From: remillet <remillet@yahoo.com>
Date: Sat, 28 Oct 2017 00:06:49 +0000 (-0700)
Subject: DRYD-177: First stages of moving authority and vocab initialization to the Services... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=83420ac3cf91a4334ff9734e1e66e556bdc256cf;p=tmp%2Fjakarta-migration.git

DRYD-177: First stages of moving authority and vocab initialization to the Services startup.
---

diff --git a/services/JaxRsServiceProvider/pom.xml b/services/JaxRsServiceProvider/pom.xml
index e2832a818..9c8f180e6 100644
--- a/services/JaxRsServiceProvider/pom.xml
+++ b/services/JaxRsServiceProvider/pom.xml
@@ -93,6 +93,37 @@
             		<groupId>org.jboss.logging</groupId>
             	</exclusion>
             </exclusions>
+        </dependency>
+        <dependency>
+			<groupId>org.collectionspace.services</groupId>
+        	<artifactId>org.collectionspace.services.authentication.service</artifactId>
+        	<version>${project.version}</version>
+        	<exclusions>
+				<exclusion>
+					<artifactId>servlet-api-2.5</artifactId>
+					<groupId>org.mortbay.jetty</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>spring-core</artifactId>
+					<groupId>org.springframework</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>spring-beans</artifactId>
+					<groupId>org.springframework</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>jsp-api-2.1</artifactId>
+					<groupId>org.mortbay.jetty</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>jsp-2.1</artifactId>
+					<groupId>org.mortbay.jetty</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>jaxb-impl</artifactId>
+					<groupId>com.sun.xml.bind</groupId>
+				</exclusion>
+			</exclusions>
         </dependency>
 		<dependency>
 			<groupId>org.collectionspace.services</groupId>
diff --git a/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CSpaceResteasyBootstrap.java b/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CSpaceResteasyBootstrap.java
index 0781ac4f4..495c2b0fa 100644
--- a/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CSpaceResteasyBootstrap.java
+++ b/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CSpaceResteasyBootstrap.java
@@ -1,11 +1,27 @@
 package org.collectionspace.services.jaxrs;
 
 import javax.servlet.ServletContextEvent;
+import javax.ws.rs.core.Response;
 
 import org.jboss.resteasy.core.Dispatcher;
 import org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap;
+import org.collectionspace.authentication.CSpaceTenant;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.client.PersonAuthorityClient;
+import org.collectionspace.services.client.PersonAuthorityClientUtils;
+import org.collectionspace.services.client.PoxPayloadOut;
+import org.collectionspace.services.person.PersonAuthorityResource;
 import org.collectionspace.services.common.ResourceMap;
+import org.collectionspace.services.common.ServiceMain;
+import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
+import org.collectionspace.services.config.service.AuthorityInstanceType;
+import org.collectionspace.services.config.service.ServiceBindingType;
+import org.collectionspace.services.config.service.ServiceBindingType.AuthorityInstanceList;
+import org.collectionspace.services.config.tenant.TenantBindingType;
+
 import java.util.Date;
+import java.util.Hashtable;
+import java.util.List;
 
 public class CSpaceResteasyBootstrap extends ResteasyBootstrap {
 	
@@ -21,6 +37,9 @@ public class CSpaceResteasyBootstrap extends ResteasyBootstrap {
 			CollectionSpaceJaxRsApplication app = (CollectionSpaceJaxRsApplication)deployment.getApplication();
 			Dispatcher disp = deployment.getDispatcher();
 			disp.getDefaultContextObjects().put(ResourceMap.class, app.getResourceMap());
+			
+			initializeAuthorities(app.getResourceMap());
+			
 	    	System.out.println(String.format("%tc [INFO] CollectionSpace Services' JAX-RS application started.", new Date()));
 		} catch (Throwable e) {
 			e.printStackTrace();
@@ -35,4 +54,44 @@ public class CSpaceResteasyBootstrap extends ResteasyBootstrap {
     	System.out.println("[INFO] CollectionSpace Services' JAX-RS application stopped.");
     }	
 
+    public void initializeAuthorities(ResourceMap resourceMap) {
+    	TenantBindingConfigReaderImpl tenantBindingConfigReader = ServiceMain.getInstance().getTenantBindingConfigReader();    	
+    	Hashtable<String, TenantBindingType> tenantBindingsTable = tenantBindingConfigReader.getTenantBindings(false);
+    	for (TenantBindingType tenantBindings : tenantBindingsTable.values()) {
+    		for (ServiceBindingType serviceBinding : tenantBindings.getServiceBindings()) {
+    			AuthorityInstanceList element = serviceBinding.getAuthorityInstanceList();
+    			if (element != null && element.getAuthorityInstance() != null) {
+    				List<AuthorityInstanceType> authorityInstanceList = element.getAuthorityInstance();
+    				for (AuthorityInstanceType authorityInstance : authorityInstanceList) {
+    					CSpaceTenant tenant = new CSpaceTenant(tenantBindings.getId(), tenantBindings.getName());
+    					initializeAuthorityInstance(resourceMap, authorityInstance, serviceBinding.getName(), tenant);
+    				}
+    			}
+    		}
+    	}
+	}
+
+    private void initializeAuthorityInstance(ResourceMap resourceMap, AuthorityInstanceType authorityInstance, String serviceName, CSpaceTenant tenant) {
+		// TODO Auto-generated method stub
+		try {
+			AuthZ.get().login(tenant);
+			PersonAuthorityClient client = new PersonAuthorityClient();			
+			PoxPayloadOut xmlPayloadOut = PersonAuthorityClientUtils.createPersonAuthorityInstance(
+					authorityInstance.getTitle(), authorityInstance.getTitleRef(), client.getCommonPartName());
+			String xmlPayload = xmlPayloadOut.asXML();
+			PersonAuthorityResource personAuthorityResource = (PersonAuthorityResource) resourceMap.get(serviceName.toLowerCase());
+			Response response = personAuthorityResource.createAuthority(xmlPayload);
+			int status = response.getStatus();
+						
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+	}
+
+	private void initializeVocabularies() {
+		// TODO Auto-generated method stub
+		
+	}
+
 }
diff --git a/services/account/service/pom.xml b/services/account/service/pom.xml
index fbae53536..022948733 100644
--- a/services/account/service/pom.xml
+++ b/services/account/service/pom.xml
@@ -49,6 +49,12 @@
             <artifactId>org.collectionspace.services.account.client</artifactId>
             <version>${project.version}</version>
         </dependency>
+		<dependency>
+			<groupId>org.collectionspace.services</groupId>
+			<artifactId>org.collectionspace.services.authentication.service</artifactId>
+			<version>${project.version}</version>
+			<scope>provided</scope>
+		</dependency>        
 
         <!-- External dependencies -->
         
diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
index 4b05c1bd9..811df57b6 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
@@ -28,6 +28,7 @@ import java.util.ArrayList;
 
 import javax.persistence.PersistenceException;
 
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.services.account.storage.AccountRoleDocumentHandler;
 //import org.collectionspace.services.authorization.AccountRolesList;
 //import org.collectionspace.services.authorization.AccountRolesList.AccountRoleListItem;
@@ -178,8 +179,8 @@ public class AccountRoleSubResource
     	input.setRole(springRoles);
     	RoleValue springAdminRole = new RoleValue();
     	springRoles.add(springAdminRole);
-    	springAdminRole.setRoleId(AuthorizationCommon.ROLE_SPRING_ADMIN_ID);
-    	springAdminRole.setRoleName(AuthorizationCommon.ROLE_SPRING_ADMIN_NAME);
+    	springAdminRole.setRoleId(AuthN.ROLE_SPRING_ADMIN_ID);
+    	springAdminRole.setRoleName(AuthN.ROLE_SPRING_ADMIN_NAME);
 
     	// The Spring role relationship may already exist, if it does then we'll get a PersistenceException that
     	// we'll just ignore.
@@ -191,7 +192,7 @@ public class AccountRoleSubResource
     		//If we get this exception, it means that the role relationship already exists, so
     		//we can just ignore this exception.
     		if (logger.isTraceEnabled() == true) {
-    			logger.trace(AuthorizationCommon.ROLE_SPRING_ADMIN_NAME +
+    			logger.trace(AuthN.ROLE_SPRING_ADMIN_NAME +
     					" relationship already exists for account: " +
     					input.getAccount().get(0).getAccountId(), e);
     		}
diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java
index 5cf351b12..b1a6db2e2 100644
--- a/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java
+++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java
@@ -68,9 +68,28 @@ public class AuthN {
     private static DataSource dataSource = null;
     private AuthNContext authnContext;
     
+    //
+    // The "super" role has a predefined ID of "0" and a tenant ID of "0";
+    //
+    final public static String ROLE_ALL_TENANTS_MANAGER = "ALL_TENANTS_MANAGER";
+    final public static String ROLE_ALL_TENANTS_MANAGER_ID = "0";
+    final public static String ALL_TENANTS_MANAGER_TENANT_ID = "0";
+    public static final String ADMIN_TENANT_ID = "0";
+    public static final String ANONYMOUS_TENANT_ID = "-1";
+    
+    public static final String ANONYMOUS_USER = "anonymous";
+    public static final String ANONYMOUS_TENANT_NAME = ANONYMOUS_USER;
+    public static final String SPRING_ADMIN_USER = "SPRING_ADMIN";
+    public static final String SPRING_ADMIN_PASSWORD = "SPRING_ADMIN";
+    public static final String TENANT_ID_QUERY_PARAM = "tid";
+    public static final String TENANT_ID_PATH_PARAM = "tenantId";
+    
+    public static final String ROLE_SPRING_ADMIN_ID = "-1";
+    public static final String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";
+
     // Define a special account value for the tenantManager. Yes, this is a hack, but
     // less troublesome than the alternatives.
-    public static final String TENANT_MANAGER_ACCT_ID = "0"; 
+    public static final String TENANT_MANAGER_ACCT_ID = ALL_TENANTS_MANAGER_TENANT_ID;
 
     private AuthN() {
         //hardcoded initialization of a provider
diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java
index c8c911a11..873fabe82 100644
--- a/services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java
+++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java
@@ -32,13 +32,6 @@ import org.collectionspace.authentication.CSpaceUser;
  */
 public interface AuthNContext {
     
-    public static final String ANONYMOUS_USER = "anonymous";
-    public static final String ANONYMOUS_TENANT_ID = "-1";
-    public static final String ANONYMOUS_TENANT_NAME = ANONYMOUS_USER;
-    public static final String SPRING_ADMIN_USER = "SPRING_ADMIN";
-    public static final String TENANT_ID_QUERY_PARAM = "tid";
-    public static final String TENANT_ID_PATH_PARAM = "tenantId";
-
     /**
      * Returns the username of the authenticated user.
      * 
diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java
index 11af77509..2d3ef77f6 100644
--- a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java
+++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java
@@ -23,6 +23,7 @@
  */
 package org.collectionspace.authentication.spring;
 
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.authentication.CSpaceTenant;
 import org.collectionspace.authentication.CSpaceUser;
 import org.collectionspace.authentication.spi.AuthNContext;
@@ -39,25 +40,31 @@ public class SpringAuthNContext implements AuthNContext {
      * 
      * @return the username
      */
-    public String getUserId() {
+    @Override
+	public String getUserId() {
         Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
         
         if (authToken == null) {
-            return ANONYMOUS_USER;
+            return AuthN.ANONYMOUS_USER;
         }
         
         return authToken.getName();
     }
 
     /**
-     * Returns the authenticated user.
+     * Returns the authenticated CSpaceUser user.
      * 
      * @return the user
      */
-    public CSpaceUser getUser() {
+    @Override
+	public CSpaceUser getUser() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         Object principal = authentication.getPrincipal();
-        CSpaceUser user = (CSpaceUser) principal;
+        
+        CSpaceUser user = null;
+        if (principal instanceof CSpaceUser ) {
+        	user = (CSpaceUser) principal;
+        }
         
         return user;
     }
@@ -67,14 +74,23 @@ public class SpringAuthNContext implements AuthNContext {
      * 
      * @return the tenant id
      */
-    public String getCurrentTenantId() {
-        String username = getUserId();
-        
-        if (username.equals(ANONYMOUS_USER) || username.equals(SPRING_ADMIN_USER)) {
-            return ANONYMOUS_TENANT_ID;
-        }
-
-        return getCurrentTenant().getId();
+    @Override
+	public String getCurrentTenantId() {
+    	String result = null;
+    	
+    	CSpaceUser cspaceUser = getUser();
+    	if (cspaceUser != null) {
+            result = getCurrentTenant().getId();
+    	} else {
+	        String username = getUserId();        
+	        if (username.equals(AuthN.ANONYMOUS_USER)) {
+	            result = AuthN.ANONYMOUS_TENANT_ID;
+	        } else if (username.equals(AuthN.SPRING_ADMIN_USER)) {
+	            result = AuthN.ADMIN_TENANT_ID;
+	        }
+    	}
+    	
+    	return result;
     }
 
     /**
@@ -82,9 +98,10 @@ public class SpringAuthNContext implements AuthNContext {
      * 
      * @return the tenant name
      */
-    public String getCurrentTenantName() {
-        if (getUserId().equals(ANONYMOUS_USER)) {
-            return ANONYMOUS_TENANT_NAME;
+    @Override
+	public String getCurrentTenantName() {
+        if (getUserId().equals(AuthN.ANONYMOUS_USER)) {
+            return AuthN.ANONYMOUS_TENANT_NAME;
         }
 
         return getCurrentTenant().getName();
@@ -95,7 +112,8 @@ public class SpringAuthNContext implements AuthNContext {
      * 
      * @return the tenant
      */
-    public CSpaceTenant getCurrentTenant() {
+    @Override
+	public CSpaceTenant getCurrentTenant() {
         return getUser().getPrimaryTenant();
     }
 }
diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
index 55b662d84..5dfa264ba 100644
--- a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
@@ -31,6 +31,7 @@ import java.util.List;
 import javax.persistence.EntityManager;
 import javax.persistence.EntityManagerFactory;
 
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.services.authorization.AuthZ;
 import org.collectionspace.services.authorization.perms.Permission;
 import org.collectionspace.services.authorization.PermissionRole;
@@ -175,7 +176,7 @@ public class AuthorizationSeedDriver {
 
     private void login() {
         //GrantedAuthority cspace_admin = new SimpleGrantedAuthority("ROLE_ADMINISTRATOR");
-        GrantedAuthority spring_security_admin = new SimpleGrantedAuthority("ROLE_SPRING_ADMIN"); //NOTE: Must match with value in applicationContext-authorization-test.xml (aka SPRING_SECURITY_METADATA)
+        GrantedAuthority spring_security_admin = new SimpleGrantedAuthority(AuthN.ROLE_SPRING_ADMIN_NAME); //NOTE: Must match with value in applicationContext-authorization-test.xml (aka SPRING_SECURITY_METADATA)
         HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
         //gauths.add(cspace_admin);
         gauths.add(spring_security_admin);
diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
index 892ffbacf..b2ec4ed95 100644
--- a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
@@ -32,6 +32,7 @@ import java.util.List;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.Marshaller;
 import org.collectionspace.services.authorization.perms.Permission;
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.services.authorization.PermissionRole;
 import org.collectionspace.services.authorization.PermissionValue;
 import org.collectionspace.services.authorization.perms.PermissionsList;
@@ -408,11 +409,11 @@ public class AuthorizationGen {
         Role role = new Role();
         
         role.setDescription("A generated super role that has permissions to manage tenants.");
-        role.setDisplayName(AuthorizationCommon.ROLE_ALL_TENANTS_MANAGER);
+        role.setDisplayName(AuthN.ROLE_ALL_TENANTS_MANAGER);
         role.setRoleName(AuthorizationCommon.getQualifiedRoleName(
-        		AuthorizationCommon.ALL_TENANTS_MANAGER_TENANT_ID, role.getDisplayName()));
-        role.setCsid(AuthorizationCommon.ROLE_ALL_TENANTS_MANAGER_ID);
-        role.setTenantId(AuthorizationCommon.ALL_TENANTS_MANAGER_TENANT_ID);
+        		AuthN.ALL_TENANTS_MANAGER_TENANT_ID, role.getDisplayName()));
+        role.setCsid(AuthN.ROLE_ALL_TENANTS_MANAGER_ID);
+        role.setTenantId(AuthN.ALL_TENANTS_MANAGER_TENANT_ID);
         
         return role;
     }
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
index 9dd09df36..71c9ee302 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
@@ -28,6 +28,10 @@ import java.util.HashSet;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.collectionspace.authentication.AuthN;
+import org.collectionspace.authentication.CSpaceTenant;
+import org.collectionspace.authentication.CSpaceUser;
+import org.collectionspace.authentication.spi.AuthNContext;
 import org.collectionspace.services.authorization.perms.ActionType;
 import org.collectionspace.services.authorization.spi.CSpaceAuthorizationProvider;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
@@ -215,17 +219,42 @@ public class AuthZ {
         return provider.getPermissionEvaluator().hasPermission(res, action);
     }
     
+    //
+    // Login as the admin of no specific tenant
+    //
     public void login() {
-    	String user = "SPRING_ADMIN";
-    	String password = "SPRING_ADMIN";
-        GrantedAuthority spring_security_admin = new SimpleGrantedAuthority("ROLE_SPRING_ADMIN"); //NOTE: Must match with value in applicationContext-authorization-test.xml (aka SPRING_SECURITY_METADATA)
+    	String user = AuthN.SPRING_ADMIN_USER;
+    	String password = AuthN.SPRING_ADMIN_PASSWORD;
+    	
         HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
-        gauths.add(spring_security_admin);
+        gauths.add(new SimpleGrantedAuthority(AuthN.ROLE_SPRING_ADMIN_NAME)); //NOTE: Must match with value in applicationContext-authorization-test.xml (aka SPRING_SECURITY_METADATA));
+        
         Authentication authRequest = new UsernamePasswordAuthenticationToken(user, password, gauths);
         SecurityContextHolder.getContext().setAuthentication(authRequest);
         if (logger.isDebugEnabled()) {
             logger.debug("Spring Security login successful for user=" + user);
         }
     }
+    
+    //
+    // Login as the admin for a specific tenant
+    //
+    public void login(CSpaceTenant tenant) {
+    	String user = AuthN.SPRING_ADMIN_USER;
+    	String password = AuthN.SPRING_ADMIN_PASSWORD;
+    	    	
+    	HashSet<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();
+    	grantedAuthorities.add(new SimpleGrantedAuthority(AuthN.ROLE_SPRING_ADMIN_NAME));
+    	
+    	HashSet<CSpaceTenant> tenantSet = new HashSet<CSpaceTenant>();
+    	tenantSet.add(tenant);
+    	CSpaceUser principal = new CSpaceUser(user, password, tenantSet, grantedAuthorities);
+    	
+        Authentication authRequest = new UsernamePasswordAuthenticationToken(principal, password, grantedAuthorities);
+        SecurityContextHolder.getContext().setAuthentication(authRequest);
+        if (logger.isDebugEnabled()) {
+            logger.debug("Spring Security login successful for user=" + user);
+        }
+    }
 
 }
diff --git a/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java b/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
index 303cb1163..0eeda956a 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
@@ -99,7 +99,7 @@ public class ServiceMain {
     private ServiceMain() {
     	// Intentionally blank
     }
-    
+        
     /*
      * 
      * Set this singletons ServletContext without any call to initialize
@@ -231,6 +231,12 @@ public class ServiceMain {
 					e.getLocalizedMessage(), e);
 			throw e;
 		}
+		
+		//
+		// Ensure default vocabulary and authority instances and their corresponding terms exist.
+		//
+//		initializeVocabularies();
+//		initializeAuthorities();
         
         /*
          * This might be useful for something, but the reader grants are better handled in the ReportPostInitHandler.
@@ -243,7 +249,7 @@ public class ServiceMain {
 		showTenantStatus();
     }
         
-    /**
+	/**
      * Returns the primary repository name for a tenant -there's usually just one.
      * @param tenantBinding
      * @return
diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
index 5b2464628..17f00e974 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
@@ -87,13 +87,6 @@ public class AuthorizationCommon {
 	
     final static Logger logger = LoggerFactory.getLogger(AuthorizationCommon.class);
 
-    //
-    // The "super" role has a predefined ID of "0" and a tenant ID of "0";
-    //
-    final public static String ROLE_ALL_TENANTS_MANAGER = "ALL_TENANTS_MANAGER";
-    final public static String ROLE_ALL_TENANTS_MANAGER_ID = "0";
-    final public static String ALL_TENANTS_MANAGER_TENANT_ID = "0";
-
     final public static String ROLE_TENANT_ADMINISTRATOR = "TENANT_ADMINISTRATOR";
     final public static String ROLE_TENANT_READER = "TENANT_READER";
 	
@@ -105,14 +98,10 @@ public class AuthorizationCommon {
     public static final String TENANT_ADMIN_ACCT_PREFIX = "admin@"; 
     public static final String TENANT_READER_ACCT_PREFIX = "reader@"; 
     public static final String ROLE_PREFIX = "ROLE_"; 
-    public static final String SPRING_ADMIN_ROLE = "ROLE_SPRING_ADMIN"; 
     public static final String TENANT_ADMIN_ROLE_SUFFIX = "_TENANT_ADMINISTRATOR"; 
     public static final String TENANT_READER_ROLE_SUFFIX = "_TENANT_READER"; 
     public static final String DEFAULT_ADMIN_PASSWORD = "Administrator";
     public static final String DEFAULT_READER_PASSWORD = "reader";
-
-    public static final String ROLE_SPRING_ADMIN_ID = "-1";
-    public static final String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";
     
     // SQL for init tasks
 	final private static String INSERT_ACCOUNT_ROLE_SQL_MYSQL = 
@@ -135,7 +124,7 @@ public class AuthorizationCommon {
 	final private static String QUERY_TENANT_MGR_USER_SQL = 
     		"SELECT username FROM users WHERE username = '"+TENANT_MANAGER_USER+"'";
 	final private static String GET_TENANT_MGR_ROLE_SQL =
-			"SELECT csid from roles WHERE tenant_id='"+ALL_TENANTS_MANAGER_TENANT_ID+"' and rolename=?";
+			"SELECT csid from roles WHERE tenant_id='" + AuthN.ALL_TENANTS_MANAGER_TENANT_ID + "' and rolename=?";
 
     public static Role getRole(String tenantId, String displayName) {
     	Role role = null;
@@ -685,7 +674,7 @@ public class AuthorizationCommon {
     	PreparedStatement pstmt = null;
     	try {
     		final String querySpringRole = 
-    				"SELECT csid from roles WHERE rolename='"+SPRING_ADMIN_ROLE+"'";
+    				"SELECT csid from roles WHERE rolename='"+AuthN.ROLE_SPRING_ADMIN_NAME+"'";
     		stmt = conn.createStatement();
     		ResultSet rs = stmt.executeQuery(querySpringRole);
     		if(rs.next()) {
@@ -761,8 +750,8 @@ public class AuthorizationCommon {
 		String tenantMgrRoleCSID = null;
     	PreparedStatement pstmt = null;
     	try {
-    		String rolename = getQualifiedRoleName(ALL_TENANTS_MANAGER_TENANT_ID, 
-    												ROLE_ALL_TENANTS_MANAGER);    		
+    		String rolename = getQualifiedRoleName(AuthN.ALL_TENANTS_MANAGER_TENANT_ID, 
+    				AuthN.ROLE_ALL_TENANTS_MANAGER);    		
     		pstmt = conn.prepareStatement(GET_TENANT_MGR_ROLE_SQL); // create a statement
     		ResultSet rs = null;
     		pstmt.setString(1, rolename);	// set rolename param
@@ -826,7 +815,7 @@ public class AuthorizationCommon {
     				pstmt.executeUpdate();
     				// Now add the Spring Admin Role to the admin accounts
     				pstmt.setString(3, springAdminRoleCSID);	// set role_id param
-    				pstmt.setString(4, SPRING_ADMIN_ROLE);		// set rolename param
+    				pstmt.setString(4, AuthN.ROLE_SPRING_ADMIN_NAME);		// set rolename param
     				if (logger.isDebugEnabled()) {
     					logger.debug("createDefaultAccounts binding account: "
     							+adminUserId+" to Spring Admin role: "+springAdminRoleCSID);
@@ -952,7 +941,7 @@ public class AuthorizationCommon {
 	    		String tenantManagerRoleCSID = findTenantManagerRole(conn);
 	    		bindTenantManagerAccountRole(conn, databaseProductType, 
 	    				TENANT_MANAGER_USER, AuthN.TENANT_MANAGER_ACCT_ID, 
-	    				tenantManagerRoleCSID, ROLE_ALL_TENANTS_MANAGER);
+	    				tenantManagerRoleCSID, AuthN.ROLE_ALL_TENANTS_MANAGER);
     		}
         } catch (Exception e) {
 			logger.debug("Exception in createDefaultAccounts: " + e.getLocalizedMessage());
diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
index c61560505..80759dead 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationRoleRel.java
@@ -2,6 +2,7 @@ package org.collectionspace.services.common.authorization_mgt;
 
 import org.collectionspace.services.authorization.AccountValue;
 import org.collectionspace.services.authorization.PermissionRoleRel;
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.services.authorization.AccountRoleRel;
 import org.collectionspace.services.authorization.PermissionValue;
 import org.collectionspace.services.authorization.RoleValue;
@@ -30,7 +31,7 @@ public class AuthorizationRoleRel {
      */
     static public RoleValue buildRoleValue(AccountRoleRel arr) {
     	RoleValue rv = null;
-    	if (arr.getRoleId().equals(AuthorizationCommon.ROLE_SPRING_ADMIN_ID) == false) {
+    	if (arr.getRoleId().equals(AuthN.ROLE_SPRING_ADMIN_ID) == false) {
 	    	rv = new RoleValue();
 	        rv.setRoleId(arr.getRoleId());
 	        rv.setRoleName(arr.getRoleName());
diff --git a/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java b/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
index 24e37fbf6..7bbd0bc86 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
@@ -33,6 +33,7 @@ import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Request;
 import javax.ws.rs.core.UriInfo;
 
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.authentication.spi.AuthNContext;
 import org.collectionspace.services.client.AuthorityClient;
 import org.collectionspace.services.client.CollectionSpaceClient;
@@ -141,8 +142,8 @@ public abstract class AbstractServiceContextImpl<IT, OT>
         checkTenantContext();
 
         String tenantId = securityContext.getCurrentTenantId();
-        if (AuthorizationCommon.ALL_TENANTS_MANAGER_TENANT_ID.equals(tenantId) ||
-        		AuthNContext.ANONYMOUS_TENANT_ID.equals(tenantId)) {
+        if (AuthN.ALL_TENANTS_MANAGER_TENANT_ID.equals(tenantId) ||
+        		AuthN.ANONYMOUS_TENANT_ID.equals(tenantId)) {
         	// Tenant Manager has no tenant binding, so don't bother...
         	tenantBinding = null;
         	serviceBinding = null;
diff --git a/services/common/src/main/java/org/collectionspace/services/common/publicitem/PublicItemResource.java b/services/common/src/main/java/org/collectionspace/services/common/publicitem/PublicItemResource.java
index 7d6138701..082cb3341 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/publicitem/PublicItemResource.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/publicitem/PublicItemResource.java
@@ -26,6 +26,7 @@ package org.collectionspace.services.common.publicitem;
 import java.io.InputStream;
 import java.lang.reflect.Method;
 
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.authentication.spi.AuthNContext;
 import org.collectionspace.services.publicitem.PublicitemsCommon;
 import org.collectionspace.services.client.PublicItemClient;
@@ -87,7 +88,7 @@ public class PublicItemResource extends NuxeoBasedResource {
             @Context Request request,
             @Context UriInfo uriInfo,
             @PathParam("csid") String csid,
-            @PathParam(AuthNContext.TENANT_ID_PATH_PARAM) String tenantId) {
+            @PathParam(AuthN.TENANT_ID_PATH_PARAM) String tenantId) {
     	Response result = null;
 
         try {
diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityContextImpl.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityContextImpl.java
index 7c6896f8a..057b28bb0 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityContextImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityContextImpl.java
@@ -49,7 +49,7 @@ public class SecurityContextImpl implements SecurityContext {
     	String result = AuthN.get().getCurrentTenantId();
     	
     	String userId = AuthN.get().getUserId();
-        if (userId.equals(AuthNContext.ANONYMOUS_USER) == true) {
+        if (userId.equals(AuthN.ANONYMOUS_USER) == true) {
             //
             // If anonymous access is being attempted, then a tenant ID needs to be set as a query param
             //        	
@@ -60,7 +60,7 @@ public class SecurityContextImpl implements SecurityContext {
         	}
         	
 //        	String tenantId = uriInfo.getQueryParameters().getFirst(AuthNContext.TENANT_ID_QUERY_PARAM);
-        	String tenantId = uriInfo.getPathParameters().getFirst(AuthNContext.TENANT_ID_PATH_PARAM);
+        	String tenantId = uriInfo.getPathParameters().getFirst(AuthN.TENANT_ID_PATH_PARAM);
         	if (tenantId == null) {
         		String errMsg = String.format("Anonymous access to '%s' attempted without a valid tenant ID query paramter.",
         				uriInfo.getPath());
diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
index 1c4e6f25f..ba942436a 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
@@ -36,12 +36,11 @@ import org.collectionspace.services.client.CollectionSpaceClient;
 import org.collectionspace.services.client.index.IndexClient;
 import org.collectionspace.services.client.workflow.WorkflowClient;
 import org.collectionspace.services.config.service.ServiceBindingType;
+import org.collectionspace.authentication.AuthN;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.UriInfo;
 
-import org.collectionspace.authentication.AuthN;
-import org.collectionspace.authentication.spi.AuthNContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.jboss.crypto.digest.DigestCallback;
@@ -55,7 +54,6 @@ import org.jboss.security.Base64Utils;
  */
 public class SecurityUtils {
 
-	private static final String ADMIN_TENANT_ID = "0";
     private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
     public static final String URI_PATH_SEPARATOR = "/";
     public static final int MIN_PASSWORD_LENGTH = 8;
@@ -293,12 +291,12 @@ public class SecurityUtils {
     	try {
     		tenantId = AuthN.get().getCurrentTenantId();
     	} catch (Throwable e) {
-    		tenantId = ADMIN_TENANT_ID;
+    		tenantId = AuthN.ADMIN_TENANT_ID;
     	}
     	
         if (tenantId != null) {
-            if (ADMIN_TENANT_ID.equals(tenantId) == true ||
-            		AuthNContext.ANONYMOUS_TENANT_ID.equals(tenantId)) {
+            if (AuthN.ADMIN_TENANT_ID.equals(tenantId) == true ||
+            		AuthN.ANONYMOUS_TENANT_ID.equals(tenantId)) {
                 result = true;
             }
         }
diff --git a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RemoteDocumentModelHandlerImpl.java b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RemoteDocumentModelHandlerImpl.java
index 8e09b2b2a..d6b11a094 100644
--- a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RemoteDocumentModelHandlerImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RemoteDocumentModelHandlerImpl.java
@@ -39,7 +39,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 import javax.xml.bind.JAXBElement;
 
-import org.collectionspace.authentication.spi.AuthNContext;
+import org.collectionspace.authentication.AuthN;
 import org.collectionspace.services.authorization.AccountPermission;
 import org.collectionspace.services.jaxb.AbstractCommonList;
 import org.collectionspace.services.lifecycle.TransitionDef;
@@ -65,7 +65,6 @@ import org.collectionspace.services.common.document.BadRequestException;
 import org.collectionspace.services.common.document.DocumentException;
 import org.collectionspace.services.common.document.DocumentUtils;
 import org.collectionspace.services.common.document.DocumentWrapper;
-import org.collectionspace.services.common.document.DocumentHandler.Action;
 import org.collectionspace.services.common.document.DocumentFilter;
 import org.collectionspace.services.client.IRelationsManager;
 import org.collectionspace.services.common.relation.RelationResource;
@@ -77,7 +76,6 @@ import org.collectionspace.services.common.api.RefNameUtils;
 import org.collectionspace.services.common.api.Tools;
 import org.collectionspace.services.common.vocabulary.RefNameServiceUtils;
 import org.collectionspace.services.common.vocabulary.RefNameServiceUtils.AuthRefConfigInfo;
-import org.collectionspace.services.common.vocabulary.RefNameServiceUtils.AuthorityItemSpecifier;
 import org.collectionspace.services.config.service.DocHandlerParams;
 import org.collectionspace.services.config.service.ListResultField;
 import org.collectionspace.services.config.service.ObjectPartType;
@@ -86,10 +84,10 @@ import org.collectionspace.services.relation.RelationsCommon;
 import org.collectionspace.services.relation.RelationsCommonList;
 import org.collectionspace.services.relation.RelationsDocListItem;
 import org.collectionspace.services.relation.RelationshipType;
+
 import org.dom4j.Element;
 import org.nuxeo.ecm.core.api.DocumentModel;
 import org.nuxeo.ecm.core.api.DocumentModelList;
-import org.nuxeo.ecm.core.api.DocumentNotFoundException;
 import org.nuxeo.ecm.core.api.impl.DataModelImpl;
 import org.nuxeo.ecm.core.api.model.DocumentPart;
 import org.nuxeo.ecm.core.api.model.Property;
@@ -367,7 +365,7 @@ public abstract class   RemoteDocumentModelHandlerImpl<T, TL>
         }
         
         String currentUser = ctx.getUserId();
-        if (currentUser.equalsIgnoreCase(AuthNContext.ANONYMOUS_USER) == false) {
+        if (currentUser.equalsIgnoreCase(AuthN.ANONYMOUS_USER) == false) {
         	addAccountPermissionsPart();
         }
     }
diff --git a/services/config/src/main/resources/instance1.xml b/services/config/src/main/resources/instance1.xml
index 5bfbcbe81..88781295a 100644
--- a/services/config/src/main/resources/instance1.xml
+++ b/services/config/src/main/resources/instance1.xml
@@ -1,323 +1,453 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<tenant:TenantBindingConfig xmlns:types="http://collectionspace.org/services/config/types"
+<service:cow xmlns:types="http://collectionspace.org/services/config/types"
  xmlns:service="http://collectionspace.org/services/config/service"
- xmlns:remoteclientconfig="http://collectionspace.org/services/config/remoteclientconfig"
- xmlns:tenant="http://collectionspace.org/services/config/tenant"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://collectionspace.org/services/config/tenant file:/C:/dev/src/cspace/services/services/config/src/main/resources/tenant.xsd">
-	<tenant:tenantBinding id="ID000" name="name0" displayName="displayName0" version="0.1" createDisabled="false">
-		<tenant:repositoryDomain name="name1" storageName="storageName0" repositoryName="default" repositoryClient="nuxeo-java"/>
-		<tenant:repositoryDomain name="name2" storageName="storageName1" repositoryName="default" repositoryClient="nuxeo-java"/>
-		<tenant:binaryStorePath>123</tenant:binaryStorePath>
-		<tenant:properties>
-			<types:item>
-				<types:key>123</types:key>
-				<types:value>123</types:value>
-			</types:item>
-			<types:item>
-				<types:key>123</types:key>
-				<types:value>123</types:value>
-			</types:item>
-		</tenant:properties>
-		<tenant:properties>
-			<types:item>
-				<types:key>123</types:key>
-				<types:value>123</types:value>
-			</types:item>
-			<types:item>
-				<types:key>123</types:key>
-				<types:value>123</types:value>
-			</types:item>
-		</tenant:properties>
-		<tenant:remoteClientConfigurations>
-			<tenant:remoteClientConfig>
-				<tenant:name>123</tenant:name>
-				<tenant:url>123</tenant:url>
-				<tenant:user>123</tenant:user>
-				<tenant:password>123</tenant:password>
-				<tenant:tenantId>123</tenant:tenantId>
-				<tenant:tenantName>123</tenant:tenantName>
-				<tenant:ssl>123</tenant:ssl>
-				<tenant:auth>123</tenant:auth>
-			</tenant:remoteClientConfig>
-			<tenant:remoteClientConfig>
-				<tenant:name>123</tenant:name>
-				<tenant:url>123</tenant:url>
-				<tenant:user>123</tenant:user>
-				<tenant:password>123</tenant:password>
-				<tenant:tenantId>123</tenant:tenantId>
-				<tenant:tenantName>123</tenant:tenantName>
-				<tenant:ssl>123</tenant:ssl>
-				<tenant:auth>123</tenant:auth>
-			</tenant:remoteClientConfig>
-		</tenant:remoteClientConfigurations>
-		<tenant:serviceBindings name="name3" type="type0" version="0.1" supportsReplicating="false" requiresUniqueShortId="false">
-			<service:uriPath>123</service:uriPath>
-			<service:uriPath>123</service:uriPath>
-			<service:object name="name4" version="0.1">
-				<service:property>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-				</service:property>
-				<service:property>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-				</service:property>
-				<service:part id="ID001" control_group="External" versionable="false" auditable="false" label="label0" updated="2006-05-04T18:13:51.0" order="0">
-					<service:properties>
-					</service:properties>
-					<service:properties>
-					</service:properties>
-					<service:content contentType="contentType0">
-<!--						<service:xmlContent schemaLocation="schemaLocation0" namespaceURI="namespaceURI0">
-						</service:xmlContent>-->
-<!--						<service:contentLocation type="internalId" ref="http://www.oxygenxml.com/"/>-->
-						<service:binaryContent>123</service:binaryContent>
-					</service:content>
-				</service:part>
-				<service:part id="ID002" control_group="External" versionable="false" auditable="false" label="label1" updated="2006-05-04T18:13:51.0" order="0">
-					<service:properties>
-					</service:properties>
-					<service:properties>
-					</service:properties>
-					<service:content contentType="contentType1">
-<!--						<service:xmlContent schemaLocation="schemaLocation1" namespaceURI="namespaceURI1">
-						</service:xmlContent>-->
-						<service:contentLocation type="internalId" ref="http://www.oxygenxml.com/"/>
-<!--						<service:binaryContent>123</service:binaryContent>-->
-					</service:content>
-				</service:part>
-				<service:serviceHandler>123</service:serviceHandler>
-			</service:object>
-			<service:documentHandler>123</service:documentHandler>
-			<service:DocHandlerParams>
-				<service:classname>123</service:classname>
-				<service:params>
-					<service:SchemaName>123</service:SchemaName>
-					<service:RefnameDisplayNameField>
-						<service:setter>123</service:setter>
-						<service:element>123</service:element>
-						<service:schema>123</service:schema>
-						<service:xpath>123</service:xpath>
-					</service:RefnameDisplayNameField>
-					<service:SupportsHierarchy>123</service:SupportsHierarchy>
-					<service:SupportsVersioning>123</service:SupportsVersioning>
-					<service:DublinCoreTitle>123</service:DublinCoreTitle>
-					<service:SummaryFields>123</service:SummaryFields>
-					<service:AbstractCommonListClassname>123</service:AbstractCommonListClassname>
-					<service:CommonListItemClassname>123</service:CommonListItemClassname>
-					<service:ListResultsItemMethodName>123</service:ListResultsItemMethodName>
-					<service:ListResultsFields>
-						<service:Extended>123</service:Extended>
-					</service:ListResultsFields>
-				</service:params>
-			</service:DocHandlerParams>
-			<service:validatorHandler>123</service:validatorHandler>
-			<service:validatorHandler>123</service:validatorHandler>
-			<service:clientHandler>123</service:clientHandler>
-			<service:disableAsserts>123</service:disableAsserts>
-			<service:initHandler>
-				<service:classname>123</service:classname>
-				<service:params>
-					<service:field>
-					</service:field>
-					<service:field>
-					</service:field>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-				</service:params>
-			</service:initHandler>
-			<service:initHandler>
-				<service:classname>123</service:classname>
-				<service:params>
-					<service:field>
-					</service:field>
-					<service:field>
-					</service:field>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-				</service:params>
-			</service:initHandler>
-			<service:repositoryDomain>123</service:repositoryDomain>
-			<service:repositoryWorkspaceId>123</service:repositoryWorkspaceId>
-			<service:properties>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-			</service:properties>
-			<service:properties>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-			</service:properties>
-		</tenant:serviceBindings>
-		<tenant:serviceBindings name="name5" type="type3" version="0.1" supportsReplicating="false" requiresUniqueShortId="false">
-			<service:uriPath>123</service:uriPath>
-			<service:uriPath>123</service:uriPath>
-			<service:object name="name6" version="0.1">
-				<service:property>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-				</service:property>
-				<service:property>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-					<types:item>
-						<types:key>123</types:key>
-						<types:value>123</types:value>
-					</types:item>
-				</service:property>
-				<service:part id="ID003" control_group="External" versionable="false" auditable="false" label="label2" updated="2006-05-04T18:13:51.0" order="0">
-					<service:properties>
-					</service:properties>
-					<service:properties>
-					</service:properties>
-					<service:content contentType="contentType2">
-<!--						<service:xmlContent schemaLocation="schemaLocation2" namespaceURI="namespaceURI2">
-						</service:xmlContent>-->
-<!--						<service:contentLocation type="internalId" ref="http://www.oxygenxml.com/"/>-->
-						<service:binaryContent>123</service:binaryContent>
-					</service:content>
-				</service:part>
-				<service:part id="ID004" control_group="External" versionable="false" auditable="false" label="label3" updated="2006-05-04T18:13:51.0" order="0">
-					<service:properties>
-					</service:properties>
-					<service:properties>
-					</service:properties>
-					<service:content contentType="contentType3">
-						<service:xmlContent schemaLocation="schemaLocation3" namespaceURI="namespaceURI3">
-						</service:xmlContent>
-<!--						<service:contentLocation type="internalId" ref="http://www.oxygenxml.com/"/>-->
-<!--						<service:binaryContent>123</service:binaryContent>-->
-					</service:content>
-				</service:part>
-				<service:serviceHandler>123</service:serviceHandler>
-			</service:object>
-			<service:documentHandler>123</service:documentHandler>
-			<service:DocHandlerParams>
-				<service:classname>123</service:classname>
-				<service:params>
-					<service:SchemaName>123</service:SchemaName>
-					<service:RefnameDisplayNameField>
-						<service:setter>123</service:setter>
-						<service:element>123</service:element>
-						<service:schema>123</service:schema>
-						<service:xpath>123</service:xpath>
-					</service:RefnameDisplayNameField>
-					<service:SupportsHierarchy>123</service:SupportsHierarchy>
-					<service:SupportsVersioning>123</service:SupportsVersioning>
-					<service:DublinCoreTitle>123</service:DublinCoreTitle>
-					<service:SummaryFields>123</service:SummaryFields>
-					<service:AbstractCommonListClassname>123</service:AbstractCommonListClassname>
-					<service:CommonListItemClassname>123</service:CommonListItemClassname>
-					<service:ListResultsItemMethodName>123</service:ListResultsItemMethodName>
-					<service:ListResultsFields>
-						<service:Extended>123</service:Extended>
-					</service:ListResultsFields>
-				</service:params>
-			</service:DocHandlerParams>
-			<service:validatorHandler>123</service:validatorHandler>
-			<service:validatorHandler>123</service:validatorHandler>
-			<service:clientHandler>123</service:clientHandler>
-			<service:disableAsserts>123</service:disableAsserts>
-			<service:initHandler>
-				<service:classname>123</service:classname>
-				<service:params>
-					<service:field>
-					</service:field>
-					<service:field>
-					</service:field>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-				</service:params>
-			</service:initHandler>
-			<service:initHandler>
-				<service:classname>123</service:classname>
-				<service:params>
-					<service:field>
-					</service:field>
-					<service:field>
-					</service:field>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-					<service:property>
-						<service:key>123</service:key>
-						<service:value>123</service:value>
-					</service:property>
-				</service:params>
-			</service:initHandler>
-			<service:repositoryDomain>123</service:repositoryDomain>
-			<service:repositoryWorkspaceId>123</service:repositoryWorkspaceId>
-			<service:properties>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-			</service:properties>
-			<service:properties>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-				<types:item>
-					<types:key>123</types:key>
-					<types:value>123</types:value>
-				</types:item>
-			</service:properties>
-		</tenant:serviceBindings>
-	</tenant:tenantBinding>
-</tenant:TenantBindingConfig>
+ xsi:schemaLocation="http://collectionspace.org/services/config/service file:/C:/dev/src/cspace/services/services/config/src/main/resources/service.xsd" name="name0" type="type0" version="0.1" supportsReplicating="false" remoteClientConfigName="remoteClientConfigName0" requiresUniqueShortId="false">
+    <service:uriPath>123</service:uriPath>
+    <service:uriPath>123</service:uriPath>
+    <service:uriPath>123</service:uriPath>
+    <service:object name="name1" version="0.1">
+        <service:property>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+        </service:property>
+        <service:property>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+        </service:property>
+        <service:property>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+            <types:item>
+                <types:key>123</types:key>
+                <types:value>123</types:value>
+            </types:item>
+        </service:property>
+        <service:part id="ID000" control_group="External" versionable="false" auditable="false" label="label0" updated="2006-05-04T18:13:51.0" order="0">
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:content contentType="contentType0">
+                <service:contentDigest algorithm="MD5" value="value0"/>
+                <service:contentLocation type="internalId" ref="http://www.oxygenxml.com/"/>
+                <service:partHandler>123</service:partHandler>
+            </service:content>
+        </service:part>
+        <service:part id="ID001" control_group="External" versionable="false" auditable="false" label="label1" updated="2006-05-04T18:13:51.0" order="0">
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:content contentType="contentType1">
+                <service:contentDigest algorithm="MD5" value="value1"/>
+                <service:xmlContent schemaLocation="schemaLocation0" namespaceURI="namespaceURI0">
+                </service:xmlContent>
+                <service:partHandler>123</service:partHandler>
+            </service:content>
+        </service:part>
+        <service:part id="ID002" control_group="External" versionable="false" auditable="false" label="label2" updated="2006-05-04T18:13:51.0" order="0">
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:properties>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+                <types:item>
+                    <types:key>123</types:key>
+                    <types:value>123</types:value>
+                </types:item>
+            </service:properties>
+            <service:content contentType="contentType2">
+                <service:contentDigest algorithm="MD5" value="value2"/>
+                <service:xmlContent schemaLocation="schemaLocation1" namespaceURI="namespaceURI1">
+                </service:xmlContent>
+                <service:partHandler>123</service:partHandler>
+            </service:content>
+        </service:part>
+        <service:serviceHandler>123</service:serviceHandler>
+    </service:object>
+    <service:documentHandler>123</service:documentHandler>
+    <service:DocHandlerParams>
+        <service:classname>123</service:classname>
+        <service:params>
+            <service:CacheControlConfigElement>
+                <service:CacheControlConfigList>
+                    <service:key>123</service:key>
+                    <service:private>123</service:private>
+                    <service:public>123</service:public>
+                    <service:noCache>123</service:noCache>
+                    <service:mustRevalidate>123</service:mustRevalidate>
+                    <service:proxyRevalidate>123</service:proxyRevalidate>
+                    <service:noStore>123</service:noStore>
+                    <service:noTransform>123</service:noTransform>
+                    <service:maxAge>123</service:maxAge>
+                    <service:sMaxAge>123</service:sMaxAge>
+                </service:CacheControlConfigList>
+                <service:CacheControlConfigList>
+                    <service:key>123</service:key>
+                    <service:private>123</service:private>
+                    <service:public>123</service:public>
+                    <service:noCache>123</service:noCache>
+                    <service:mustRevalidate>123</service:mustRevalidate>
+                    <service:proxyRevalidate>123</service:proxyRevalidate>
+                    <service:noStore>123</service:noStore>
+                    <service:noTransform>123</service:noTransform>
+                    <service:maxAge>123</service:maxAge>
+                    <service:sMaxAge>123</service:sMaxAge>
+                </service:CacheControlConfigList>
+                <service:CacheControlConfigList>
+                    <service:key>123</service:key>
+                    <service:private>123</service:private>
+                    <service:public>123</service:public>
+                    <service:noCache>123</service:noCache>
+                    <service:mustRevalidate>123</service:mustRevalidate>
+                    <service:proxyRevalidate>123</service:proxyRevalidate>
+                    <service:noStore>123</service:noStore>
+                    <service:noTransform>123</service:noTransform>
+                    <service:maxAge>123</service:maxAge>
+                    <service:sMaxAge>123</service:sMaxAge>
+                </service:CacheControlConfigList>
+            </service:CacheControlConfigElement>
+            <service:SchemaName>123</service:SchemaName>
+            <service:RefnameDisplayNameField>
+                <service:setter>123</service:setter>
+                <service:element>123</service:element>
+                <service:schema>123</service:schema>
+                <service:xpath>123</service:xpath>
+            </service:RefnameDisplayNameField>
+            <service:SupportsHierarchy>123</service:SupportsHierarchy>
+            <service:SupportsVersioning>123</service:SupportsVersioning>
+            <service:DublinCoreTitle>123</service:DublinCoreTitle>
+            <service:SummaryFields>123</service:SummaryFields>
+            <service:AbstractCommonListClassname>123</service:AbstractCommonListClassname>
+            <service:CommonListItemClassname>123</service:CommonListItemClassname>
+            <service:ListResultsItemMethodName>123</service:ListResultsItemMethodName>
+            <service:ListResultsFields>
+                <service:Extended>123</service:Extended>
+                <service:ListResultField>
+                    <service:setter>123</service:setter>
+                    <service:element>123</service:element>
+                    <service:schema>123</service:schema>
+                    <service:xpath>123</service:xpath>
+                </service:ListResultField>
+                <service:ListResultField>
+                    <service:setter>123</service:setter>
+                    <service:element>123</service:element>
+                    <service:schema>123</service:schema>
+                    <service:xpath>123</service:xpath>
+                </service:ListResultField>
+                <service:ListResultField>
+                    <service:setter>123</service:setter>
+                    <service:element>123</service:element>
+                    <service:schema>123</service:schema>
+                    <service:xpath>123</service:xpath>
+                </service:ListResultField>
+            </service:ListResultsFields>
+        </service:params>
+    </service:DocHandlerParams>
+    <service:AuthorityInstanceList>
+        <service:AuthorityInstance>
+            <service:web-url>123</service:web-url>
+            <service:title-ref>123</service:title-ref>
+            <service:title>123</service:title>
+        </service:AuthorityInstance>
+        <service:AuthorityInstance>
+            <service:web-url>123</service:web-url>
+            <service:title-ref>123</service:title-ref>
+            <service:title>123</service:title>
+        </service:AuthorityInstance>
+        <service:AuthorityInstance>
+            <service:web-url>123</service:web-url>
+            <service:title-ref>123</service:title-ref>
+            <service:title>123</service:title>
+        </service:AuthorityInstance>
+    </service:AuthorityInstanceList>
+    <service:validatorHandler>123</service:validatorHandler>
+    <service:validatorHandler>123</service:validatorHandler>
+    <service:validatorHandler>123</service:validatorHandler>
+    <service:clientHandler>123</service:clientHandler>
+    <service:disableAsserts>123</service:disableAsserts>
+    <service:initHandler>
+        <service:classname>123</service:classname>
+        <service:params>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+        </service:params>
+    </service:initHandler>
+    <service:initHandler>
+        <service:classname>123</service:classname>
+        <service:params>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+        </service:params>
+    </service:initHandler>
+    <service:initHandler>
+        <service:classname>123</service:classname>
+        <service:params>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:field>
+                <service:table>123</service:table>
+                <service:col>123</service:col>
+                <service:type>123</service:type>
+                <service:param>123</service:param>
+            </service:field>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+            <service:property>
+                <service:key>123</service:key>
+                <service:value>123</service:value>
+            </service:property>
+        </service:params>
+    </service:initHandler>
+    <service:repositoryDomain>123</service:repositoryDomain>
+    <service:repositoryWorkspaceId>123</service:repositoryWorkspaceId>
+    <service:properties>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+    </service:properties>
+    <service:properties>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+    </service:properties>
+    <service:properties>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+        <types:item>
+            <types:key>123</types:key>
+            <types:value>123</types:value>
+        </types:item>
+    </service:properties>
+</service:cow>
diff --git a/services/config/src/main/resources/service.xsd b/services/config/src/main/resources/service.xsd
index 6d4659750..8b63a326f 100644
--- a/services/config/src/main/resources/service.xsd
+++ b/services/config/src/main/resources/service.xsd
@@ -29,17 +29,31 @@
     >
 
     <xs:import namespace="http://collectionspace.org/services/config/types" schemaLocation="types.xsd" />
+    
+    
+    <xs:element name="root" type="ServiceBindingType"></xs:element>
+    
 
     <xs:complexType name="ServiceBindingType">
         <xs:sequence>
             <!-- other URI paths using which this service binding could be accessed -->
             <xs:element name="uriPath" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+            
             <!-- object representation served by the service -->
             <xs:element name="object" type="ServiceObjectType" minOccurs="1" maxOccurs="1"/>
+            
             <!-- document handler to be used to process the content (need to be in classpath) -->
             <xs:element name="documentHandler" type="xs:string" minOccurs="1" maxOccurs="1"/>
-
             <xs:element name="DocHandlerParams" type="DocHandlerParams" minOccurs="0" maxOccurs="1"/>
+            
+            <!-- optional instances definitions -->
+            <xs:element name="AuthorityInstanceList">
+                <xs:complexType>
+                    <xs:sequence>
+                        <xs:element name="AuthorityInstance" type="AuthorityInstanceType" minOccurs="1" maxOccurs="unbounded"></xs:element>
+                    </xs:sequence>
+                </xs:complexType>
+            </xs:element>
 
             <!-- validator handler(s) to be used to validate the content (need to be in classpath) -->
             <!-- validator handler is called for create (POST) and update (PUT) requests only -->
@@ -56,6 +70,7 @@
             <xs:element name="repositoryWorkspaceId" type="xs:string" minOccurs="0" maxOccurs="1"/>
             <xs:element name="properties" type="types:PropertyType" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
+        
         <!-- name of the service, this is also the default URI path to access this service binding -->
         <xs:attribute name="name" type="xs:string" use="required"/>
         <xs:attribute name="type" type="xs:string" use="optional"/>
@@ -65,6 +80,31 @@
         <xs:attribute name="requiresUniqueShortId" type="xs:boolean" default="false"/>
     </xs:complexType>
 
+    <!-- Used for defining a vocabulary or authority instance and its terms -->
+    <xs:complexType name="AuthorityInstanceType">
+        <xs:sequence>
+            <xs:element name="web-url" type="xs:string" minOccurs="1" maxOccurs="1"></xs:element>
+            <xs:element name="title-ref" type="xs:string" minOccurs="1" maxOccurs="1"></xs:element>
+            <xs:element name="title" type="xs:string" minOccurs="1" maxOccurs="1"></xs:element>
+<!--            <xs:element ref="termList"/> -->
+        </xs:sequence>
+    </xs:complexType>
+        
+<!--
+    <xs:element name="termList">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element maxOccurs="unbounded" ref="term"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+    <xs:element name="term">
+        <xs:complexType mixed="true">
+            <xs:attribute name="id" use="required" type="xs:NCName"/>
+        </xs:complexType>
+    </xs:element>
+-->
+    
     <!--
         ServiceObjectType defines the manifest for a collectionspace
         object.  includes properties of the object as well as manifests