NOJIRA re-enabling access control in service layer in the trunk (only)

M    security/SecurityInterceptor.java

CSPACE-1875: In Loan Out records in the Services Layer, merged into trunk from the 0.7 Release Branch, three scalar fields were added: loanedObjectStatus, loanedObjectStatusNote, and loanedObjectStatusDate. This is an interim step until sub-loans are implemented in a later release.

CSPACE-2006 added tenant id to unique constraint

M    authorization/jaxb/src/main/resources/roles.xsd
M    authorization/pstore/src/main/resources/db/mysql/authorization.sql

NOJIRA added timestamp to role name to test if app layer test was failing because of that

M    client/src/test/java/org/collectionspace/services/authorization/client/test/RolePermissionServiceTest.java

NOJIRA - removed deadwood detected during walkthrough

M    security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java

CSPACE-1227,CSPACE-1916: Added previously-missing recordStatus field to CollectionObject schema in the Services layer.

CSPACE-1227,CSPACE-1916: Filled out CollectionObject schema, in the Services Layer, with the remaining fields required by Cataloging Schema Limited for 0.7 on the wiki. Note that briefDescription is still a single, non-repatable scalar in this check-in, and that the three fields - relatedObjectNumber, relatedObjectAssociation, and relatedObjectNote - are not included, per Megan in IRC on 2010-06-01.  Changes a Nuxeo document type, and thus requires stopping the 2 JBoss servers and performing an 'ant deploy'.

CSPACE-1946: TEMPORARILY commenting out the block, in SecurityInterceptor, that checks whether a services client is authorized to access resources at a particular URL.  This effectively DISABLES authorization checks on access requests to the services layer. This is a temporary workaround, suggested in one of Sanjay's comments on this issue, to facilitate testing on nightly.collectionspace.org on 2010-05-31, and should be reversed as soon as practical.

CSPACE-1911: 'Banners' output between Services client tests now properly show calling class and line number in their log statements. Banner generation is now separated from test setup (e.g. specifying expected status code, valid status codes), in the client test framework, and each can be used independently.  Formerly banners were output as an undocumented side effect of test setup; while that was convenient, it was not good practice.

CSPACE-1960: Adding support for XML Schema validation of service payloads.

CSPACE-1937 blocker, dup of 1299
CSPACE-1299 added permrole as a subresource of role. it is now possible to associate one or more permissions from a role service using roles/id/permroles
test: authorization-mgt, all service tests

CSPACE-1828 service name fixes role name with ROLE_{uppercase role name} if ROLE_ is not present in the role name
CSPACE-1944 role name in role once set cannot be changed
CSPACE-1945 resource name in permission once set cannot be changed
test: authorization-mgt/client

CSPACE-1407: In tenant bindings for Movement service, added (uncommented) 'currentLocation' and 'normalLocation' as authority reference fields for this service, now that the StorageLocation / Location service is available.

NOJIRA: Updating Eclipse settings.

CSPACE-864: Added a native Nuxeo "repeatable" information group to the CollectionObject schema for the "otherNumber" information group "otherNumber" = {otherNumberValue, otherNumberType}.

CSPACE-1935 moved import driver out of test framework into a standalone utility
use ant import at any level to invoke the driver. requires build.

!!NOTE!!
this change overrides req. of mvn test (at authorization-mgt/import) as described in r2225 to import default permissions

cd trunk
mvn test -DskipTests
ant import
ant undeploy deploy
mvn test

D    trunk/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AuthorizationSeedTest.java
D    trunk/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AbstractAuthorizationTestImpl.java
D    trunk/services/authorization-mgt/import/src/test/resources/applicationContext-authorization-test.xml
D    trunk/services/authorization-mgt/import/src/test/resources/log4j.properties
A    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver
A  + trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
A    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/ImportAuthz.java
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
A  + trunk/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
A  + trunk/services/authorization-mgt/import/src/main/resources/log4j.properties
M    trunk/services/authorization-mgt/import/pom.xml
M    trunk/services/authorization-mgt/import/build.xml
M    trunk/services/authorization-mgt/build.xml
M    trunk/services/pom.xml
M    trunk/services/build.xml
M    trunk/build.xml

CSPACE-1364, CSPACE-1365
Enabled access control for all the services at the record/procedure type level. Permissions are seeded (authorization-mgt/import) for ROLE_ADMINISTRATOR using the tenant bindings. Seeding still happens through a test driver in the import module...would be moved to a Java main class later.
Test do/should not delete the seeded permissions...fixed those tests that were doing the same. These tests now either do not delete permissions
or create permissions for non-functional services.
Wired delete for account role and permission role sub resources.
All alternate URIs with which a service could be accessed shoudl be in service bindings element named uriPath
test: all tests multiple times

!!NOTE!!
cd trunk/services
ant create_db
mvn clean install -DskipTests
ant undeploy deploy
mvn test

If you are not running all the tests, at least seed default permissions using the following
cd trunk/services/authorization-mgt/import
mvn test

M    trunk/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionResource.java
M    trunk/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java
M    trunk/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java
M    trunk/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AuthorizationSeedTest.java
M    trunk/services/authorization-mgt/import/src/test/resources/applicationContext-authorization-test.xml
M    trunk/services/authorization-mgt/import/src/test/resources/log4j.properties
M    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
M    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
M    trunk/services/authorization-mgt/import/pom.xml
M    trunk/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
M    trunk/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java
M    trunk/services/pom.xml
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
M    trunk/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java
M    trunk/services/authorization/service/src/main/resources/applicationContext-authorization.xml
_M   trunk/services/location/jaxb
M    trunk/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java
M    trunk/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
M    trunk/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
M    trunk/services/common/src/main/config/services/tenant-bindings.xml
M    trunk/services/common/src/main/resources/service.xsd
M    trunk/services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
M    trunk/services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java
_M   trunk/services/note/service
_M   trunk/services/note/jaxb
_M   trunk/services/note/client
M    trunk/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
M    trunk/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java

CSPACE-1911: In client test framework, 'banner' signifying the start of a test can now be output using a passed-in Logger.  This reflects the caller's class name and line number in the log statement, and can also print the class name in the banner.  Examples of such calls are implemented, for now, only in PersonAuthoritySearchTest, but can be trivially bulk-implemented in all other test classes.

CSPACE-1895: Moved 'note' module slightly down, below account (and generally below authZ- and authN-related modules) in main services POM, per discussion with Sanjay.  JIRA issue pertains to Location, but includes Patrick's work on a new, generalizable Note (aka Comment) service, which is the relevant module to this minor change.

CSPACE-1895 Working on the repeating sections of Location, and general support for this. Fixed a bug with update.

CSPACE-1895 Working on the repeating sections of Location, and general support for this.

CSPACE-1895 Working on the repeating sections of Location, and general support for this.

CSPACE-809,CSPACE-562,CSPACE-1685: Created standalone class for Search tests, pulling partial term matching tests out of PersonServiceTest, to aid in rapidly creating tests for partial term matching (and later, keyword searches), and as an early step in the direction of moving some search test functionality into base classes in the client test framework.

CSPACE-1911: Minoir formatting changes to test banner in BaseServiceTest, intended to make it easier to spot transitions between tests and to output log statements showing relevant test class and line number.  Trivial change in class comment in AbstractServiceTestImpl.

CSPACE-1880: Partial matches in authorities causing sql errors

NOJIRA: Updating Eclipse settings.

CSPACE-384: Additional trivial cleanup of base classes in client test framework.

CSPACE-384: Minor cleanup of base classes in client test framework, in preparation for work on issues such as CSPACE-1685, as well as re-familiarization for current work on CSPACE-809.

CSPACE-1357, CSPACE-131, CSPACE-133 - Adding basic LocationAuthority support.

CSPACE-1244: On updates, treating tags (xml elements) with empty content as blank value that -so blank elements essentially deletes field values from the database records.

CSPACE-809,CSPACE-1886: Fixed trivial but embarrassing typo in Lech Walesa's name, used for partial term matching tests in PersonServiceTest.  Also allows noting that a UTF-8 test of partial matches, as per CSPACE-1886, is present but currently fails and is commented out for now.

CSPACE-809,CSPACE-1880: Introduced first partial term matching client tests, in the Person service. Identified and made a tentative fix for CSPACE-1880 issue, required to make the partial term matching tests succeed, and pending Richard's more knowledgeable and detailed examination of this issue.

CSPACE-1153: Setting Person's displayNameComputed flag to false generates Exception on create.  Also fixed an edge-case bug in pagination.

NOJIRA moved ServiceLayerTests to new module common-test that is built after authorization-mgt module so permissions could be inserted in db before running the service layer tests
test: all service tests

CSPACE-1482 refactored authgen and authseed such that these could be invoked from service runtime as well (at startup time).
test authz import

CSPACE-1482 import module with the help of tenant bindings now generates and imports default permissions for all the services for all the tenants for ROLE_ADMINISTRATOR

CSPACE-1081: Relation list should probably include relationship type
CSPACE-1846: Relation Service needs to paginate list results.
CSPACE-602: Update Relations service/manager to use Nuxeo queries instead of "get all" and filter with Java code

NOJIRA: Removing unneeded Eclipse settings.

CSPACE-1286: Setting SVN 'Date' and 'Revision' keyword properties on .java and .xsd files in the Loan In (aka Loans In) service module.

CSPACE-1292: Setting SVN 'Date' and 'Revision' keyword properties on .java and .xsd files in the Loan Out (aka Loans Out) service module.

CSPACE-144: Setting SVN 'Date' and 'Revision' keyword properties on .java and .xsd files in the Movement service module.

CSPACE-144: Added Nuxeo document type XML Schema file, inadvertently omitted in r2104.

CSPACE-144: Trivial addition of movement methods list in sample records used in client test of the Movement service.

CSPACE-144: Basic infrastructure for the Movement (aka Location & Movement) service is in place in the Services Layer.  Introduces a new Nuxeo document type, and requires an 'ant deploy' and restarting the two JBoss servers.  Data modeling may possibly need some future attention.

CSPACE-1850: Adding support in doc and repository client framework for tenant ID. All creates, updates, gets and getFiltered on Nuxeo-based documents now use Tenant ID from the service context.

CSPACE-1850: Adding support in doc and repository client framework for tenant id.

CSPACE-1832: All CSpace specific Nuxeo document types now contain new "core" document type with tenant_id.

NOJIRA - refactoried tenantbindingconfigreader so it could be used just to read the bindings, not for workspace retrieval. moved nuxeo workspace specific stuff to new class ...nuxeo.client.java.TenantRepository
test: service tests

M    services/authorization-mgt/import/pom.xml
M    services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
M    services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
M    services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
A    services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/TenantRepository.java

CSPACE-1364, CSPACE-1365 moved gen/seed of authorization to import module in order to expand the functionality to generate permisssions for all the services as well as all the permission-role relationships for bootstrapping purposes.
test: authorization-mgt all service tests

NOJIRA
incorporate some code review changes. started refactoring seed test in order to convert it to generator and import for all services

M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java
M    services/authorization-mgt/client/src/test/resources/test-data/test-permissions-roles.xml
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java

CSPACE-1591: Added three simple, temporary test classes for creating large numbers of CollectionObject records, each with minor variations in client instantiation and HTTP connection closing, that may help surface any subtleties in behavior around this issue.  Run with 'mvn test -Dtest={test name or wildcard to run multiple tests; e.g. I1591*} -Pperftests'.

CSPACE-1364 allow user bigbird (ROLE_MMI_CM) POST, GET and PUT operations on the dimension service, allow user elmo (ROLE_MMI_INTERN) GET operation, allow user test (ROLE_ADMINISTRATOR) POST, PUT, GET and DELETE operations
CSPACE-1365 deny elmo PUT and deny bigbird DELETE operations on the dimension service
Pre-requisite : authorization-mgt/client tests seed some permissions used
by this test
test: security/client

M    services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java

CSPACE-1824: Changing DocumentFilter.setPagination() method to use "get" instead of "remove" on incoming query params

CSPACE-1364 allow user test in ROLE_ADMINISTRATOR to access (CRUDL) dimension service
CSPACE-1365 deny user bigbird2010 in ROLE_MMI_CM access (C) to the dimension service
moved authorization generation and seeding to authorization-mgt/client from authorization service
enabled access control for the dimension service only in the security interceptor
added setAuth convenience method into client test framework to change authn properites, httpclient and proxy
test: all service tests, specifically security/client and authorization-mgt/client tests

!!REQUIRES the following sequence of actions at the services level
- mvn clean install -DskipTests
- ant undeploy deploy
- mvn test (note that authorization-mgt/client tests have to run before running dimension/client and security/client tests)

A    services/authorization-mgt/service/src/test/javadoc
A    services/authorization-mgt/service/src/test/javadoc/org
A    services/authorization-mgt/service/src/test/javadoc/org/collectionspace
A    services/authorization-mgt/service/src/test/javadoc/org/collectionspace/services
A    services/authorization-mgt/service/src/test/javadoc/org/collectionspace/services/authorization
A    services/authorization-mgt/service/src/test/javadoc/org/collectionspace/services/authorization/test
A  + services/authorization-mgt/service/src/test/javadoc/org/collectionspace/services/authorization/test/package.html
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java
A    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/test
A  + services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java
A  + services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java
A  + services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java
A  + services/authorization-mgt/client/src/test/resources/applicationContext-authorization-test.xml
A    services/authorization-mgt/client/src/test/resources/test-data
A  + services/authorization-mgt/client/src/test/resources/test-data/test-permissions.xml
A  + services/authorization-mgt/client/src/test/resources/test-data/test-permissions-roles.xml
M    services/authorization-mgt/client/pom.xml
M    services/dimension/client/src/test/java/org/collectionspace/services/client/test/DimensionServiceTest.java
A    services/dimension/client/src/main/java/org/collectionspace/services/client/DimensionFactory.java
M    services/dimension/client/pom.xml
D    services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java
D    services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java
D    services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java
D    services/authorization/service/src/test/javadoc/org/collectionspace/services/authorization/test/package.html
D    services/authorization/service/src/test/resources/applicationContext-authorization-test.xml
D    services/authorization/service/src/test/resources/test-data/test-permissions.xml
D    services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
M    services/authorization/service/pom.xml
M    services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
M    services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
M    services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
A    services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java
M    services/security/client/pom.xml
M    services/client/src/main/java/org/collectionspace/services/client/test/BaseServiceTest.java
M    services/client/src/main/java/org/collectionspace/services/client/TestServiceClient.java
M    services/client/src/main/java/org/collectionspace/services/client/AbstractServiceClientImpl.java
M    services/client/src/main/java/org/collectionspace/services/client/CollectionSpaceClient.java

CSPACE-1815: Trivial addition of 'affects' as a valid enumerated value for relationshipType in the Relation JAXB schema, to mirror the use of that type in the Application Layer. (Ultimately, relationshipTypes are likely to come from a vocabulary.)

CSPACE-1079: Added getReferencingObjects() support to Organization service.

CSPACE-1079: Added getReferencingObjects() support to Organization service.

CSPACE-1792, CSPACE-1781: Fixing pagination problem in Person, Org, and Vocab services.  Also, add releaseConnection() method to JAX-RS most of ClientResponse calls -still some cleanup needed.

NOJIRA: Updating Eclipse setting files.

CSPACE-1482 scaffolding for authorization tests, creates and deletes accounts, roles, permissions, account-role and permission-role relationships. yet to put tests that test permissions created
refactoring of collectionobject, accountrole and permissionrole tests, extracted out factories
added releaseConnection on the test in this checkin
test: security/client

M    services/collectionobject/client/src/test/java/org/collectionspace/services/client/test/CollectionObjectServiceTest.java
A    services/collectionobject/client/src/main/java/org/collectionspace/services/client/CollectionObjectFactory.java
M    services/collectionobject/client/pom.xml
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java
A    services/authorization-mgt/client/src/main/java/org/collectionspace/services/client/PermissionRoleFactory.java
M    services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java
A    services/account/client/src/main/java/org/collectionspace/services/client/AccountRoleFactory.java
D    services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java
A    services/security/client/src/test/java/org/collectionspace/services/security
A    services/security/client/src/test/java/org/collectionspace/services/security/client
A    services/security/client/src/test/java/org/collectionspace/services/security/client/test
A  + services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
M    services/security/client/src/test/resources/log4j.properties
M    services/security/client/pom.xml

CSPACE-1482 wired permission delete operation with the spring acl service. still to wire role removal with acl update
test: all service tests

M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionResource.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java
M    services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountStorageClient.java

CSPACE-1736: Added 'test@collectionspace.org' user to account, authentication, and authorization SQL load scripts in the Services layer.

CSPACE-1575 can't login with inactive accounts. returns 403 with an error message.
test: added test in security/client

M    authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java
M    account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java
M    security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java
M    common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java
M    common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
M    JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CollectionSpaceJaxRsApplication.java

CSPACE-1349, 1422, 1428, 1429, 1469, 1465, 1466, 1468, 1470, 1473:

1. Adding additional pagination tests to all Nuxeo based services.
2. Replacing .getAll() calls with .getFiltered
3. Removing dead/deprecated code in many http clients
4. Fixing file refs to test and config files to *not* assume current dir is in classpath.

NOJIRA: Updating Eclipse settings.

CSPACE-1482 wired create of permissionrole to spring acl
disabled authz seed test temporarily
test: authz-mgt all service tests

M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleUtil.java
A    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/AuthorizationDelegate.java
M    services/authorization-mgt/service/pom.xml
M    services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionEvaluator.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
M    services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java
M    services/authorization/service/src/main/resources/applicationContext-authorization.xml
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountStorageClient.java

NOJIRA: Updating Eclipse settings.

NOJIRA: Testing Subversion server.

CSPACE-1349, 1422, 1428, 1429, 1469, 1465, 1466, 1468, 1470, 1473:

1. Adding pagination tests to all Nuxeo based services.
2. Updated POM settings to make some dependency declarations more consistent.

CSPACE-1456,CSPACE-533: Services Layer version updated to 0.7-SNAPSHOT (from 0.6-SNAPSHOT) in all POMs. Ant 'undeploy' targets now remove all relevant services JARs, regardless of version, via a wildcard/glob. Nuxeo doctype JARs are now deployed to the 'plugins' directory, rather than the 'system' directory, of nuxeo.ear.  'undeploy' tasks check for and remove Nuxeo doctype JARs both from the 'plugins' directory and from the old, legacy 'system' directory.

CSPACE-1482 a security resource is now tied to a tenant by tenant id. aces are now tenant-qualified.
test: authz local test, service tests

M    authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java
M    authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGen.java
M    authorization/service/src/test/resources/test-data/test-permissions.xml
M    authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
M    authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java
M    authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java
M    authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java
M    authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
M    authorization/service/pom.xml
M    authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java
M    authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java
M    authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java
M    common/src/main/java/org/collectionspace/services/common/security/SecurityContextImpl.java

NOJIRA - added handler callbacks (prepare, handle, complete) for delete. Needed to plugin stuff affected because of CUD on entities.
test: services tests

NOJIRA introduced high level security context for service runtime. provides access to userid, tenantid and tenantname. uses authn context underneath.
test: all service tests

M    context/ServiceContext.java
M    context/AbstractServiceContextImpl.java
A    security/SecurityContext.java
A    security/SecurityContextImpl.java

NOJIRA refactoring based on walkthrough discussion, renamed securitycontextutils->authncontext, added utility method to retrieve tenant name
test: all service tests

M    authentication/service/src/main/java/org/collectionspace/authentication/AuthN.java
D    authentication/service/src/main/java/org/collectionspace/authentication/realm/CSpaceDbRealm.java
A    authentication/service/src/main/java/org/collectionspace/authentication/realm/db
A  + authentication/service/src/main/java/org/collectionspace/authentication/realm/db/CSpaceDbRealm.java
D    authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringSecurityContextUtils.java
A  + authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java
A    authentication/service/src/main/java/org/collectionspace/authentication/spi
A  + authentication/service/src/main/java/org/collectionspace/authentication/spi/AuthNContext.java
D    authentication/service/src/main/java/org/collectionspace/authentication/SecurityContextUtils.java
M    authentication/service/src/main/java/org/collectionspace/authentication/jaas/CSpaceJBossDBLoginModule.java

CSPACE-1520 unique constraint violation on userid now sends back 400 with a message instead of 500
extracted out cs idp persistence management into UserStorageClient
test: account service

M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountStorageClient.java
A    services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp
A    services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
M    services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java

CSPACE-1649 partial update for permission fixed to take into account the action list
minor messages fixes
test: authorization-mgt (added updateactions test), service tests

M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionValidatorHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java

CSPACE-1207: Display names for ID Generators for Loan In and Loan Out now correspond to names given on their respective wiki schema pages.

CSPACE-1660: Summary lists of ID Generators now include display names with each ID Generator item in the list, along with CSIDs and relative URLs.

CSPACE-1580,CSPACE-1627: Updates to ID Generator records are now temporarily row-locked via 'SELECT ... FOR UPDATE', to facilitate concurrent requests for new IDs, until such time as we move the current values of ID Parts out of ID Generator records altogether.  Fixed a driver initialization bug that resulted in a 'No suitable driver found' error on the first call to the ID Service after starting the 'cspace' server.

CSPACE-1489 inserted basic auth entry point into exceptiontranslation filter to prompt the user to login. earlier it used to send 403 back to the user
test: accessed accounts after loging in through browser, ran all service tests

M    services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml

CSPACE-1349, 1422, 1428, 1429, 1469, 1465, 1466, 1468, 1470, 1473: Adding pagination support in list response payloads of all Nuxeo based services.

Passes *ALL* current tests and merged with the latest set of sources.

NOJIRA: Removing "target" directory from revision control.

NOJIRA: Updating Eclipse setting files.

CSPACE-1349, 1422, 1428, 1429, 1469, 1465, 1466, 1468, 1470, 1473: Adding pagination support in list response payloads of all Nuxeo based services.

Passes *ALL* current tests and merged with the latest set of sources.

CSPACE-1615: Organization service now supports retrieving all authority terms used in an Organization record.

CSPACE-1458 partial update for jpa based services (account, role, permission)
refactoring of JpaStorageClient
test: tests for jpa services now do partial updates, all service tests

M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionResource.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleUtil.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
A    services/common/src/main/java/org/collectionspace/services/common/context/ServiceContextProperties.java
M    services/common/src/main/java/org/collectionspace/services/common/context/RemoteServiceContextImpl.java
M    services/common/src/main/java/org/collectionspace/services/common/context/RemoteServiceContextFactory.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java
M    services/common/src/main/java/org/collectionspace/services/common/AbstractCollectionSpaceResourceImpl.java
M    services/common/src/main/java/org/collectionspace/services/common/document/DocumentUtils.java
A    services/common/src/main/java/org/collectionspace/services/common/document/JaxbUtils.java
M    services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountStorageClient.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountDocumentHandler.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountRoleDocumentHandler.java
M    services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java

CSPACE-1469: Added ititial paging support to CollectionObjectResource.java.

NOJIRA: Removing commenting out of Authorization module.

CSPACE-1208,CSPACE-1209: Client tests of services once again fully clean up temporary records created during testing. Following Patrick's lead in PersonAuthRefDocsTest, all cleanUp() methods in client tests now recognize a 'noTestCleanup' system property, which will disable clean up of temporary records for that test run (e.g. 'mvn test -DnoTestCleanup=true -DforkMode=never').

NOJIRA: Updating Javadoc comments and commented out unnecessary import statements.

NOJIRA: Pom file cleanup.  Removed redundant maven-compiler-plugin declarations and other misc pom changes.

NOJIRA - documented schema for javadoc

M    services/authentication/jaxb/src/main/resources/authentication_identity_provider.xsd

CSPACE-1521 screen name is no more unique. only userid is unique across all realms including csip realm
test: account

M    account/jaxb/src/main/resources/accounts_common.xsd
M    account/pstore/src/main/resources/db/mysql/account.sql
M    account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java

CSPACE-1292: Properly added Loan Out (aka Loans Out) service to undeploy and dist targets in main services Ant buildfile, rectifying two copy and paste errors resulting from the hasty checkin in r1849.

CSPACE-901,CSPACE-1577: Apply changes made to other client test classes in CSPACE-901 to the recently added PersonAuthRefDocsTest, in the Intake module: declaring and initializing HttpClient-based classes within individual test methods, rather than at the class level.

CSPACE-1596
CSPACE-1595
beefed up error reporting. common messages declared in common/ServiceMessages.java (should eventually go into a message bundle for i18n).
invalid password now returns 400 instead of 500
test: account, permission, role, accrole, permrole

M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionResource.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleValidatorHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionValidatorHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleValidatorHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/RoleResource.java
A    services/common/src/main/java/org/collectionspace/services/common/ServiceMessages.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountStorageClient.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountValidatorHandler.java
M    services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java
M    services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java

CSPACE-1510
CSPACE-1538
added validation for relationship services. validation is performed in handler for create. object id of the relationship is checked during get and delete in the jpa storage client.
on delete of account or permission, related roles are also deleted (not in the same tx though)
test: account, accountrole, permission, permissionrole, all services

M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionResource.java
A    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionRoleValidatorHandler.java
M    services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/PermissionRoleSubResource.java
M    services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionRoleServiceTest.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageClientImpl.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaRelationshipStorageClient.java
M    services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java
M    services/account/service/src/main/java/org/collectionspace/services/account/AccountRoleSubResource.java
M    services/account/service/src/main/java/org/collectionspace/services/account/storage/AccountStorageClient.java
M    services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java
M    services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java

CSPACE-1489 cleaned up spring security metadata...work in progress for 1489
test: service level tests pass, 403 from browser still present

M    JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml

CSPACE-1207,CSPACE-1221: Added generators for Loan Out (aka Loans Out) IDs and Location and Movement IDs to the set of ID generators loaded by the ID Service SQL load script.

CSPACE-1286: Fixed trivial copy-and-paste typo in schemaLocation for Loan In service in tenant-bindings.xml