ */
+public class ConfigDAO {
+
+ /**
+ * Get the policy combining algorithm from the data store.
+ *
+ * @return policy combining algorithm.
+ */
+ public String getPolicyCombiningAlgorithm(int tenantId) throws EntitlementException {
+
+ String algorithm = null;
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement getPolicyCombiningAlgoPrepStmt = new NamedPreparedStatement(connection,
+ GET_POLICY_COMBINING_ALGORITHM_SQL)) {
+ getPolicyCombiningAlgoPrepStmt.setString(CONFIG_KEY, PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM);
+ getPolicyCombiningAlgoPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet rs = getPolicyCombiningAlgoPrepStmt.executeQuery()) {
+ if (rs.next()) {
+ algorithm = rs.getString(CONFIG_VALUE);
+ }
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(
+ "Error while getting Global Policy Combining Algorithm from policy data store.", e);
+ }
+ return algorithm;
+ }
+
+ /**
+ * Set the policy combining algorithm in the data store.
+ *
+ * @param policyCombiningAlgorithm policy combining algorithm to set.
+ * @param tenantId tenant id.
+ * @throws EntitlementException throws if fails.
+ */
+ public void insertPolicyCombiningAlgorithm(String policyCombiningAlgorithm, int tenantId)
+ throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement setPolicyCombiningAlgoPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_POLICY_COMBINING_ALGORITHM_SQL)) {
+ setPolicyCombiningAlgoPrepStmt.setString(CONFIG_KEY, PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM);
+ setPolicyCombiningAlgoPrepStmt.setString(CONFIG_VALUE, policyCombiningAlgorithm);
+ setPolicyCombiningAlgoPrepStmt.setInt(TENANT_ID, tenantId);
+ setPolicyCombiningAlgoPrepStmt.executeUpdate();
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while adding global policy combining algorithm in policy store", e);
+ }
+ }
+
+ /**
+ * Update the policy combining algorithm in the data store.
+ *
+ * @param policyCombiningAlgorithm policy combining algorithm to update.
+ * @param tenantId tenant id.
+ * @throws EntitlementException throws if fails.
+ */
+ public void updatePolicyCombiningAlgorithm(String policyCombiningAlgorithm, int tenantId)
+ throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement setPolicyCombiningAlgoPrepStmt = new NamedPreparedStatement(connection,
+ UPDATE_POLICY_COMBINING_ALGORITHM_SQL)) {
+ setPolicyCombiningAlgoPrepStmt.setString(CONFIG_KEY, PDPConstants.GLOBAL_POLICY_COMBINING_ALGORITHM);
+ setPolicyCombiningAlgoPrepStmt.setString(CONFIG_VALUE, policyCombiningAlgorithm);
+ setPolicyCombiningAlgoPrepStmt.setInt(TENANT_ID, tenantId);
+ setPolicyCombiningAlgoPrepStmt.executeUpdate();
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while updating global policy combining algorithm in policy store", e);
+ }
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/PolicyDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/PolicyDAO.java
new file mode 100644
index 000000000000..247a5c806dbb
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/PolicyDAO.java
@@ -0,0 +1,1030 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.dao;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement;
+import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.EntitlementUtil;
+import org.wso2.carbon.identity.entitlement.dto.AttributeDTO;
+import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
+import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Timestamp;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.List;
+import java.util.TimeZone;
+
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.ATTRIBUTE_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.ATTRIBUTE_VALUE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.CATEGORY;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.DATA_TYPE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.EDITOR_DATA;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.EDITOR_DATA_ORDER;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.IS_ACTIVE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.IS_IN_PAP;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.IS_IN_PDP;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.LAST_MODIFIED_TIME;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.LAST_MODIFIED_USER;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY_EDITOR;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY_ORDER;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY_TYPE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.REFERENCE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.SET_REFERENCE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.TENANT_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.VERSION;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_PAP_POLICY_ATTRIBUTES_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_PAP_POLICY_EDITOR_DATA_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_PAP_POLICY_REFS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_PAP_POLICY_SET_REFS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_PAP_POLICY_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_PAP_POLICY_BY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_PAP_POLICY_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_POLICY_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_POLICY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_PUBLISHED_VERSIONS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_UNPUBLISHED_POLICY_VERSIONS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_UNUSED_POLICY_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_ACTIVE_STATUS_AND_ORDER_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_ALL_PAP_POLICIES_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_ALL_PDP_POLICIES_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_LATEST_POLICY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_BY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_EDITOR_DATA_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_IDS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_META_DATA_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_REFS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_SET_REFS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PAP_POLICY_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PDP_POLICY_IDS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PDP_POLICY_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_PAP_PRESENCE_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_PDP_PRESENCE_BY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_PDP_PRESENCE_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_VERSIONS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_PUBLISHED_POLICY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.PUBLISH_POLICY_VERSION_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.RESTORE_ACTIVE_STATUS_AND_ORDER_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.UPDATE_ACTIVE_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.UPDATE_ORDER_SQL;
+
+import static java.time.ZoneOffset.UTC;
+
+/**
+ * This class handles the JDBC operations related to the policies.
+ */
+public class PolicyDAO {
+
+ private static final Log LOG = LogFactory.getLog(PolicyDAO.class);
+ private static final String IS_IN_PDP_1 = "IS_IN_PDP_1";
+ private static final boolean IN_PAP = true;
+ private static final boolean IN_PDP = true;
+ private static final boolean INACTIVE = false;
+ private static final int DEFAULT_POLICY_ORDER = 0;
+ private static final String ERROR_RETRIEVING_PAP_POLICY =
+ "Error while retrieving entitlement policy %s from the PAP policy store";
+
+ /**
+ * Insert a policy to PAP.
+ *
+ * @param policy policy.
+ */
+ public void insertPolicy(PolicyDTO policy, int tenantId) throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try {
+
+ insertPolicy(connection, policy, tenantId);
+ insertPolicyReferences(connection, policy, tenantId);
+ if (policy.getAttributeDTOs() != null && EntitlementUtil.isPolicyMetadataStoringEnabled()) {
+ insertPolicyAttributes(connection, policy, tenantId);
+ }
+ insertPolicyEditorData(connection, policy, tenantId);
+ IdentityDatabaseUtil.commitTransaction(connection);
+
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException("Error while adding or updating entitlement policy in policy store", e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Delete the given policy version from the PAP.
+ *
+ * @param policyId policyId.
+ * @param version version.
+ * @throws EntitlementException throws, if fails.
+ */
+ public void deletePAPPolicyVersion(String policyId, int version, int tenantId) throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("Removing policy version %s %s", policyId, version));
+ }
+ try (NamedPreparedStatement findPDPPresencePrepStmt = new NamedPreparedStatement(connection,
+ GET_POLICY_PDP_PRESENCE_BY_VERSION_SQL);
+ NamedPreparedStatement removePolicyFromPAPPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_PAP_POLICY_BY_VERSION_SQL);
+ NamedPreparedStatement removePolicyPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_POLICY_VERSION_SQL)) {
+
+ // Find whether the policy is published or not
+ findPDPPresencePrepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ findPDPPresencePrepStmt.setString(POLICY_ID, policyId);
+ findPDPPresencePrepStmt.setInt(VERSION, version);
+ findPDPPresencePrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet resultSet = findPDPPresencePrepStmt.executeQuery()) {
+
+ if (resultSet.next()) {
+ // Remove the policy version from the PAP (It is still present in PDP)
+ removePolicyFromPAPPrepStmt.setBoolean(IS_IN_PAP, !IN_PAP);
+ removePolicyFromPAPPrepStmt.setString(POLICY_ID, policyId);
+ removePolicyFromPAPPrepStmt.setInt(VERSION, version);
+ removePolicyFromPAPPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyFromPAPPrepStmt.executeUpdate();
+ } else {
+ // Remove the policy version from the database
+ removePolicyPrepStmt.setString(POLICY_ID, policyId);
+ removePolicyPrepStmt.setInt(VERSION, version);
+ removePolicyPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyPrepStmt.executeUpdate();
+ }
+ }
+ IdentityDatabaseUtil.commitTransaction(connection);
+
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException(String.format("Error while removing policy version %s %s from PAP policy " +
+ "store", policyId, version), e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Get a policy from PAP.
+ *
+ * @param policyId policyId.
+ * @throws EntitlementException throws, if fails.
+ */
+ public PolicyDTO getPAPPolicy(String policyId, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_PAP_POLICY_SQL)) {
+ prepStmt.setBoolean(IS_IN_PAP, IN_PAP);
+ prepStmt.setString(POLICY_ID, policyId);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet policy = prepStmt.executeQuery()) {
+ if (policy.next()) {
+ return getPolicyDTO(policy, connection);
+ }
+ return null;
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(String.format(ERROR_RETRIEVING_PAP_POLICY, policyId), e);
+ }
+ }
+
+ /**
+ * Get all PAP policies.
+ *
+ * @param tenantId tenant ID.
+ * @return list of policy DTOs.
+ */
+ public List getAllPAPPolicies(int tenantId) throws EntitlementException {
+
+ List policyDTOs = new ArrayList<>();
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_ALL_PAP_POLICIES_SQL)) {
+ prepStmt.setBoolean(IS_IN_PAP, IN_PAP);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet policies = prepStmt.executeQuery()) {
+ while (policies.next()) {
+ policyDTOs.add(getPolicyDTO(policies, connection));
+ }
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while retrieving entitlement policies from the PAP policy store", e);
+ }
+ return policyDTOs;
+ }
+
+ /**
+ * Get the latest policy version.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException throws, if fails.
+ */
+ public String getLatestPolicyVersion(String policyId, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection,
+ GET_LATEST_POLICY_VERSION_SQL)) {
+ prepStmt.setBoolean(IS_IN_PAP, IN_PAP);
+ prepStmt.setString(POLICY_ID, policyId);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet latestVersion = prepStmt.executeQuery()) {
+ if (latestVersion.next()) {
+ return String.valueOf(latestVersion.getInt(VERSION));
+ }
+ return null;
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(String.format("Error retrieving the latest version of the policy %s",
+ policyId), e);
+ }
+ }
+
+ /**
+ * Get the policy by version.
+ *
+ * @param policyId policy ID.
+ * @param version version.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException throws, if fails.
+ */
+ public PolicyDTO getPapPolicyByVersion(String policyId, String version, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection,
+ GET_PAP_POLICY_BY_VERSION_SQL)) {
+ prepStmt.setBoolean(IS_IN_PAP, IN_PAP);
+ prepStmt.setString(POLICY_ID, policyId);
+ prepStmt.setInt(VERSION, Integer.parseInt(version));
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet policy = prepStmt.executeQuery()) {
+ if (policy.next()) {
+ return getPolicyDTO(policy, connection);
+ } else {
+ throw new EntitlementException(
+ String.format("No policy with the given policyID %s and version %s exists", policyId,
+ version));
+ }
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(String.format(ERROR_RETRIEVING_PAP_POLICY, policyId), e);
+ }
+ }
+
+ /**
+ * Get all the versions of the policy.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @return latest version of the policy.
+ */
+ public List getPolicyVersions(String policyId, int tenantId) {
+
+ List versions = new ArrayList<>();
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_POLICY_VERSIONS_SQL)) {
+ prepStmt.setString(POLICY_ID, policyId);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet versionsSet = prepStmt.executeQuery()) {
+ while (versionsSet.next()) {
+ versions.add(String.valueOf(versionsSet.getInt(VERSION)));
+ }
+ }
+ }
+ } catch (SQLException e) {
+ LOG.error(String.format("Error while retrieving policy versions for policy %s", policyId), e);
+ }
+ return versions;
+ }
+
+ /**
+ * Get PAP policy ids.
+ *
+ * @param tenantId tenant ID.
+ * @return list of policy IDs.
+ * @throws EntitlementException If an error occurs.
+ */
+ public List getPAPPolicyIds(int tenantId) throws EntitlementException {
+
+ List policies = new ArrayList<>();
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_PAP_POLICY_IDS_SQL)) {
+ prepStmt.setBoolean(IS_IN_PAP, IN_PAP);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet policyIds = prepStmt.executeQuery()) {
+ while (policyIds.next()) {
+ policies.add(policyIds.getString(POLICY_ID));
+ }
+ if (policies.isEmpty()) {
+ LOG.debug("No PAP policies found");
+ }
+ return policies;
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(
+ "Error while retrieving entitlement policy identifiers from PAP policy store", e);
+ }
+ }
+
+ /**
+ * Delete a policy from PAP.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public void deletePAPPolicy(String policyId, int tenantId) throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try {
+ if (isPolicyPublished(policyId, tenantId)) {
+ try (NamedPreparedStatement removePolicyByIdAndVersionPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_UNPUBLISHED_POLICY_VERSIONS_SQL);
+ NamedPreparedStatement removePolicyFromPAPPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_PAP_POLICY_SQL)) {
+
+ // Remove the unpublished versions of the policy from the database
+ removePolicyByIdAndVersionPrepStmt.setBoolean(IS_IN_PDP, !IN_PDP);
+ removePolicyByIdAndVersionPrepStmt.setString(POLICY_ID, policyId);
+ removePolicyByIdAndVersionPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyByIdAndVersionPrepStmt.executeUpdate();
+
+ // Remove the published version of the policy from the PAP (It is still present in PDP)
+ removePolicyFromPAPPrepStmt.setBoolean(IS_IN_PAP, !IN_PAP);
+ removePolicyFromPAPPrepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ removePolicyFromPAPPrepStmt.setString(POLICY_ID, policyId);
+ removePolicyFromPAPPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyFromPAPPrepStmt.executeUpdate();
+ }
+ } else {
+ try (NamedPreparedStatement removePolicyPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_POLICY_SQL)) {
+ // Remove the policy from the database
+ removePolicyPrepStmt.setString(POLICY_ID, policyId);
+ removePolicyPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyPrepStmt.executeUpdate();
+ }
+ }
+
+ IdentityDatabaseUtil.commitTransaction(connection);
+
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException(
+ String.format("Error while removing policy %s from PAP policy store", policyId), e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Check the existence of the policy in PAP.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @return whether the policy exists in PAP or not.
+ */
+ public boolean isPAPPolicyExists(String policyId, int tenantId) {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement getPolicyPublishStatus = new NamedPreparedStatement(connection,
+ GET_POLICY_PAP_PRESENCE_SQL)) {
+ getPolicyPublishStatus.setBoolean(IS_IN_PAP, IN_PAP);
+ getPolicyPublishStatus.setString(POLICY_ID, policyId);
+ getPolicyPublishStatus.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet rs = getPolicyPublishStatus.executeQuery()) {
+ return rs.next();
+ }
+ }
+ } catch (SQLException e) {
+ LOG.error(String.format("Error while checking the existence of the policy %s.", policyId), e);
+ return false;
+ }
+ }
+
+ /**
+ * Get the published policy from PDP.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @return latest version of the policy.
+ */
+ public PolicyStoreDTO getPDPPolicy(String policyId, int tenantId) {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_PDP_POLICY_SQL)) {
+ prepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ prepStmt.setString(POLICY_ID, policyId);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet resultSet = prepStmt.executeQuery()) {
+ if (resultSet.next()) {
+ PolicyStoreDTO dto = new PolicyStoreDTO();
+ String policyString = resultSet.getString(POLICY);
+ int version = resultSet.getInt(VERSION);
+ AttributeDTO[] attributes = getPolicyAttributes(connection, tenantId, policyId, version);
+
+ dto.setPolicyId(policyId);
+ dto.setPolicy(policyString);
+ dto.setPolicyOrder(resultSet.getInt(POLICY_ORDER));
+ dto.setActive(resultSet.getBoolean(IS_ACTIVE));
+ dto.setVersion(String.valueOf(version));
+ dto.setAttributeDTOs(attributes);
+ return dto;
+ }
+ }
+ }
+ } catch (SQLException e) {
+ LOG.error(String.format("Error while retrieving PDP policy %s", policyId), e);
+ }
+ return null;
+ }
+
+ /**
+ * Returns all the published policies as PolicyDTOs.
+ *
+ * @return policies as PolicyDTO[].
+ * @throws EntitlementException throws if fails.
+ */
+ public PolicyStoreDTO[] getAllPDPPolicies(int tenantId) throws EntitlementException {
+
+ List policies = new ArrayList<>();
+
+ LOG.debug("Retrieving all PDP entitlement policies");
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_ALL_PDP_POLICIES_SQL)) {
+ prepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet policySet = prepStmt.executeQuery()) {
+ while (policySet.next()) {
+ String policy = policySet.getString(POLICY);
+ String policyId = policySet.getString(POLICY_ID);
+ int version = policySet.getInt(VERSION);
+ AttributeDTO[] attributes = getPolicyAttributes(connection, tenantId, policyId, version);
+
+ PolicyStoreDTO dto = new PolicyStoreDTO();
+ dto.setPolicyId(policyId);
+ dto.setPolicy(policy);
+ dto.setPolicyOrder(policySet.getInt(POLICY_ORDER));
+ dto.setActive(policySet.getBoolean(IS_ACTIVE));
+ dto.setVersion(String.valueOf(version));
+ dto.setAttributeDTOs(attributes);
+ policies.add(dto);
+ }
+ return policies.toArray(new PolicyStoreDTO[0]);
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while retrieving PDP policies", e);
+ }
+ }
+
+ /**
+ * DAO method to get PDP policy ids.
+ *
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public List getPublishedPolicyIds(int tenantId) throws EntitlementException {
+
+ List policyIds = new ArrayList<>();
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection, GET_PDP_POLICY_IDS_SQL)) {
+ prepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet resultSet = prepStmt.executeQuery()) {
+ while (resultSet.next()) {
+ policyIds.add(resultSet.getString(POLICY_ID));
+ }
+ return policyIds;
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while retrieving PDP policy ids", e);
+ }
+ }
+
+ /**
+ * Publish a new policy version. For inserts, `isSetActive()` and `isSetOrder()` will be true. For updates, both
+ * will be false.
+ *
+ * @param policy policy.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public void insertOrUpdatePolicy(PolicyStoreDTO policy, int tenantId) throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try {
+ int version = Integer.parseInt(policy.getVersion());
+ if (policy.isSetActive()) {
+ updateActiveStatus(connection, policy, version, tenantId);
+ }
+ if (policy.isSetOrder() && policy.getPolicyOrder() > 0) {
+ updateOrder(connection, policy, version, tenantId);
+ }
+
+ boolean previousActive = false;
+ int previousOrder = 0;
+ if (!policy.isSetActive() && !policy.isSetOrder()) {
+ // Get active status and order of the previously published policy version.
+ try (NamedPreparedStatement getActiveStatusAndOrderPrepStmt = new NamedPreparedStatement(connection,
+ GET_ACTIVE_STATUS_AND_ORDER_SQL)) {
+ getActiveStatusAndOrderPrepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ getActiveStatusAndOrderPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ getActiveStatusAndOrderPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet rs = getActiveStatusAndOrderPrepStmt.executeQuery()) {
+ if (rs.next()) {
+ previousActive = rs.getBoolean(IS_ACTIVE);
+ previousOrder = rs.getInt(POLICY_ORDER);
+ }
+ }
+ }
+
+ // Remove previously published versions of the policy.
+ try (NamedPreparedStatement updatePublishStatusPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_PUBLISHED_VERSIONS_SQL)) {
+ updatePublishStatusPrepStmt.setBoolean(IS_IN_PDP, !IN_PDP);
+ updatePublishStatusPrepStmt.setBoolean(IS_ACTIVE, INACTIVE);
+ updatePublishStatusPrepStmt.setInt(POLICY_ORDER, DEFAULT_POLICY_ORDER);
+ updatePublishStatusPrepStmt.setBoolean(IS_IN_PDP_1, IN_PDP);
+ updatePublishStatusPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ updatePublishStatusPrepStmt.setInt(TENANT_ID, tenantId);
+ updatePublishStatusPrepStmt.executeUpdate();
+ }
+
+ // When removing previously published versions,
+ // If the policy has been already removed from PAP, remove the policy from the database.
+ try (NamedPreparedStatement removePolicyPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_UNUSED_POLICY_SQL)) {
+ removePolicyPrepStmt.setBoolean(IS_IN_PAP, !IN_PAP);
+ removePolicyPrepStmt.setBoolean(IS_IN_PDP, !IN_PDP);
+ removePolicyPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ removePolicyPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyPrepStmt.executeUpdate();
+ }
+ }
+
+ // Publish the given version of the policy
+ publishPolicyVersion(policy, tenantId, connection, version);
+
+ // If this is an update, keep the previous active status and order
+ if (!policy.isSetActive() && !policy.isSetOrder()) {
+ try (NamedPreparedStatement updatePolicyStatusAndOrderPrepStmt = new NamedPreparedStatement(connection,
+ RESTORE_ACTIVE_STATUS_AND_ORDER_SQL)) {
+ updatePolicyStatusAndOrderPrepStmt.setBoolean(IS_ACTIVE, previousActive);
+ updatePolicyStatusAndOrderPrepStmt.setInt(POLICY_ORDER, previousOrder);
+ updatePolicyStatusAndOrderPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ updatePolicyStatusAndOrderPrepStmt.setInt(VERSION, version);
+ updatePolicyStatusAndOrderPrepStmt.setInt(TENANT_ID, tenantId);
+ updatePolicyStatusAndOrderPrepStmt.executeUpdate();
+ }
+ }
+ IdentityDatabaseUtil.commitTransaction(connection);
+
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException("Error while publishing policy", e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Update the active status or order of a published policy.
+ *
+ * @param policy policy.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public void updateActiveStatusAndOrder(PolicyStoreDTO policy, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ int version = Integer.parseInt(policy.getVersion());
+ if (policy.isSetActive()) {
+ updateActiveStatus(connection, policy, version, tenantId);
+ }
+ if (policy.isSetOrder() && policy.getPolicyOrder() > 0) {
+ updateOrder(connection, policy, version, tenantId);
+ }
+ } catch (SQLException | EntitlementException e) {
+ throw new EntitlementException(String.format("Error while publishing policy %s", policy.getPolicyId()), e);
+ }
+ }
+
+ /**
+ * Get the version of a published policy.
+ *
+ * @param policy policy.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException throws, if fails.
+ */
+ public int getPublishedVersion(PolicyStoreDTO policy, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) {
+ try (NamedPreparedStatement getPublishedVersionPrepStmt = new NamedPreparedStatement(connection,
+ GET_PUBLISHED_POLICY_VERSION_SQL)) {
+ getPublishedVersionPrepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ getPublishedVersionPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ getPublishedVersionPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet rs = getPublishedVersionPrepStmt.executeQuery()) {
+ if (rs.next()) {
+ return rs.getInt(VERSION);
+ }
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(String.format("Error while getting published version of policy %s",
+ policy.getPolicyId()));
+ }
+ return -1;
+ }
+
+ /**
+ * Unpublish the given policy from PDP.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @return whether the policy version is deleted or not.
+ */
+ public boolean unpublishPolicy(String policyId, int tenantId) {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try (NamedPreparedStatement demotePolicyPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_PUBLISHED_VERSIONS_SQL);
+ NamedPreparedStatement removePolicyPrepStmt = new NamedPreparedStatement(connection,
+ DELETE_UNUSED_POLICY_SQL)) {
+ // Remove the published state of the given policy (Remove from PDP)
+ demotePolicyPrepStmt.setBoolean(IS_IN_PDP, !IN_PDP);
+ demotePolicyPrepStmt.setBoolean(IS_ACTIVE, INACTIVE);
+ demotePolicyPrepStmt.setInt(POLICY_ORDER, DEFAULT_POLICY_ORDER);
+ demotePolicyPrepStmt.setBoolean(IS_IN_PDP_1, IN_PDP);
+ demotePolicyPrepStmt.setString(POLICY_ID, policyId);
+ demotePolicyPrepStmt.setInt(TENANT_ID, tenantId);
+ demotePolicyPrepStmt.executeUpdate();
+
+ // If the policy has been already removed from PAP, remove the policy from the database
+ removePolicyPrepStmt.setBoolean(IS_IN_PAP, !IN_PAP);
+ removePolicyPrepStmt.setBoolean(IS_IN_PDP, !IN_PDP);
+ removePolicyPrepStmt.setString(POLICY_ID, policyId);
+ removePolicyPrepStmt.setInt(TENANT_ID, tenantId);
+ removePolicyPrepStmt.executeUpdate();
+
+ IdentityDatabaseUtil.commitTransaction(connection);
+ return true;
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ LOG.error(String.format("Error while demoting policy %s", policyId), e);
+ return false;
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Check if the policy is published.
+ *
+ * @param policyId policy ID.
+ * @param tenantId tenant ID.
+ * @return whether the policy is published or not.
+ */
+ public boolean isPolicyPublished(String policyId, int tenantId) {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement prepStmt = new NamedPreparedStatement(connection,
+ GET_POLICY_PDP_PRESENCE_SQL)) {
+ prepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ prepStmt.setString(POLICY_ID, policyId);
+ prepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet rs = prepStmt.executeQuery()) {
+ return rs.next();
+ }
+ }
+ } catch (SQLException e) {
+ LOG.error(String.format("Error while checking the published status of the policy %s", policyId), e);
+ return false;
+ }
+ }
+
+ private List getPolicyReferences(Connection connection, int tenantId, String policyId, int version)
+ throws SQLException {
+
+ List policyReferences = new ArrayList<>();
+ try (NamedPreparedStatement getPolicyRefsPrepStmt = new NamedPreparedStatement(connection,
+ GET_PAP_POLICY_REFS_SQL)) {
+ getPolicyRefsPrepStmt.setString(POLICY_ID, policyId);
+ getPolicyRefsPrepStmt.setInt(VERSION, version);
+ getPolicyRefsPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet policyRefs = getPolicyRefsPrepStmt.executeQuery()) {
+ while (policyRefs.next()) {
+ policyReferences.add(
+ policyRefs.getString(REFERENCE));
+ }
+ }
+ return policyReferences;
+ }
+ }
+
+ private List getPolicySetReferences(Connection connection, int tenantId, String policyId, int version)
+ throws SQLException {
+
+ List policySetReferences = new ArrayList<>();
+ try (NamedPreparedStatement getPolicySetRefsPrepStmt = new NamedPreparedStatement(connection,
+ GET_PAP_POLICY_SET_REFS_SQL)) {
+
+ getPolicySetRefsPrepStmt.setString(POLICY_ID, policyId);
+ getPolicySetRefsPrepStmt.setInt(VERSION, version);
+ getPolicySetRefsPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet policySetRefs = getPolicySetRefsPrepStmt.executeQuery()) {
+ while (policySetRefs.next()) {
+ policySetReferences.add(
+ policySetRefs.getString(SET_REFERENCE));
+ }
+ }
+ return policySetReferences;
+ }
+ }
+
+ private String[] getPolicyEditorData(Connection connection, int tenantId, String policyId, int version)
+ throws SQLException {
+
+ try (NamedPreparedStatement getPolicyEditorDataPrepStmt = new NamedPreparedStatement(connection,
+ GET_PAP_POLICY_EDITOR_DATA_SQL)) {
+ getPolicyEditorDataPrepStmt.setString(POLICY_ID, policyId);
+ getPolicyEditorDataPrepStmt.setInt(VERSION, version);
+ getPolicyEditorDataPrepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet editorMetadata = getPolicyEditorDataPrepStmt.executeQuery()) {
+
+ List basicPolicyEditorMetaDataList = new ArrayList<>();
+ if (editorMetadata != null) {
+ while (editorMetadata.next()) {
+ int dataOrder = editorMetadata.getInt(EDITOR_DATA_ORDER);
+ while (basicPolicyEditorMetaDataList.size() <= dataOrder) {
+ basicPolicyEditorMetaDataList.add(null);
+ }
+ basicPolicyEditorMetaDataList.set(dataOrder, editorMetadata.getString(EDITOR_DATA));
+ }
+ }
+ return basicPolicyEditorMetaDataList.toArray(new String[0]);
+ }
+ }
+ }
+
+ private AttributeDTO[] getPolicyAttributes(Connection connection, int tenantId, String policyId, int version)
+ throws SQLException {
+
+ List attributeDTOs = new ArrayList<>();
+ try (NamedPreparedStatement getPolicyMetaDataPrepStmt =
+ new NamedPreparedStatement(connection, GET_PAP_POLICY_META_DATA_SQL)) {
+ getPolicyMetaDataPrepStmt.setString(POLICY_ID, policyId);
+ getPolicyMetaDataPrepStmt.setInt(VERSION, version);
+ getPolicyMetaDataPrepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet metadata = getPolicyMetaDataPrepStmt.executeQuery()) {
+ while (metadata.next()) {
+ AttributeDTO attributeDTO = new AttributeDTO();
+ attributeDTO.setCategory(metadata.getString(CATEGORY));
+ attributeDTO.setAttributeValue(metadata.getString(ATTRIBUTE_VALUE));
+ attributeDTO.setAttributeId(metadata.getString(ATTRIBUTE_ID));
+ attributeDTO.setAttributeDataType(metadata.getString(DATA_TYPE));
+ attributeDTOs.add(attributeDTO);
+ }
+ }
+ }
+ return attributeDTOs.toArray(new AttributeDTO[0]);
+ }
+
+ private void insertPolicy(Connection connection, PolicyDTO policy, int tenantId) throws SQLException {
+
+ try (NamedPreparedStatement createPolicyPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_PAP_POLICY_SQL)) {
+
+ createPolicyPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ createPolicyPrepStmt.setInt(VERSION, Integer.parseInt(policy.getVersion()));
+ createPolicyPrepStmt.setBoolean(IS_IN_PDP, !IN_PDP);
+ createPolicyPrepStmt.setBoolean(IS_IN_PAP, IN_PAP);
+ createPolicyPrepStmt.setString(POLICY, policy.getPolicy());
+ createPolicyPrepStmt.setBoolean(IS_ACTIVE, policy.isActive());
+ createPolicyPrepStmt.setString(POLICY_TYPE, policy.getPolicyType());
+ createPolicyPrepStmt.setString(POLICY_EDITOR, policy.getPolicyEditor());
+ createPolicyPrepStmt.setInt(POLICY_ORDER, DEFAULT_POLICY_ORDER);
+ createPolicyPrepStmt.setTimeStamp(LAST_MODIFIED_TIME, new Timestamp(System.currentTimeMillis()),
+ Calendar.getInstance(TimeZone.getTimeZone(UTC)));
+ createPolicyPrepStmt.setString(LAST_MODIFIED_USER,
+ CarbonContext.getThreadLocalCarbonContext().getUsername());
+ createPolicyPrepStmt.setInt(TENANT_ID, tenantId);
+
+ createPolicyPrepStmt.executeUpdate();
+ }
+ }
+
+ private void insertPolicyReferences(Connection connection, PolicyDTO policy, int tenantId)
+ throws SQLException {
+
+ String[] policyIdReferences = policy.getPolicyIdReferences();
+ String[] policySetIdReferences = policy.getPolicySetIdReferences();
+
+ try (NamedPreparedStatement createPolicyReferencesPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_PAP_POLICY_REFS_SQL);
+ NamedPreparedStatement createPolicySetReferencesPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_PAP_POLICY_SET_REFS_SQL)) {
+
+ for (String policyIdReference : policyIdReferences) {
+ createPolicyReferencesPrepStmt.setString(REFERENCE, policyIdReference);
+ createPolicyReferencesPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ createPolicyReferencesPrepStmt.setInt(VERSION, Integer.parseInt(policy.getVersion()));
+ createPolicyReferencesPrepStmt.setInt(TENANT_ID, tenantId);
+ createPolicyReferencesPrepStmt.addBatch();
+ }
+ createPolicyReferencesPrepStmt.executeBatch();
+
+ for (String policySetReference : policySetIdReferences) {
+ createPolicySetReferencesPrepStmt.setString(SET_REFERENCE, policySetReference);
+ createPolicySetReferencesPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ createPolicySetReferencesPrepStmt.setInt(VERSION, Integer.parseInt(policy.getVersion()));
+ createPolicySetReferencesPrepStmt.setInt(TENANT_ID, tenantId);
+ createPolicySetReferencesPrepStmt.addBatch();
+ }
+ createPolicySetReferencesPrepStmt.executeBatch();
+ }
+ }
+
+ private void insertPolicyAttributes(Connection connection, PolicyDTO policy, int tenantId) throws SQLException {
+
+ try (NamedPreparedStatement createAttributesPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_PAP_POLICY_ATTRIBUTES_SQL)) {
+
+ AttributeDTO[] attributeDTOs = policy.getAttributeDTOs();
+ for (AttributeDTO attributeDTO : attributeDTOs) {
+
+ createAttributesPrepStmt.setString(ATTRIBUTE_ID, attributeDTO.getAttributeId());
+ createAttributesPrepStmt.setString(ATTRIBUTE_VALUE, attributeDTO.getAttributeValue());
+ createAttributesPrepStmt.setString(DATA_TYPE, attributeDTO.getAttributeDataType());
+ createAttributesPrepStmt.setString(CATEGORY, attributeDTO.getCategory());
+ createAttributesPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ createAttributesPrepStmt.setInt(VERSION, Integer.parseInt(policy.getVersion()));
+ createAttributesPrepStmt.setInt(TENANT_ID, tenantId);
+ createAttributesPrepStmt.addBatch();
+ }
+ createAttributesPrepStmt.executeBatch();
+ }
+ }
+
+ private void insertPolicyEditorData(Connection connection, PolicyDTO policy, int tenantId) throws SQLException {
+
+ // Find policy meta data
+ String[] policyMetaData = policy.getPolicyEditorData();
+ if (policyMetaData != null && policyMetaData.length > 0) {
+ try (NamedPreparedStatement createPolicyEditorDataPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_PAP_POLICY_EDITOR_DATA_SQL)) {
+ int index = 0;
+ for (String policyData : policyMetaData) {
+ createPolicyEditorDataPrepStmt.setInt(EDITOR_DATA_ORDER, index);
+ createPolicyEditorDataPrepStmt.setString(EDITOR_DATA, policyData);
+ createPolicyEditorDataPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ createPolicyEditorDataPrepStmt.setInt(VERSION, Integer.parseInt(policy.getVersion()));
+ createPolicyEditorDataPrepStmt.setInt(TENANT_ID, tenantId);
+
+ createPolicyEditorDataPrepStmt.addBatch();
+ index++;
+ }
+ createPolicyEditorDataPrepStmt.executeBatch();
+ }
+ }
+ }
+
+ private void updateOrder(Connection connection, PolicyStoreDTO policy, int version, int tenantId)
+ throws EntitlementException {
+
+ try (NamedPreparedStatement updateOrderPrepStmt = new NamedPreparedStatement(connection,
+ UPDATE_ORDER_SQL)) {
+ int order = policy.getPolicyOrder();
+ updateOrderPrepStmt.setInt(POLICY_ORDER, order);
+ updateOrderPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ updateOrderPrepStmt.setInt(VERSION, version);
+ updateOrderPrepStmt.setInt(TENANT_ID, tenantId);
+ updateOrderPrepStmt.executeUpdate();
+ IdentityDatabaseUtil.closeStatement(updateOrderPrepStmt);
+ } catch (SQLException e) {
+ throw new EntitlementException(
+ String.format("Error while updating policy order of policy %s", policy.getPolicyId()), e);
+ }
+ }
+
+ private void updateActiveStatus(Connection connection, PolicyStoreDTO policy, int version, int tenantId)
+ throws EntitlementException {
+
+ try (NamedPreparedStatement updateActiveStatusPrepStmt = new NamedPreparedStatement(connection,
+ UPDATE_ACTIVE_STATUS_SQL)) {
+ updateActiveStatusPrepStmt.setBoolean(IS_ACTIVE, policy.isActive());
+ updateActiveStatusPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ updateActiveStatusPrepStmt.setInt(VERSION, version);
+ updateActiveStatusPrepStmt.setInt(TENANT_ID, tenantId);
+ updateActiveStatusPrepStmt.executeUpdate();
+ IdentityDatabaseUtil.closeStatement(updateActiveStatusPrepStmt);
+ } catch (SQLException e) {
+ throw new EntitlementException(
+ String.format("Error while enabling or disabling policy %s", policy.getPolicyId()), e);
+ }
+ }
+
+ private void publishPolicyVersion(PolicyStoreDTO policy, int tenantId, Connection connection, int version)
+ throws SQLException {
+
+ try (NamedPreparedStatement publishPolicyPrepStmt = new NamedPreparedStatement(connection,
+ PUBLISH_POLICY_VERSION_SQL)) {
+ publishPolicyPrepStmt.setBoolean(IS_IN_PDP, IN_PDP);
+ publishPolicyPrepStmt.setString(POLICY_ID, policy.getPolicyId());
+ publishPolicyPrepStmt.setInt(VERSION, version);
+ publishPolicyPrepStmt.setInt(TENANT_ID, tenantId);
+ publishPolicyPrepStmt.executeUpdate();
+ }
+ }
+
+ /**
+ * Returns given policy version as a PolicyDTO.
+ *
+ * @param policy policy.
+ * @return policy as a PolicyDTO.
+ * @throws SQLException throws, if fails.
+ */
+ private PolicyDTO getPolicyDTO(ResultSet policy, Connection connection) throws SQLException {
+
+ String policyId = policy.getString(POLICY_ID);
+ String version = String.valueOf(policy.getInt(VERSION));
+ int tenantId = policy.getInt(TENANT_ID);
+
+ PolicyDTO dto = new PolicyDTO();
+ dto.setPolicyId(policyId);
+ dto.setVersion(version);
+ dto.setLastModifiedTime(String.valueOf(policy.getTimestamp(LAST_MODIFIED_TIME).getTime()));
+ dto.setLastModifiedUser(policy.getString(LAST_MODIFIED_USER));
+ dto.setActive(policy.getBoolean(IS_ACTIVE));
+ dto.setPolicyOrder(policy.getInt(POLICY_ORDER));
+ dto.setPolicyType(policy.getString(POLICY_TYPE));
+ dto.setPolicyEditor(policy.getString(POLICY_EDITOR));
+ dto.setPolicy(policy.getString(POLICY));
+
+ // Get policy references
+ List policyReferences = getPolicyReferences(connection, tenantId, policyId, Integer.parseInt(version));
+ dto.setPolicyIdReferences(policyReferences.toArray(new String[0]));
+
+ // Get policy set references
+ List policySetReferences =
+ getPolicySetReferences(connection, tenantId, policyId, Integer.parseInt(version));
+ dto.setPolicySetIdReferences(policySetReferences.toArray(new String[0]));
+
+ // Get policy editor data
+ String[] basicPolicyEditorMetaData =
+ getPolicyEditorData(connection, tenantId, policyId, Integer.parseInt(version));
+ dto.setPolicyEditorData(basicPolicyEditorMetaData);
+
+ // Get policy metadata
+ AttributeDTO[] attributeDTOs = getPolicyAttributes(connection, tenantId, policyId, Integer.parseInt(version));
+ dto.setAttributeDTOs(attributeDTOs);
+
+ return dto;
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/StatusDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/StatusDAO.java
new file mode 100644
index 000000000000..4d1d7cf10278
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/StatusDAO.java
@@ -0,0 +1,302 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.dao;
+
+import org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement;
+import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.dto.StatusHolder;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Timestamp;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.TimeZone;
+
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.DB2;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.H2;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.MARIADB;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.MSSQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.MYSQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.ORACLE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.DatabaseTypes.POSTGRES;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.IS_SUCCESS;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.LOGGED_AT;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.MESSAGE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.POLICY_VERSION;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.STATUS_TYPE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.SUBSCRIBER_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.TARGET;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.TARGET_ACTION;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.TENANT_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.USER;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.VERSION;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.KEY;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.LIMIT;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_POLICY_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_SUBSCRIBER_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_OLD_POLICY_STATUSES_MSSQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_OLD_POLICY_STATUSES_MYSQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_OLD_POLICY_STATUSES_ORACLE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_OLD_SUBSCRIBER_STATUSES_MSSQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_OLD_SUBSCRIBER_STATUSES_MYSQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_OLD_SUBSCRIBER_STATUSES_ORACLE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_POLICY_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_SUBSCRIBER_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_STATUS_COUNT_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_POLICY_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_SUBSCRIBER_STATUS_COUNT_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_SUBSCRIBER_STATUS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.STATUS_COUNT;
+
+import static java.time.ZoneOffset.UTC;
+
+/**
+ * This class handles the JDBC operations related to the status data.
+ */
+public class StatusDAO {
+
+ /**
+ * Delete all status records.
+ *
+ * @param about whether the status is about a policy or publisher.
+ * @param key key value of the status.
+ * @throws EntitlementException if fails to delete.
+ */
+ public void deleteStatusTrail(String about, String key, int tenantId) throws EntitlementException {
+
+ String query = EntitlementConstants.Status.ABOUT_POLICY.equals(about) ?
+ DELETE_POLICY_STATUS_SQL : DELETE_SUBSCRIBER_STATUS_SQL;
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement deleteStatusPrepStmt = new NamedPreparedStatement(connection, query)) {
+ deleteStatusPrepStmt.setString(KEY, key);
+ deleteStatusPrepStmt.setInt(TENANT_ID, tenantId);
+ deleteStatusPrepStmt.executeUpdate();
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while deleting policy status", e);
+ }
+ }
+
+ /**
+ * Get the status records.
+ *
+ * @param key key value of the status.
+ * @param about whether the status is about a policy or publisher.
+ * @param tenantId tenant id.
+ * @return list of status holders.
+ * @throws EntitlementException if fails to get status.
+ */
+ public List getStatus(String key, String about, int tenantId) throws EntitlementException {
+
+ List statusHolders = new ArrayList<>();
+ String query = EntitlementConstants.Status.ABOUT_POLICY.equals(about)
+ ? GET_POLICY_STATUS_SQL
+ : GET_SUBSCRIBER_STATUS_SQL;
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement getStatusPrepStmt = new NamedPreparedStatement(connection, query)) {
+ getStatusPrepStmt.setString(KEY, key);
+ getStatusPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet statusSet = getStatusPrepStmt.executeQuery()) {
+ while (statusSet.next()) {
+ StatusHolder statusHolder = new StatusHolder(about);
+ statusHolder.setType(statusSet.getString(STATUS_TYPE));
+ statusHolder.setSuccess(statusSet.getBoolean(IS_SUCCESS));
+ statusHolder.setUser(statusSet.getString(USER));
+ statusHolder.setTarget(statusSet.getString(TARGET));
+ statusHolder.setTargetAction(statusSet.getString(TARGET_ACTION));
+ statusHolder.setTimeInstance(String.valueOf(statusSet.getTimestamp(LOGGED_AT).getTime()));
+ statusHolder.setMessage(statusSet.getString(MESSAGE));
+
+ if (EntitlementConstants.Status.ABOUT_POLICY.equals(about)) {
+ statusHolder.setKey(statusSet.getString(POLICY_ID));
+ int version = statusSet.getInt(POLICY_VERSION);
+ if (version != -1) {
+ statusHolder.setVersion(Integer.toString(version));
+ }
+ } else {
+ statusHolder.setKey(statusSet.getString(SUBSCRIBER_ID));
+ }
+ statusHolders.add(statusHolder);
+ }
+ }
+ return statusHolders;
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while retrieving policy status", e);
+ }
+ }
+
+ /**
+ * Insert status records.
+ *
+ * @param about whether the status is about a policy or publisher.
+ * @param key key value of the status.
+ * @param statusHolders list of status holders.
+ * @param tenantId tenant id.
+ * @throws EntitlementException if fails to insert status.
+ */
+ public void insertStatus(String about, String key, List statusHolders, int tenantId)
+ throws EntitlementException {
+
+ String query = EntitlementConstants.Status.ABOUT_POLICY.equals(about)
+ ? CREATE_POLICY_STATUS_SQL
+ : CREATE_SUBSCRIBER_STATUS_SQL;
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement addStatusPrepStmt = new NamedPreparedStatement(connection, query)) {
+ for (StatusHolder statusHolder : statusHolders) {
+
+ int version = -1;
+ if (statusHolder.getVersion() != null) {
+ version = Integer.parseInt(statusHolder.getVersion());
+ }
+
+ addStatusPrepStmt.setString(KEY, key);
+ addStatusPrepStmt.setString(STATUS_TYPE, statusHolder.getType());
+ addStatusPrepStmt.setBoolean(IS_SUCCESS, statusHolder.isSuccess());
+ addStatusPrepStmt.setString(USER, statusHolder.getUser());
+ addStatusPrepStmt.setString(TARGET, statusHolder.getTarget());
+ addStatusPrepStmt.setString(TARGET_ACTION, statusHolder.getTargetAction());
+ addStatusPrepStmt.setString(MESSAGE, statusHolder.getMessage());
+ addStatusPrepStmt.setTimeStamp(LOGGED_AT, new Timestamp(System.currentTimeMillis()),
+ Calendar.getInstance(TimeZone.getTimeZone(UTC)));
+ if (EntitlementConstants.Status.ABOUT_POLICY.equals(about)) {
+ addStatusPrepStmt.setInt(VERSION, version);
+ }
+ addStatusPrepStmt.setInt(TENANT_ID, tenantId);
+
+ addStatusPrepStmt.addBatch();
+ }
+ addStatusPrepStmt.executeBatch();
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while persisting policy status", e);
+ }
+ }
+
+ /**
+ * Delete excess status records (if surpassing maximum, excess number of old records are deleted).
+ *
+ * @param about whether the status is about a policy or publisher.
+ * @param key key value of the status.
+ * @param tenantId tenant id.
+ * @throws EntitlementException if fails to delete.
+ */
+ public void deleteExcessStatusData(String about, String key, int tenantId, int maxRecords)
+ throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try {
+ // Get the existing status count
+ int statusCount = getStatusCount(connection, about, key, tenantId);
+
+ // Delete old status data if the count exceeds the maximum records
+ if (statusCount > maxRecords) {
+ int statusCountToDelete = statusCount - maxRecords;
+ deleteStatus(connection, about, key, statusCountToDelete, tenantId);
+ }
+ IdentityDatabaseUtil.commitTransaction(connection);
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException("Error while deleting surplus policy status", e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ private void deleteStatus(Connection connection, String about, String key, int statusCountToDelete, int tenantId)
+ throws SQLException, EntitlementException {
+
+ String query = resolveDeleteStatusQuery(connection, about);
+ try (NamedPreparedStatement deleteOldRecordsPrepStmt = new NamedPreparedStatement(connection, query)) {
+ deleteOldRecordsPrepStmt.setString(KEY, key);
+ deleteOldRecordsPrepStmt.setInt(TENANT_ID, tenantId);
+ deleteOldRecordsPrepStmt.setInt(LIMIT, statusCountToDelete);
+ deleteOldRecordsPrepStmt.executeUpdate();
+ }
+ }
+
+ private int getStatusCount(Connection connection, String about, String key, int tenantId)
+ throws EntitlementException {
+
+ int statusCount = 0;
+
+ String query = EntitlementConstants.Status.ABOUT_POLICY.equals(about)
+ ? GET_POLICY_STATUS_COUNT_SQL
+ : GET_SUBSCRIBER_STATUS_COUNT_SQL;
+
+ try (NamedPreparedStatement getStatusCountPrepStmt = new NamedPreparedStatement(connection, query)) {
+ getStatusCountPrepStmt.setString(KEY, key);
+ getStatusCountPrepStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet count = getStatusCountPrepStmt.executeQuery()) {
+ if (count.next()) {
+ statusCount = count.getInt(STATUS_COUNT);
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while getting policy status count", e);
+ }
+ return statusCount;
+ }
+
+ private String resolveDeleteStatusQuery(Connection connection, String about)
+ throws SQLException, EntitlementException {
+
+ String databaseProductName = connection.getMetaData().getDatabaseProductName();
+
+ Map policyQueries = new HashMap<>();
+ policyQueries.put(MYSQL, DELETE_OLD_POLICY_STATUSES_MYSQL);
+ policyQueries.put(MARIADB, DELETE_OLD_POLICY_STATUSES_MYSQL);
+ policyQueries.put(H2, DELETE_OLD_POLICY_STATUSES_MYSQL);
+ policyQueries.put(MSSQL, DELETE_OLD_POLICY_STATUSES_MSSQL);
+ policyQueries.put(ORACLE, DELETE_OLD_POLICY_STATUSES_ORACLE);
+ policyQueries.put(POSTGRES, DELETE_OLD_POLICY_STATUSES_MYSQL);
+ policyQueries.put(DB2, DELETE_OLD_POLICY_STATUSES_MYSQL);
+
+ Map subscriberQueries = new HashMap<>();
+ subscriberQueries.put(MYSQL, DELETE_OLD_SUBSCRIBER_STATUSES_MYSQL);
+ subscriberQueries.put(MARIADB, DELETE_OLD_SUBSCRIBER_STATUSES_MYSQL);
+ subscriberQueries.put(H2, DELETE_OLD_SUBSCRIBER_STATUSES_MYSQL);
+ subscriberQueries.put(MSSQL, DELETE_OLD_SUBSCRIBER_STATUSES_MSSQL);
+ subscriberQueries.put(ORACLE, DELETE_OLD_SUBSCRIBER_STATUSES_ORACLE);
+ subscriberQueries.put(POSTGRES, DELETE_OLD_POLICY_STATUSES_MYSQL);
+ subscriberQueries.put(DB2, DELETE_OLD_POLICY_STATUSES_MYSQL);
+
+ String query;
+ if (EntitlementConstants.Status.ABOUT_POLICY.equals(about)) {
+ query = policyQueries.get(databaseProductName);
+ } else {
+ query = subscriberQueries.get(databaseProductName);
+ }
+
+ if (query == null) {
+ throw new EntitlementException("Database driver could not be identified or not supported.");
+ }
+ return query;
+ }
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/SubscriberDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/SubscriberDAO.java
new file mode 100644
index 000000000000..c3c5a1917eed
--- /dev/null
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/persistence/dao/SubscriberDAO.java
@@ -0,0 +1,280 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.entitlement.persistence.dao;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement;
+import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
+import org.wso2.carbon.identity.entitlement.EntitlementException;
+import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
+import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.DISPLAY_NAME;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.DISPLAY_ORDER;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.ENTITLEMENT_MODULE_NAME;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.IS_REQUIRED;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.IS_SECRET;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.MODULE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.PROPERTY_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.PROPERTY_VALUE;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.SUBSCRIBER_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.EntitlementTableColumns.TENANT_ID;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_SUBSCRIBER_PROPERTIES_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.CREATE_SUBSCRIBER_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.DELETE_SUBSCRIBER_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_SUBSCRIBER_EXISTENCE_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_SUBSCRIBER_IDS_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.GET_SUBSCRIBER_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.UPDATE_SUBSCRIBER_MODULE_SQL;
+import static org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerConstants.SQLQueries.UPDATE_SUBSCRIBER_PROPERTIES_SQL;
+
+/**
+ * This class handles the JDBC operations of the subscribers in the data store.
+ */
+public class SubscriberDAO {
+
+ /**
+ * Get the requested subscriber.
+ *
+ * @param subscriberId subscriber ID.
+ * @param tenantId tenant ID.
+ * @return publisher data holder.
+ * @throws EntitlementException If an error occurs.
+ */
+ public PublisherDataHolder getSubscriber(String subscriberId, int tenantId)
+ throws EntitlementException {
+
+ List propertyDTOList = new ArrayList<>();
+ String moduleName = null;
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
+ NamedPreparedStatement preparedStmt = new NamedPreparedStatement(connection, GET_SUBSCRIBER_SQL)) {
+
+ preparedStmt.setString(SUBSCRIBER_ID, subscriberId);
+ preparedStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet resultSet = preparedStmt.executeQuery()) {
+ if (resultSet.next()) {
+ do {
+ PublisherPropertyDTO dto = new PublisherPropertyDTO();
+
+ dto.setId(resultSet.getString(PROPERTY_ID));
+ dto.setValue(resultSet.getString(PROPERTY_VALUE));
+ dto.setDisplayName(resultSet.getString(DISPLAY_NAME));
+ dto.setDisplayOrder(resultSet.getInt(DISPLAY_ORDER));
+ dto.setRequired(resultSet.getBoolean(IS_REQUIRED));
+ dto.setSecret(resultSet.getBoolean(IS_SECRET));
+ dto.setModule(resultSet.getString(MODULE));
+ propertyDTOList.add(dto);
+
+ if (StringUtils.isBlank(moduleName)) {
+ moduleName = resultSet.getString(ENTITLEMENT_MODULE_NAME);
+ }
+
+ } while (resultSet.next());
+ } else {
+ return null;
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException(String.format("Error while retrieving subscriber details of id : %s",
+ subscriberId), e);
+ }
+
+ return new PublisherDataHolder(propertyDTOList, moduleName);
+ }
+
+ /**
+ * Get all subscriber IDs.
+ *
+ * @param tenantId tenant ID.
+ * @return list of subscriber IDs.
+ * @throws EntitlementException If an error occurs.
+ */
+ public List getSubscriberIds(int tenantId) throws EntitlementException {
+
+ List subscriberIdList = new ArrayList<>();
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
+ NamedPreparedStatement preparedStmt = new NamedPreparedStatement(connection, GET_SUBSCRIBER_IDS_SQL)) {
+
+ preparedStmt.setInt(TENANT_ID, tenantId);
+ try (ResultSet subscriberIds = preparedStmt.executeQuery()) {
+ while (subscriberIds.next()) {
+ subscriberIdList.add(subscriberIds.getString(SUBSCRIBER_ID));
+ }
+ }
+
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while retrieving subscriber ids", e);
+ }
+ return subscriberIdList;
+ }
+
+ /**
+ * Insert a subscriber.
+ *
+ * @param subscriberId subscriber ID.
+ * @param holder publisher data holder.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public void insertSubscriber(String subscriberId, PublisherDataHolder holder, int tenantId)
+ throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try (NamedPreparedStatement createSubscriberPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_SUBSCRIBER_SQL);
+ NamedPreparedStatement createSubscriberPropertiesPrepStmt = new NamedPreparedStatement(connection,
+ CREATE_SUBSCRIBER_PROPERTIES_SQL)) {
+
+ createSubscriberPrepStmt.setString(SUBSCRIBER_ID, subscriberId);
+ createSubscriberPrepStmt.setString(ENTITLEMENT_MODULE_NAME, holder.getModuleName());
+ createSubscriberPrepStmt.setInt(TENANT_ID, tenantId);
+ createSubscriberPrepStmt.executeUpdate();
+
+ for (PublisherPropertyDTO dto : holder.getPropertyDTOs()) {
+ if (dto.getId() != null && StringUtils.isNotBlank(dto.getValue())) {
+
+ createSubscriberPropertiesPrepStmt.setString(PROPERTY_ID, dto.getId());
+ createSubscriberPropertiesPrepStmt.setString(DISPLAY_NAME, dto.getDisplayName());
+ createSubscriberPropertiesPrepStmt.setString(PROPERTY_VALUE, dto.getValue());
+ createSubscriberPropertiesPrepStmt.setBoolean(IS_REQUIRED, dto.isRequired());
+ createSubscriberPropertiesPrepStmt.setInt(DISPLAY_ORDER, dto.getDisplayOrder());
+ createSubscriberPropertiesPrepStmt.setBoolean(IS_SECRET, dto.isSecret());
+ createSubscriberPropertiesPrepStmt.setString(MODULE, dto.getModule());
+ createSubscriberPropertiesPrepStmt.setString(SUBSCRIBER_ID, subscriberId);
+ createSubscriberPropertiesPrepStmt.setInt(TENANT_ID, tenantId);
+
+ createSubscriberPropertiesPrepStmt.addBatch();
+ }
+ }
+ createSubscriberPropertiesPrepStmt.executeBatch();
+ IdentityDatabaseUtil.commitTransaction(connection);
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException("Error while inserting subscriber details", e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Update a subscriber.
+ *
+ * @param subscriberId subscriber ID.
+ * @param updatedModuleName updated module name.
+ * @param updatedPropertyDTOS updated property DTOs.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public void updateSubscriber(String subscriberId, String updatedModuleName,
+ PublisherPropertyDTO[] updatedPropertyDTOS, int tenantId)
+ throws EntitlementException {
+
+ Connection connection = IdentityDatabaseUtil.getDBConnection(true);
+ try {
+ // Update the module name of an existing subscriber
+ if (StringUtils.isNotBlank(updatedModuleName)) {
+ try (NamedPreparedStatement updateSubscriberPrepStmt = new NamedPreparedStatement(connection,
+ UPDATE_SUBSCRIBER_MODULE_SQL)) {
+ updateSubscriberPrepStmt.setString(ENTITLEMENT_MODULE_NAME, updatedModuleName);
+ updateSubscriberPrepStmt.setString(SUBSCRIBER_ID, subscriberId);
+ updateSubscriberPrepStmt.setInt(TENANT_ID, tenantId);
+ updateSubscriberPrepStmt.executeUpdate();
+ }
+ }
+
+ // Update the property values of an existing subscriber
+ if (ArrayUtils.isNotEmpty(updatedPropertyDTOS)) {
+ try (NamedPreparedStatement updateSubscriberPropertiesPrepStmt = new NamedPreparedStatement(connection,
+ UPDATE_SUBSCRIBER_PROPERTIES_SQL)) {
+ for (PublisherPropertyDTO dto : updatedPropertyDTOS) {
+ updateSubscriberPropertiesPrepStmt.setString(PROPERTY_VALUE, dto.getValue());
+ updateSubscriberPropertiesPrepStmt.setString(PROPERTY_ID, dto.getId());
+ updateSubscriberPropertiesPrepStmt.setString(SUBSCRIBER_ID, subscriberId);
+ updateSubscriberPropertiesPrepStmt.setInt(TENANT_ID, tenantId);
+ updateSubscriberPropertiesPrepStmt.addBatch();
+ }
+ updateSubscriberPropertiesPrepStmt.executeBatch();
+ }
+ }
+ IdentityDatabaseUtil.commitTransaction(connection);
+ } catch (SQLException e) {
+ IdentityDatabaseUtil.rollbackTransaction(connection);
+ throw new EntitlementException("Error while updating subscriber details", e);
+ } finally {
+ IdentityDatabaseUtil.closeConnection(connection);
+ }
+ }
+
+ /**
+ * Delete a subscriber.
+ *
+ * @param subscriberId subscriber ID.
+ * @param tenantId tenant ID.
+ * @throws EntitlementException If an error occurs.
+ */
+ public void deleteSubscriber(String subscriberId, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false);
+ NamedPreparedStatement preparedStmt = new NamedPreparedStatement(connection, DELETE_SUBSCRIBER_SQL)) {
+
+ preparedStmt.setString(SUBSCRIBER_ID, subscriberId);
+ preparedStmt.setInt(TENANT_ID, tenantId);
+ preparedStmt.executeUpdate();
+
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while deleting subscriber details", e);
+ }
+ }
+
+ /**
+ * Check whether a subscriber exists.
+ *
+ * @param subscriberId subscriber ID.
+ * @param tenantId tenant ID.
+ * @return whether the subscriber exists or not.
+ * @throws EntitlementException If an error occurs.
+ */
+ public boolean isSubscriberExists(String subscriberId, int tenantId) throws EntitlementException {
+
+ try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) {
+ try (NamedPreparedStatement findSubscriberExistencePrepStmt = new NamedPreparedStatement(connection,
+ GET_SUBSCRIBER_EXISTENCE_SQL)) {
+ findSubscriberExistencePrepStmt.setString(SUBSCRIBER_ID, subscriberId);
+ findSubscriberExistencePrepStmt.setInt(TENANT_ID, tenantId);
+
+ try (ResultSet resultSet = findSubscriberExistencePrepStmt.executeQuery()) {
+ return resultSet.next();
+ }
+ }
+ } catch (SQLException e) {
+ throw new EntitlementException("Error while checking subscriber existence", e);
+ }
+ }
+
+}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/PolicyAttributeBuilder.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/PolicyAttributeBuilder.java
index d963d07a90ac..619488c18089 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/PolicyAttributeBuilder.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/PolicyAttributeBuilder.java
@@ -1043,4 +1043,20 @@ public List createMetaDataFromRuleElement(OMElement omElement,
return attributeDTOs;
}
+
+ /**
+ * This retrieves metadata attributes from the policy.
+ *
+ * @return attributeDTO list.
+ * @throws EntitlementException if an error occurs while retrieving attributes.
+ */
+ public List getAttributesFromPolicy() throws EntitlementException {
+
+ List attributeDTOs = new ArrayList<>();
+ try {
+ return createPolicyMetaData(policy, attributeDTOs);
+ } catch (EntitlementException e) {
+ throw new EntitlementException("Can not create Policy MetaData for given policy");
+ }
+ }
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java
index 7c45414a1081..82f9617f56a6 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java
@@ -82,6 +82,7 @@ public String[] getOrderedPolicyIdentifiers() {
@Override
public String[] getActivePolicies() {
+
log.debug("Start retrieving active policies at : " + new Date());
List policies = new ArrayList();
String[] policyIdentifiers = getOrderedPolicyIdentifiers();
@@ -109,7 +110,6 @@ public String[] getActivePolicies() {
}
-
@Override
public boolean isDefaultCategoriesSupported() {
return true;
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java
index 69a61cd6b1ec..1eeb1de7080a 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java
@@ -37,14 +37,14 @@
import org.wso2.carbon.identity.entitlement.PolicyOrderComparator;
import org.wso2.carbon.identity.entitlement.cache.PolicyStatus;
import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.persistence.ConfigPersistenceManager;
import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
+import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine;
import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine;
import org.wso2.carbon.identity.entitlement.policy.PolicyReader;
import org.wso2.carbon.identity.entitlement.policy.collection.PolicyCollection;
import org.wso2.carbon.identity.entitlement.policy.collection.SimplePolicyCollection;
-import org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore;
-import org.wso2.carbon.identity.entitlement.policy.store.PolicyDataStore;
import java.net.URI;
import java.net.URISyntaxException;
@@ -143,12 +143,8 @@ protected boolean removeEldestEntry(Map.Entry eldest) {
if (this.finderModules != null && this.finderModules.size() > 0) {
// find policy combining algorithm.
- // here we can get policy data store by using EntitlementAdminEngine. But we are not
- // use it here. As we need not to have a dependant on EntitlementAdminEngine
- PolicyDataStore policyDataStore;
- policyDataStore = new DefaultPolicyDataStore();
-
- policyCombiningAlgorithm = policyDataStore.getGlobalPolicyAlgorithm();
+ ConfigPersistenceManager configPersistenceManager = EntitlementAdminEngine.getInstance().getConfigPersistenceManager();
+ policyCombiningAlgorithm = configPersistenceManager.getGlobalPolicyAlgorithm();
tempPolicyCollection.setPolicyCombiningAlgorithm(policyCombiningAlgorithm);
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java
index 27da0ac1a857..a9147988da64 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java
@@ -154,4 +154,5 @@ public Map> getSearchAttributes(String identifier,
*/
public boolean isPolicyDeActivationSupport();
+
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java
index b0d834aa22f5..eba65f603795 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java
@@ -20,7 +20,7 @@
import org.wso2.carbon.identity.entitlement.PDPConstants;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
-import org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule;
+import org.wso2.carbon.identity.entitlement.policy.finder.AbstractPolicyFinderModule;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.jdbc.handlers.Handler;
import org.wso2.carbon.registry.core.jdbc.handlers.RequestContext;
@@ -41,7 +41,7 @@ public void put(RequestContext requestContext) throws RegistryException {
enableRegistryCacheClear = Boolean.parseBoolean(properties.getProperty(PDPConstants.PDP_REGISTRY_LEVEL_POLICY_CACHE_CLEAR));
}
if(enableRegistryCacheClear) {
- RegistryPolicyStoreManageModule.invalidateCache();
+ AbstractPolicyFinderModule.invalidateCache();
}
@@ -57,7 +57,7 @@ public void delete(RequestContext requestContext) throws RegistryException {
enableRegistryCacheClear = Boolean.parseBoolean(properties.getProperty(PDPConstants.PDP_REGISTRY_LEVEL_POLICY_CACHE_CLEAR));
}
if(enableRegistryCacheClear) {
- RegistryPolicyStoreManageModule.invalidateCache();
+ AbstractPolicyFinderModule.invalidateCache();
}
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyReader.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyReader.java
deleted file mode 100644
index 69266fd12e55..000000000000
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyReader.java
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.wso2.carbon.identity.entitlement.policy.finder.registry;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.wso2.balana.AbstractPolicy;
-import org.wso2.carbon.identity.entitlement.EntitlementException;
-import org.wso2.carbon.identity.entitlement.PolicyOrderComparator;
-import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
-import org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader;
-import org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder;
-import org.wso2.carbon.registry.core.Collection;
-import org.wso2.carbon.registry.core.Registry;
-import org.wso2.carbon.registry.core.RegistryConstants;
-import org.wso2.carbon.registry.core.Resource;
-import org.wso2.carbon.registry.core.exceptions.RegistryException;
-
-import java.nio.charset.Charset;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-/**
- * Registry policy reader
- */
-public class RegistryPolicyReader {
-
- /**
- * logger
- */
- private static Log log = LogFactory.getLog(RegistryPolicyReader.class);
- /**
- * Governance registry instance of current tenant
- */
- private Registry registry;
- /**
- * policy store path of the registry
- */
- private String policyStorePath;
-
- /**
- * constructor
- *
- * @param registry registry instance
- * @param policyStorePath policy store path of the registry
- */
- public RegistryPolicyReader(Registry registry, String policyStorePath) {
- this.registry = registry;
- this.policyStorePath = policyStorePath;
- }
-
- /**
- * Reads given policy resource as PolicyDTO
- *
- * @param policyId policy id
- * @return PolicyDTO
- * @throws EntitlementException throws, if fails
- */
- public PolicyDTO readPolicy(String policyId) throws EntitlementException {
-
- Resource resource = null;
-
- resource = getPolicyResource(policyId);
-
- if (resource == null) {
- return new PolicyDTO();
- }
-
- return readPolicy(resource);
- }
-
- /**
- * Reads All ordered active policies as PolicyDTO
- *
- * @param active only return active policies
- * @param order return ordered policy
- * @return Array of PolicyDTO
- * @throws EntitlementException throws, if fails
- */
- public PolicyDTO[] readAllPolicies(boolean active, boolean order) throws EntitlementException {
-
- Resource[] resources = null;
- resources = getAllPolicyResource();
-
- if (resources == null) {
- return new PolicyDTO[0];
- }
- List policyDTOList = new ArrayList();
- for (Resource resource : resources) {
- PolicyDTO policyDTO = readPolicy(resource);
- if (active) {
- if (policyDTO.isActive()) {
- policyDTOList.add(policyDTO);
- }
- } else {
- policyDTOList.add(policyDTO);
- }
- }
-
- PolicyDTO[] policyDTOs = policyDTOList.toArray(new PolicyDTO[policyDTOList.size()]);
-
- if (order) {
- Arrays.sort(policyDTOs, new PolicyOrderComparator());
- }
- return policyDTOs;
- }
-
-
- /**
- * This returns all the policy ids as String list. Here we assume registry resource name as
- * the policy id.
- *
- * @return policy ids as String[]
- * @throws EntitlementException throws if fails
- */
- public String[] getAllPolicyIds() throws EntitlementException {
-
- String path = null;
- Collection collection = null;
- String[] children = null;
- List resources = new ArrayList();
-
- if (log.isDebugEnabled()) {
- log.debug("Retrieving all entitlement policies");
- }
-
- try {
- path = policyStorePath;
-
- if (!registry.resourceExists(path)) {
- if (log.isDebugEnabled()) {
- log.debug("Trying to access an entitlement policy which does not exist");
- }
- return null;
- }
- collection = (Collection) registry.get(path);
- children = collection.getChildren();
- for (String child : children) {
- String id = child.substring(child.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1);
- resources.add(id);
- }
-
- } catch (RegistryException e) {
- log.error("Error while retrieving entitlement policy resources", e);
- throw new EntitlementException("Error while retrieving entitlement policy resources", e);
- }
-
- return resources.toArray(new String[resources.size()]);
- }
-
- /**
- * Reads PolicyDTO for given registry resource
- *
- * @param resource Registry resource
- * @return PolicyDTO
- * @throws EntitlementException throws, if fails
- */
- private PolicyDTO readPolicy(Resource resource) throws EntitlementException {
-
- String policy = null;
- AbstractPolicy absPolicy = null;
- PolicyDTO dto = null;
-
- try {
- if (resource.getContent() == null) {
- throw new EntitlementException("Error while loading entitlement policy. Policy content is null");
- }
- policy = new String((byte[]) resource.getContent(), Charset.forName("UTF-8"));
- absPolicy = PAPPolicyReader.getInstance(null).getPolicy(policy);
- dto = new PolicyDTO();
- dto.setPolicyId(absPolicy.getId().toASCIIString());
- dto.setPolicy(policy);
- String policyOrder = resource.getProperty("order");
- if (policyOrder != null) {
- dto.setPolicyOrder(Integer.parseInt(policyOrder));
- } else {
- dto.setPolicyOrder(0);
- }
- String policyActive = resource.getProperty("active");
- if (policyActive != null) {
- dto.setActive(Boolean.parseBoolean(policyActive));
- }
- PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder();
- dto.setAttributeDTOs(policyAttributeBuilder.
- getPolicyMetaDataFromRegistryProperties(resource.getProperties()));
- return dto;
- } catch (RegistryException e) {
- log.error("Error while loading entitlement policy", e);
- throw new EntitlementException("Error while loading entitlement policy", e);
- }
- }
-
- /**
- * This reads the policy combining algorithm from registry resource property
- *
- * @return policy combining algorithm as String
- * @throws EntitlementException throws
- */
- public String readPolicyCombiningAlgorithm() throws EntitlementException {
- try {
- Collection policyCollection = null;
- if (registry.resourceExists(policyStorePath)) {
- policyCollection = (Collection) registry.get(policyStorePath);
- }
- if (policyCollection != null) {
- return policyCollection.getProperty("globalPolicyCombiningAlgorithm");
- }
- return null;
- } catch (RegistryException e) {
- log.error("Error while reading policy combining algorithm", e);
- throw new EntitlementException("Error while reading policy combining algorithm", e);
- }
- }
-
- /**
- * This returns given policy as Registry resource
- *
- * @param policyId policy id
- * @return policy as Registry resource
- * @throws EntitlementException throws, if fails
- */
- private Resource getPolicyResource(String policyId) throws EntitlementException {
- String path = null;
-
- if (log.isDebugEnabled()) {
- log.debug("Retrieving entitlement policy");
- }
-
- try {
- path = policyStorePath + policyId;
-
- if (!registry.resourceExists(path)) {
- if (log.isDebugEnabled()) {
- log.debug("Trying to access an entitlement policy which does not exist");
- }
- return null;
- }
- return registry.get(path);
- } catch (RegistryException e) {
- log.error("Error while retrieving entitlement policy : " + policyId, e);
- throw new EntitlementException("Error while retrieving entitlement policy : " + policyId, e);
- }
- }
-
- /**
- * This returns all the policies as Registry resources.
- *
- * @return policies as Resource[]
- * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if fails
- */
- private Resource[] getAllPolicyResource() throws EntitlementException {
-
- String path = null;
- Collection collection = null;
- List resources = new ArrayList();
- String[] children = null;
-
- if (log.isDebugEnabled()) {
- log.debug("Retrieving all entitlement policies");
- }
-
- try {
- path = policyStorePath;
-
- if (!registry.resourceExists(path)) {
- if (log.isDebugEnabled()) {
- log.debug("Trying to access an entitlement policy which does not exist");
- }
- return null;
- }
- collection = (Collection) registry.get(path);
- children = collection.getChildren();
-
- for (String aChildren : children) {
- resources.add(registry.get(aChildren));
- }
-
- } catch (RegistryException e) {
- log.error("Error while retrieving entitlement policy", e);
- throw new EntitlementException("Error while retrieving entitlement policies", e);
- }
-
- return resources.toArray(new Resource[resources.size()]);
- }
-
-}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java
index 93cd745c61f6..d50e1c31b534 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java
@@ -26,12 +26,13 @@
import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler;
import org.wso2.carbon.identity.entitlement.PDPConstants;
import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.persistence.PolicyPersistenceManager;
+import org.wso2.carbon.identity.entitlement.persistence.SubscriberPersistenceManager;
import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
import org.wso2.carbon.identity.entitlement.dto.StatusHolder;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine;
-import org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager;
import org.wso2.carbon.registry.api.Registry;
import java.util.ArrayList;
@@ -121,7 +122,9 @@ public void publish() {
holder = new PublisherDataHolder(policyPublisherModule.getModuleName());
} else {
try {
- holder = publisher.retrieveSubscriber(subscriberId, true);
+ SubscriberPersistenceManager subscriberManager = EntitlementAdminEngine.getInstance()
+ .getSubscriberPersistenceManager();
+ holder = subscriberManager.getSubscriber(subscriberId, true);
} catch (EntitlementException e) {
log.error("Subscriber details can not be retrieved. So skip publishing policies " +
"for subscriber : " + subscriberId);
@@ -173,9 +176,9 @@ public void publish() {
if (EntitlementConstants.PolicyPublish.ACTION_CREATE.equalsIgnoreCase(action) ||
EntitlementConstants.PolicyPublish.ACTION_UPDATE.equalsIgnoreCase(action)) {
- PolicyVersionManager manager = EntitlementAdminEngine.getInstance().getVersionManager();
+ PolicyPersistenceManager policyStore = EntitlementAdminEngine.getInstance().getPolicyPersistenceManager();
try {
- policyDTO = manager.getPolicy(policyId, version);
+ policyDTO = policyStore.getPolicy(policyId, version);
} catch (EntitlementException e) {
// ignore
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java
index de4456f9743e..92536edd385a 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java
@@ -18,42 +18,30 @@
package org.wso2.carbon.identity.entitlement.policy.publisher;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
-import org.wso2.carbon.core.util.CryptoException;
-import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler;
-import org.wso2.carbon.identity.entitlement.PDPConstants;
import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerFactory;
+import org.wso2.carbon.identity.entitlement.persistence.SubscriberPersistenceManager;
import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder;
import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
-import org.wso2.carbon.registry.core.Collection;
-import org.wso2.carbon.registry.core.Registry;
-import org.wso2.carbon.registry.core.RegistryConstants;
-import org.wso2.carbon.registry.core.Resource;
-import org.wso2.carbon.registry.core.exceptions.RegistryException;
-import java.util.ArrayList;
import java.util.HashSet;
-import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
/**
* This is policy publisher. There can be different modules that have been plugged with this.
- * This module currently is bound with the WSO2 registry, as some meta data is store there,
+ *
*/
public class PolicyPublisher {
public static final String SUBSCRIBER_ID = "subscriberId";
public static final String SUBSCRIBER_DISPLAY_NAME = "Subscriber Id";
- private static Log log = LogFactory.getLog(PolicyPublisher.class);
+
/**
* set of publisher modules
@@ -69,15 +57,13 @@ public class PolicyPublisher {
* Verification publisher modules
*/
PublisherVerificationModule verificationModule = null;
- private Registry registry;
+
/**
* Creates PolicyPublisher instance
*/
public PolicyPublisher() {
- this.registry = EntitlementServiceComponent.
- getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
Map publisherModules = EntitlementServiceComponent.
getEntitlementConfig().getPolicyPublisherModules();
if (publisherModules != null && !publisherModules.isEmpty()) {
@@ -90,7 +76,7 @@ public PolicyPublisher() {
this.verificationModule = prePublisherModules.keySet().iterator().next();
}
- // creating default subscriber to publish policies to PDP
+ // Creates a default subscriber to publish policies to PDP
CarbonPDPPublisher publisher = new CarbonPDPPublisher();
this.publisherModules.add(publisher);
@@ -99,16 +85,17 @@ public PolicyPublisher() {
dto.setId(SUBSCRIBER_ID);
dto.setDisplayName(SUBSCRIBER_DISPLAY_NAME);
dto.setValue(EntitlementConstants.PDP_SUBSCRIBER_ID);
- holder.setPropertyDTOs(new PublisherPropertyDTO[]{dto});
+ holder.setPropertyDTOs(new PublisherPropertyDTO[] {dto});
try {
PublisherDataHolder pdpDataHolder = null;
+ SubscriberPersistenceManager subscriberManager = PersistenceManagerFactory.getSubscriberPersistenceManager();
try {
- pdpDataHolder = retrieveSubscriber(EntitlementConstants.PDP_SUBSCRIBER_ID, false);
+ pdpDataHolder = subscriberManager.getSubscriber(EntitlementConstants.PDP_SUBSCRIBER_ID, false);
} catch (Exception e) {
// ignore
}
if (pdpDataHolder == null) {
- persistSubscriber(holder, false);
+ subscriberManager.addSubscriber(holder);
}
} catch (EntitlementException e) {
// ignore
@@ -145,177 +132,6 @@ public void publishPolicy(String[] policyIds, String version, String action, boo
executor.run();
}
-
- public void persistSubscriber(PublisherDataHolder holder, boolean update) throws EntitlementException {
-
- Collection policyCollection;
- String subscriberPath;
- String subscriberId = null;
-
- if (holder == null || holder.getPropertyDTOs() == null) {
- log.error("Publisher data can not be null");
- throw new EntitlementException("Publisher data can not be null");
- }
-
- for (PublisherPropertyDTO dto : holder.getPropertyDTOs()) {
- if (SUBSCRIBER_ID.equals(dto.getId())) {
- subscriberId = dto.getValue();
- }
- }
-
- if (subscriberId == null) {
- log.error("Subscriber Id can not be null");
- throw new EntitlementException("Subscriber Id can not be null");
- }
-
- try {
- if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER)) {
- policyCollection = registry.newCollection();
- registry.put(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER, policyCollection);
- }
-
- subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
- RegistryConstants.PATH_SEPARATOR + subscriberId;
-
- Resource resource;
-
- PublisherDataHolder oldHolder = null;
- if (registry.resourceExists(subscriberPath)) {
- if (update) {
- resource = registry.get(subscriberPath);
- oldHolder = new PublisherDataHolder(resource, false);
- } else {
- throw new EntitlementException("Subscriber ID already exists");
- }
- } else {
- resource = registry.newResource();
- }
-
- populateProperties(holder, oldHolder, resource);
- registry.put(subscriberPath, resource);
-
- } catch (RegistryException e) {
- log.error("Error while persisting subscriber details", e);
- throw new EntitlementException("Error while persisting subscriber details", e);
- }
- }
-
-
- public void deleteSubscriber(String subscriberId) throws EntitlementException {
-
- String subscriberPath;
-
- if (subscriberId == null) {
- log.error("Subscriber Id can not be null");
- throw new EntitlementException("Subscriber Id can not be null");
- }
-
- if (EntitlementConstants.PDP_SUBSCRIBER_ID.equals(subscriberId.trim())) {
- log.error("Can not delete PDP publisher");
- throw new EntitlementException("Can not delete PDP publisher");
- }
-
- try {
- subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
- RegistryConstants.PATH_SEPARATOR + subscriberId;
-
- if (registry.resourceExists(subscriberPath)) {
- registry.delete(subscriberPath);
- }
- } catch (RegistryException e) {
- log.error("Error while deleting subscriber details", e);
- throw new EntitlementException("Error while deleting subscriber details", e);
- }
- }
-
- public PublisherDataHolder retrieveSubscriber(String id, boolean returnSecrets) throws EntitlementException {
-
- try {
- if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
- RegistryConstants.PATH_SEPARATOR + id)) {
- Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
- RegistryConstants.PATH_SEPARATOR + id);
-
- return new PublisherDataHolder(resource, returnSecrets);
- }
- } catch (RegistryException e) {
- log.error("Error while retrieving subscriber detail of id : " + id, e);
- throw new EntitlementException("Error while retrieving subscriber detail of id : " + id, e);
- }
-
- throw new EntitlementException("No Subscriber is defined for given Id");
- }
-
- public String[] retrieveSubscriberIds(String searchString) throws EntitlementException {
-
- try {
- if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
- RegistryConstants.PATH_SEPARATOR)) {
- Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER +
- RegistryConstants.PATH_SEPARATOR);
- Collection collection = (Collection) resource;
- List list = new ArrayList();
- if (collection.getChildCount() > 0) {
- searchString = searchString.replace("*", ".*");
- Pattern pattern = Pattern.compile(searchString, Pattern.CASE_INSENSITIVE);
- for (String path : collection.getChildren()) {
- String id = path.substring(path.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1);
- Matcher matcher = pattern.matcher(id);
- if (!matcher.matches()) {
- continue;
- }
- Resource childResource = registry.get(path);
- if (childResource != null && childResource.getProperty(SUBSCRIBER_ID) != null) {
- list.add(childResource.getProperty(SUBSCRIBER_ID));
- }
- }
- }
- return list.toArray(new String[list.size()]);
- }
- } catch (RegistryException e) {
- log.error("Error while retrieving subscriber of ids", e);
- throw new EntitlementException("Error while retrieving subscriber ids", e);
-
- }
-
- return null;
- }
-
- private void populateProperties(PublisherDataHolder holder,
- PublisherDataHolder oldHolder, Resource resource) {
-
- PublisherPropertyDTO[] propertyDTOs = holder.getPropertyDTOs();
- for (PublisherPropertyDTO dto : propertyDTOs) {
- if (dto.getId() != null && dto.getValue() != null && dto.getValue().trim().length() > 0) {
- ArrayList list = new ArrayList();
- if (dto.isSecret()) {
- PublisherPropertyDTO propertyDTO = null;
- if (oldHolder != null) {
- propertyDTO = oldHolder.getPropertyDTO(dto.getId());
- }
- if (propertyDTO == null || !propertyDTO.getValue().equalsIgnoreCase(dto.getValue())) {
- try {
- String encryptedValue = CryptoUtil.getDefaultCryptoUtil().
- encryptAndBase64Encode(dto.getValue().getBytes());
- dto.setValue(encryptedValue);
- } catch (CryptoException e) {
- log.error("Error while encrypting secret value of subscriber. " +
- "Secret would not be persist.", e);
- continue;
- }
- }
- }
- list.add(dto.getValue());
- list.add(dto.getDisplayName());
- list.add(Integer.toString(dto.getDisplayOrder()));
- list.add(Boolean.toString(dto.isRequired()));
- list.add(Boolean.toString(dto.isSecret()));
- resource.setProperty(dto.getId(), list);
- }
- }
- resource.setProperty(PublisherDataHolder.MODULE_NAME, holder.getModuleName());
- }
-
public Set getPublisherModules() {
return publisherModules;
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java
index c502c187164c..7885237d886f 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java
@@ -1,278 +1,143 @@
/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
+ * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package org.wso2.carbon.identity.entitlement.policy.store;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.apache.commons.lang.NotImplementedException;
import org.wso2.balana.combine.PolicyCombiningAlgorithm;
-import org.wso2.balana.combine.xacml3.DenyOverridesPolicyAlg;
-import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.entitlement.EntitlementException;
-import org.wso2.carbon.identity.entitlement.EntitlementUtil;
-import org.wso2.carbon.identity.entitlement.PDPConstants;
+import org.wso2.carbon.identity.entitlement.persistence.ConfigPersistenceManager;
+import org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerFactory;
+import org.wso2.carbon.identity.entitlement.persistence.PolicyPersistenceManager;
+import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
-import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
-import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine;
-import org.wso2.carbon.registry.core.Collection;
-import org.wso2.carbon.registry.core.Registry;
-import org.wso2.carbon.registry.core.RegistryConstants;
-import org.wso2.carbon.registry.core.Resource;
-import org.wso2.carbon.registry.core.exceptions.RegistryException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
/**
- * This is default implementation, where data are stored in carbon registry
+ * This is the default implementation of PolicyDataStore
*/
public class DefaultPolicyDataStore implements PolicyDataStore {
- public static final String POLICY_COMBINING_PREFIX_1 =
- "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:";
- public static final String POLICY_COMBINING_PREFIX_3 =
- "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:";
- private static Log log = LogFactory.getLog(DefaultPolicyDataStore.class);
- private String policyDataCollection = PDPConstants.ENTITLEMENT_POLICY_DATA;
+ private final PolicyPersistenceManager policyPersistenceManager =
+ PersistenceManagerFactory.getPolicyPersistenceManager();
@Override
public void init(Properties properties) throws EntitlementException {
+ policyPersistenceManager.init(properties);
}
+ /**
+ * This method is not implemented since the data is already being
+ * retrieved with {@link ConfigPersistenceManager#getGlobalPolicyAlgorithm()}
+ */
@Override
public PolicyCombiningAlgorithm getGlobalPolicyAlgorithm() {
-
- String algorithm = null;
- try {
- Registry registry = getGovernanceRegistry();
- if (registry.resourceExists(policyDataCollection)) {
- Collection collection = (Collection) registry.get(policyDataCollection);
- algorithm = collection.getProperty("globalPolicyCombiningAlgorithm");
- }
-
- if (algorithm == null || algorithm.trim().length() == 0) {
- // read algorithm from entitlement.properties file
- algorithm = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().
- getProperty(PDPConstants.PDP_GLOBAL_COMBINING_ALGORITHM);
- log.info("Using Global policy combining algorithm that is defined in configuration file.");
- try {
- return EntitlementUtil.getPolicyCombiningAlgorithm(algorithm);
- } catch (Exception e) {
- log.debug(e);
- }
- }
-
- if (algorithm != null && algorithm.trim().length() > 0) {
- if ("first-applicable".equals(algorithm) || "only-one-applicable".equals(algorithm)) {
- algorithm = POLICY_COMBINING_PREFIX_1 + algorithm;
- } else {
- algorithm = POLICY_COMBINING_PREFIX_3 + algorithm;
- }
- return EntitlementUtil.getPolicyCombiningAlgorithm(algorithm);
- }
-
- } catch (RegistryException | EntitlementException e) {
- if (log.isDebugEnabled()) {
- log.debug("Exception while getting Global Policy Algorithm from policy data store.", e);
- }
- }
-
- log.warn("Global policy combining algorithm is not defined. Therefore using default one");
- return new DenyOverridesPolicyAlg();
+ throw new NotImplementedException();
}
+ /**
+ * This method is not implemented since the data is already being
+ * set with {@link ConfigPersistenceManager#addOrUpdateGlobalPolicyAlgorithm(String)}
+ */
@Override
public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException {
- Registry registry = getGovernanceRegistry();
- try {
- Collection policyCollection;
- if (registry.resourceExists(policyDataCollection)) {
- policyCollection = (Collection) registry.get(policyDataCollection);
- } else {
- policyCollection = registry.newCollection();
- }
-
- policyCollection.setProperty("globalPolicyCombiningAlgorithm", policyCombiningAlgorithm);
- registry.put(policyDataCollection, policyCollection);
-
- // performing cache invalidation
- EntitlementEngine.getInstance().invalidatePolicyCache();
-
- } catch (RegistryException e) {
- log.error("Error while updating Global combing algorithm in policy store ", e);
- throw new EntitlementException("Error while updating combing algorithm in policy store");
- }
+ throw new NotImplementedException();
}
+ /**
+ * This method is not implemented since the data is already being
+ * retrieved with {@link ConfigPersistenceManager#getGlobalPolicyAlgorithmName()}
+ */
@Override
public String getGlobalPolicyAlgorithmName() {
- String algorithm = null;
- try {
-
- Registry registry = getGovernanceRegistry();
- if (registry.resourceExists(policyDataCollection)) {
- Collection collection = (Collection) registry.get(policyDataCollection);
- algorithm = collection.getProperty("globalPolicyCombiningAlgorithm");
- }
- } catch (RegistryException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- } catch (EntitlementException e) {
- log.error("Error while getting Global Policy Combining Algorithm Name.", e);
- }
-
- // set default
- if (algorithm == null) {
- algorithm = "deny-overrides";
- }
-
- return algorithm;
+ throw new NotImplementedException();
}
+ /**
+ * This method is not implemented since the data is already being retrieved with
+ * {@link org.wso2.carbon.identity.entitlement.EntitlementUtil#getAllGlobalPolicyAlgorithmNames()}
+ */
@Override
public String[] getAllGlobalPolicyAlgorithmNames() {
- return new String[]{"deny-overrides", "permit-overrides", "first-applicable",
- "ordered-deny-overrides", "ordered-permit-overrides", "only-one-applicable"};
+ throw new NotImplementedException();
}
+ /**
+ * Gets policy data for given policy id.
+ *
+ * @param policyId policy id as String.
+ * @return policy data such as order and so on PolicyStoreDTO.
+ */
@Override
public PolicyStoreDTO getPolicyData(String policyId) {
- PolicyStoreDTO dataDTO = new PolicyStoreDTO();
- try {
- Registry registry = getGovernanceRegistry();
- String path = policyDataCollection + policyId;
- if (registry.resourceExists(path)) {
- Resource resource = registry.get(path);
- String order = resource.getProperty("order");
- String active = resource.getProperty("active");
- if (order != null && order.trim().length() > 0) {
- dataDTO.setPolicyOrder(Integer.parseInt(order));
- }
- dataDTO.setActive(Boolean.parseBoolean(active));
- }
- } catch (RegistryException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- } catch (EntitlementException e) {
- log.error("Error while getting policy data for policyId: " + policyId, e);
- }
- return dataDTO;
+ return policyPersistenceManager.getPublishedPolicy(policyId);
}
-
+ /**
+ * Gets all policy data.
+ *
+ * @return Array of PolicyStoreDTO.
+ */
@Override
public PolicyStoreDTO[] getPolicyData() {
-
- List policyStoreDTOs = new ArrayList();
- try {
- Registry registry = getGovernanceRegistry();
- if (registry.resourceExists(policyDataCollection)) {
- Collection collection = (Collection) registry.get(policyDataCollection);
- String[] paths = collection.getChildren();
- for (String path : paths) {
- if (registry.resourceExists(path)) {
- PolicyStoreDTO dataDTO = new PolicyStoreDTO();
- Resource resource = registry.get(path);
- String order = resource.getProperty("order");
- String active = resource.getProperty("active");
- String id = path.substring(path.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1);
- dataDTO.setPolicyId(id);
- if (order != null && order.trim().length() > 0) {
- dataDTO.setPolicyOrder(Integer.parseInt(order));
- }
- dataDTO.setActive(Boolean.parseBoolean(active));
- policyStoreDTOs.add(dataDTO);
- }
- }
+ String[] publishedPolicyIds = policyPersistenceManager.getOrderedPolicyIdentifiers();
+ List policyStoreDTOs = new ArrayList<>();
+ if (publishedPolicyIds != null) {
+ for (String policyId : publishedPolicyIds) {
+ policyStoreDTOs.add(getPolicyData(policyId));
}
- } catch (RegistryException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- } catch (EntitlementException e) {
- log.error("Error while getting all policy data.", e);
}
- return policyStoreDTOs.toArray(new PolicyStoreDTO[policyStoreDTOs.size()]);
+ return policyStoreDTOs.toArray(new PolicyStoreDTO[0]);
}
+ /**
+ * This method is not implemented since the data is already being
+ * set with {@link PolicyStoreManageModule#updatePolicy(PolicyStoreDTO)}
+ *
+ * @param policyId policy id
+ * @param policyDataDTO policy data
+ * @throws EntitlementException if an error occurs
+ */
@Override
public void setPolicyData(String policyId, PolicyStoreDTO policyDataDTO) throws EntitlementException {
- Registry registry = getGovernanceRegistry();
- try {
- String path = policyDataCollection + policyId;
- Resource resource;
- if (registry.resourceExists(path)) {
- resource = registry.get(path);
- } else {
- resource = registry.newCollection();
- }
-
- if (policyDataDTO.isSetActive()) {
- resource.setProperty("active", Boolean.toString(policyDataDTO.isActive()));
- }
- if (policyDataDTO.isSetOrder()) {
- int order = policyDataDTO.getPolicyOrder();
- if (order > 0) {
- resource.setProperty("order", Integer.toString(order));
- }
- }
- registry.put(path, resource);
- } catch (RegistryException e) {
- log.error("Error while updating Policy data in policy store ", e);
- throw new EntitlementException("Error while updating Policy data in policy store");
- }
+ // No default implementation provided.
}
+ /**
+ * This method is not implemented since the data is already being
+ * removed with {@link PolicyStoreManageModule#deletePolicy(String)}
+ *
+ * @param policyId policy id
+ * @throws EntitlementException if an error occurs
+ */
@Override
public void removePolicyData(String policyId) throws EntitlementException {
- Registry registry = getGovernanceRegistry();
- try {
- String path = policyDataCollection + policyId;
- if (registry.resourceExists(path)) {
- registry.delete(path);
- }
- } catch (RegistryException e) {
- log.error("Error while deleting Policy data in policy store ", e);
- throw new EntitlementException("Error while deleting Policy data in policy store");
- }
-
- }
-
- private Registry getGovernanceRegistry() throws EntitlementException {
-
- int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
- Registry registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId);
-
- if (registry == null) {
- throw new EntitlementException("Unable to get governance registry for tenant: " + tenantId);
- }
-
- return registry;
+ // No default implementation provided.
}
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java
index 6d9824c3b9a5..3b1141c54f70 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java
@@ -1,20 +1,20 @@
/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
+ * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package org.wso2.carbon.identity.entitlement.policy.store;
@@ -30,75 +30,72 @@
*/
public interface PolicyDataStore {
-
/**
- * initializes the PolicyDataStore
+ * initializes the PolicyDataStore.
*
* @param properties properties, that need to initialize the module.
- * @throws EntitlementException throws when initialization is failed
+ * @throws EntitlementException throws when initialization is failed.
*/
- public void init(Properties properties) throws EntitlementException;
+ void init(Properties properties) throws EntitlementException;
/**
- * Gets the policy combining algorithm of the PDP
+ * Gets the policy combining algorithm of the PDP.
*
- * @return policy combining algorithm as PolicyCombiningAlgorithm
+ * @return policy combining algorithm as PolicyCombiningAlgorithm.
*/
- public PolicyCombiningAlgorithm getGlobalPolicyAlgorithm();
+ PolicyCombiningAlgorithm getGlobalPolicyAlgorithm();
/**
- * Persist the policy combining algorithm in to data store
+ * Persist the policy combining algorithm in to data store.
*
- * @param policyCombiningAlgorithm policy combining algorithm name to persist
- * @throws EntitlementException throws if fails
+ * @param policyCombiningAlgorithm policy combining algorithm name to persist.
+ * @throws EntitlementException throws if fails.
*/
- public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException;
+ void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException;
/**
- * Gets the policy combining algorithm name of the PDP
+ * Gets the policy combining algorithm name of the PDP.
*
- * @return policy combining algorithm name as String
+ * @return policy combining algorithm name as String.
*/
- public String getGlobalPolicyAlgorithmName();
+ String getGlobalPolicyAlgorithmName();
/**
- * Gets all supported policy combining algorithm name of the PDP
+ * Gets all supported policy combining algorithm name of the PDP.
*
- * @return policy combining algorithm names as Array of String
+ * @return policy combining algorithm names as Array of String.
*/
- public String[] getAllGlobalPolicyAlgorithmNames();
+ String[] getAllGlobalPolicyAlgorithmNames();
/**
- * Gets policy data for given policy id
+ * Gets policy data for given policy id.
*
- * @param policyId policy id as String
- * @return policy data such as order and so on PolicyStoreDTO
+ * @param policyId policy id as String.
+ * @return policy data such as order and so on PolicyStoreDTO.
*/
- public PolicyStoreDTO getPolicyData(String policyId);
-
+ PolicyStoreDTO getPolicyData(String policyId);
/**
- * Gets all policy data
+ * Gets all policy data.
*
- * @return Array of PolicyStoreDTO
+ * @return Array of PolicyStoreDTO.
*/
- public PolicyStoreDTO[] getPolicyData();
+ PolicyStoreDTO[] getPolicyData();
/**
- * Set policy data for give policy id
+ * Set policy data for give policy id.
*
- * @param policyId policy id as String
- * @param policyDataDTO policy data such as order and so on PolicyStoreDTO
- * @throws EntitlementException if it is failed
+ * @param policyId policy id as String.
+ * @param policyDataDTO policy data such as order and so on PolicyStoreDTO.
+ * @throws EntitlementException if it is failed.
*/
- public void setPolicyData(String policyId, PolicyStoreDTO policyDataDTO) throws EntitlementException;
+ void setPolicyData(String policyId, PolicyStoreDTO policyDataDTO) throws EntitlementException;
/**
- * Remove policy data for give policy id
+ * Remove policy data for give policy id.
*
- * @param policyId policy id as String
- * @throws EntitlementException
+ * @param policyId policy id as String.
+ * @throws EntitlementException if it is failed.
*/
- public void removePolicyData(String policyId) throws EntitlementException;
-
+ void removePolicyData(String policyId) throws EntitlementException;
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java
index f1b72e1713c7..e5ca04ffb75d 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java
@@ -1,20 +1,20 @@
/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
+ * Copyright (c) WSO2 LLC (http://www.wso2.com) All Rights Reserved.
+ *
+ * WSO2 LLC licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package org.wso2.carbon.identity.entitlement.policy.store;
@@ -32,40 +32,38 @@
public interface PolicyStoreManageModule extends PolicyFinderModule {
/**
- * init policy store module
+ * Init policy store module
*
- * @param properties
+ * @param properties properties that are need to initialize the module.
*/
public void init(Properties properties);
/**
- * add policy in to the store
+ * Add policy in to the store.
*
- * @param policy
+ * @param policy policy as PolicyStoreDTO.
*/
public void addPolicy(PolicyStoreDTO policy) throws EntitlementException;
-
/**
- * update policy in to the store
+ * Update policy in to the store.
*
- * @param policy
+ * @param policy policy as PolicyStoreDTO.
*/
public void updatePolicy(PolicyStoreDTO policy) throws EntitlementException;
/**
- * delete policy from the store
+ * Delete policy from the store.
*
- * @param policyIdentifier
+ * @param policyIdentifier policy identifier as String.
*/
public boolean deletePolicy(String policyIdentifier) throws EntitlementException;
/**
- * Check whether policy is exist or not
+ * Check whether policy is published or not.
*
- * @param policyId policy id as String
- * @return whether true or false
+ * @param policyId policy id as String.
+ * @return whether true or false.
*/
public boolean isPolicyExist(String policyId);
-
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java
index 4b1b45e738eb..06a48d996a6c 100644
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java
+++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java
@@ -1,7 +1,7 @@
/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+* Copyright (c) WSO2 LLC (http://www.wso2.com) All Rights Reserved.
*
-* WSO2 Inc. licenses this file to you under the Apache License,
+* WSO2 LLC licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
@@ -18,13 +18,14 @@
package org.wso2.carbon.identity.entitlement.policy.store;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.apache.commons.collections.MapUtils;
import org.wso2.carbon.identity.entitlement.EntitlementException;
import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
+import org.wso2.carbon.identity.entitlement.persistence.PersistenceManagerFactory;
import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
+import org.wso2.carbon.identity.entitlement.policy.finder.AbstractPolicyFinderModule;
import java.util.ArrayList;
import java.util.List;
@@ -39,19 +40,17 @@
*/
public class PolicyStoreManager {
- private PolicyStoreManageModule policyStoreStore = null;
- private PolicyDataStore policyDataStore = null;
-
- private static Log log = LogFactory.getLog(PolicyStoreManager.class);
+ private final PolicyStoreManageModule policyStore;
+ private final PolicyDataStore policyDataStore;
public PolicyStoreManager(PolicyDataStore policyDataStore) {
- // get policy collection
+
Map policyCollections = EntitlementServiceComponent.
getEntitlementConfig().getPolicyStore();
- if (policyCollections != null && policyCollections.size() > 0) {
- policyStoreStore = policyCollections.entrySet().iterator().next().getKey();
+ if (MapUtils.isNotEmpty(policyCollections)) {
+ policyStore = policyCollections.entrySet().iterator().next().getKey();
} else {
- policyStoreStore = new RegistryPolicyStoreManageModule();
+ policyStore = PersistenceManagerFactory.getPolicyPersistenceManager();
}
this.policyDataStore = policyDataStore;
}
@@ -64,92 +63,97 @@ public void addPolicy(PolicyDTO policyDTO) throws EntitlementException {
dto.setActive(policyDTO.isActive());
dto.setPolicyOrder(policyDTO.getPolicyOrder());
dto.setAttributeDTOs(policyDTO.getAttributeDTOs());
- if (policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) {
+ dto.setVersion(policyDTO.getVersion());
+
+ if (policyStore.isPolicyExist(policyDTO.getPolicyId())) {
dto.setSetActive(false);
dto.setSetOrder(false);
} else {
dto.setSetOrder(true);
dto.setSetActive(true);
}
- policyStoreStore.addPolicy(dto);
+ policyStore.addPolicy(dto);
policyDataStore.setPolicyData(policyDTO.getPolicyId(), dto);
- RegistryPolicyStoreManageModule
+ AbstractPolicyFinderModule
.invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_UPDATE);
}
public void updatePolicy(PolicyDTO policyDTO) throws EntitlementException {
- if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) {
- throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " +
- policyDTO.getPolicyId());
+ if (!policyStore.isPolicyExist(policyDTO.getPolicyId())) {
+ throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " +
+ policyDTO.getPolicyId());
}
+
PolicyStoreDTO dto = new PolicyStoreDTO();
dto.setPolicyId(policyDTO.getPolicyId());
dto.setPolicy(policyDTO.getPolicy());
dto.setActive(policyDTO.isActive());
dto.setPolicyOrder(policyDTO.getPolicyOrder());
dto.setAttributeDTOs(policyDTO.getAttributeDTOs());
+ dto.setVersion(policyDTO.getVersion());
dto.setSetActive(false);
dto.setSetOrder(false);
- policyStoreStore.updatePolicy(dto);
- RegistryPolicyStoreManageModule
+
+ policyStore.updatePolicy(dto);
+ AbstractPolicyFinderModule
.invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_UPDATE);
}
public void enableDisablePolicy(PolicyDTO policyDTO) throws EntitlementException {
- if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) {
- throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " +
- policyDTO.getPolicyId());
+ if (!policyStore.isPolicyExist(policyDTO.getPolicyId())) {
+ throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " +
+ policyDTO.getPolicyId());
}
PolicyStoreDTO dto = new PolicyStoreDTO();
dto.setPolicyId(policyDTO.getPolicyId());
dto.setPolicy(policyDTO.getPolicy());
dto.setActive(policyDTO.isActive());
+ dto.setVersion(policyDTO.getVersion());
dto.setSetActive(true);
- if (policyStoreStore.isPolicyDeActivationSupport()) {
- policyStoreStore.updatePolicy(dto);
- }
+
+ policyStore.updatePolicy(dto);
policyDataStore.setPolicyData(policyDTO.getPolicyId(), dto);
if (policyDTO.isActive()) {
- RegistryPolicyStoreManageModule
+ AbstractPolicyFinderModule
.invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_ENABLE);
} else {
- RegistryPolicyStoreManageModule
+ AbstractPolicyFinderModule
.invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_DISABLE);
}
}
public void orderPolicy(PolicyDTO policyDTO) throws EntitlementException {
- if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) {
- throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " +
- policyDTO.getPolicyId());
+ if (!policyStore.isPolicyExist(policyDTO.getPolicyId())) {
+ throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " +
+ policyDTO.getPolicyId());
}
PolicyStoreDTO dto = new PolicyStoreDTO();
dto.setPolicyId(policyDTO.getPolicyId());
dto.setPolicy(policyDTO.getPolicy());
dto.setPolicyOrder(policyDTO.getPolicyOrder());
+ dto.setVersion(policyDTO.getVersion());
dto.setSetOrder(true);
- if (policyStoreStore.isPolicyOrderingSupport()) {
- policyStoreStore.updatePolicy(dto);
- }
+
+ policyStore.updatePolicy(dto);
policyDataStore.setPolicyData(policyDTO.getPolicyId(), dto);
- RegistryPolicyStoreManageModule
+ AbstractPolicyFinderModule
.invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_ORDER);
}
-
public void removePolicy(PolicyDTO policyDTO) throws EntitlementException {
- if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) {
- throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " +
- policyDTO.getPolicyId());
+
+ if (!policyStore.isPolicyExist(policyDTO.getPolicyId())) {
+ throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " +
+ policyDTO.getPolicyId());
}
- policyStoreStore.deletePolicy(policyDTO.getPolicyId());
+ policyStore.deletePolicy(policyDTO.getPolicyId());
policyDataStore.removePolicyData(policyDTO.getPolicyId());
- RegistryPolicyStoreManageModule
+ AbstractPolicyFinderModule
.invalidateCache(policyDTO.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_DELETE);
}
@@ -157,7 +161,7 @@ public PolicyDTO getPolicy(String policyId) {
PolicyDTO policyDTO = new PolicyDTO();
policyDTO.setPolicyId(policyId);
- String policy = policyStoreStore.getPolicy(policyId);
+ String policy = policyStore.getPolicy(policyId);
PolicyStoreDTO storeDTO = policyDataStore.getPolicyData(policyId);
if (policy != null) {
policyDTO.setPolicy(policy);
@@ -168,27 +172,29 @@ public PolicyDTO getPolicy(String policyId) {
}
public String[] getPolicyIds() {
- return policyStoreStore.getOrderedPolicyIdentifiers();
+
+ return policyStore.getOrderedPolicyIdentifiers();
}
public PolicyDTO[] getLightPolicies() {
- List policyDTOs = new ArrayList();
- String[] policies = policyStoreStore.getOrderedPolicyIdentifiers();
+ List policyDTOs = new ArrayList<>();
+ String[] policies = policyStore.getOrderedPolicyIdentifiers();
if (policies != null) {
for (String policy : policies) {
PolicyDTO policyDTO = new PolicyDTO();
policyDTO.setPolicyId(policy);
- PolicyStoreDTO storeDTO = policyDataStore.getPolicyData(policy);
- policyDTO.setActive(storeDTO.isActive());
- policyDTO.setPolicyOrder(storeDTO.getPolicyOrder());
+ PolicyStoreDTO dto = policyDataStore.getPolicyData(policy);
+ policyDTO.setActive(dto.isActive());
+ policyDTO.setPolicyOrder(dto.getPolicyOrder());
policyDTOs.add(policyDTO);
}
}
- return policyDTOs.toArray(new PolicyDTO[policyDTOs.size()]);
+ return policyDTOs.toArray(new PolicyDTO[0]);
}
public PolicyStoreDTO[] getAllPolicyData() {
+
return policyDataStore.getPolicyData();
}
}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/RegistryPolicyStoreManageModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/RegistryPolicyStoreManageModule.java
deleted file mode 100644
index c6b070d3938a..000000000000
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/RegistryPolicyStoreManageModule.java
+++ /dev/null
@@ -1,406 +0,0 @@
-/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.wso2.carbon.identity.entitlement.policy.store;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.wso2.carbon.context.CarbonContext;
-import org.wso2.carbon.identity.entitlement.EntitlementException;
-import org.wso2.carbon.identity.entitlement.EntitlementUtil;
-import org.wso2.carbon.identity.entitlement.PDPConstants;
-import org.wso2.carbon.identity.entitlement.dto.AttributeDTO;
-import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
-import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO;
-import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
-import org.wso2.carbon.identity.entitlement.policy.finder.AbstractPolicyFinderModule;
-import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule;
-import org.wso2.carbon.identity.entitlement.policy.finder.registry.RegistryPolicyReader;
-import org.wso2.carbon.registry.core.Collection;
-import org.wso2.carbon.registry.core.Registry;
-import org.wso2.carbon.registry.core.Resource;
-import org.wso2.carbon.registry.core.exceptions.RegistryException;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
-/**
- *
- */
-public class RegistryPolicyStoreManageModule extends AbstractPolicyFinderModule
- implements PolicyStoreManageModule {
-
- private static final String MODULE_NAME = "Registry Policy Finder Module";
- private static final String PROPERTY_POLICY_STORE_PATH = "policyStorePath";
- private static final String PROPERTY_ATTRIBUTE_SEPARATOR = "attributeValueSeparator";
- private static final String DEFAULT_POLICY_STORE_PATH = "/repository/identity/entitlement" +
- "/policy/pdp/";
- private static final String KEY_VALUE_POLICY_META_DATA = "policyMetaData";
- private static Log log = LogFactory.getLog(RegistryPolicyStoreManageModule.class);
- private String policyStorePath;
-
- @Override
- public void init(Properties properties) {
- policyStorePath = properties.getProperty(PROPERTY_POLICY_STORE_PATH);
- if (policyStorePath == null) {
- policyStorePath = DEFAULT_POLICY_STORE_PATH;
- }
- }
-
- @Override
- public void addPolicy(PolicyStoreDTO policy) throws EntitlementException {
-
- Registry registry;
- String policyPath;
- Collection policyCollection;
- Resource resource;
- int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-
- if (policy == null || StringUtils.isBlank(policy.getPolicyId())) {
- throw new EntitlementException("Policy can not be null");
- }
-
- try {
- registry = EntitlementServiceComponent.getRegistryService().
- getGovernanceSystemRegistry(tenantId);
-
- if (!registry.resourceExists(policyStorePath)) {
- policyCollection = registry.newCollection();
- registry.put(policyStorePath, policyCollection);
- }
-
- policyPath = policyStorePath + policy.getPolicyId();
-
- if (registry.resourceExists(policyPath)) {
- resource = registry.get(policyPath);
- } else {
- resource = registry.newResource();
- }
-
- if (policy.getPolicy() != null && policy.getPolicy().trim().length() != 0) {
- resource.setContent(policy.getPolicy());
- resource.setMediaType(PDPConstants.REGISTRY_MEDIA_TYPE);
- AttributeDTO[] attributeDTOs = policy.getAttributeDTOs();
- if (attributeDTOs != null) {
- // Store policy metadata based on the configured property.
- if (EntitlementUtil.isPolicyMetadataStoringEnabled()) {
- setAttributesAsProperties(attributeDTOs, resource);
- }
- }
- }
- if (policy.isSetActive()) {
- resource.setProperty("active", Boolean.toString(policy.isActive()));
- }
- if (policy.isSetOrder()) {
- int order = policy.getPolicyOrder();
- if (order > 0) {
- resource.setProperty("order", Integer.toString(order));
- }
- }
- if (resource.getContent() == null) {
- log.info("Prevented adding null content to resource " + policyPath);
- return;
- }
-
- // Store policy metadata based on the configured property.
- if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) {
- for (Map.Entry entry : resource.getProperties().entrySet()) {
- if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) {
- resource.getProperties().remove(entry.getKey());
- }
- }
- }
- registry.put(policyPath, resource);
- } catch (RegistryException e) {
- log.error("Error while persisting policy", e);
- throw new EntitlementException("Error while persisting policy", e);
- }
- }
-
- @Override
- public boolean isPolicyExist(String policyId) {
-
- Registry registry;
- String policyPath;
- int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-
- if (policyId == null || policyId.trim().length() == 0) {
- return false;
- }
-
- try {
- registry = EntitlementServiceComponent.getRegistryService().
- getGovernanceSystemRegistry(tenantId);
-
- policyPath = policyStorePath + policyId;
- return registry.resourceExists(policyPath);
- } catch (RegistryException e) {
- //ignore
- return false;
- }
- }
-
- @Override
- public void updatePolicy(PolicyStoreDTO policy) throws EntitlementException {
- addPolicy(policy);
- }
-
-
- @Override
- public boolean deletePolicy(String policyIdentifier) {
-
- Registry registry;
- String policyPath;
- int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
-
- if (policyIdentifier == null || policyIdentifier.trim().length() == 0) {
- return false;
- }
-
- try {
- registry = EntitlementServiceComponent.getRegistryService().
- getGovernanceSystemRegistry(tenantId);
-
- policyPath = policyStorePath + policyIdentifier;
- registry.delete(policyPath);
- return true;
- } catch (RegistryException e) {
- log.error(e);
- return false;
- }
- }
-
-
- @Override
- public String getModuleName() {
- return MODULE_NAME;
- }
-
- @Override
- public String getPolicy(String policyId) {
- PolicyDTO dto;
- try {
- dto = getPolicyReader().readPolicy(policyId);
- return dto.getPolicy();
- } catch (Exception e) {
- log.error("Policy with identifier " + policyId + " can not be retrieved " +
- "from registry policy finder module", e);
- }
- return null;
- }
-
- @Override
- public int getPolicyOrder(String policyId) {
- PolicyDTO dto;
- try {
- dto = getPolicyReader().readPolicy(policyId);
- return dto.getPolicyOrder();
- } catch (Exception e) {
- log.error("Policy with identifier " + policyId + " can not be retrieved " +
- "from registry policy finder module", e);
- }
- return -1;
- }
-
- @Override
- public String[] getActivePolicies() {
-
- log.debug("Retrieving of Active policies are started. " + new Date());
-
- List policies = new ArrayList();
-
- try {
- PolicyDTO[] policyDTOs = getPolicyReader().readAllPolicies(true, true);
- for (PolicyDTO dto : policyDTOs) {
- if (dto.getPolicy() != null) {
- policies.add(dto.getPolicy());
- }
- }
- } catch (Exception e) {
- log.error("Policies can not be retrieved from registry policy finder module", e);
- }
-
- log.debug("Retrieving of Active policies are finished. " + new Date());
-
- return policies.toArray(new String[policies.size()]);
- }
-
-
- @Override
- public String[] getOrderedPolicyIdentifiers() {
-
- log.debug("Retrieving of Order Policy Ids are started. " + new Date());
-
- List policies = new ArrayList();
-
- try {
- PolicyDTO[] policyDTOs = getPolicyReader().readAllPolicies(false, true);
- for (PolicyDTO dto : policyDTOs) {
- if (dto.getPolicy() != null) {
- policies.add(dto.getPolicyId());
- }
- }
- } catch (Exception e) {
- log.error("Policies can not be retrieved from registry policy finder module", e);
- }
-
- log.debug("Retrieving of Order Policy Ids are finish. " + new Date());
-
- return policies.toArray(new String[policies.size()]);
-
- }
-
- @Override
- public String[] getPolicyIdentifiers() {
- String[] policyIds = null;
- try {
- policyIds = getPolicyReader().getAllPolicyIds();
- } catch (Exception e) {
- log.error("Policy identifiers can not be retrieved from registry policy finder module", e);
- }
- return policyIds;
- }
-
- @Override
- public String getReferencedPolicy(String policyId) {
-
- // retrieve for policies that are not active
- try {
- PolicyDTO dto = getPolicyReader().readPolicy(policyId);
- if (dto != null && dto.getPolicy() != null && !dto.isActive()) {
- return dto.getPolicy();
- }
- } catch (EntitlementException e) {
- log.error("Error while retrieving reference policy " + policyId);
- // ignore
- }
-
- return null;
- }
-
- @Override
- public Map> getSearchAttributes(String identifier, Set givenAttribute) {
-
- PolicyDTO[] policyDTOs = null;
- Map> attributeMap = null;
- try {
- policyDTOs = getPolicyReader().readAllPolicies(true, true);
- } catch (Exception e) {
- log.error("Policies can not be retrieved from registry policy finder module", e);
- }
-
- if (policyDTOs != null) {
- attributeMap = new HashMap>();
- for (PolicyDTO policyDTO : policyDTOs) {
- Set attributeDTOs =
- new HashSet(Arrays.asList(policyDTO.getAttributeDTOs()));
- String[] policyIdRef = policyDTO.getPolicyIdReferences();
- String[] policySetIdRef = policyDTO.getPolicySetIdReferences();
-
- if (policyIdRef != null && policyIdRef.length > 0 || policySetIdRef != null &&
- policySetIdRef.length > 0) {
- for (PolicyDTO dto : policyDTOs) {
- if (policyIdRef != null) {
- for (String policyId : policyIdRef) {
- if (dto.getPolicyId().equals(policyId)) {
- attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs()));
- }
- }
- }
- for (String policySetId : policySetIdRef) {
- if (dto.getPolicyId().equals(policySetId)) {
- attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs()));
- }
- }
- }
- }
- attributeMap.put(policyDTO.getPolicyId(), attributeDTOs);
- }
- }
-
- return attributeMap;
- }
-
-
- @Override
- public int getSupportedSearchAttributesScheme() {
- return PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER;
- }
-
- @Override
- public boolean isDefaultCategoriesSupported() {
- return true;
- }
-
- /**
- * creates policy reader instance
- *
- * @return
- */
- private RegistryPolicyReader getPolicyReader() {
-
- Registry registry = null;
- int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
- try {
- registry = EntitlementServiceComponent.getRegistryService().
- getGovernanceSystemRegistry(tenantId);
- } catch (RegistryException e) {
- log.error("Error while obtaining registry for tenant : " + tenantId, e);
- }
- return new RegistryPolicyReader(registry, policyStorePath);
- }
-
- /**
- * This helper method creates properties object which contains the policy meta data.
- *
- * @param attributeDTOs List of AttributeDTO
- * @param resource registry resource
- */
- private void setAttributesAsProperties(AttributeDTO[] attributeDTOs, Resource resource) {
-
- int attributeElementNo = 0;
- if (attributeDTOs != null) {
- for (AttributeDTO attributeDTO : attributeDTOs) {
- resource.setProperty(KEY_VALUE_POLICY_META_DATA + attributeElementNo,
- attributeDTO.getCategory() + "," +
- attributeDTO.getAttributeValue() + "," +
- attributeDTO.getAttributeId() + "," +
- attributeDTO.getAttributeDataType());
- attributeElementNo++;
- }
- }
- }
-
- @Override
- public boolean isPolicyOrderingSupport() {
- return true;
- }
-
- @Override
- public boolean isPolicyDeActivationSupport() {
- return true;
- }
-}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/DefaultPolicyVersionManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/DefaultPolicyVersionManager.java
deleted file mode 100644
index 0d8850363c31..000000000000
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/DefaultPolicyVersionManager.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-package org.wso2.carbon.identity.entitlement.policy.version;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.wso2.carbon.context.CarbonContext;
-import org.wso2.carbon.identity.entitlement.EntitlementException;
-import org.wso2.carbon.identity.entitlement.PDPConstants;
-import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
-import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
-import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore;
-import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader;
-import org.wso2.carbon.registry.api.Collection;
-import org.wso2.carbon.registry.api.Registry;
-import org.wso2.carbon.registry.api.RegistryException;
-import org.wso2.carbon.registry.core.RegistryConstants;
-import org.wso2.carbon.registry.core.Resource;
-import org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException;
-import org.wso2.carbon.registry.core.utils.RegistryUtils;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-
-/**
- *
- */
-public class DefaultPolicyVersionManager implements PolicyVersionManager {
-
-
- private static Log log = LogFactory.getLog(DefaultPolicyVersionManager.class);
-
- private static int DEFAULT_MAX_VERSION = 5;
-
- private int maxVersions;
-
- @Override
- public void init(Properties properties) {
- try {
- maxVersions = Integer.parseInt(properties.getProperty("maxVersions"));
- } catch (Exception e) {
- // ignore
- }
- if (maxVersions == 0) {
- maxVersions = DEFAULT_MAX_VERSION;
- }
- }
-
- @Override
- public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException {
-
- // Zero means current version
- if (version == null || version.trim().length() == 0) {
- Registry registry = EntitlementServiceComponent.
- getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
- try {
- Collection collection = (Collection) registry.
- get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId);
- if (collection != null) {
- version = collection.getProperty("version");
- }
- } catch (RegistryException e) {
- log.error(e);
- throw new EntitlementException("Invalid policy version");
- }
- }
-
- PAPPolicyStore policyStore = new PAPPolicyStore();
- PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore);
-
- Resource resource = policyStore.getPolicy(version,
- PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId +
- RegistryConstants.PATH_SEPARATOR);
- if (resource == null) {
- throw new EntitlementException("Invalid policy version");
- }
-
- return reader.readPolicyDTO(resource);
- }
-
- @Override
- public String createVersion(PolicyDTO policyDTO) throws EntitlementException {
-
- PAPPolicyStore policyStore = new PAPPolicyStore();
- Registry registry = EntitlementServiceComponent.
- getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
-
- String version = "0";
-
- try {
-
- Collection collection = null;
- try {
- collection = (Collection) registry.
- get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId());
- } catch (ResourceNotFoundException e) {
- // ignore
- }
-
- if (collection != null) {
- version = collection.getProperty("version");
- } else {
- collection = registry.newCollection();
- collection.setProperty("version", "1");
- registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION +
- policyDTO.getPolicyId(), collection);
- }
-
- int versionInt = Integer.parseInt(version);
- String policyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION +
- policyDTO.getPolicyId() + RegistryConstants.PATH_SEPARATOR;
-
- // check whether this is larger than max version
- if (versionInt > maxVersions) {
- // delete the older version
- int olderVersion = versionInt - maxVersions;
- if (registry.resourceExists(policyPath + olderVersion)) {
- registry.delete(policyPath + olderVersion);
- }
- }
-
- //new version
- version = Integer.toString(versionInt + 1);
-
- // set version properties
- policyDTO.setVersion(version);
-
- // persist new version
- policyStore.addOrUpdatePolicy(policyDTO, version, policyPath);
-
- // set new version
- collection.setProperty("version", version);
- registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION +
- policyDTO.getPolicyId(), collection);
- } catch (RegistryException e) {
- log.error("Error while creating new version of policy", e);
- }
- return version;
- }
-
- @Override
- public void deletePolicy(String policyId) throws EntitlementException {
-
- Registry registry = EntitlementServiceComponent.
- getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
- try {
- if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId)) {
- registry.delete(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId);
- }
- } catch (RegistryException e) {
- log.error("Error while deleting all versions of policy", e);
- }
- }
-
- @Override
- public String[] getVersions(String policyId) throws EntitlementException {
-
- List versions = new ArrayList();
- Registry registry = EntitlementServiceComponent.
- getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
- Collection collection = null;
- try {
- try {
- collection = (Collection) registry.
- get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId);
- } catch (ResourceNotFoundException e) {
- // ignore
- }
- if (collection != null && collection.getChildren() != null) {
- String[] children = collection.getChildren();
- for (String child : children) {
- versions.add(RegistryUtils.getResourceName(child));
- }
- }
- } catch (RegistryException e) {
- log.error("Error while creating new version of policy", e);
- }
- return versions.toArray(new String[versions.size()]);
- }
-}
diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/PolicyVersionManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/PolicyVersionManager.java
deleted file mode 100644
index 54c647ed79e1..000000000000
--- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/PolicyVersionManager.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* WSO2 Inc. licenses this file to you under the Apache License,
-* Version 2.0 (the "License"); you may not use this file except
-* in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.wso2.carbon.identity.entitlement.policy.version;
-
-import org.wso2.carbon.identity.entitlement.EntitlementException;
-import org.wso2.carbon.identity.entitlement.dto.PolicyDTO;
-
-import java.util.Properties;
-
-/**
- * This manages the policy versions
- */
-public interface PolicyVersionManager {
-
- /**
- * init policy version handler
- *
- * @param properties
- */
- public void init(Properties properties);
-
- /**
- * @param policyId
- * @param version
- * @return
- * @throws EntitlementException
- */
- public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException;
-
- /**
- * @param policyDTO
- * @return
- * @throws EntitlementException
- */
- public String createVersion(PolicyDTO policyDTO) throws EntitlementException;
-
- /**
- * @param policyId
- * @throws EntitlementException
- */
- public void deletePolicy(String policyId) throws EntitlementException;
-
- /**
- * @param policyId
- * @return
- * @throws EntitlementException
- */
- public String[] getVersions(String policyId) throws EntitlementException;
-}
diff --git a/components/entitlement/pom.xml b/components/entitlement/pom.xml
index bdb6ddc526bb..fd9e48d8b22c 100644
--- a/components/entitlement/pom.xml
+++ b/components/entitlement/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/extension-mgt/org.wso2.carbon.identity.extension.mgt/pom.xml b/components/extension-mgt/org.wso2.carbon.identity.extension.mgt/pom.xml
index 29ea719889c8..41e4a1c6cc8b 100644
--- a/components/extension-mgt/org.wso2.carbon.identity.extension.mgt/pom.xml
+++ b/components/extension-mgt/org.wso2.carbon.identity.extension.mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
extension-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/extension-mgt/pom.xml b/components/extension-mgt/pom.xml
index 4b4cdcf92c81..3cff3d31158f 100644
--- a/components/extension-mgt/pom.xml
+++ b/components/extension-mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui/pom.xml b/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui/pom.xml
index b2a08d6bdd0a..25098d943919 100644
--- a/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui/pom.xml
+++ b/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui/pom.xml
@@ -21,7 +21,7 @@
functions-library-mgt
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt/pom.xml b/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt/pom.xml
index 53bc188ac46a..e16f8f7d9122 100644
--- a/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt/pom.xml
+++ b/components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt/pom.xml
@@ -21,7 +21,7 @@
functions-library-mgt
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/components/functions-library-mgt/pom.xml b/components/functions-library-mgt/pom.xml
index 08f26bfde33c..81c75e879605 100644
--- a/components/functions-library-mgt/pom.xml
+++ b/components/functions-library-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/identity-core/org.wso2.carbon.identity.base/pom.xml b/components/identity-core/org.wso2.carbon.identity.base/pom.xml
index 83e4f6799449..05f6a9847673 100644
--- a/components/identity-core/org.wso2.carbon.identity.base/pom.xml
+++ b/components/identity-core/org.wso2.carbon.identity.base/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-core
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/IdentityConstants.java b/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/IdentityConstants.java
index e7b6b1464e25..a5b96babf759 100644
--- a/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/IdentityConstants.java
+++ b/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/IdentityConstants.java
@@ -376,6 +376,21 @@ public static class OAuth {
public static final String OAUTH2_DCR_EP_URL = "OAuth.OAuth2DCREPUrl";
public static final String OAUTH2_JWKS_EP_URL = "OAuth.OAuth2JWKSPage";
public static final String OIDC_DISCOVERY_EP_URL = "OAuth.OIDCDiscoveryEPUrl";
+ public static final String OAUTH1_REQUEST_TOKEN_URL_V2 = "OAuth.V2.OAuth1RequestTokenUrl";
+ public static final String OAUTH1_AUTHORIZE_URL_V2 = "OAuth.V2.OAuth1AuthorizeUrl";
+ public static final String OAUTH1_ACCESSTOKEN_URL_V2 = "OAuth.V2.OAuth1AccessTokenUrl";
+ public static final String OAUTH2_AUTHZ_EP_URL_V2 = "OAuth.V2.OAuth2AuthzEPUrl";
+ public static final String OAUTH2_PAR_EP_URL_V2 = "OAuth.V2.OAuth2ParEPUrl";
+ public static final String OAUTH2_TOKEN_EP_URL_V2 = "OAuth.V2.OAuth2TokenEPUrl";
+ public static final String OAUTH2_USERINFO_EP_URL_V2 = "OAuth.V2.OAuth2UserInfoEPUrl";
+ public static final String OAUTH2_REVOKE_EP_URL_V2 = "OAuth.V2.OAuth2RevokeEPUrl";
+ public static final String OAUTH2_INTROSPECT_EP_URL_V2 = "OAuth.V2.OAuth2IntrospectEPUrl";
+ public static final String OIDC_CHECK_SESSION_EP_URL_V2 = "OAuth.V2.OIDCCheckSessionEPUrl";
+ public static final String OIDC_LOGOUT_EP_URL_V2 = "OAuth.V2.OIDCLogoutEPUrl";
+ public static final String OIDC_WEB_FINGER_EP_URL_V2 = "OAuth.V2.OIDCWebFingerEPUrl";
+ public static final String OAUTH2_DCR_EP_URL_V2 = "OAuth.V2.OAuth2DCREPUrl";
+ public static final String OAUTH2_JWKS_EP_URL_V2 = "OAuth.V2.OAuth2JWKSPage";
+ public static final String OIDC_DISCOVERY_EP_URL_V2 = "OAuth.V2.OIDCDiscoveryEPUrl";
public static final String REQUEST_TOKEN = "oauth/request-token";
public static final String AUTHORIZE_URL = "oauth/authorize-url";
diff --git a/components/identity-core/org.wso2.carbon.identity.core.ui/pom.xml b/components/identity-core/org.wso2.carbon.identity.core.ui/pom.xml
index b44dbdec66b8..96265d735365 100644
--- a/components/identity-core/org.wso2.carbon.identity.core.ui/pom.xml
+++ b/components/identity-core/org.wso2.carbon.identity.core.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-core
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-core/org.wso2.carbon.identity.core/pom.xml b/components/identity-core/org.wso2.carbon.identity.core/pom.xml
index 291fc40b7cb8..8ac6d71abafc 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/pom.xml
+++ b/components/identity-core/org.wso2.carbon.identity.core/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-core
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
index 96db2d192723..5830aa93d2ef 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java
@@ -109,11 +109,8 @@ public class IdentityCoreConstants {
// Actions constants.
public static final String MAXIMUM_ACTIONS_PER_TYPE_PROPERTY = "Actions.MaximumActionsPerType";
- public static final String PRE_ISSUE_ACCESS_TOKEN_ACTION_TYPE_ENABLE_PROPERTY = "Actions.Types.PreIssueAccessToken.Enable";
- public static final String AUTHENTICATION_ACTION_TYPE_ENABLE_PROPERTY = "Actions.Types.PreIssueAccessToken.Enable";
-
+
public static final int DEFAULT_MAXIMUM_ACTIONS_PER_TYPE = 1;
- public static final boolean DEFAULT_PRE_ISSUE_ACCESS_TOKEN_ACTION_TYPE_ENABLE_VALUE = false;
public static class Filter {
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityUtil.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityUtil.java
index d5886d7bd2e1..87d7f5bc09c6 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityUtil.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityUtil.java
@@ -1500,52 +1500,6 @@ public static int getMaximumActionsPerActionType() {
return maximumActionsPerActionType;
}
- /**
- * Get Pre Issue Access Token Action Type enabled status.
- *
- * @return Whether the Pre Issue Access Token Action type is enabled or not.
- */
- public static boolean isPreIssueAccessTokenActionTypeEnabled() {
-
- return isActionTypeEnabled(IdentityCoreConstants.PRE_ISSUE_ACCESS_TOKEN_ACTION_TYPE_ENABLE_PROPERTY,
- IdentityCoreConstants.DEFAULT_PRE_ISSUE_ACCESS_TOKEN_ACTION_TYPE_ENABLE_VALUE);
- }
-
- /**
- * Get Pre Issue Access Token Action Type enabled status.
- *
- * @return Whether the Pre Issue Access Token Action type is enabled or not.
- */
- public static boolean isAuthenticationActionTypeEnabled() {
-
- return isActionTypeEnabled(IdentityCoreConstants.AUTHENTICATION_ACTION_TYPE_ENABLE_PROPERTY, false);
- }
-
- /**
- * Check whether a given action type is enabled or not.
- *
- * @param actionTypePropertyName Name of the action type enabled property.
- * @param defaultValue Default value of the action type enabled property.
- * @return Whether the action type is enabled or not.
- */
- private static boolean isActionTypeEnabled(String actionTypePropertyName, boolean defaultValue) {
-
- boolean isActionTypeEnabled = defaultValue;
- String actionTypeEnabledPropertyValue = IdentityUtil.getProperty(actionTypePropertyName);
- if (StringUtils.isNotBlank(actionTypeEnabledPropertyValue)) {
- if ("true".equalsIgnoreCase(actionTypeEnabledPropertyValue)) {
- isActionTypeEnabled = true;
- } else if ("false".equalsIgnoreCase(actionTypeEnabledPropertyValue)) {
- isActionTypeEnabled = false;
- } else {
- isActionTypeEnabled = defaultValue;
- log.warn("Invalid value for property: " + actionTypePropertyName +
- ". Value should be either 'true' or 'false'.");
- }
- }
- return isActionTypeEnabled;
- }
-
/**
* Get the Default Items per Page needed to display.
*
diff --git a/components/identity-core/pom.xml b/components/identity-core/pom.xml
index 20ae429cbf22..9658b295e627 100644
--- a/components/identity-core/pom.xml
+++ b/components/identity-core/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/identity-event/org.wso2.carbon.identity.event/pom.xml b/components/identity-event/org.wso2.carbon.identity.event/pom.xml
index 4ca5c86793dc..8af421298dc6 100644
--- a/components/identity-event/org.wso2.carbon.identity.event/pom.xml
+++ b/components/identity-event/org.wso2.carbon.identity.event/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-event
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/IdentityEventConstants.java b/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/IdentityEventConstants.java
index d6ab1063737c..600b4076acb0 100644
--- a/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/IdentityEventConstants.java
+++ b/components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/IdentityEventConstants.java
@@ -281,6 +281,10 @@ private Event(){}
public static final String POST_UPDATE_API_RESOURCE = "POST_UPDATE_API_RESOURCE";
+ public static final String PRE_UPDATE_SCOPE_METADATA = "PRE_UPDATE_SCOPE_METADATA";
+
+ public static final String POST_UPDATE_SCOPE_METADATA = "POST_UPDATE_SCOPE_METADATA";
+
public static final String PRE_DELETE_API_RESOURCE_SCOPES = "PRE_DELETE_API_RESOURCE_SCOPES";
public static final String POST_DELETE_API_RESOURCE_SCOPES = "POST_DELETE_API_RESOURCE_SCOPES";
@@ -442,6 +446,7 @@ private EventProperty(){}
public static final String API_ID = "API_ID";
public static final String SCOPE_NAME = "SCOPE_NAME";
public static final String ADDED_SCOPES = "ADDED_SCOPES";
+ public static final String SCOPE = "SCOPE";
public static final String DELETED_SCOPES = "DELETED_SCOPES";
public static final String OLD_SCOPES = "OLD_SCOPES";
public static final String NEW_SCOPES = "NEW_SCOPES";
diff --git a/components/identity-event/pom.xml b/components/identity-event/pom.xml
index e63542df162e..461c14e3deb7 100644
--- a/components/identity-event/pom.xml
+++ b/components/identity-event/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/pom.xml b/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/pom.xml
index 5656d72da63a..91abc26bd026 100644
--- a/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/pom.xml
+++ b/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/client/BrandingPreferenceRetrievalClient.java b/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/client/BrandingPreferenceRetrievalClient.java
index 33e3e4fc44ec..15d853dd779b 100644
--- a/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/client/BrandingPreferenceRetrievalClient.java
+++ b/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/client/BrandingPreferenceRetrievalClient.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2021-2024, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
@@ -55,6 +55,8 @@ public class BrandingPreferenceRetrievalClient {
private static final String RESOURCE_NAME_URL_SEARCH_PARAM = "name";
private static final String RESOURCE_LOCALE_URL_SEARCH_PARAM = "locale";
private static final String RESOURCE_SCREEN_URL_SEARCH_PARAM = "screen";
+ private static final String RESTRICT_TO_PUBLISHED_URL_SEARCH_PARAM = "restrictToPublished";
+ private static final String TRUE = "true";
/**
* Check for branding preference in the given tenant.
@@ -87,6 +89,8 @@ public JSONObject getPreference(String tenant, String type, String name, String
if (StringUtils.isNotBlank(locale)) {
uriBuilder.addParameter(RESOURCE_LOCALE_URL_SEARCH_PARAM, locale);
}
+
+ uriBuilder.addParameter(RESTRICT_TO_PUBLISHED_URL_SEARCH_PARAM, TRUE);
uri = uriBuilder.build().toString();
if (log.isDebugEnabled()) {
diff --git a/components/identity-mgt/org.wso2.carbon.identity.mgt.ui/pom.xml b/components/identity-mgt/org.wso2.carbon.identity.mgt.ui/pom.xml
index e9de2321e5cf..bb2c7561d48b 100644
--- a/components/identity-mgt/org.wso2.carbon.identity.mgt.ui/pom.xml
+++ b/components/identity-mgt/org.wso2.carbon.identity.mgt.ui/pom.xml
@@ -23,7 +23,7 @@
org.wso2.carbon.identity.framework
identity-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-mgt/org.wso2.carbon.identity.mgt/pom.xml b/components/identity-mgt/org.wso2.carbon.identity.mgt/pom.xml
index edf35a73a2ce..efcdc68d230a 100644
--- a/components/identity-mgt/org.wso2.carbon.identity.mgt/pom.xml
+++ b/components/identity-mgt/org.wso2.carbon.identity.mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/identity-mgt/pom.xml b/components/identity-mgt/pom.xml
index 67c039c2427c..6a4d9ff8d920 100644
--- a/components/identity-mgt/pom.xml
+++ b/components/identity-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/pom.xml b/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/pom.xml
index 23b7d6e7bf0c..020566e031a8 100644
--- a/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/pom.xml
+++ b/components/idp-mgt/org.wso2.carbon.idp.mgt.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-provider-management
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/idp-mgt/org.wso2.carbon.idp.mgt/pom.xml b/components/idp-mgt/org.wso2.carbon.idp.mgt/pom.xml
index 2e703910b5ea..6f851210fae5 100644
--- a/components/idp-mgt/org.wso2.carbon.idp.mgt/pom.xml
+++ b/components/idp-mgt/org.wso2.carbon.idp.mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-provider-management
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java b/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java
index 5fbf611c12c8..3c382c249765 100644
--- a/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java
+++ b/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java
@@ -101,6 +101,7 @@
import java.util.stream.Collectors;
import static org.wso2.carbon.identity.core.util.JdbcUtils.isH2DB;
+import static org.wso2.carbon.identity.core.util.JdbcUtils.isOracleDB;
import static org.wso2.carbon.idp.mgt.util.IdPManagementConstants.EMAIL_OTP_AUTHENTICATOR_NAME;
import static org.wso2.carbon.idp.mgt.util.IdPManagementConstants.EMAIL_OTP_ONLY_NUMERIC_CHARS_PROPERTY;
import static org.wso2.carbon.idp.mgt.util.IdPManagementConstants.EMAIL_OTP_USE_ALPHANUMERIC_CHARS_PROPERTY;
@@ -506,8 +507,9 @@ private ResultSet getIdpQueryResultSet(Connection dbConnection, String sortedOrd
prepStmt.setString(prepareStatement.getKey(), prepareStatement.getValue());
}
prepStmt.setInt(filterAttributeValueSize + 1, tenantId);
- prepStmt.setInt(filterAttributeValueSize + 2, offset + limit);
- prepStmt.setInt(filterAttributeValueSize + 3, offset);
+ prepStmt.setInt(filterAttributeValueSize + 2, tenantId);
+ prepStmt.setInt(filterAttributeValueSize + 3, offset + limit);
+ prepStmt.setInt(filterAttributeValueSize + 4, offset);
} else if (databaseProductName.contains("Microsoft")) {
sqlQuery = IdPManagementConstants.SQLQueries.GET_IDP_BY_TENANT_MSSQL;
sqlQuery = appendRequiredAttributes(sqlQuery, requiredAttributes);
@@ -1048,12 +1050,13 @@ private void addIdentityProviderProperties(Connection dbConnection, int idpId,
PreparedStatement prepStmt = null;
try {
+ boolean isOracleDB = isOracleDB();
String sqlStmt = isH2DB() ? IdPManagementConstants.SQLQueries.ADD_IDP_METADATA_H2 :
IdPManagementConstants.SQLQueries.ADD_IDP_METADATA;
prepStmt = dbConnection.prepareStatement(sqlStmt);
for (IdentityProviderProperty property : properties) {
- if (property.getValue() != null) {
+ if (isOracleDB ? StringUtils.isNotEmpty(property.getValue()) : property.getValue() != null) {
prepStmt.setInt(1, idpId);
prepStmt.setString(2, property.getName());
prepStmt.setString(3, property.getValue());
@@ -2237,7 +2240,8 @@ public IdentityProvider getIdPByName(Connection dbConnection, String idPName, in
return idp;
}
- private String resolveAbsoluteURL(String defaultUrlContext, String urlFromConfig, String tenantDomain)
+ private String resolveAbsoluteURL(String defaultUrlContext, String urlFromConfig, String urlFromConfigV2,
+ String tenantDomain)
throws IdentityProviderManagementServerException {
if (!IdentityTenantUtil.isTenantQualifiedUrlsEnabled() && StringUtils.isNotBlank(urlFromConfig)) {
@@ -2248,6 +2252,9 @@ private String resolveAbsoluteURL(String defaultUrlContext, String urlFromConfig
return urlFromConfig;
}
+ if (StringUtils.isNotBlank(urlFromConfigV2)) {
+ return urlFromConfigV2;
+ }
try {
ServiceURLBuilder serviceURLBuilder = ServiceURLBuilder.create().setTenant(tenantDomain);
return serviceURLBuilder.addPath(defaultUrlContext).build().getAbsolutePublicURL();
@@ -2433,7 +2440,7 @@ private String buildSAMLUrl(String urlFromConfigFile, String tenantDomain, Strin
}
}
- return resolveAbsoluteURL(defaultContext, url, tenantDomain);
+ return resolveAbsoluteURL(defaultContext, url, null, tenantDomain);
}
private void addSSOUrlAsDestinationUrl(FederatedAuthenticatorConfig federatedAuthenticatorConfig,
@@ -2511,6 +2518,21 @@ private void fillResidentIdpProperties(IdentityProvider identityProvider, String
String scimGroupsEndpoint;
String scim2UsersEndpoint;
String scim2GroupsEndpoint;
+ String oauth1RequestTokenUrlV2;
+ String oauth1AuthorizeUrlV2;
+ String oauth1AccessTokenUrlV2;
+ String oauth2AuthzEPUrlV2;
+ String oauth2ParEPUrlV2;
+ String oauth2TokenEPUrlV2;
+ String oauth2RevokeEPUrlV2;
+ String oauth2IntrospectEpUrlV2;
+ String oauth2UserInfoEPUrlV2;
+ String oidcCheckSessionEPUrlV2;
+ String oidcLogoutEPUrlV2;
+ String oIDCWebFingerEPUrlV2;
+ String oAuth2DCREPUrlV2;
+ String oAuth2JWKSPageV2;
+ String oIDCDiscoveryEPUrlV2;
openIdUrl = IdentityUtil.getProperty(IdentityConstants.ServerConfig.OPENID_SERVER_URL);
oauth1RequestTokenUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_REQUEST_TOKEN_URL);
@@ -2534,6 +2556,21 @@ private void fillResidentIdpProperties(IdentityProvider identityProvider, String
oAuth2DCREPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_DCR_EP_URL);
oAuth2JWKSPage = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_JWKS_EP_URL);
oIDCDiscoveryEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_DISCOVERY_EP_URL);
+ oauth1RequestTokenUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_REQUEST_TOKEN_URL_V2);
+ oauth1AuthorizeUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_AUTHORIZE_URL_V2);
+ oauth1AccessTokenUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_ACCESSTOKEN_URL_V2);
+ oauth2AuthzEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_AUTHZ_EP_URL_V2);
+ oauth2ParEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_PAR_EP_URL_V2);
+ oauth2TokenEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_TOKEN_EP_URL_V2);
+ oauth2UserInfoEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_USERINFO_EP_URL_V2);
+ oidcCheckSessionEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_CHECK_SESSION_EP_URL_V2);
+ oidcLogoutEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_LOGOUT_EP_URL_V2);
+ oauth2RevokeEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_REVOKE_EP_URL_V2);
+ oauth2IntrospectEpUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_INTROSPECT_EP_URL_V2);
+ oIDCWebFingerEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_WEB_FINGER_EP_URL_V2);
+ oAuth2DCREPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_DCR_EP_URL_V2);
+ oAuth2JWKSPageV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_JWKS_EP_URL_V2);
+ oIDCDiscoveryEPUrlV2 = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_DISCOVERY_EP_URL_V2);
if (StringUtils.isBlank(openIdUrl)) {
openIdUrl = IdentityUtil.getServerURL(IdentityConstants.OpenId.OPENID, true, true);
@@ -2551,24 +2588,37 @@ private void fillResidentIdpProperties(IdentityProvider identityProvider, String
oauth1AccessTokenUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.ACCESS_TOKEN, true, true);
}
- oauth2AuthzEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.AUTHORIZE, oauth2AuthzEPUrl, tenantDomain);
- oauth2ParEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.PAR, oauth2ParEPUrl, tenantDomain);
- oauth2TokenEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.TOKEN, oauth2TokenEPUrl, tenantDomain);
- oauth2RevokeEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.REVOKE, oauth2RevokeEPUrl, tenantDomain);
- oauth2IntrospectEpUrl = resolveAbsoluteURL(IdentityConstants.OAuth.INTROSPECT, oauth2IntrospectEpUrl,
+ oauth2AuthzEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.AUTHORIZE, oauth2AuthzEPUrl, oauth2AuthzEPUrlV2,
+ tenantDomain);
+ oauth2ParEPUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.PAR, oauth2ParEPUrl, oauth2ParEPUrlV2, tenantDomain);
+ oauth2TokenEPUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.TOKEN, oauth2TokenEPUrl, oauth2TokenEPUrlV2, tenantDomain);
+ oauth2RevokeEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.REVOKE, oauth2RevokeEPUrl, oauth2RevokeEPUrlV2,
+ tenantDomain);
+ oauth2IntrospectEpUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.INTROSPECT, oauth2IntrospectEpUrl, oauth2IntrospectEpUrlV2,
tenantDomain);
oauth2IntrospectEpUrl = addTenantPathParamInLegacyMode(oauth2IntrospectEpUrl, tenantDomain);
- oauth2UserInfoEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.USERINFO, oauth2UserInfoEPUrl, tenantDomain);
+ oauth2UserInfoEPUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.USERINFO, oauth2UserInfoEPUrl, oauth2UserInfoEPUrlV2,
+ tenantDomain);
oidcCheckSessionEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.CHECK_SESSION, oidcCheckSessionEPUrl,
+ oidcCheckSessionEPUrlV2,
tenantDomain);
- oidcLogoutEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.LOGOUT, oidcLogoutEPUrl,tenantDomain);
- oAuth2DCREPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.DCR, oAuth2DCREPUrl, tenantDomain);
+ oidcLogoutEPUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.LOGOUT, oidcLogoutEPUrl, oidcLogoutEPUrlV2, tenantDomain);
+ oAuth2DCREPUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.DCR, oAuth2DCREPUrl, oAuth2DCREPUrlV2, tenantDomain);
oAuth2DCREPUrl = addTenantPathParamInLegacyMode(oAuth2DCREPUrl, tenantDomain);
- oAuth2JWKSPage = resolveAbsoluteURL(IdentityConstants.OAuth.JWKS, oAuth2JWKSPage, tenantDomain);
+ oAuth2JWKSPage =
+ resolveAbsoluteURL(IdentityConstants.OAuth.JWKS, oAuth2JWKSPage, oAuth2JWKSPageV2, tenantDomain);
oAuth2JWKSPage = addTenantPathParamInLegacyMode(oAuth2JWKSPage, tenantDomain);
- oIDCDiscoveryEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.DISCOVERY, oIDCDiscoveryEPUrl, tenantDomain);
+ oIDCDiscoveryEPUrl =
+ resolveAbsoluteURL(IdentityConstants.OAuth.DISCOVERY, oIDCDiscoveryEPUrl, oIDCDiscoveryEPUrlV2,
+ tenantDomain);
oIDCDiscoveryEPUrl = addTenantPathParamInLegacyMode(oIDCDiscoveryEPUrl, tenantDomain);
- passiveStsUrl = resolveAbsoluteURL(IdentityConstants.STS.PASSIVE_STS, passiveStsUrl, tenantDomain);
+ passiveStsUrl = resolveAbsoluteURL(IdentityConstants.STS.PASSIVE_STS, passiveStsUrl, null, tenantDomain);
// If sts url is configured in file, change it according to tenant domain. If not configured, add a default url
if (StringUtils.isNotBlank(stsUrl)) {
@@ -2691,21 +2741,24 @@ private void fillResidentIdpProperties(IdentityProvider identityProvider, String
IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL) == null) {
Property oauth1ReqTokUrlProp = new Property();
oauth1ReqTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL);
- oauth1ReqTokUrlProp.setValue(oauth1RequestTokenUrl);
+ oauth1ReqTokUrlProp.setValue(
+ StringUtils.isNotBlank(oauth1RequestTokenUrlV2) ? oauth1RequestTokenUrlV2 : oauth1RequestTokenUrl);
propertiesList.add(oauth1ReqTokUrlProp);
}
if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(),
IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL) == null) {
Property oauth1AuthzUrlProp = new Property();
oauth1AuthzUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL);
- oauth1AuthzUrlProp.setValue(oauth1AuthorizeUrl);
+ oauth1AuthzUrlProp.setValue(
+ StringUtils.isNotBlank(oauth1AuthorizeUrlV2) ? oauth1AuthorizeUrlV2 : oauth1AuthorizeUrl);
propertiesList.add(oauth1AuthzUrlProp);
}
if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(),
IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL) == null) {
Property oauth1AccessTokUrlProp = new Property();
oauth1AccessTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL);
- oauth1AccessTokUrlProp.setValue(oauth1AccessTokenUrl);
+ oauth1AccessTokUrlProp.setValue(
+ StringUtils.isNotBlank(oauth1AccessTokenUrlV2) ? oauth1AccessTokenUrlV2 : oauth1AccessTokenUrl);
propertiesList.add(oauth1AccessTokUrlProp);
}
oauth1FedAuthn.setProperties(propertiesList.toArray(new Property[0]));
@@ -2766,7 +2819,8 @@ private void fillResidentIdpProperties(IdentityProvider identityProvider, String
IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_DCR_EP_URL);
propertiesList.add(dcrUrlProp);
- Property webFingerUrlProp = resolveFedAuthnProperty(oIDCWebFingerEPUrl, oidcFedAuthn,
+ Property webFingerUrlProp = resolveFedAuthnProperty(
+ StringUtils.isNotBlank(oIDCWebFingerEPUrlV2) ? oIDCWebFingerEPUrlV2 : oIDCWebFingerEPUrl, oidcFedAuthn,
IdentityApplicationConstants.Authenticator.OIDC.OIDC_WEB_FINGER_EP_URL);
propertiesList.add(webFingerUrlProp);
diff --git a/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java b/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java
index 59c319745571..0cfbadd94eac 100644
--- a/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java
+++ b/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java
@@ -185,8 +185,8 @@ public static class SQLQueries {
public static final String FROM = " FROM ( ";
public static final String GET_IDP_BY_TENANT_ORACLE_TAIL = "TENANT_ID = ? AND NAME != '" + RESIDENT_IDP + "' " +
- "AND IDP.ID NOT IN (SELECT IDP_ID FROM IDP_METADATA WHERE TENANT_ID = IDP.TENANT_ID AND " +
- "NAME = 'isSystemReservedIdP' AND \"VALUE\" = 'true'0 AND ROWNUM <= ?) WHERE rnum > ?";
+ "AND ID NOT IN (SELECT IDP_ID FROM IDP_METADATA WHERE TENANT_ID = ? AND " +
+ "NAME = 'isSystemReservedIdP' AND \"VALUE\" = 'true') AND ROWNUM <= ?) WHERE rnum > ?";
public static final String GET_IDP_BY_TENANT_POSTGRESQL =
@@ -194,7 +194,7 @@ public static class SQLQueries {
public static final String GET_IDP_BY_TENANT_POSTGRESQL_TAIL = "TENANT_ID = ? AND NAME != '" + RESIDENT_IDP + "' " +
"AND IDP.ID NOT IN (SELECT IDP_ID FROM IDP_METADATA WHERE TENANT_ID = IDP.TENANT_ID AND " +
- "NAME = 'isSystemReservedIdP' AND \"VALUE\" = 'true') ORDER BY %s LIMIT ? OFFSET ?";
+ "NAME = 'isSystemReservedIdP' AND VALUE = 'true') ORDER BY %s LIMIT ? OFFSET ?";
public static final String GET_IDP_BY_TENANT_INFORMIX =
"SELECT SKIP ? FIRST ? ID, NAME, DESCRIPTION, IS_ENABLED, IMAGE_URL, UUID ";
@@ -527,12 +527,12 @@ public static class SQLQueries {
"SP_AUTH_STEP.APP_ID=SP_APP.ID WHERE AUTHENTICATOR_ID = (SELECT ID FROM IDP_AUTHENTICATOR WHERE " +
"NAME=? AND TENANT_ID=?) UNION SELECT SP_APP.UUID FROM SP_PROVISIONING_CONNECTOR INNER JOIN SP_APP ON " +
"SP_PROVISIONING_CONNECTOR.APP_ID = SP_APP.ID WHERE SP_APP.TENANT_ID=? AND IDP_NAME=? LIMIT ?,?";
- public static final String GET_CONNECTED_APPS_LOCAL_ORACLE = "SELECT UUID FROM (SELECT UUID, ROWNUM AS RNUM FROM ( " +
- "SELECT UUID FROM (SP_AUTH_STEP INNER JOIN SP_FEDERATED_IDP ON SP_AUTH_STEP.ID = SP_FEDERATED_IDP.ID)" +
+ public static final String GET_CONNECTED_APPS_LOCAL_ORACLE = "SELECT UUID FROM (SELECT UUID, ROWNUM AS RNUM FROM (" +
+ "(SELECT SP_APP.UUID FROM SP_AUTH_STEP INNER JOIN SP_FEDERATED_IDP ON SP_AUTH_STEP.ID = SP_FEDERATED_IDP.ID" +
" INNER JOIN SP_APP ON SP_AUTH_STEP.APP_ID = SP_APP.ID WHERE AUTHENTICATOR_ID = ( SELECT ID FROM " +
- "IDP_AUTHENTICATOR WHERE IDP_ID = NAME=? AND TENANT_ID=?) UNION (SELECT SP_APP.UUID, " +
+ "IDP_AUTHENTICATOR WHERE NAME=? AND TENANT_ID=?)) UNION (SELECT SP_APP.UUID " +
"FROM SP_PROVISIONING_CONNECTOR INNER JOIN SP_APP ON " +
- " SP_PROVISIONING_CONNECTOR.APP_ID = SP_APP.ID WHERE SP_APP.TENANT_ID = ? AND IDP_NAME=?) " +
+ " SP_PROVISIONING_CONNECTOR.APP_ID = SP_APP.ID WHERE SP_APP.TENANT_ID = ? AND IDP_NAME=?)) " +
"WHERE ROWNUM <= ?) WHERE RNUM > ?";
public static final String GET_CONNECTED_APPS_LOCAL_MSSQL = "(SELECT UUID, SP_APP.ID FROM SP_AUTH_STEP INNER JOIN " +
"SP_FEDERATED_IDP ON SP_AUTH_STEP.ID=SP_FEDERATED_IDP.ID INNER JOIN SP_APP ON SP_AUTH_STEP" +
diff --git a/components/idp-mgt/pom.xml b/components/idp-mgt/pom.xml
index 252e705ae07b..79e5025882f0 100644
--- a/components/idp-mgt/pom.xml
+++ b/components/idp-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/pom.xml b/components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/pom.xml
index e1bf9291710f..85573ae1c2e9 100644
--- a/components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/pom.xml
+++ b/components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
input-validation-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/input-validation-mgt/pom.xml b/components/input-validation-mgt/pom.xml
index ae6ac43858f6..ce2eb0c31364 100644
--- a/components/input-validation-mgt/pom.xml
+++ b/components/input-validation-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt/pom.xml b/components/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt/pom.xml
index 12d17caf5417..1ed68a06e491 100644
--- a/components/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt/pom.xml
+++ b/components/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt/pom.xml
@@ -21,7 +21,7 @@
multi-attribute-login
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/components/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt/pom.xml b/components/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt/pom.xml
index 725b3f61a3ef..9b0d0afdcb32 100644
--- a/components/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt/pom.xml
+++ b/components/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt/pom.xml
@@ -21,7 +21,7 @@
multi-attribute-login
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/components/multi-attribute-login/pom.xml b/components/multi-attribute-login/pom.xml
index 2aa2e3fe41c3..c9a7687e3924 100644
--- a/components/multi-attribute-login/pom.xml
+++ b/components/multi-attribute-login/pom.xml
@@ -21,7 +21,7 @@
identity-framework
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/components/notification-mgt/org.wso2.carbon.identity.notification.mgt/pom.xml b/components/notification-mgt/org.wso2.carbon.identity.notification.mgt/pom.xml
index 936ef2abb053..d3adbfa44bf2 100644
--- a/components/notification-mgt/org.wso2.carbon.identity.notification.mgt/pom.xml
+++ b/components/notification-mgt/org.wso2.carbon.identity.notification.mgt/pom.xml
@@ -23,7 +23,7 @@
org.wso2.carbon.identity.framework
notification-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/notification-mgt/pom.xml b/components/notification-mgt/pom.xml
index 9ad871b78c92..4a93fc16362b 100644
--- a/components/notification-mgt/pom.xml
+++ b/components/notification-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/policy-editor/org.wso2.carbon.policyeditor.ui/pom.xml b/components/policy-editor/org.wso2.carbon.policyeditor.ui/pom.xml
index 5cb709aa0a65..1432aa1ff38c 100644
--- a/components/policy-editor/org.wso2.carbon.policyeditor.ui/pom.xml
+++ b/components/policy-editor/org.wso2.carbon.policyeditor.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
policy-editor
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/policy-editor/org.wso2.carbon.policyeditor/pom.xml b/components/policy-editor/org.wso2.carbon.policyeditor/pom.xml
index 053279211e01..67912c983801 100644
--- a/components/policy-editor/org.wso2.carbon.policyeditor/pom.xml
+++ b/components/policy-editor/org.wso2.carbon.policyeditor/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
policy-editor
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/policy-editor/org.wso2.carbon.policyeditor/src/main/java/org/wso2/carbon/policyeditor/PolicyEditorService.java b/components/policy-editor/org.wso2.carbon.policyeditor/src/main/java/org/wso2/carbon/policyeditor/PolicyEditorService.java
index 50966d720127..4d1c2c87a197 100644
--- a/components/policy-editor/org.wso2.carbon.policyeditor/src/main/java/org/wso2/carbon/policyeditor/PolicyEditorService.java
+++ b/components/policy-editor/org.wso2.carbon.policyeditor/src/main/java/org/wso2/carbon/policyeditor/PolicyEditorService.java
@@ -21,6 +21,7 @@
import org.apache.axis2.AxisFault;
import org.apache.commons.io.Charsets;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.serialize.OutputFormat;
@@ -39,14 +40,19 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
-
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
public class PolicyEditorService {
private static final Log log = LogFactory.getLog(PolicyEditorService.class);
// The location of the XSD file resources
private static final String ORG_WSO2_CARBON_POLICYEDITOR_XSD = "/org/wso2/carbon/policyeditor/xsd/";
-
+ private static final String POLICY_EDITOR_SERVICE_GET_POLICY_DOC_ALLOWED_URLS =
+ "AdminServices.PolicyEditorService.GetPolicyDoc.AllowedURLs";
+ private static final String MULTI_ATTRIBUTE_SEPARATOR = ",";
+ private static List ALLOWED_URLS;
/**
* Retrieves a Policy document from a given URL
@@ -56,6 +62,10 @@ public class PolicyEditorService {
* @throws AxisFault
*/
public String getPolicyDoc(String policyURL) throws AxisFault {
+
+ if (!getAllowedUrls().contains(policyURL)) {
+ throw new AxisFault("Policy document retrieval is disabled for the given URL.");
+ }
String policy = "";
// Open a stream to the policy file using the URL.
@@ -198,4 +208,17 @@ public String formatXML(String xml) {
return "";
}
+ private static List getAllowedUrls() {
+
+ if (ALLOWED_URLS == null) {
+ if (StringUtils.isNotBlank(IdentityUtil.getProperty(POLICY_EDITOR_SERVICE_GET_POLICY_DOC_ALLOWED_URLS))) {
+ ALLOWED_URLS = Arrays.asList(IdentityUtil.getProperty(POLICY_EDITOR_SERVICE_GET_POLICY_DOC_ALLOWED_URLS)
+ .split(MULTI_ATTRIBUTE_SEPARATOR));
+ } else {
+ ALLOWED_URLS = new ArrayList<>();
+ }
+ }
+ return ALLOWED_URLS;
+ }
+
}
diff --git a/components/policy-editor/org.wso2.carbon.policyeditor/src/main/resources/META-INF/services.xml b/components/policy-editor/org.wso2.carbon.policyeditor/src/main/resources/META-INF/services.xml
index b5a92dd20124..1d5e8a4a4da4 100644
--- a/components/policy-editor/org.wso2.carbon.policyeditor/src/main/resources/META-INF/services.xml
+++ b/components/policy-editor/org.wso2.carbon.policyeditor/src/main/resources/META-INF/services.xml
@@ -37,6 +37,8 @@
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
org.wso2.carbon.policyeditor.PolicyEditorService
+ true
+ /permission/admin/manage/identity/entitlement
diff --git a/components/policy-editor/pom.xml b/components/policy-editor/pom.xml
index 19e8a1da2841..e31b5f5513df 100644
--- a/components/policy-editor/pom.xml
+++ b/components/policy-editor/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/provisioning/org.wso2.carbon.identity.provisioning/pom.xml b/components/provisioning/org.wso2.carbon.identity.provisioning/pom.xml
index 7e31c766276c..c4fef30f077b 100644
--- a/components/provisioning/org.wso2.carbon.identity.provisioning/pom.xml
+++ b/components/provisioning/org.wso2.carbon.identity.provisioning/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
provisioning
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/provisioning/pom.xml b/components/provisioning/pom.xml
index 9e7609034e0c..cbd4fd329281 100644
--- a/components/provisioning/pom.xml
+++ b/components/provisioning/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/pom.xml b/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/pom.xml
index 7b6fd1495257..0752bca63237 100644
--- a/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/pom.xml
+++ b/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
role-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/src/main/java/org/wso2/carbon/identity/role/mgt/core/dao/SQLQueries.java b/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/src/main/java/org/wso2/carbon/identity/role/mgt/core/dao/SQLQueries.java
index 64eee5d4d885..e283310bb0d5 100644
--- a/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/src/main/java/org/wso2/carbon/identity/role/mgt/core/dao/SQLQueries.java
+++ b/components/role-mgt/org.wso2.carbon.identity.role.mgt.core/src/main/java/org/wso2/carbon/identity/role/mgt/core/dao/SQLQueries.java
@@ -112,7 +112,7 @@ public class SQLQueries {
"ORDER BY UM_ID DESC) WHERE rownum <= :END_INDEX;) WHERE rnum > :ZERO_BASED_START_INDEX;";
public static final String GET_ROLES_BY_TENANT_WITH_UUID_ORACLE = "SELECT UM_ROLE_NAME, UM_UUID FROM (SELECT " +
- "UM_ROLE_NAME, rownum AS rnum FROM (SELECT UM_ROLE_NAME, UM_UUID FROM UM_HYBRID_ROLE WHERE " +
+ "UM_ROLE_NAME, UM_UUID, rownum AS rnum FROM (SELECT UM_ROLE_NAME, UM_UUID FROM UM_HYBRID_ROLE WHERE " +
"UM_TENANT_ID=:UM_TENANT_ID; ORDER BY UM_ID DESC) WHERE rownum <= :END_INDEX;) " +
"WHERE rnum > :ZERO_BASED_START_INDEX;";
diff --git a/components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/pom.xml b/components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/pom.xml
index a02b73a0a384..829c7ad6166a 100644
--- a/components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/pom.xml
+++ b/components/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
role-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/role-mgt/pom.xml b/components/role-mgt/pom.xml
index dcc1f84a2951..650b583719b5 100644
--- a/components/role-mgt/pom.xml
+++ b/components/role-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/pom.xml b/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/pom.xml
index 6e9988de9331..f2b281bee500 100644
--- a/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/pom.xml
+++ b/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/pom.xml
@@ -19,7 +19,7 @@
org.wso2.carbon.identity.framework
secret-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
4.0.0
diff --git a/components/secret-mgt/pom.xml b/components/secret-mgt/pom.xml
index 24b3ab5a32a2..10a42c66c10d 100644
--- a/components/secret-mgt/pom.xml
+++ b/components/secret-mgt/pom.xml
@@ -19,7 +19,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/security-mgt/org.wso2.carbon.security.mgt.ui/pom.xml b/components/security-mgt/org.wso2.carbon.security.mgt.ui/pom.xml
index c23f15c325ff..e610e250ca4a 100644
--- a/components/security-mgt/org.wso2.carbon.security.mgt.ui/pom.xml
+++ b/components/security-mgt/org.wso2.carbon.security.mgt.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
security-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/security-mgt/org.wso2.carbon.security.mgt/pom.xml b/components/security-mgt/org.wso2.carbon.security.mgt/pom.xml
index e93f31353812..2e77a4734585 100644
--- a/components/security-mgt/org.wso2.carbon.security.mgt/pom.xml
+++ b/components/security-mgt/org.wso2.carbon.security.mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
security-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/security-mgt/pom.xml b/components/security-mgt/pom.xml
index cf508c796127..ca438881f6ff 100644
--- a/components/security-mgt/pom.xml
+++ b/components/security-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/template-mgt/org.wso2.carbon.identity.template.mgt.ui/pom.xml b/components/template-mgt/org.wso2.carbon.identity.template.mgt.ui/pom.xml
index f445fc35370c..2ece3c4d2124 100644
--- a/components/template-mgt/org.wso2.carbon.identity.template.mgt.ui/pom.xml
+++ b/components/template-mgt/org.wso2.carbon.identity.template.mgt.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
template-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/components/template-mgt/org.wso2.carbon.identity.template.mgt/pom.xml b/components/template-mgt/org.wso2.carbon.identity.template.mgt/pom.xml
index 6cccfbb3b111..891112181d18 100644
--- a/components/template-mgt/org.wso2.carbon.identity.template.mgt/pom.xml
+++ b/components/template-mgt/org.wso2.carbon.identity.template.mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
template-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/components/template-mgt/pom.xml b/components/template-mgt/pom.xml
index b0ba7f2a997d..9449d3605b8d 100644
--- a/components/template-mgt/pom.xml
+++ b/components/template-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt/pom.xml b/components/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt/pom.xml
index 640670ee6d5b..222f7d98d9c4 100644
--- a/components/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt/pom.xml
+++ b/components/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
trusted-app-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/trusted-app-mgt/pom.xml b/components/trusted-app-mgt/pom.xml
index 945ba949ca01..e2191200c1a8 100644
--- a/components/trusted-app-mgt/pom.xml
+++ b/components/trusted-app-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt/pom.xml b/components/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt/pom.xml
index f9bef107a738..dfbc55479a9f 100644
--- a/components/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt/pom.xml
+++ b/components/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt/pom.xml
@@ -21,7 +21,7 @@
user-functionality-mgt
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
4.0.0
diff --git a/components/user-functionality-mgt/pom.xml b/components/user-functionality-mgt/pom.xml
index bbd5ff6daed0..4369186cc14f 100644
--- a/components/user-functionality-mgt/pom.xml
+++ b/components/user-functionality-mgt/pom.xml
@@ -21,7 +21,7 @@
identity-framework
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.identity.user.profile.ui/pom.xml b/components/user-mgt/org.wso2.carbon.identity.user.profile.ui/pom.xml
index ed13a72ff8a8..8e924b5c2ef9 100644
--- a/components/user-mgt/org.wso2.carbon.identity.user.profile.ui/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.identity.user.profile.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.identity.user.profile/pom.xml b/components/user-mgt/org.wso2.carbon.identity.user.profile/pom.xml
index 4e18e515a5f5..c25152e14e29 100644
--- a/components/user-mgt/org.wso2.carbon.identity.user.profile/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.identity.user.profile/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.identity.user.registration/pom.xml b/components/user-mgt/org.wso2.carbon.identity.user.registration/pom.xml
index 0f4cacc385fa..6f3f1f96b3ee 100644
--- a/components/user-mgt/org.wso2.carbon.identity.user.registration/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.identity.user.registration/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.role.mgt.ui/pom.xml b/components/user-mgt/org.wso2.carbon.role.mgt.ui/pom.xml
index 06de6a4f1b0a..a56e62a54552 100644
--- a/components/user-mgt/org.wso2.carbon.role.mgt.ui/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.role.mgt.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.user.mgt.common/pom.xml b/components/user-mgt/org.wso2.carbon.user.mgt.common/pom.xml
index cbd17d2f82fe..6a23dc3a2a22 100644
--- a/components/user-mgt/org.wso2.carbon.user.mgt.common/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.user.mgt.common/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.user.mgt.ui/pom.xml b/components/user-mgt/org.wso2.carbon.user.mgt.ui/pom.xml
index a2ed33deb2a3..52dedca2a8d6 100644
--- a/components/user-mgt/org.wso2.carbon.user.mgt.ui/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.user.mgt.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/userstore/user-role-search.jsp b/components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/userstore/user-role-search.jsp
index 35d91d7616c9..0c08a6562d66 100644
--- a/components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/userstore/user-role-search.jsp
+++ b/components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/userstore/user-role-search.jsp
@@ -68,6 +68,7 @@
}
String functionForGetAllItems = request.getParameter("function-get-all-items");
+ functionForGetAllItems = Encode.forJavaScript(functionForGetAllItems);
boolean error = false;
boolean newFilter = false;
@@ -310,7 +311,7 @@
registerNavigateEvent = registerNavigateParam ;
}
- var registerGetSelectedItem = '<%=Encode.forJavaScript(functionForGetAllItems)%>';
+ var registerGetSelectedItem = <%= functionForGetAllItems %> ;
function doSearch(status, data){
if(registerSearchResult!=null){
@@ -717,4 +718,4 @@
<%
}
-%>
\ No newline at end of file
+%>
diff --git a/components/user-mgt/org.wso2.carbon.user.mgt/pom.xml b/components/user-mgt/org.wso2.carbon.user.mgt/pom.xml
index 585feeb86b00..66fcc6c32070 100644
--- a/components/user-mgt/org.wso2.carbon.user.mgt/pom.xml
+++ b/components/user-mgt/org.wso2.carbon.user.mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-mgt/pom.xml b/components/user-mgt/pom.xml
index db5c2a1a6eba..786ead0271ba 100644
--- a/components/user-mgt/pom.xml
+++ b/components/user-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/components/user-store/org.wso2.carbon.identity.user.store.configuration.deployer/pom.xml b/components/user-store/org.wso2.carbon.identity.user.store.configuration.deployer/pom.xml
index 44526b062c48..40635146bc13 100644
--- a/components/user-store/org.wso2.carbon.identity.user.store.configuration.deployer/pom.xml
+++ b/components/user-store/org.wso2.carbon.identity.user.store.configuration.deployer/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-store
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-store/org.wso2.carbon.identity.user.store.configuration.ui/pom.xml b/components/user-store/org.wso2.carbon.identity.user.store.configuration.ui/pom.xml
index 9e84c631858c..a0dc36955854 100644
--- a/components/user-store/org.wso2.carbon.identity.user.store.configuration.ui/pom.xml
+++ b/components/user-store/org.wso2.carbon.identity.user.store.configuration.ui/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-store
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-store/org.wso2.carbon.identity.user.store.configuration/pom.xml b/components/user-store/org.wso2.carbon.identity.user.store.configuration/pom.xml
index c7200cea0aaa..04b70e35380d 100644
--- a/components/user-store/org.wso2.carbon.identity.user.store.configuration/pom.xml
+++ b/components/user-store/org.wso2.carbon.identity.user.store.configuration/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-store
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-store/org.wso2.carbon.identity.user.store.count/pom.xml b/components/user-store/org.wso2.carbon.identity.user.store.count/pom.xml
index e57152659717..ad6d764ca901 100644
--- a/components/user-store/org.wso2.carbon.identity.user.store.count/pom.xml
+++ b/components/user-store/org.wso2.carbon.identity.user.store.count/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-store
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/components/user-store/pom.xml b/components/user-store/pom.xml
index 914d7273ae22..7f5b319c7a44 100644
--- a/components/user-store/pom.xml
+++ b/components/user-store/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/action-mgt/org.wso2.carbon.identity.action.management.server.feature/pom.xml b/features/action-mgt/org.wso2.carbon.identity.action.management.server.feature/pom.xml
index 5e9e1b46e9f8..4051cf5483d3 100644
--- a/features/action-mgt/org.wso2.carbon.identity.action.management.server.feature/pom.xml
+++ b/features/action-mgt/org.wso2.carbon.identity.action.management.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
action-management-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/action-mgt/pom.xml b/features/action-mgt/pom.xml
index 6c8bc87b7683..08ecaa76c46b 100644
--- a/features/action-mgt/pom.xml
+++ b/features/action-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml
index 2291509d7735..451dfe21414a 100644
--- a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
api-resource-management-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/api-resource-collection.xml b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/api-resource-collection.xml
index 0eedca10580d..9cdce3f2e982 100644
--- a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/api-resource-collection.xml
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/api-resource-collection.xml
@@ -67,6 +67,7 @@
+
@@ -719,6 +720,7 @@
+
diff --git a/features/api-resource-mgt/pom.xml b/features/api-resource-mgt/pom.xml
index 550693994805..7dc09dc7f4ab 100644
--- a/features/api-resource-mgt/pom.xml
+++ b/features/api-resource-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/application-mgt/org.wso2.carbon.identity.application.mgt.feature/pom.xml b/features/application-mgt/org.wso2.carbon.identity.application.mgt.feature/pom.xml
index 12e9c6709944..a3da198ceb5b 100644
--- a/features/application-mgt/org.wso2.carbon.identity.application.mgt.feature/pom.xml
+++ b/features/application-mgt/org.wso2.carbon.identity.application.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
application-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml b/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml
index f9f44cd13436..6d5575fd22e0 100644
--- a/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml
+++ b/features/application-mgt/org.wso2.carbon.identity.application.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
application-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/application-mgt/org.wso2.carbon.identity.application.mgt.ui.feature/pom.xml b/features/application-mgt/org.wso2.carbon.identity.application.mgt.ui.feature/pom.xml
index a10263bcea02..90d5f7a402cc 100644
--- a/features/application-mgt/org.wso2.carbon.identity.application.mgt.ui.feature/pom.xml
+++ b/features/application-mgt/org.wso2.carbon.identity.application.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
application-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/application-mgt/pom.xml b/features/application-mgt/pom.xml
index 3733c0661533..cd22328c325c 100644
--- a/features/application-mgt/pom.xml
+++ b/features/application-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/authentication-framework/org.wso2.carbon.identity.application.authentication.framework.server.feature/pom.xml b/features/authentication-framework/org.wso2.carbon.identity.application.authentication.framework.server.feature/pom.xml
index 7afb3914831e..3b27ffdf8121 100644
--- a/features/authentication-framework/org.wso2.carbon.identity.application.authentication.framework.server.feature/pom.xml
+++ b/features/authentication-framework/org.wso2.carbon.identity.application.authentication.framework.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
authentication-framework-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/authentication-framework/pom.xml b/features/authentication-framework/pom.xml
index eefbfeaa26b1..34ae55452eb5 100644
--- a/features/authentication-framework/pom.xml
+++ b/features/authentication-framework/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/carbon-authenticators/pom.xml b/features/carbon-authenticators/pom.xml
index d12914d4799b..73f08267c8dc 100644
--- a/features/carbon-authenticators/pom.xml
+++ b/features/carbon-authenticators/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/carbon-authenticators/thrift-authenticator/org.wso2.carbon.identity.thrift.authentication.feature/pom.xml b/features/carbon-authenticators/thrift-authenticator/org.wso2.carbon.identity.thrift.authentication.feature/pom.xml
index 8887c60e8ada..79624ec66904 100644
--- a/features/carbon-authenticators/thrift-authenticator/org.wso2.carbon.identity.thrift.authentication.feature/pom.xml
+++ b/features/carbon-authenticators/thrift-authenticator/org.wso2.carbon.identity.thrift.authentication.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
thrift-authenticator-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/carbon-authenticators/thrift-authenticator/pom.xml b/features/carbon-authenticators/thrift-authenticator/pom.xml
index 41a16f4f2220..8fa51e5275fd 100644
--- a/features/carbon-authenticators/thrift-authenticator/pom.xml
+++ b/features/carbon-authenticators/thrift-authenticator/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-authenticator-features
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/categories/authorization/pom.xml b/features/categories/authorization/pom.xml
index 513d02a6b387..06dace844949 100644
--- a/features/categories/authorization/pom.xml
+++ b/features/categories/authorization/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/inbound-authentication/pom.xml b/features/categories/inbound-authentication/pom.xml
index 36a95c85a329..c9a36c3771ea 100644
--- a/features/categories/inbound-authentication/pom.xml
+++ b/features/categories/inbound-authentication/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/inbound-provisioning/pom.xml b/features/categories/inbound-provisioning/pom.xml
index 7f67b8ed9f51..23ca190d5382 100644
--- a/features/categories/inbound-provisioning/pom.xml
+++ b/features/categories/inbound-provisioning/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/keystore-mgt/pom.xml b/features/categories/keystore-mgt/pom.xml
index 642db5a5716d..ba96ac30ff5c 100644
--- a/features/categories/keystore-mgt/pom.xml
+++ b/features/categories/keystore-mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/notification-mgt/pom.xml b/features/categories/notification-mgt/pom.xml
index afe79d8a7672..8b159faecb69 100644
--- a/features/categories/notification-mgt/pom.xml
+++ b/features/categories/notification-mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/outbound-authentication/pom.xml b/features/categories/outbound-authentication/pom.xml
index 1a72eb30dc02..f87b9b594202 100644
--- a/features/categories/outbound-authentication/pom.xml
+++ b/features/categories/outbound-authentication/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/outbound-provisioning/pom.xml b/features/categories/outbound-provisioning/pom.xml
index 5d397bbcb16f..4d1bbc1b3a5f 100644
--- a/features/categories/outbound-provisioning/pom.xml
+++ b/features/categories/outbound-provisioning/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/categories/pom.xml b/features/categories/pom.xml
index 8cd0d2bb4aa3..9304ffa34104 100644
--- a/features/categories/pom.xml
+++ b/features/categories/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/categories/user-mgt/pom.xml b/features/categories/user-mgt/pom.xml
index 08cefd322637..cb45dcf4db9b 100644
--- a/features/categories/user-mgt/pom.xml
+++ b/features/categories/user-mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../../pom.xml
diff --git a/features/central-logger/org.wso2.carbon.identity.central.log.mgt.server.feature/pom.xml b/features/central-logger/org.wso2.carbon.identity.central.log.mgt.server.feature/pom.xml
index 313afeae29f6..9ee95e5d0891 100644
--- a/features/central-logger/org.wso2.carbon.identity.central.log.mgt.server.feature/pom.xml
+++ b/features/central-logger/org.wso2.carbon.identity.central.log.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
central-logger-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/central-logger/pom.xml b/features/central-logger/pom.xml
index 172ce6bec49f..8d4a53265694 100644
--- a/features/central-logger/pom.xml
+++ b/features/central-logger/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/claim-mgt/org.wso2.carbon.claim.mgt.feature/pom.xml b/features/claim-mgt/org.wso2.carbon.claim.mgt.feature/pom.xml
index 8c24ed812c46..493df2719983 100644
--- a/features/claim-mgt/org.wso2.carbon.claim.mgt.feature/pom.xml
+++ b/features/claim-mgt/org.wso2.carbon.claim.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
claim-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/claim-mgt/org.wso2.carbon.claim.mgt.server.feature/pom.xml b/features/claim-mgt/org.wso2.carbon.claim.mgt.server.feature/pom.xml
index abd429e5f0c6..00c468a1ae4e 100644
--- a/features/claim-mgt/org.wso2.carbon.claim.mgt.server.feature/pom.xml
+++ b/features/claim-mgt/org.wso2.carbon.claim.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
claim-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/claim-mgt/org.wso2.carbon.claim.mgt.ui.feature/pom.xml b/features/claim-mgt/org.wso2.carbon.claim.mgt.ui.feature/pom.xml
index 4382811f7891..2fac4795ab30 100644
--- a/features/claim-mgt/org.wso2.carbon.claim.mgt.ui.feature/pom.xml
+++ b/features/claim-mgt/org.wso2.carbon.claim.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
claim-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/claim-mgt/pom.xml b/features/claim-mgt/pom.xml
index 347188a26ecf..bc3673bbbd22 100644
--- a/features/claim-mgt/pom.xml
+++ b/features/claim-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt.server.feature/pom.xml b/features/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt.server.feature/pom.xml
index e1c3ce0dca0c..00b2311ae61a 100644
--- a/features/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt.server.feature/pom.xml
+++ b/features/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt.server.feature/pom.xml
@@ -23,7 +23,7 @@
org.wso2.carbon.identity.framework
client-attestation-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/client-attestation-mgt/pom.xml b/features/client-attestation-mgt/pom.xml
index 43e4925c0a74..bd02dfa9d5e2 100644
--- a/features/client-attestation-mgt/pom.xml
+++ b/features/client-attestation-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.server.feature/pom.xml b/features/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.server.feature/pom.xml
index e901e018d2f2..4ffe66cce943 100644
--- a/features/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.server.feature/pom.xml
+++ b/features/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.server.feature/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
configuration-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/configuration-mgt/pom.xml b/features/configuration-mgt/pom.xml
index 37f93798d44a..949f2b491f15 100644
--- a/features/configuration-mgt/pom.xml
+++ b/features/configuration-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/consent-mgt/org.wso2.carbon.identity.consent.mgt.server.feature/pom.xml b/features/consent-mgt/org.wso2.carbon.identity.consent.mgt.server.feature/pom.xml
index 532cf9c5f484..1c367525bf43 100644
--- a/features/consent-mgt/org.wso2.carbon.identity.consent.mgt.server.feature/pom.xml
+++ b/features/consent-mgt/org.wso2.carbon.identity.consent.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-consent-mgt-aggregator
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/consent-mgt/pom.xml b/features/consent-mgt/pom.xml
index 08b8bc08ba2a..29acb94f5f15 100644
--- a/features/consent-mgt/pom.xml
+++ b/features/consent-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/consent-server-configs-mgt/org.wso2.carbon.identity.consent.server.configs.mgt.server.feature/pom.xml b/features/consent-server-configs-mgt/org.wso2.carbon.identity.consent.server.configs.mgt.server.feature/pom.xml
index d8837e652a54..8ad09f62b71c 100644
--- a/features/consent-server-configs-mgt/org.wso2.carbon.identity.consent.server.configs.mgt.server.feature/pom.xml
+++ b/features/consent-server-configs-mgt/org.wso2.carbon.identity.consent.server.configs.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
consent-server-configs-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/consent-server-configs-mgt/pom.xml b/features/consent-server-configs-mgt/pom.xml
index b6abbd7b0931..55a08b5d1447 100644
--- a/features/consent-server-configs-mgt/pom.xml
+++ b/features/consent-server-configs-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/cors-mgt/org.wso2.carbon.identity.cors.mgt.server.feature/pom.xml b/features/cors-mgt/org.wso2.carbon.identity.cors.mgt.server.feature/pom.xml
index b4cd699f13cb..4df8dab517c3 100644
--- a/features/cors-mgt/org.wso2.carbon.identity.cors.mgt.server.feature/pom.xml
+++ b/features/cors-mgt/org.wso2.carbon.identity.cors.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
cors-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/cors-mgt/pom.xml b/features/cors-mgt/pom.xml
index 47d8909f32db..d7acd3d6ac99 100644
--- a/features/cors-mgt/pom.xml
+++ b/features/cors-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.feature/pom.xml b/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.feature/pom.xml
index 5a5db9c62fa2..cd2691ac4228 100644
--- a/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.feature/pom.xml
+++ b/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
directory-server-manager-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.server.feature/pom.xml b/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.server.feature/pom.xml
index f437a7c2c5f3..6ebd66fa86bd 100644
--- a/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.server.feature/pom.xml
+++ b/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
directory-server-manager-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.ui.feature/pom.xml b/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.ui.feature/pom.xml
index 38a80865e729..f23c33560574 100644
--- a/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.ui.feature/pom.xml
+++ b/features/directory-server-manager/org.wso2.carbon.directory.service.mgr.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
directory-server-manager-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/directory-server-manager/pom.xml b/features/directory-server-manager/pom.xml
index 7ac03c0738e3..4d71eedfcf22 100644
--- a/features/directory-server-manager/pom.xml
+++ b/features/directory-server-manager/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/pom.xml b/features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/pom.xml
index cdb48727f027..a2a6fa1d8b25 100644
--- a/features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/pom.xml
+++ b/features/extension-mgt/org.wso2.carbon.identity.extension.mgt.feature/pom.xml
@@ -19,7 +19,7 @@
extension-management-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
org.wso2.carbon.identity.extension.mgt.feature
diff --git a/features/extension-mgt/pom.xml b/features/extension-mgt/pom.xml
index bb301b6ace16..92aabf65228f 100644
--- a/features/extension-mgt/pom.xml
+++ b/features/extension-mgt/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.feature/pom.xml b/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.feature/pom.xml
index 42afa343ef56..49f84f24e969 100644
--- a/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.feature/pom.xml
+++ b/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
functions-library-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.server.feature/pom.xml b/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.server.feature/pom.xml
index c0833a54b004..334d19821e4c 100644
--- a/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.server.feature/pom.xml
+++ b/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
functions-library-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui.feature/pom.xml b/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui.feature/pom.xml
index f135d4417120..c607bcc53818 100644
--- a/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui.feature/pom.xml
+++ b/features/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
functions-library-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/functions-library-mgt/pom.xml b/features/functions-library-mgt/pom.xml
index 9492137ca412..de9be3099756 100644
--- a/features/functions-library-mgt/pom.xml
+++ b/features/functions-library-mgt/pom.xml
@@ -28,7 +28,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/identity-core/org.wso2.carbon.identity.core.feature/pom.xml b/features/identity-core/org.wso2.carbon.identity.core.feature/pom.xml
index 4775c85bf767..6a47ef0dc08c 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.feature/pom.xml
+++ b/features/identity-core/org.wso2.carbon.identity.core.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-core-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/pom.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/pom.xml
index cd7664f403f1..e05920d625f5 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/pom.xml
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-core-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql
index 665395d96928..7facf6a4d8a0 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql
@@ -2091,6 +2091,188 @@ CREATE TABLE IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
)
/
+CREATE TABLE IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER NOT NULL,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT IDN_OAUTH2_TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_OAUTH2_TOKEN_CLAIMS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_OAUTH2_TOKEN_CLAIMS_TRIG NO CASCADE BEFORE INSERT ON IDN_OAUTH2_TOKEN_CLAIMS
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+ BEGIN ATOMIC
+ SET (NEW.ID)
+ = (NEXTVAL FOR IDN_OAUTH2_TOKEN_CLAIMS_SEQ);
+ END
+/
+
+CREATE TABLE IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BOOLEAN NOT NULL DEFAULT TRUE,
+ IS_IN_PDP BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY CLOB NOT NULL,
+ IS_ACTIVE BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER NOT NULL,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_ATTRIBUTE_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_XACML_POLICY_ATTRIBUTE_TRIGGER NO CASCADE BEFORE INSERT ON IDN_XACML_POLICY_ATTRIBUTE
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+ BEGIN ATOMIC
+ SET (NEW.ID) = (NEXTVAL FOR IDN_XACML_POLICY_ATTRIBUTE_SEQUENCE);
+ END
+/
+
+CREATE TABLE IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER NOT NULL,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_EDITOR_DATA_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_XACML_POLICY_EDITOR_DATA_TRIGGER NO CASCADE BEFORE INSERT ON IDN_XACML_POLICY_EDITOR_DATA
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+ BEGIN ATOMIC
+ SET (NEW.ID) = (NEXTVAL FOR IDN_XACML_POLICY_EDITOR_DATA_SEQUENCE);
+ END
+/
+
+CREATE TABLE IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BOOLEAN NOT NULL DEFAULT FALSE,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BOOLEAN NOT NULL DEFAULT FALSE,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_SUBSCRIBER_STATUS_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_XACML_SUBSCRIBER_STATUS_TRIGGER NO CASCADE BEFORE INSERT ON IDN_XACML_SUBSCRIBER_STATUS
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+ BEGIN ATOMIC
+ SET (NEW.ID) = (NEXTVAL FOR IDN_XACML_SUBSCRIBER_STATUS_SEQUENCE);
+ END
+/
+
+CREATE TABLE IDN_XACML_POLICY_STATUS (
+ ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_STATUS_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_XACML_POLICY_STATUS_TRIGGER NO CASCADE BEFORE INSERT ON IDN_XACML_POLICY_STATUS
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+ BEGIN ATOMIC
+ SET (NEW.ID) = (NEXTVAL FOR IDN_XACML_POLICY_STATUS_SEQUENCE);
+ END
+/
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
@@ -2250,3 +2432,19 @@ CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
/
CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
/
+
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID)
+/
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID)
+/
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID)
+/
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql
index 4dc871f5af93..6da58b00a5cd 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql
@@ -1370,6 +1370,133 @@ CREATE TABLE IF NOT EXISTS IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
);
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BOOLEAN NOT NULL DEFAULT TRUE,
+ IS_IN_PDP BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY CLOB NOT NULL,
+ IS_ACTIVE BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BOOLEAN NOT NULL DEFAULT FALSE,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BOOLEAN NOT NULL DEFAULT FALSE,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255) NULL,
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_STATUS (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255) NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+);
+
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
@@ -1477,4 +1604,12 @@ CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME);
-- ACTIONS --
CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
-CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
\ No newline at end of file
+CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID);
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql
index 1df14fe3eff7..cc3ce1c9ad1e 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql
@@ -1519,6 +1519,144 @@ CREATE TABLE IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES [dbo].[IDN_ACTION](UUID) ON DELETE CASCADE
);
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OAUTH2_TOKEN_CLAIMS]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER IDENTITY,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_CONFIG]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_POLICY]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BIT NOT NULL DEFAULT 1,
+ IS_IN_PDP BIT NOT NULL DEFAULT 0,
+ POLICY TEXT NOT NULL,
+ IS_ACTIVE BIT NOT NULL DEFAULT 0,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME DATETIME NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_POLICY_ATTRIBUTE]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER IDENTITY(1,1) NOT NULL,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_POLICY_EDITOR_DATA]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER IDENTITY(1,1) NOT NULL,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_POLICY_REFERENCE]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_POLICY_SET_REFERENCE]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_SUBSCRIBER]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_SUBSCRIBER_PROPERTY]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BIT NOT NULL DEFAULT 0,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BIT NOT NULL DEFAULT 0,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_SUBSCRIBER_STATUS]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER IDENTITY(1,1) NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BIT NOT NULL DEFAULT 0,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT DATETIME NOT NULL,
+ MESSAGE VARCHAR(255) NULL,
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_XACML_POLICY_STATUS]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_XACML_POLICY_STATUS (
+ ID INTEGER IDENTITY(1,1) NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BIT NOT NULL DEFAULT 0,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT DATETIME NOT NULL,
+ MESSAGE VARCHAR(255) NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+);
+
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
@@ -1629,6 +1767,15 @@ CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME);
CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID);
+
GO
-- Trigger IDN_CLAIM delete by dialect on IDN_CLAIM_DIALECT deletion --
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql
index d0bc47bfaafb..8e827ea7552d 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql
@@ -1533,6 +1533,133 @@ CREATE TABLE IF NOT EXISTS IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
)ENGINE NDB;
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER AUTO_INCREMENT,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BOOLEAN NOT NULL DEFAULT TRUE,
+ IS_IN_PDP BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY TEXT NOT NULL,
+ IS_ACTIVE BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BOOLEAN NOT NULL DEFAULT FALSE,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BOOLEAN NOT NULL DEFAULT FALSE,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+) ENGINE NDB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_STATUS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+) ENGINE NDB;
+
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
CREATE INDEX IDX_TC
@@ -1670,3 +1797,12 @@ CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME);
-- ACTIONS --
CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID);
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql
index 24729751d47f..f09ae2e4513b 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql
@@ -1401,6 +1401,133 @@ CREATE TABLE IF NOT EXISTS IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
)DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER AUTO_INCREMENT,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BOOLEAN NOT NULL DEFAULT TRUE,
+ IS_IN_PDP BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY MEDIUMTEXT NOT NULL,
+ IS_ACTIVE BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BOOLEAN NOT NULL DEFAULT FALSE,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BOOLEAN NOT NULL DEFAULT FALSE,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_STATUS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+) DEFAULT CHARACTER SET latin1 ENGINE INNODB;
+
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
@@ -1506,3 +1633,12 @@ CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME);
-- ACTIONS --
CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID);
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql
index 348176734d43..6f9e84488ed2 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql
@@ -2153,6 +2153,192 @@ CREATE TABLE IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
)
/
+CREATE TABLE IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_OAUTH2_TOKEN_CLAIMS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OAUTH2_TOKEN_CLAIMS_TRIG
+ BEFORE INSERT
+ ON IDN_OAUTH2_TOKEN_CLAIMS
+ REFERENCING NEW AS NEW
+ FOR EACH ROW
+ BEGIN
+ SELECT IDN_OAUTH2_TOKEN_CLAIMS_SEQ.nextval INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP CHAR(1) DEFAULT '1' NOT NULL,
+ IS_IN_PDP CHAR(1) DEFAULT '0' NOT NULL,
+ POLICY CLOB NOT NULL,
+ IS_ACTIVE CHAR(1) DEFAULT '0' NOT NULL,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID)
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER NOT NULL,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_ATTRIBUTE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_POLICY_ATTRIBUTE_TRIG
+BEFORE INSERT ON IDN_XACML_POLICY_ATTRIBUTE
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_POLICY_ATTRIBUTE_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER NOT NULL,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_EDITOR_DATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_POLICY_EDITOR_DATA_TRIG
+BEFORE INSERT ON IDN_XACML_POLICY_EDITOR_DATA
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_POLICY_EDITOR_DATA_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID)
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED CHAR(1) DEFAULT '0' NOT NULL,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET CHAR(1) DEFAULT '0' NOT NULL,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS CHAR(1) DEFAULT '0' NOT NULL,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_SUBSCRIBER_STATUS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_SUBSCRIBER_STATUS_TRIG
+BEFORE INSERT ON IDN_XACML_SUBSCRIBER_STATUS
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_SUBSCRIBER_STATUS_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_POLICY_STATUS (
+ ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS CHAR(1) DEFAULT '0' NOT NULL,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER DEFAULT -1 NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_STATUS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_POLICY_STATUS_TRIG
+BEFORE INSERT ON IDN_XACML_POLICY_STATUS
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_POLICY_STATUS_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
@@ -2300,7 +2486,23 @@ CREATE INDEX IDX_CON_FILE_RES_ID ON IDN_CONFIG_FILE (RESOURCE_ID)
/
-- ACTIONS --
-CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
+CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID)
+/
+CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID)
+/
+
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID)
+/
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID)
/
-CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID)
/
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql
index 6cb8e00ecdc7..8f06bfedecd9 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql
@@ -32,7 +32,6 @@ CREATE TABLE IDN_OAUTH2_SCOPE_VALIDATORS (
FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
)
/
-
CREATE SEQUENCE IDN_OAUTH_CONSUMER_APPS_SEQ START WITH 1 INCREMENT BY 1 CACHE 20
/
CREATE OR REPLACE TRIGGER IDN_OAUTH_CONSUMER_APPS_TRIG
@@ -169,7 +168,6 @@ CREATE TABLE IDN_OAUTH2_AUTHZ_CODE_SCOPE(
PRIMARY KEY (CODE_ID, SCOPE),
FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE (CODE_ID) ON DELETE CASCADE)
/
-
CREATE TABLE IDN_OAUTH2_DEVICE_FLOW (
CODE_ID VARCHAR(255),
DEVICE_CODE VARCHAR(255),
@@ -191,7 +189,6 @@ CREATE TABLE IDN_OAUTH2_DEVICE_FLOW (
CONSTRAINT USRCDE_QNTFR_CONSTRAINT UNIQUE (USER_CODE, QUANTIFIER),
FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE)
/
-
CREATE TABLE IDN_OAUTH2_DEVICE_FLOW_SCOPES (
ID INTEGER NOT NULL,
SCOPE_ID VARCHAR(255),
@@ -199,7 +196,6 @@ CREATE TABLE IDN_OAUTH2_DEVICE_FLOW_SCOPES (
PRIMARY KEY (ID),
FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_DEVICE_FLOW(CODE_ID) ON DELETE CASCADE)
/
-
CREATE SEQUENCE IDN_ODF_SCOPES_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
/
CREATE OR REPLACE TRIGGER IDN_ODF_SCOPES_TRIG
@@ -211,7 +207,6 @@ CREATE OR REPLACE TRIGGER IDN_ODF_SCOPES_TRIG
SELECT IDN_ODF_SCOPES_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
TOKEN_ID VARCHAR2 (255),
TOKEN_SCOPE VARCHAR2 (255),
@@ -273,13 +268,12 @@ CREATE TABLE IDN_SCIM_GROUP (
ROLE_NAME VARCHAR2(255) NOT NULL,
ATTR_NAME VARCHAR2(1024) NOT NULL,
ATTR_VALUE VARCHAR2(1024),
- UNIQUE(TENANT_ID, ROLE_NAME, ATTR_NAME),
- PRIMARY KEY (ID))
+ AUDIENCE_REF_ID INTEGER DEFAULT -1 NOT NULL,
+ UNIQUE(TENANT_ID, ROLE_NAME, ATTR_NAME, AUDIENCE_REF_ID),
+ PRIMARY KEY (ID))
/
-
CREATE SEQUENCE IDN_SCIM_GROUP_SEQUENCE START WITH 1 INCREMENT BY 1 CACHE 20
/
-
CREATE OR REPLACE TRIGGER IDN_SCIM_GROUP_TRIGGER
BEFORE INSERT
ON IDN_SCIM_GROUP
@@ -326,7 +320,6 @@ CREATE TABLE IDN_STS_STORE (
/
CREATE SEQUENCE IDN_STS_STORE_SEQUENCE START WITH 1 INCREMENT BY 1 CACHE 20
/
-
CREATE OR REPLACE TRIGGER IDN_STS_STORE_TRIGGER
BEFORE INSERT
ON IDN_STS_STORE
@@ -382,7 +375,6 @@ CREATE TABLE IDN_AUTH_TEMP_SESSION_STORE (
PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION)
)
/
-
CREATE TABLE IDN_AUTH_USER (
USER_ID VARCHAR(255) NOT NULL,
USER_NAME VARCHAR(255) NOT NULL,
@@ -393,7 +385,6 @@ CREATE TABLE IDN_AUTH_USER (
CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID)
)
/
-
CREATE TABLE IDN_AUTH_USER_SESSION_MAPPING (
ID INTEGER,
USER_ID VARCHAR(255) NOT NULL,
@@ -451,7 +442,6 @@ CREATE TABLE SP_APP (
IMAGE_URL VARCHAR(1024),
ACCESS_URL VARCHAR(1024),
IS_DISCOVERABLE CHAR(1) DEFAULT '0',
-
PRIMARY KEY (ID))
/
CREATE SEQUENCE SP_APP_SEQ START WITH 1 INCREMENT BY 1 CACHE 20
@@ -469,7 +459,6 @@ ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_NAME_CONSTRAINT UNIQUE(APP_NAME, T
/
ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_UUID_CONSTRAINT UNIQUE(UUID)
/
-
CREATE TABLE SP_METADATA (
ID INTEGER,
SP_ID INTEGER,
@@ -492,7 +481,6 @@ CREATE OR REPLACE TRIGGER SP_METADATA_TRIG
SELECT SP_METADATA_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE SP_INBOUND_AUTH (
ID INTEGER,
TENANT_ID INTEGER NOT NULL,
@@ -699,7 +687,6 @@ CREATE OR REPLACE TRIGGER SP_TEMPLATE_TRIG
FROM dual;
END;
/
-
CREATE TABLE SP_TRUSTED_APPS (
ID INTEGER NOT NULL,
SP_ID INTEGER NOT NULL,
@@ -723,7 +710,6 @@ CREATE OR REPLACE TRIGGER SP_TRUSTED_APPS_TRIG
SELECT SP_TRUSTED_APPS_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_AUTH_WAIT_STATUS (
ID INTEGER NOT NULL,
TENANT_ID INTEGER NOT NULL,
@@ -746,7 +732,6 @@ CREATE OR REPLACE TRIGGER IDN_AUTH_WAIT_STATUS_TRIG
SELECT IDN_AUTH_WAIT_STATUS_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDP (
ID INTEGER,
TENANT_ID INTEGER,
@@ -934,7 +919,6 @@ CREATE OR REPLACE TRIGGER IDP_METADATA_TRIG
BEGIN
SELECT IDP_METADATA_SEQ.nextval INTO :NEW.ID FROM dual;
END;
-
/
CREATE TABLE IDP_AUTHENTICATOR_PROPERTY (
ID INTEGER,
@@ -1092,7 +1076,6 @@ CREATE TABLE FIDO_DEVICE_STORE (
DEVICE_DATA VARCHAR(2048) NOT NULL,
PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE))
/
-
CREATE TABLE FIDO2_DEVICE_STORE (
TENANT_ID INTEGER,
DOMAIN_NAME VARCHAR(255) NOT NULL,
@@ -1107,7 +1090,6 @@ CREATE TABLE FIDO2_DEVICE_STORE (
IS_USERNAMELESS_SUPPORTED CHAR(1) DEFAULT '0',
PRIMARY KEY (CREDENTIAL_ID, USER_HANDLE))
/
-
CREATE TABLE IDN_RECOVERY_FLOW_DATA (
RECOVERY_FLOW_ID VARCHAR2(255) NOT NULL,
CODE VARCHAR2(255),
@@ -1117,7 +1099,6 @@ CREATE TABLE IDN_RECOVERY_FLOW_DATA (
PRIMARY KEY(RECOVERY_FLOW_ID)
)
/
-
CREATE TABLE IDN_RECOVERY_DATA (
USER_NAME VARCHAR2(255) NOT NULL,
USER_DOMAIN VARCHAR2(127) NOT NULL,
@@ -1133,7 +1114,6 @@ CREATE TABLE IDN_RECOVERY_DATA (
UNIQUE(CODE)
)
/
-
CREATE TABLE IDN_PASSWORD_HISTORY_DATA (
ID INTEGER,
USER_NAME VARCHAR2(255) NOT NULL,
@@ -1146,10 +1126,8 @@ CREATE TABLE IDN_PASSWORD_HISTORY_DATA (
UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH)
)
/
-
CREATE SEQUENCE IDN_PASSWORD_HISTORY_DATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
/
-
CREATE OR REPLACE TRIGGER IDN_PASSWORD_HISTORY_DATA_TRIG
BEFORE INSERT
ON IDN_PASSWORD_HISTORY_DATA
@@ -1161,7 +1139,6 @@ FOR EACH ROW
FROM dual;
END;
/
-
CREATE TABLE IDN_CLAIM_DIALECT (
ID INTEGER,
DIALECT_URI VARCHAR (255) NOT NULL,
@@ -1180,7 +1157,6 @@ CREATE OR REPLACE TRIGGER IDN_CLAIM_DIALECT_TRIG
SELECT IDN_CLAIM_DIALECT_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CLAIM (
ID INTEGER,
DIALECT_ID INTEGER NOT NULL,
@@ -1201,7 +1177,6 @@ CREATE OR REPLACE TRIGGER IDN_CLAIM_TRIG
SELECT IDN_CLAIM_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CLAIM_MAPPED_ATTRIBUTE (
ID INTEGER,
LOCAL_CLAIM_ID INTEGER,
@@ -1223,7 +1198,6 @@ CREATE OR REPLACE TRIGGER IDN_CLAIM_MAPPED_ATTR_TRIG
SELECT IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CLAIM_PROPERTY (
ID INTEGER,
LOCAL_CLAIM_ID INTEGER,
@@ -1245,7 +1219,6 @@ CREATE OR REPLACE TRIGGER IDN_CLAIM_PROPERTY_TRIG
SELECT IDN_CLAIM_PROPERTY_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CLAIM_MAPPING (
ID INTEGER,
EXT_CLAIM_ID INTEGER NOT NULL,
@@ -1267,7 +1240,6 @@ CREATE OR REPLACE TRIGGER IDN_CLAIM_MAPPING_TRIG
SELECT IDN_CLAIM_MAPPING_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_SAML2_ASSERTION_STORE (
ID INTEGER,
SAML2_ID VARCHAR(255) ,
@@ -1281,7 +1253,6 @@ CREATE TABLE IDN_SAML2_ASSERTION_STORE (
/
CREATE SEQUENCE IDN_SAML2_ASSERTION_STORE_SEQ START WITH 1 INCREMENT BY 1 CACHE 20
/
-
CREATE OR REPLACE TRIGGER IDN_SAML2_ASSERTION_STORE_TRIG
BEFORE INSERT
ON IDN_SAML2_ASSERTION_STORE
@@ -1291,7 +1262,6 @@ CREATE OR REPLACE TRIGGER IDN_SAML2_ASSERTION_STORE_TRIG
SELECT IDN_SAML2_ASSERTION_STORE_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_SAML2_ARTIFACT_STORE (
ID INTEGER,
SOURCE_ID VARCHAR(255) NOT NULL,
@@ -1305,7 +1275,6 @@ CREATE TABLE IDN_SAML2_ARTIFACT_STORE (
/
CREATE SEQUENCE IDN_SAML2_ARTIFACT_STORE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
/
-
CREATE OR REPLACE TRIGGER IDN_SAML2_ARTIFACT_STORE_TRIG
BEFORE INSERT
ON IDN_SAML2_ARTIFACT_STORE
@@ -1315,7 +1284,6 @@ CREATE OR REPLACE TRIGGER IDN_SAML2_ARTIFACT_STORE_TRIG
SELECT IDN_SAML2_ARTIFACT_STORE_SEQ.nextval INTO :NEW.ID FROM DUAL;
END;
/
-
CREATE TABLE IDN_OIDC_JTI (
JWT_ID VARCHAR(255) NOT NULL,
TENANT_ID INTEGER NOT NULL,
@@ -1323,7 +1291,6 @@ CREATE TABLE IDN_OIDC_JTI (
TIME_CREATED TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
PRIMARY KEY (JWT_ID,TENANT_ID))
/
-
CREATE TABLE IDN_OIDC_PROPERTY (
ID INTEGER NOT NULL,
TENANT_ID INTEGER,
@@ -1344,7 +1311,6 @@ CREATE OR REPLACE TRIGGER IDN_OIDC_PROPERTY_TRIG
SELECT IDN_OIDC_PROPERTY_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OIDC_REQ_OBJECT_REFERENCE (
ID INTEGER,
CONSUMER_KEY_ID INTEGER ,
@@ -1367,7 +1333,6 @@ CREATE OR REPLACE TRIGGER IDN_OIDC_REQ_OBJ_REF_TRIG
SELECT IDN_OIDC_REQ_OBJECT_REF_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OIDC_REQ_OBJECT_CLAIMS (
ID INTEGER,
REQ_OBJECT_ID INTEGER ,
@@ -1389,7 +1354,6 @@ CREATE OR REPLACE TRIGGER IDN_OIDC_REQ_OBJ_CLAIMS_TRIG
SELECT IDN_OIDC_REQ_OBJ_CLAIMS_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
ID INTEGER,
REQ_OBJECT_CLAIMS_ID INTEGER,
@@ -1408,7 +1372,6 @@ CREATE OR REPLACE TRIGGER IDN_OIDC_REQ_OBJ_CLM_VAL_TRIG
SELECT IDN_OIDC_REQ_OBJ_CLM_VAL_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CERTIFICATE (
ID INTEGER,
NAME VARCHAR(100),
@@ -1428,7 +1391,6 @@ CREATE OR REPLACE TRIGGER IDN_CERTIFICATE_TRIGGER
SELECT IDN_CERTIFICATE_SEQUENCE.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OIDC_SCOPE_CLAIM_MAPPING (
ID INTEGER NOT NULL,
SCOPE_ID INTEGER NOT NULL,
@@ -1449,7 +1411,6 @@ CREATE OR REPLACE TRIGGER IDN_OIDC_SCOPE_CLAIM_MAP_TRIG
SELECT IDN_OIDC_SCOPE_CLAIM_MAP_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_FUNCTION_LIBRARY (
NAME VARCHAR(255) NOT NULL,
DESCRIPTION VARCHAR(1023),
@@ -1459,7 +1420,6 @@ CREATE TABLE IDN_FUNCTION_LIBRARY (
PRIMARY KEY (TENANT_ID,NAME)
)
/
-
CREATE TABLE IDN_OAUTH2_CIBA_AUTH_CODE (
AUTH_CODE_KEY CHAR (36),
AUTH_REQ_ID CHAR (36),
@@ -1477,7 +1437,6 @@ CREATE TABLE IDN_OAUTH2_CIBA_AUTH_CODE (
PRIMARY KEY (AUTH_CODE_KEY),
FOREIGN KEY (TENANT_ID, CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(TENANT_ID, CONSUMER_KEY) ON DELETE CASCADE)
/
-
CREATE TABLE IDN_OAUTH2_CIBA_REQUEST_SCOPES (
ID INTEGER,
AUTH_CODE_KEY CHAR (36),
@@ -1496,7 +1455,6 @@ CREATE OR REPLACE TRIGGER IDN_OAUTH2_CIBA_SCOPES_TRIG
SELECT IDN_OAUTH2_CIBA_SCOPES_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_FED_AUTH_SESSION_MAPPING (
ID INTEGER,
IDP_SESSION_ID VARCHAR(255) NOT NULL,
@@ -1512,7 +1470,6 @@ CREATE TABLE IDN_FED_AUTH_SESSION_MAPPING (
UNIQUE (IDP_SESSION_ID, TENANT_ID, IDP_ID)
)
/
-
CREATE SEQUENCE IDN_FED_AUTH_SESSION_MAPPING_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
/
CREATE OR REPLACE TRIGGER IDN_FED_AUTH_SESSION_MAPPING_TRIG
@@ -1524,7 +1481,6 @@ CREATE OR REPLACE TRIGGER IDN_FED_AUTH_SESSION_MAPPING_TRIG
SELECT IDN_FED_AUTH_SESSION_MAPPING_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CONFIG_TYPE (
ID VARCHAR2(255) NOT NULL,
NAME VARCHAR2(255) NOT NULL,
@@ -1533,24 +1489,36 @@ CREATE TABLE IDN_CONFIG_TYPE (
CONSTRAINT TYPE_NAME_CONSTRAINT UNIQUE (NAME)
)
/
-
-INSERT INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
-('9ab0ef95-13e9-4ed5-afaf-d29bed62f7bd', 'IDP_TEMPLATE', 'Template type to uniquely identify IDP templates'),
-('3c4ac3d0-5903-4e3d-aaca-38df65b33bfd', 'APPLICATION_TEMPLATE', 'Template type to uniquely identify Application templates'),
-('8ec6dbf1-218a-49bf-bc34-0d2db52d151c', 'CORS_CONFIGURATION', 'A resource type to keep the tenant CORS configurations'),
-('669b99ca-cdb0-44a6-8cae-babed3b585df', 'Publisher', 'A resource type to keep the event publisher configurations'),
-('73f6d9ca-62f4-4566-bab9-2a930ae51ba8', 'BRANDING_PREFERENCES', 'A resource type to keep the tenant branding preferences'),
-('8469a176-3e6c-438a-ba01-71e9077072fa', 'APPLICATION_BRANDING_PREFERENCES', 'A resource type to keep the application branding preferences'),
-('899c69b2-8bf7-46b5-9666-f7f99f90d6cc', 'fido-config', 'A resource type to store FIDO authenticator related preferences'),
-('7f24050f-3e3d-4a00-b10f-fd5450d6523e', 'input-validation-configurations', 'A resource type to store input validation related configurations'),
-('f4e83b8a-d1c4-a0d6-03a7-d48e268c60c5', 'PK_JWT_CONFIGURATION', 'A resource type to keep the tenant private key jwt configuration.'),
-('9ec61e9d-f0e6-4952-9a09-ab842aeb2db2', 'ATTRIBUTE_CONFIGURATION', 'A resource type to store attribute related configurations.'),
-('132b0ee6-43e0-462d-8b4b-15b68109d71d', 'ORGANIZATION_CONFIGURATION', 'A resource type to keep the organization configurations.'),
-('1fc809a0-dc0d-4cb2-82f3-58934d389236', 'CUSTOM_TEXT', 'A resource type to keep the tenant custom text preferences.'),
-('c385a42a-5697-4604-b49a-62456621e926', 'DCR_CONFIGURATION', 'A resource type to keep the DCR configurations.'),
+INSERT ALL INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('9ab0ef95-13e9-4ed5-afaf-d29bed62f7bd', 'IDP_TEMPLATE', 'Template type to uniquely identify IDP templates')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('3c4ac3d0-5903-4e3d-aaca-38df65b33bfd', 'APPLICATION_TEMPLATE', 'Template type to uniquely identify Application templates')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('8ec6dbf1-218a-49bf-bc34-0d2db52d151c', 'CORS_CONFIGURATION', 'A resource type to keep the tenant CORS configurations')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('669b99ca-cdb0-44a6-8cae-babed3b585df', 'Publisher', 'A resource type to keep the event publisher configurations')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('73f6d9ca-62f4-4566-bab9-2a930ae51ba8', 'BRANDING_PREFERENCES', 'A resource type to keep the tenant branding preferences')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('8469a176-3e6c-438a-ba01-71e9077072fa', 'APPLICATION_BRANDING_PREFERENCES', 'A resource type to keep the application branding preferences')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('899c69b2-8bf7-46b5-9666-f7f99f90d6cc', 'fido-config', 'A resource type to store FIDO authenticator related preferences')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('7f24050f-3e3d-4a00-b10f-fd5450d6523e', 'input-validation-configurations', 'A resource type to store input validation related configurations')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('f4e83b8a-d1c4-a0d6-03a7-d48e268c60c5', 'PK_JWT_CONFIGURATION', 'A resource type to keep the tenant private key jwt configuration.')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('9ec61e9d-f0e6-4952-9a09-ab842aeb2db2', 'ATTRIBUTE_CONFIGURATION', 'A resource type to store attribute related configurations.')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('132b0ee6-43e0-462d-8b4b-15b68109d71d', 'ORGANIZATION_CONFIGURATION', 'A resource type to keep the organization configurations.')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('1fc809a0-dc0d-4cb2-82f3-58934d389236', 'CUSTOM_TEXT', 'A resource type to keep the tenant custom text preferences.')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('c385a42a-5697-4604-b49a-62456621e926', 'DCR_CONFIGURATION', 'A resource type to keep the DCR configurations.')
+INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
('3e5b1f91-72d8-4fbc-94d1-1b9a4f8c3b07', 'IMPERSONATION_CONFIGURATION', 'A resource type to keep the tenant impersonation preferences.')
+SELECT 1 FROM dual
/
-
CREATE TABLE IDN_CONFIG_RESOURCE (
ID VARCHAR2(255) NOT NULL,
TENANT_ID NUMBER(22,0) NOT NULL,
@@ -1565,7 +1533,6 @@ CREATE TABLE IDN_CONFIG_RESOURCE (
CONSTRAINT TYPE_ID_FOREIGN_CONSTRAINT FOREIGN KEY (TYPE_ID) REFERENCES IDN_CONFIG_TYPE(ID) ON DELETE CASCADE
)
/
-
CREATE TABLE IDN_CONFIG_ATTRIBUTE (
ID VARCHAR2(255) NOT NULL,
RESOURCE_ID VARCHAR2(255) NOT NULL,
@@ -1577,7 +1544,6 @@ CREATE TABLE IDN_CONFIG_ATTRIBUTE (
CASCADE
)
/
-
CREATE TABLE IDN_CONFIG_FILE (
ID VARCHAR2(255) NOT NULL,
VALUE BLOB NULL,
@@ -1588,7 +1554,6 @@ CREATE TABLE IDN_CONFIG_FILE (
CASCADE
)
/
-
CREATE TABLE IDN_REMOTE_FETCH_CONFIG (
ID VARCHAR(255) NOT NULL,
TENANT_ID INTEGER NOT NULL,
@@ -1601,8 +1566,8 @@ CREATE TABLE IDN_REMOTE_FETCH_CONFIG (
ATTRIBUTES_JSON CLOB NOT NULL,
CONSTRAINT PK_IDN_REMOTE_FETCH_CONFIG PRIMARY KEY (ID),
CONSTRAINT UC_REMOTE_RESOURCE_TYPE UNIQUE (TENANT_ID, CONFIG_DEPLOYER_TYPE)
-)/
-
+)
+/
CREATE TABLE IDN_REMOTE_FETCH_REVISIONS (
ID VARCHAR(255) NOT NULL,
CONFIG_ID VARCHAR(255) NOT NULL,
@@ -1616,8 +1581,8 @@ CREATE TABLE IDN_REMOTE_FETCH_REVISIONS (
CONSTRAINT PK_IDN_REMOTE_FETCH_REVISIONS PRIMARY KEY (ID),
FOREIGN KEY (CONFIG_ID) REFERENCES IDN_REMOTE_FETCH_CONFIG (ID) ON DELETE CASCADE,
CONSTRAINT UC_REVISIONS UNIQUE (CONFIG_ID, ITEM_NAME)
-)/
-
+)
+/
CREATE TABLE IDN_USER_FUNCTIONALITY_MAPPING (
ID VARCHAR(255) NOT NULL,
USER_ID VARCHAR(255) NOT NULL,
@@ -1631,7 +1596,6 @@ CREATE TABLE IDN_USER_FUNCTIONALITY_MAPPING (
CONSTRAINT IDN_USR_FUNC_MAP_CONSTRAINT UNIQUE (USER_ID, TENANT_ID, FUNCTIONALITY_ID)
)
/
-
CREATE TABLE IDN_USR_FUNCTIONALITY_PROPERTY (
ID VARCHAR(255) NOT NULL,
USER_ID VARCHAR(255) NOT NULL,
@@ -1643,13 +1607,11 @@ CREATE TABLE IDN_USR_FUNCTIONALITY_PROPERTY (
CONSTRAINT IDN_USR_FUNC_PROP_CONSTRAINT UNIQUE (USER_ID, TENANT_ID, FUNCTIONALITY_ID, PROPERTY_NAME)
)
/
-
CREATE TABLE IDN_CORS_ORIGIN (
ID INT NOT NULL,
TENANT_ID INT NOT NULL,
ORIGIN VARCHAR(2048) NOT NULL,
UUID CHAR(36) NOT NULL,
-
PRIMARY KEY (ID),
UNIQUE (TENANT_ID, ORIGIN),
UNIQUE (UUID)
@@ -1666,24 +1628,20 @@ CREATE OR REPLACE TRIGGER IDN_CORS_ORIGIN_TRIG
SELECT IDN_CORS_ORIGIN_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_CORS_ASSOCIATION (
IDN_CORS_ORIGIN_ID INT NOT NULL,
SP_APP_ID INT NOT NULL,
-
PRIMARY KEY (IDN_CORS_ORIGIN_ID, SP_APP_ID),
FOREIGN KEY (IDN_CORS_ORIGIN_ID) REFERENCES IDN_CORS_ORIGIN (ID) ON DELETE CASCADE,
FOREIGN KEY (SP_APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE
)
/
-
CREATE TABLE IDN_OAUTH2_USER_CONSENT (
ID INTEGER NOT NULL,
USER_ID VARCHAR(255) NOT NULL,
APP_ID CHAR(36) NOT NULL,
TENANT_ID INTEGER DEFAULT -1 NOT NULL,
CONSENT_ID VARCHAR(255) NOT NULL,
-
PRIMARY KEY (ID),
FOREIGN KEY (APP_ID) REFERENCES SP_APP (UUID) ON DELETE CASCADE,
UNIQUE (USER_ID, APP_ID, TENANT_ID),
@@ -1701,14 +1659,12 @@ CREATE OR REPLACE TRIGGER IDN_OAUTH2_USER_CONSENT_TRIGGER
SELECT IDN_OAUTH2_USER_CONSENT_SEQUENCE.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OAUTH2_USER_CONSENTED_SCOPES (
ID INTEGER NOT NULL,
CONSENT_ID VARCHAR(255) NOT NULL,
TENANT_ID INTEGER DEFAULT -1 NOT NULL,
SCOPE VARCHAR(255) NOT NULL,
CONSENT NUMBER(1,0) DEFAULT 1 NOT NULL,
-
PRIMARY KEY (ID),
FOREIGN KEY (CONSENT_ID) REFERENCES IDN_OAUTH2_USER_CONSENT (CONSENT_ID) ON DELETE CASCADE,
UNIQUE (CONSENT_ID, SCOPE)
@@ -1725,7 +1681,6 @@ CREATE OR REPLACE TRIGGER IDN_OAUTH2_USER_CONSENTED_SCOPES_TRIGGER
SELECT IDN_OAUTH2_USER_CONSENTED_SCOPES_SEQUENCE.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_SECRET_TYPE (
ID VARCHAR2(255) NOT NULL,
NAME VARCHAR2(255) NOT NULL,
@@ -1734,7 +1689,6 @@ CREATE TABLE IDN_SECRET_TYPE (
CONSTRAINT SECRET_TYPE_NAME_CONSTRAINT UNIQUE (NAME)
)
/
-
INSERT ALL INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES
('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function')
INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES
@@ -1747,7 +1701,6 @@ INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES
('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties')
SELECT 1 FROM dual
/
-
CREATE TABLE IDN_SECRET (
ID VARCHAR2(255) NOT NULL,
TENANT_ID NUMBER(22,0) NOT NULL,
@@ -1763,7 +1716,6 @@ CREATE TABLE IDN_SECRET (
UNIQUE (SECRET_NAME, TENANT_ID, TYPE_ID)
)
/
-
CREATE TABLE SP_SHARED_APP (
ID INTEGER,
MAIN_APP_ID CHAR(36) NOT NULL,
@@ -1884,7 +1836,6 @@ CREATE OR REPLACE TRIGGER IDV_CLAIM_TRIG
SELECT IDV_CLAIM_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
-
CREATE TABLE IDN_OAUTH_PAR (
REQ_URI_REF VARCHAR2(255) PRIMARY KEY,
CLIENT_ID VARCHAR2(255) NOT NULL,
@@ -2058,7 +2009,7 @@ CREATE OR REPLACE TRIGGER IDN_NOTIFICATION_TYPE_TRIG
REFERENCING NEW AS NEW
FOR EACH ROW
BEGIN
- SELECT IDN_NOTIFICATION_TYPE_SEQ.nextval INTO :NEW.CURSOR_KEY FROM dual;
+ SELECT IDN_NOTIFICATION_TYPE_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
CREATE TABLE IDN_NOTIFICATION_ORG_TEMPLATE (
@@ -2085,7 +2036,7 @@ CREATE OR REPLACE TRIGGER IDN_NOTIFICATION_ORG_TEMPLATE_TRIG
REFERENCING NEW AS NEW
FOR EACH ROW
BEGIN
- SELECT IDN_NOTIFICATION_APP_TEMPLATE_SEQ.nextval INTO :NEW.CURSOR_KEY FROM dual;
+ SELECT IDN_NOTIFICATION_APP_TEMPLATE_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
CREATE TABLE IDN_NOTIFICATION_APP_TEMPLATE (
@@ -2113,7 +2064,7 @@ CREATE OR REPLACE TRIGGER IDN_NOTIFICATION_APP_TEMPLATE_TRIG
REFERENCING NEW AS NEW
FOR EACH ROW
BEGIN
- SELECT IDN_NOTIFICATION_APP_TEMPLATE_SEQ.nextval INTO :NEW.CURSOR_KEY FROM dual;
+ SELECT IDN_NOTIFICATION_APP_TEMPLATE_SEQ.nextval INTO :NEW.ID FROM dual;
END;
/
CREATE TABLE IDN_ACTION (
@@ -2135,6 +2086,192 @@ CREATE TABLE IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
)
/
+CREATE TABLE IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_OAUTH2_TOKEN_CLAIMS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OAUTH2_TOKEN_CLAIMS_TRIG
+ BEFORE INSERT
+ ON IDN_OAUTH2_TOKEN_CLAIMS
+ REFERENCING NEW AS NEW
+ FOR EACH ROW
+ BEGIN
+ SELECT IDN_OAUTH2_TOKEN_CLAIMS_SEQ.nextval INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP CHAR(1) DEFAULT '1' NOT NULL,
+ IS_IN_PDP CHAR(1) DEFAULT '0' NOT NULL,
+ POLICY CLOB NOT NULL,
+ IS_ACTIVE CHAR(1) DEFAULT '0' NOT NULL,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID)
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER NOT NULL,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_ATTRIBUTE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_POLICY_ATTRIBUTE_TRIG
+BEFORE INSERT ON IDN_XACML_POLICY_ATTRIBUTE
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_POLICY_ATTRIBUTE_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER NOT NULL,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_EDITOR_DATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_POLICY_EDITOR_DATA_TRIG
+BEFORE INSERT ON IDN_XACML_POLICY_EDITOR_DATA
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_POLICY_EDITOR_DATA_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID)
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED CHAR(1) DEFAULT '0' NOT NULL,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET CHAR(1) DEFAULT '0' NOT NULL,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+)
+/
+
+CREATE TABLE IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS CHAR(1) DEFAULT '0' NOT NULL,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+)
+/
+CREATE SEQUENCE IDN_XACML_SUBSCRIBER_STATUS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_SUBSCRIBER_STATUS_TRIG
+BEFORE INSERT ON IDN_XACML_SUBSCRIBER_STATUS
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_SUBSCRIBER_STATUS_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
+
+CREATE TABLE IDN_XACML_POLICY_STATUS (
+ ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS CHAR(1) DEFAULT '0' NOT NULL,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER DEFAULT -1 NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE IDN_XACML_POLICY_STATUS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_XACML_POLICY_STATUS_TRIG
+BEFORE INSERT ON IDN_XACML_POLICY_STATUS
+REFERENCING NEW AS NEW
+FOR EACH ROW
+ BEGIN
+ SELECT IDN_XACML_POLICY_STATUS_SEQ.NEXTVAL INTO :NEW.ID FROM dual;
+ END;
+/
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
@@ -2165,11 +2302,9 @@ CREATE INDEX IDX_AC_TID ON IDN_OAUTH2_AUTHORIZATION_CODE(TOKEN_ID)
/
CREATE INDEX IDX_AC_AC_CKID ON IDN_OAUTH2_AUTHORIZATION_CODE(AUTHORIZATION_CODE, CONSUMER_KEY_ID)
/
-
-- IDN_SCIM_GROUP --
CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME)
/
-
-- IDN_AUTH_SESSION_STORE --
CREATE INDEX IDX_IDN_AUTH_SESSION_TIME ON IDN_AUTH_SESSION_STORE (TIME_CREATED)
/
@@ -2177,111 +2312,102 @@ CREATE INDEX IDX_IDN_AUTH_SSTR_ST_OP_ID_TM ON IDN_AUTH_SESSION_STORE (OPERATION,
/
CREATE INDEX IDX_IDN_AUTH_SSTR_ET_ID ON IDN_AUTH_SESSION_STORE (EXPIRY_TIME, SESSION_ID)
/
-
-- IDN_AUTH_TEMP_SESSION_STORE --
CREATE INDEX IDX_IDN_AUTH_TMP_SESSION_TIME ON IDN_AUTH_TEMP_SESSION_STORE (TIME_CREATED)
/
-
-- IDN_OAUTH2_SCOPE --
CREATE INDEX IDX_SC_TID ON IDN_OAUTH2_SCOPE(TENANT_ID)
/
-
-- IDN_OAUTH2_SCOPE_BINDING --
CREATE INDEX IDX_SB_SCPID ON IDN_OAUTH2_SCOPE_BINDING(SCOPE_ID)
/
-
-- IDN_OIDC_REQ_OBJECT_REFERENCE --
CREATE INDEX IDX_OROR_TID ON IDN_OIDC_REQ_OBJECT_REFERENCE(TOKEN_ID)
/
-
-- IDN_OAUTH2_ACCESS_TOKEN_SCOPE --
CREATE INDEX IDX_ATS_TID ON IDN_OAUTH2_ACCESS_TOKEN_SCOPE(TOKEN_ID)
/
-
-- IDN_AUTH_USER --
CREATE INDEX IDX_AUTH_USER_UN_TID_DN ON IDN_AUTH_USER (USER_NAME, TENANT_ID, DOMAIN_NAME)
/
CREATE INDEX IDX_AUTH_USER_DN_TOD ON IDN_AUTH_USER (DOMAIN_NAME, TENANT_ID)
/
-
-- IDN_AUTH_USER_SESSION_MAPPING --
CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID)
/
CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID)
/
-
-- IDN_AUTH_SESSION_APP_INFO --
CREATE INDEX IDX_AUTH_SAI_UN_AID_SID ON IDN_AUTH_SESSION_APP_INFO (APP_ID, LOWER(SUBJECT), SESSION_ID)
/
-
-- IDN_OAUTH_CONSUMER_APPS --
CREATE INDEX IDX_OCA_UM_TID_UD_APN ON IDN_OAUTH_CONSUMER_APPS(USERNAME,TENANT_ID,USER_DOMAIN, APP_NAME)
/
-
-- IDX_SPI_APP --
CREATE INDEX IDX_SPI_APP ON SP_INBOUND_AUTH(APP_ID)
/
-
-- IDN_OIDC_PROPERTY --
CREATE INDEX IDX_IOP_CK ON IDN_OIDC_PROPERTY(TENANT_ID, CONSUMER_KEY)
/
-
-- IDN_FIDO2_PROPERTY --
CREATE INDEX IDX_FIDO2_STR ON FIDO2_DEVICE_STORE(USER_NAME, TENANT_ID, DOMAIN_NAME, CREDENTIAL_ID, USER_HANDLE)
/
-
-- IDN_ASSOCIATED_ID --
CREATE INDEX IDX_AI_DN_UN_AI ON IDN_ASSOCIATED_ID(DOMAIN_NAME, USER_NAME, ASSOCIATION_ID)
/
-
-- IDN_OAUTH2_TOKEN_BINDING --
CREATE INDEX IDX_IDN_AUTH_BIND ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_REF)
/
CREATE INDEX IDX_TK_VALUE_TYPE ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_VALUE, TOKEN_BINDING_TYPE)
/
-
-- IDN_FED_AUTH_SESSION_MAPPING --
CREATE INDEX IDX_FEDERATED_AUTH_SESSION_ID ON IDN_FED_AUTH_SESSION_MAPPING (SESSION_ID)
/
-
-- SP_APP --
CREATE INDEX IDX_SP_APP_NAME_CI ON SP_APP (LOWER(APP_NAME))
/
-
-- IDN_REMOTE_FETCH_REVISIONS --
CREATE INDEX IDX_REMOTE_FETCH_REVISION_CONFIG_ID ON IDN_REMOTE_FETCH_REVISIONS (CONFIG_ID)
/
-
-- IDN_CORS_ASSOCIATION --
CREATE INDEX IDX_CORS_SP_APP_ID ON IDN_CORS_ASSOCIATION (SP_APP_ID)
/
-
-- IDN_CORS_ASSOCIATION --
CREATE INDEX IDX_CORS_ORIGIN_ID ON IDN_CORS_ASSOCIATION (IDN_CORS_ORIGIN_ID)
/
-
-- IDN_SECRET --
CREATE INDEX IDN_SECRET_TYPE_ID ON IDN_SECRET (TYPE_ID)
/
-
-- IDN_CLAIM --
CREATE INDEX IDX_CLAIM_TI_CU ON IDN_CLAIM (TENANT_ID, CLAIM_URI)
/
-
-- IDP_AUTHENTICATOR_PROPERTY --
CREATE INDEX IDX_AUTH_PROP_AUTH_ID ON IDP_AUTHENTICATOR_PROPERTY (AUTHENTICATOR_ID)
/
-
-- IDN_CONFIG_FILE --
CREATE INDEX IDX_CON_FILE_RES_ID ON IDN_CONFIG_FILE (RESOURCE_ID)
/
-
-- SCOPE --
CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME)
/
-
-- ACTIONS --
-CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
+CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID)
+/
+CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID)
+/
+
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID)
+/
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID)
+/
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID)
/
-CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID)
/
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql
index ff5e3adfdc26..20793bca2de2 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql
@@ -1639,6 +1639,150 @@ CREATE TABLE IF NOT EXISTS IDN_ACTION_ENDPOINT (
FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
);
+DROP TABLE IF EXISTS IDN_OAUTH2_TOKEN_CLAIMS;
+DROP SEQUENCE IF EXISTS IDN_OAUTH2_TOKEN_CLAIMS_SEQ;
+CREATE SEQUENCE IDN_OAUTH2_TOKEN_CLAIMS_SEQ;
+CREATE TABLE IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER NOT NULL DEFAULT NEXTVAL('IDN_OAUTH2_TOKEN_CLAIMS_SEQ'),
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_CONFIG;
+CREATE TABLE IF NOT EXISTS IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+);
+
+DROP TABLE IF EXISTS IDN_XACML_POLICY;
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BOOLEAN NOT NULL DEFAULT TRUE,
+ IS_IN_PDP BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY TEXT NOT NULL,
+ IS_ACTIVE BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_XACML_POLICY_ATTRIBUTE;
+DROP SEQUENCE IF EXISTS IDN_XACML_POLICY_ATTRIBUTE_SEQ;
+CREATE SEQUENCE IF NOT EXISTS IDN_XACML_POLICY_ATTRIBUTE_SEQ;
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER DEFAULT NEXTVAL('IDN_XACML_POLICY_ATTRIBUTE_SEQ') PRIMARY KEY,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_POLICY_EDITOR_DATA;
+DROP SEQUENCE IF EXISTS IDN_XACML_POLICY_EDITOR_DATA_SEQ;
+CREATE SEQUENCE IF NOT EXISTS IDN_XACML_POLICY_EDITOR_DATA_SEQ;
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER DEFAULT NEXTVAL('IDN_XACML_POLICY_EDITOR_DATA_SEQ') PRIMARY KEY,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_POLICY_REFERENCE;
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_POLICY_SET_REFERENCE;
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_SUBSCRIBER;
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_XACML_SUBSCRIBER_PROPERTY;
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BOOLEAN NOT NULL DEFAULT FALSE,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BOOLEAN NOT NULL DEFAULT FALSE,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_SUBSCRIBER_STATUS;
+DROP SEQUENCE IF EXISTS IDN_XACML_SUBSCRIBER_STATUS_SEQ;
+CREATE SEQUENCE IF NOT EXISTS IDN_XACML_SUBSCRIBER_STATUS_SEQ;
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER DEFAULT NEXTVAL('IDN_XACML_SUBSCRIBER_STATUS_SEQ') PRIMARY KEY,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_XACML_POLICY_STATUS;
+DROP SEQUENCE IF EXISTS IDN_XACML_POLICY_STATUS_SEQ;
+CREATE SEQUENCE IF NOT EXISTS IDN_XACML_POLICY_STATUS_SEQ;
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_STATUS (
+ ID INTEGER DEFAULT NEXTVAL('IDN_XACML_POLICY_STATUS_SEQ') PRIMARY KEY,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255),
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL
+);
+
-- --------------------------- INDEX CREATION -----------------------------
-- IDN_OAUTH2_ACCESS_TOKEN --
CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
@@ -1750,3 +1894,12 @@ CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME);
-- ACTIONS --
CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID);
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
index 73406a4b634c..8e5b80945463 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
@@ -639,6 +639,7 @@
false
false
+ false
@@ -305,6 +306,77 @@
{{oauth.endpoints.oidc_discovery_url}}
{{oauth.endpoints.oauth2_device_authz_url}}
+ {% if oauth.endpoints.v2 is defined %}
+
+
+ {% if oauth.endpoints.v2.oauth1_request_token_url is defined %}
+ {{oauth.endpoints.v2.oauth1_request_token_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth1_authorize_url is defined %}
+ {{oauth.endpoints.v2.oauth1_authorize_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth1_access_token_url is defined %}
+ {{oauth.endpoints.v2.oauth1_access_token_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_authz_url is defined %}
+ {{oauth.endpoints.v2.oauth2_authz_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_par_url is defined %}
+ {{oauth.endpoints.v2.oauth2_par_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_token_url is defined %}
+ {{oauth.endpoints.v2.oauth2_token_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_revoke_url is defined %}
+ {{oauth.endpoints.v2.oauth2_revoke_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_introspect_url is defined %}
+ {{oauth.endpoints.v2.oauth2_introspect_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_user_info_url is defined %}
+ {{oauth.endpoints.v2.oauth2_user_info_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_check_session_url is defined %}
+ {{oauth.endpoints.v2.oidc_check_session_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_logout_url is defined %}
+ {{oauth.endpoints.v2.oidc_logout_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_consent_page is defined %}
+ {{oauth.endpoints.v2.oauth2_consent_page}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_error_page is defined %}
+ {{oauth.endpoints.v2.oauth2_error_page}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_consent_page is defined %}
+ {{oauth.endpoints.v2.oidc_consent_page}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_logout_consent_page is defined %}
+ {{oauth.endpoints.v2.oidc_logout_consent_page}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_logout_page is defined %}
+ {{oauth.endpoints.v2.oidc_logout_page}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_web_finger_url is defined %}
+ {{oauth.endpoints.v2.oidc_web_finger_url}}
+ {% endif %}
+
+
+ {% if oauth.endpoints.v2.oauth2_dcr_url is defined %}
+ {{oauth.endpoints.v2.oauth2_dcr_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_jwks_url is defined %}
+ {{oauth.endpoints.v2.oauth2_jwks_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oidc_discovery_url is defined %}
+ {{oauth.endpoints.v2.oidc_discovery_url}}
+ {% endif %}
+ {% if oauth.endpoints.v2.oauth2_device_authz_url is defined %}
+ {{oauth.endpoints.v2.oauth2_device_authz_url}}
+ {% endif %}
+
+ {% endif %}
+
{{oauth.mtls_aliases.enabled}}
{{oauth.mtls_aliases.hostname}}
@@ -975,6 +1047,7 @@
{{oauth.oidc.subject_type.enable_pairwise_subject_for_access_tokens_if_pairwise_subject_type_selection}}
{{oauth.oidc.enable_tls_certificate_bound_access_tokens_via_binding_type}}
{{oauth.oidc.enable_hybrid_flow_app_level_validation}}
+ {{oauth.oidc.enable_claims_separation_for_access_tokens}}
@@ -1841,6 +1914,9 @@
{% if authentication_policy.disable_account_lock_handler is defined %}
{{authentication_policy.disable_account_lock_handler}}
{% endif %}
+ {% if authentication_policy.pre_authentication_account_lock_check is defined %}
+ {{authentication_policy.pre_authentication_account_lock_check}}
+ {% endif %}
@@ -4152,4 +4228,27 @@
+
+ {% if user_registration_admin_service.enable is sameas true %}
+
+ {{user_registration_admin_service.enable}}
+ {{ user_registration_admin_service.allowed_sign_up_roles | join(',') }}
+
+ {% endif %}
+ {% if user_info_recovery_admin_service.allowed_usernames is defined %}
+
+
+ {{ user_info_recovery_admin_service.allowed_usernames | join(',') }}
+
+
+ {% endif %}
+ {% if policy_editor_service.get_policy_doc.allowed_urls is defined %}
+
+
+ {{ policy_editor_service.get_policy_doc.allowed_urls | join(',') }}
+
+
+ {% endif %}
+
+
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
index 0c4aa8034487..a80f5b5ac11c 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
@@ -258,6 +258,7 @@
"oauth.oidc.request_object.signing_algorithms": ["PS256", "ES256", "$ref{oauth.oidc.user_info.jwt_signature_algorithm}"],
"oauth.oidc.enable_tls_certificate_bound_access_tokens_via_binding_type": true,
"oauth.oidc.enable_hybrid_flow_app_level_validation": true,
+ "oauth.oidc.enable_claims_separation_for_access_tokens": false,
"oauth.oidc.fapi.enable_ciba_profile": false,
"oauth.oidc.fapi.enable_security_profile": false,
@@ -783,6 +784,7 @@
"authentication.adaptive.execution_supervisor.timeout": "500ms",
"authentication.adaptive.authenticator_name_in_auth_config.enable": true,
"authentication.adaptive.graaljs.script_statements_limit": "0",
+ "AdaptiveAuth.ScriptEngine": "graaljs",
"federated.idp.role_claim_value_attribute_separator": ",",
"configuration.store.query_length.max": "4194304",
@@ -1088,6 +1090,7 @@
"OAuthRequestPathAuthenticator"
],
"console.ui.hiddenConnectionTemplates": [ "swe-idp" ],
+ "console.ui.hiddenApplicationTemplates": [],
"console.ui.google_one_tap_enabled_tenants": [],
"console.ui.show_app_switch_button": true,
"console.ui.administrator_role_display_name": "Administrator",
@@ -1565,7 +1568,7 @@
"on_demand_config.on_initial_use.enable_sms_otp_password_recovery_if_connector_enabled": false,
"actions.maximum_actions_per_action_type": 1,
- "actions.types.pre_issue_access_token.enable": false,
+ "actions.types.pre_issue_access_token.enable": true,
"oauth.authorize_all_scopes": false
}
diff --git a/features/identity-core/org.wso2.carbon.identity.core.ui.feature/pom.xml b/features/identity-core/org.wso2.carbon.identity.core.ui.feature/pom.xml
index cebfe56a548e..ea13faf4c86e 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.ui.feature/pom.xml
+++ b/features/identity-core/org.wso2.carbon.identity.core.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-core-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-core/pom.xml b/features/identity-core/pom.xml
index 3fdbef1d9f70..e20c46e6bbc5 100644
--- a/features/identity-core/pom.xml
+++ b/features/identity-core/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/identity-event/org.wso2.carbon.identity.event.feature/pom.xml b/features/identity-event/org.wso2.carbon.identity.event.feature/pom.xml
index 65a3ae059e95..094d976127c1 100644
--- a/features/identity-event/org.wso2.carbon.identity.event.feature/pom.xml
+++ b/features/identity-event/org.wso2.carbon.identity.event.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-event-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-event/org.wso2.carbon.identity.event.server.feature/pom.xml b/features/identity-event/org.wso2.carbon.identity.event.server.feature/pom.xml
index 386e57079766..bff231494ecb 100644
--- a/features/identity-event/org.wso2.carbon.identity.event.server.feature/pom.xml
+++ b/features/identity-event/org.wso2.carbon.identity.event.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-event-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-event/pom.xml b/features/identity-event/pom.xml
index e1a00a18f066..faac23c6ff0c 100644
--- a/features/identity-event/pom.xml
+++ b/features/identity-event/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/identity-mgt/org.wso2.carbon.identity.mgt.feature/pom.xml b/features/identity-mgt/org.wso2.carbon.identity.mgt.feature/pom.xml
index 3791201f08fe..4a3a70520d57 100644
--- a/features/identity-mgt/org.wso2.carbon.identity.mgt.feature/pom.xml
+++ b/features/identity-mgt/org.wso2.carbon.identity.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-mgt/org.wso2.carbon.identity.mgt.server.feature/pom.xml b/features/identity-mgt/org.wso2.carbon.identity.mgt.server.feature/pom.xml
index db91361e7a88..159dca4e1ee0 100644
--- a/features/identity-mgt/org.wso2.carbon.identity.mgt.server.feature/pom.xml
+++ b/features/identity-mgt/org.wso2.carbon.identity.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-mgt/org.wso2.carbon.identity.mgt.ui.feature/pom.xml b/features/identity-mgt/org.wso2.carbon.identity.mgt.ui.feature/pom.xml
index 3bf18932e322..3fb1831bea7b 100644
--- a/features/identity-mgt/org.wso2.carbon.identity.mgt.ui.feature/pom.xml
+++ b/features/identity-mgt/org.wso2.carbon.identity.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/identity-mgt/pom.xml b/features/identity-mgt/pom.xml
index 7b52d8113024..2e2d5775fa82 100644
--- a/features/identity-mgt/pom.xml
+++ b/features/identity-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/idp-mgt/org.wso2.carbon.idp.mgt.feature/pom.xml b/features/idp-mgt/org.wso2.carbon.idp.mgt.feature/pom.xml
index ff56591f9aae..3958046a63e7 100644
--- a/features/idp-mgt/org.wso2.carbon.idp.mgt.feature/pom.xml
+++ b/features/idp-mgt/org.wso2.carbon.idp.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-provider-management-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/idp-mgt/org.wso2.carbon.idp.mgt.server.feature/pom.xml b/features/idp-mgt/org.wso2.carbon.idp.mgt.server.feature/pom.xml
index 8ec3c2f5f7a3..fb26a73a8956 100644
--- a/features/idp-mgt/org.wso2.carbon.idp.mgt.server.feature/pom.xml
+++ b/features/idp-mgt/org.wso2.carbon.idp.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-provider-management-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/idp-mgt/org.wso2.carbon.idp.mgt.ui.feature/pom.xml b/features/idp-mgt/org.wso2.carbon.idp.mgt.ui.feature/pom.xml
index b0678edb2041..eb504d323552 100644
--- a/features/idp-mgt/org.wso2.carbon.idp.mgt.ui.feature/pom.xml
+++ b/features/idp-mgt/org.wso2.carbon.idp.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-provider-management-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/idp-mgt/pom.xml b/features/idp-mgt/pom.xml
index 64f9c983ba5c..966a1bc55bae 100644
--- a/features/idp-mgt/pom.xml
+++ b/features/idp-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt.server.feature/pom.xml b/features/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt.server.feature/pom.xml
index 9faa8e4ae8fa..6059866dc993 100644
--- a/features/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt.server.feature/pom.xml
+++ b/features/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
input-validation-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/input-validation-mgt/pom.xml b/features/input-validation-mgt/pom.xml
index f7bbda4514a7..c4a7c601363c 100644
--- a/features/input-validation-mgt/pom.xml
+++ b/features/input-validation-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt.server.feature/pom.xml b/features/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt.server.feature/pom.xml
index 2060df16d433..7726b3474fda 100644
--- a/features/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt.server.feature/pom.xml
+++ b/features/multi-attribute-login/org.wso2.carbon.identity.multi.attribute.login.mgt.server.feature/pom.xml
@@ -20,7 +20,7 @@
multi-attribute-login-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt.server.feature/pom.xml b/features/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt.server.feature/pom.xml
index 2d3cb6109db4..d37760a9a21a 100644
--- a/features/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt.server.feature/pom.xml
+++ b/features/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt.server.feature/pom.xml
@@ -20,7 +20,7 @@
multi-attribute-login-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/multi-attribute-login/pom.xml b/features/multi-attribute-login/pom.xml
index e0f79ebc3fb6..783c3b58834e 100644
--- a/features/multi-attribute-login/pom.xml
+++ b/features/multi-attribute-login/pom.xml
@@ -20,7 +20,7 @@
identity-framework
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.feature/pom.xml b/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.feature/pom.xml
index 53a3b0ba5cb1..cf94e863aaa1 100644
--- a/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.feature/pom.xml
+++ b/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-notification-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.server.feature/pom.xml b/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.server.feature/pom.xml
index 0fa33b870724..fb48460f7c22 100644
--- a/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.server.feature/pom.xml
+++ b/features/notification-mgt/org.wso2.carbon.identity.notification.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-notification-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/notification-mgt/pom.xml b/features/notification-mgt/pom.xml
index cba300a72105..94b3c5d2cd93 100644
--- a/features/notification-mgt/pom.xml
+++ b/features/notification-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/provisioning/org.wso2.carbon.identity.provisioning.server.feature/pom.xml b/features/provisioning/org.wso2.carbon.identity.provisioning.server.feature/pom.xml
index 47781cabd039..5c90823c81ee 100644
--- a/features/provisioning/org.wso2.carbon.identity.provisioning.server.feature/pom.xml
+++ b/features/provisioning/org.wso2.carbon.identity.provisioning.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
provisioning-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/provisioning/pom.xml b/features/provisioning/pom.xml
index f79f90a60541..4f5e5b83b4bf 100644
--- a/features/provisioning/pom.xml
+++ b/features/provisioning/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/role-mgt/org.wso2.carbon.identity.role.mgt.core.server.feature/pom.xml b/features/role-mgt/org.wso2.carbon.identity.role.mgt.core.server.feature/pom.xml
index 596d685dfd57..2af5fef8397a 100644
--- a/features/role-mgt/org.wso2.carbon.identity.role.mgt.core.server.feature/pom.xml
+++ b/features/role-mgt/org.wso2.carbon.identity.role.mgt.core.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
role-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core.server.feature/pom.xml b/features/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core.server.feature/pom.xml
index ed7a062b141c..38139b75eff4 100644
--- a/features/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core.server.feature/pom.xml
+++ b/features/role-mgt/org.wso2.carbon.identity.role.v2.mgt.core.server.feature/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
role-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/role-mgt/pom.xml b/features/role-mgt/pom.xml
index 5e5e2a73149f..40fe83611668 100644
--- a/features/role-mgt/pom.xml
+++ b/features/role-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/secret-mgt/org.wso2.carbon.identity.secret.mgt.core.server.feature/pom.xml b/features/secret-mgt/org.wso2.carbon.identity.secret.mgt.core.server.feature/pom.xml
index 1a7500133532..90d29a9b95ab 100644
--- a/features/secret-mgt/org.wso2.carbon.identity.secret.mgt.core.server.feature/pom.xml
+++ b/features/secret-mgt/org.wso2.carbon.identity.secret.mgt.core.server.feature/pom.xml
@@ -19,7 +19,7 @@
org.wso2.carbon.identity.framework
secret-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
4.0.0
diff --git a/features/secret-mgt/pom.xml b/features/secret-mgt/pom.xml
index d5dce80552aa..6dcf7135bcd4 100644
--- a/features/secret-mgt/pom.xml
+++ b/features/secret-mgt/pom.xml
@@ -19,7 +19,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/security-mgt/org.wso2.carbon.security.mgt.feature/pom.xml b/features/security-mgt/org.wso2.carbon.security.mgt.feature/pom.xml
index dac033b37da5..9a1ee2951f35 100644
--- a/features/security-mgt/org.wso2.carbon.security.mgt.feature/pom.xml
+++ b/features/security-mgt/org.wso2.carbon.security.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
security-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/security-mgt/org.wso2.carbon.security.mgt.server.feature/pom.xml b/features/security-mgt/org.wso2.carbon.security.mgt.server.feature/pom.xml
index 407c925b622e..41e524645ab8 100644
--- a/features/security-mgt/org.wso2.carbon.security.mgt.server.feature/pom.xml
+++ b/features/security-mgt/org.wso2.carbon.security.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
security-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/security-mgt/org.wso2.carbon.security.mgt.ui.feature/pom.xml b/features/security-mgt/org.wso2.carbon.security.mgt.ui.feature/pom.xml
index 38b849688487..92985bd8a1be 100644
--- a/features/security-mgt/org.wso2.carbon.security.mgt.ui.feature/pom.xml
+++ b/features/security-mgt/org.wso2.carbon.security.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
security-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/security-mgt/pom.xml b/features/security-mgt/pom.xml
index 23b76e5f0a4b..a26dbbfc0cbf 100644
--- a/features/security-mgt/pom.xml
+++ b/features/security-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/template-mgt/org.wso2.carbon.identity.template.mgt.feature/pom.xml b/features/template-mgt/org.wso2.carbon.identity.template.mgt.feature/pom.xml
index ff45901a74f6..95eb5d6972e6 100644
--- a/features/template-mgt/org.wso2.carbon.identity.template.mgt.feature/pom.xml
+++ b/features/template-mgt/org.wso2.carbon.identity.template.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
template-management-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/template-mgt/org.wso2.carbon.identity.template.mgt.server.feature/pom.xml b/features/template-mgt/org.wso2.carbon.identity.template.mgt.server.feature/pom.xml
index b9eebc23b3b6..a84ac24dfe31 100644
--- a/features/template-mgt/org.wso2.carbon.identity.template.mgt.server.feature/pom.xml
+++ b/features/template-mgt/org.wso2.carbon.identity.template.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
template-management-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/template-mgt/org.wso2.carbon.identity.template.mgt.ui.feature/pom.xml b/features/template-mgt/org.wso2.carbon.identity.template.mgt.ui.feature/pom.xml
index f32e8e1f3a90..6a1f016698b2 100644
--- a/features/template-mgt/org.wso2.carbon.identity.template.mgt.ui.feature/pom.xml
+++ b/features/template-mgt/org.wso2.carbon.identity.template.mgt.ui.feature/pom.xml
@@ -21,7 +21,7 @@
template-management-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/template-mgt/pom.xml b/features/template-mgt/pom.xml
index 2f922daaf0e8..5d36329c2a12 100644
--- a/features/template-mgt/pom.xml
+++ b/features/template-mgt/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt.server.feature/pom.xml b/features/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt.server.feature/pom.xml
index 5f0e61f013e1..874466503537 100644
--- a/features/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt.server.feature/pom.xml
+++ b/features/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt.server.feature/pom.xml
@@ -22,7 +22,7 @@
org.wso2.carbon.identity.framework
trusted-app-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/trusted-app-mgt/pom.xml b/features/trusted-app-mgt/pom.xml
index fc875c371722..f5c669dccaba 100644
--- a/features/trusted-app-mgt/pom.xml
+++ b/features/trusted-app-mgt/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.feature/pom.xml b/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.feature/pom.xml
index 16b2a36cf03a..9d9aca215335 100644
--- a/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.feature/pom.xml
+++ b/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.feature/pom.xml
@@ -21,7 +21,7 @@
user-functionality-mgt-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.server.feature/pom.xml b/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.server.feature/pom.xml
index 6739c964169b..d0744da1c3b5 100644
--- a/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.server.feature/pom.xml
+++ b/features/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt.server.feature/pom.xml
@@ -21,7 +21,7 @@
user-functionality-mgt-feature
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
4.0.0
diff --git a/features/user-functionality-mgt/pom.xml b/features/user-functionality-mgt/pom.xml
index f67f8125b923..ffc54fb9db8f 100644
--- a/features/user-functionality-mgt/pom.xml
+++ b/features/user-functionality-mgt/pom.xml
@@ -21,7 +21,7 @@
identity-framework
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
4.0.0
diff --git a/features/user-mgt/org.wso2.carbon.identity.user.profile.feature/pom.xml b/features/user-mgt/org.wso2.carbon.identity.user.profile.feature/pom.xml
index 657799879fe0..4ecc7b73651b 100644
--- a/features/user-mgt/org.wso2.carbon.identity.user.profile.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.identity.user.profile.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.identity.user.profile.server.feature/pom.xml b/features/user-mgt/org.wso2.carbon.identity.user.profile.server.feature/pom.xml
index 88ba4fc9b470..e736a9545b53 100644
--- a/features/user-mgt/org.wso2.carbon.identity.user.profile.server.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.identity.user.profile.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.identity.user.profile.ui.feature/pom.xml b/features/user-mgt/org.wso2.carbon.identity.user.profile.ui.feature/pom.xml
index 64c61e63524c..9fbba1f4ccd1 100644
--- a/features/user-mgt/org.wso2.carbon.identity.user.profile.ui.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.identity.user.profile.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.identity.user.registration.feature/pom.xml b/features/user-mgt/org.wso2.carbon.identity.user.registration.feature/pom.xml
index c98aa7fd8f4e..7cb88d8d9067 100644
--- a/features/user-mgt/org.wso2.carbon.identity.user.registration.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.identity.user.registration.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.identity.user.registration.server.feature/pom.xml b/features/user-mgt/org.wso2.carbon.identity.user.registration.server.feature/pom.xml
index 7e4e288927f9..edbf96f580cd 100644
--- a/features/user-mgt/org.wso2.carbon.identity.user.registration.server.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.identity.user.registration.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.identity.user.registration.ui.feature/pom.xml b/features/user-mgt/org.wso2.carbon.identity.user.registration.ui.feature/pom.xml
index 30a9b982f2ab..7618acf0ce5e 100644
--- a/features/user-mgt/org.wso2.carbon.identity.user.registration.ui.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.identity.user.registration.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.role.mgt.ui.feature/pom.xml b/features/user-mgt/org.wso2.carbon.role.mgt.ui.feature/pom.xml
index 6cdaa166d3cc..6d8ef4cf06c3 100644
--- a/features/user-mgt/org.wso2.carbon.role.mgt.ui.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.role.mgt.ui.feature/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.user.mgt.feature/pom.xml b/features/user-mgt/org.wso2.carbon.user.mgt.feature/pom.xml
index 88e5e69ba12d..d6359f937dde 100644
--- a/features/user-mgt/org.wso2.carbon.user.mgt.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.user.mgt.feature/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.user.mgt.server.feature/pom.xml b/features/user-mgt/org.wso2.carbon.user.mgt.server.feature/pom.xml
index bef34bdb0ff5..080f82caefaf 100644
--- a/features/user-mgt/org.wso2.carbon.user.mgt.server.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.user.mgt.server.feature/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/org.wso2.carbon.user.mgt.ui.feature/pom.xml b/features/user-mgt/org.wso2.carbon.user.mgt.ui.feature/pom.xml
index 2f4d27dedbc8..f8bf39a44a54 100644
--- a/features/user-mgt/org.wso2.carbon.user.mgt.ui.feature/pom.xml
+++ b/features/user-mgt/org.wso2.carbon.user.mgt.ui.feature/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
user-mgt-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-mgt/pom.xml b/features/user-mgt/pom.xml
index e792662c8d2d..64ff5f9fad92 100644
--- a/features/user-mgt/pom.xml
+++ b/features/user-mgt/pom.xml
@@ -17,7 +17,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/user-store/org.wso2.carbon.identity.user.store.configuration.server.feature/pom.xml b/features/user-store/org.wso2.carbon.identity.user.store.configuration.server.feature/pom.xml
index 301953dc85e0..339f95830969 100644
--- a/features/user-store/org.wso2.carbon.identity.user.store.configuration.server.feature/pom.xml
+++ b/features/user-store/org.wso2.carbon.identity.user.store.configuration.server.feature/pom.xml
@@ -23,7 +23,7 @@
org.wso2.carbon.identity.framework
user-store-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/user-store/pom.xml b/features/user-store/pom.xml
index f1abcd2b9eca..dcdaf54c184b 100644
--- a/features/user-store/pom.xml
+++ b/features/user-store/pom.xml
@@ -23,7 +23,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/features/xacml/org.wso2.carbon.identity.xacml.feature/pom.xml b/features/xacml/org.wso2.carbon.identity.xacml.feature/pom.xml
index 55acf8faf04f..eaf5097ab282 100644
--- a/features/xacml/org.wso2.carbon.identity.xacml.feature/pom.xml
+++ b/features/xacml/org.wso2.carbon.identity.xacml.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
xacml-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/pom.xml b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/pom.xml
index 95a4b41ec473..b27f4dfa3f91 100644
--- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/pom.xml
+++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
xacml-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties
index 23e93ebedec9..e7b81313294d 100644
--- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties
+++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties
@@ -55,12 +55,11 @@ PAP.Entitlement.Data.Finder.1=org.wso2.carbon.identity.entitlement.pap.CarbonEnt
PAP.Policy.Publisher.Module.1=org.wso2.carbon.identity.entitlement.policy.publisher.CarbonBasicPolicyPublisherModule
#PAP.Policy.Post.Publisher.Module.1=
#PAP.Policy.Publisher.Verification.Handler=
-PAP.Policy.Version.Module=org.wso2.carbon.identity.entitlement.policy.version.DefaultPolicyVersionManager
-PAP.Status.Data.Handler.1=org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler
+PAP.Status.Data.Handler.1=org.wso2.carbon.identity.entitlement.persistence.JDBCSimplePAPStatusDataHandler
-PDP.Policy.Finder.1=org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule
+PDP.Policy.Finder.1=org.wso2.carbon.identity.entitlement.persistence.JDBCPolicyPersistenceManager
#PDP.Policy.Collection
-PDP.Policy.Store.Module=org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule
+PDP.Policy.Store.Module=org.wso2.carbon.identity.entitlement.dao.JDBCPolicyPersistenceManager
PDP.Policy.Data.Store.Module=org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore
# Properties needed for each extension.
diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2 b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2
index 604799985525..b9935a6b7895 100644
--- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2
+++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2
@@ -92,7 +92,6 @@ PAP.Policy.Publisher.Module.{{index}}={{custom_policy_publisher}}
#PAP.Policy.Post.Publisher.Module.1=
#PAP.Policy.Publisher.Verification.Handler=
-PAP.Policy.Version.Module={{identity.entitlement.policy_point.pap.policy_version_module}}
{% set status_data_handler_count = [] %}
{% for status_data_handler in identity.entitlement.policy_point.pap.status_data_handlers %}
PAP.Status.Data.Handler.{{loop.index}}={{status_data_handler}}
diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json
index 09484b2a3905..b8c7fc00c645 100644
--- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json
+++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json
@@ -15,9 +15,9 @@
"identity.entitlement.policy_point.pdp.registry_level_policy_cache_clear": false,
"identity.entitlement.policy_point.pdp.reference_max_policy_entries": "3000",
"identity.entitlement.policy_point.pdp.policy_finders": [
- "org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule"
+ "org.wso2.carbon.identity.entitlement.persistence.JDBCPolicyPersistenceManager"
],
- "identity.entitlement.policy_point.pdp.policy_store_module": "org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule",
+ "identity.entitlement.policy_point.pdp.policy_store_module": "org.wso2.carbon.identity.entitlement.persistence.JDBCPolicyPersistenceManager",
"identity.entitlement.policy_point.pdp.policy_data_store_module": "org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore",
"identity.entitlement.policy_point.pap.enabled": true,
"identity.entitlement.policy_point.pap.policy_add_start_enable": true,
@@ -29,9 +29,8 @@
"identity.entitlement.policy_point.pap.policy_publisher_modules": [
"org.wso2.carbon.identity.entitlement.policy.publisher.CarbonBasicPolicyPublisherModule"
],
- "identity.entitlement.policy_point.pap.policy_version_module": "org.wso2.carbon.identity.entitlement.policy.version.DefaultPolicyVersionManager",
"identity.entitlement.policy_point.pap.status_data_handlers": [
- "org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler"
+ "org.wso2.carbon.identity.entitlement.persistence.JDBCSimplePAPStatusDataHandler"
],
"identity.entitlement.policy_point.pip.attribute_designators": [
"org.wso2.carbon.identity.entitlement.pip.DefaultAttributeFinder",
diff --git a/features/xacml/org.wso2.carbon.identity.xacml.ui.feature/pom.xml b/features/xacml/org.wso2.carbon.identity.xacml.ui.feature/pom.xml
index cf43a30033e3..6644b8cca7aa 100644
--- a/features/xacml/org.wso2.carbon.identity.xacml.ui.feature/pom.xml
+++ b/features/xacml/org.wso2.carbon.identity.xacml.ui.feature/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
xacml-feature
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/features/xacml/pom.xml b/features/xacml/pom.xml
index c978ceb08154..0dd080701ba0 100644
--- a/features/xacml/pom.xml
+++ b/features/xacml/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/pom.xml b/pom.xml
index 2ad5134121f9..69bb667e4b77 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
org.wso2.carbon.identity.framework
identity-framework
pom
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
WSO2 Carbon - Platform Aggregator Pom
http://wso2.org
@@ -1875,7 +1875,7 @@
4.7.39
[4.7.2, 5.0.0)
- 2.1.3
+ 2.1.7
[2.0.0,2.2.0)
diff --git a/service-stubs/identity/org.wso2.carbon.claim.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.claim.mgt.stub/pom.xml
index 2a7f88993fc7..986aa715c6e5 100644
--- a/service-stubs/identity/org.wso2.carbon.claim.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.claim.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.directory.server.manager.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.directory.server.manager.stub/pom.xml
index 83097644ceea..d4f044c2e708 100644
--- a/service-stubs/identity/org.wso2.carbon.directory.server.manager.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.directory.server.manager.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.application.authentication.framework.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.application.authentication.framework.stub/pom.xml
index 6d9fa56ed199..ce9f60a70c0f 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.application.authentication.framework.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.application.authentication.framework.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
4.0.0
diff --git a/service-stubs/identity/org.wso2.carbon.identity.application.default.authentication.sequence.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.application.default.authentication.sequence.mgt.stub/pom.xml
index 5455605cf482..e36c78d46e8a 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.application.default.authentication.sequence.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.application.default.authentication.sequence.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/pom.xml
index 7d880a0ead40..624f82135771 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.claim.metadata.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.claim.metadata.mgt.stub/pom.xml
index 73a5a0fc0e4f..ededa70792b3 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.claim.metadata.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.claim.metadata.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.entitlement.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.entitlement.stub/pom.xml
index daa60807e220..23a2339b7da1 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.entitlement.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.entitlement.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.functions.library.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.functions.library.mgt.stub/pom.xml
index 4966fb21d79c..9170aa80cf02 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.functions.library.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.functions.library.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
carbon-service-stubs
org.wso2.carbon.identity.framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
4.0.0
diff --git a/service-stubs/identity/org.wso2.carbon.identity.governance.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.governance.stub/pom.xml
index bcb144dcb869..9e69f0d57b37 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.governance.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.governance.stub/pom.xml
@@ -18,7 +18,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.mgt.stub/pom.xml
index 75878d25f395..bc114d4b0579 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.user.profile.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.user.profile.stub/pom.xml
index 6cf626248ab4..f3b9b67f0b2c 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.user.profile.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.user.profile.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.user.registration.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.user.registration.stub/pom.xml
index af60a71cc3e2..8fb4c2a68be5 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.user.registration.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.user.registration.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.user.store.configuration.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.user.store.configuration.stub/pom.xml
index b62dfcf94e6f..7ed4f69d0196 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.user.store.configuration.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.user.store.configuration.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.identity.user.store.count.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.identity.user.store.count.stub/pom.xml
index 5e6ae7b63035..eb264183b90f 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.user.store.count.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.identity.user.store.count.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.idp.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.idp.mgt.stub/pom.xml
index 85b5b2faff1d..d0d0d2fc6537 100644
--- a/service-stubs/identity/org.wso2.carbon.idp.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.idp.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.security.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.security.mgt.stub/pom.xml
index f9d2e4a42316..e32c7fb7b1b2 100644
--- a/service-stubs/identity/org.wso2.carbon.security.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.security.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/org.wso2.carbon.user.mgt.stub/pom.xml b/service-stubs/identity/org.wso2.carbon.user.mgt.stub/pom.xml
index 85bc79f8b0c7..62a062d0cf44 100644
--- a/service-stubs/identity/org.wso2.carbon.user.mgt.stub/pom.xml
+++ b/service-stubs/identity/org.wso2.carbon.user.mgt.stub/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
carbon-service-stubs
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../pom.xml
diff --git a/service-stubs/identity/pom.xml b/service-stubs/identity/pom.xml
index 03dc75c997f6..b2b547849407 100644
--- a/service-stubs/identity/pom.xml
+++ b/service-stubs/identity/pom.xml
@@ -21,7 +21,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml
diff --git a/test-utils/org.wso2.carbon.identity.testutil/pom.xml b/test-utils/org.wso2.carbon.identity.testutil/pom.xml
index 0554b8c6f7b7..24a26cf49f20 100644
--- a/test-utils/org.wso2.carbon.identity.testutil/pom.xml
+++ b/test-utils/org.wso2.carbon.identity.testutil/pom.xml
@@ -18,7 +18,7 @@
org.wso2.carbon.identity.framework
identity-framework
- 7.3.66-SNAPSHOT
+ 7.4.6-SNAPSHOT
../../pom.xml