Only execute the authz filter for external requests.

OPENIDM-4705 - Handle action=patch changes properly for authz

OPENIDM-4299 - Improves behavior when users update their own records via PUT

OPENIDM-4298 - Managed/user can use _action=patch instead of PATCH method to update account

Updates to use forgerock-ui 8.6.0 and forgerock-selfservice * Includes forgotten username process in admin and enduser UI * Aligns contractor sample with userQuery stage, and account for double-quotes in userNames passed to queryFilters * Updates self-service examples * Support for updating kba questions as part of self-service profile * Bug with update logic in router-authz * Support for locales in email

OPENIDM-4289 - Aligns workflow sample with relationships (authzRoles and manager) and refactoring and cleanup of contractorOnBoarding workflow Uses selfservice reset to set the new contractor's password.

OPENIDM-4287 - Updates workflow endpoints to use current user's security context

OPENIDM-3559 - Moving policy details for managed objects into json schema Adjusting authz rules for self-service requests (taking CSS-28 into account) Including kbaInfo in default user schema Progress with adding new properties to json editor for managed objects Aligning the Admin UI and authz rules with backend, removing default configs Using external/email endpoint in access.js authz rule

OPENIDM-3892 - Integrating User Self-Service with the openidm selfservice UI Bumping up to forgerock-ui 7.2.0 Fixes backgrid layout by including common/structure/backgrid.less Deleting old registration and reset code, and clearing out a lot of cruft Fixes to the /admin config screens for self-service: - for mimeType, ordering, labels, and _id removal - Updating ui/configuration when self-service features are enabled/disabled - bug with admin context startup, due to looking at wrong site configuration delegate

CHF-68 and CHF-69: move Context, SecurityContext, and AbstractRouter to services package

Replaces request.resourceName with request.resourcePath in scripts

OPENIDM-2797 CR-5901 Add some logging in authorization process

[OPENIDM-2580] CR-5617 Fixing bug in checking user access rights when starting a workflow

OPENIDM-2180 (CR-4447) Disallow ?_action=command on repo via HTTP

CR-3494 - OPENIDM-1825 Relax restrictions on GET requests, so that the presence of a custom header isn't necessary

Since caller, if defined, will always have .external and it will always been boolean, simplify the expression with "truthiness".

Fixed managedUserRestrictedToAllowedProperties() function to correctly get patch operations from an ACTION/patch request.

IDME-122 (CR-3020) Align internal context changes from CREST-142/IDME-121/IDME-123 Reverts part of r2848 to allow policy service _validateObject action from policyFilter.js to be viewed "external" without extra param hook.

http://sources.forgerock.org/cru/CR-3014 - Adding CORS and GZIP servlet filters https://bugster.forgerock.org/jira/browse/OPENIDM-1145

http://sources.forgerock.org/cru/CR-2981 - FR-UI - Dialog transition problems, improved default value support, and IDM enduser UI alignment

http://sources.forgerock.org/cru/FR-62 - Aligning scripts in CREST branch to use new request and context variables, and updates to workflow UI Resolves IDME-108

Bulk update to update to forgerock-rest-2.2.1 and forgerock-script-1.1.1 in order to resolve CREST-138 - UpdateRequest#getNewContent -> UpdateRequest#getContent CREST-139 - ActionRequest#getAdditionalActionParameters -> ActionRequest#getAdditionalParamters QueryRequest#getAdditionalQueryParameters -> QueryRequest#getAdditionalParamters OPENIDM-1617 - revert request member "method" back to "type" and use lowercase values IDME-72 - Allow javascript to set element at variable[0]

Update javascript to use new request/context bindings. Retool PolicyService to pass CREST Request objects on through rather than build custom maps (for the old javacript)

http://sources.forgerock.org/cru/FR-47 - Updates to UI and script to align with recent script query changes and merging in list-based role updates from trunk

http://sources.forgerock.org/cru/FR-29 - OpenIDM UI changes for CREST branch - aligning with API and commons-ui

http://sources.forgerock.org/cru/FR-20 - Pulling in numerous updates to common ui from bridge work http://sources.forgerock.org/cru/FR-22 - Updates to pass-through auth config and script to be more flexible with choice of ldap backend

Removed a System.out comment.

Added patch operations to the "request" for scripted filters. Updated the managedUserRestrictedToAllowedProperties function to use new PatchOperation format.

Updated the router-authz.js script to correctly pull the "id" property from the request.security map.

Updating all thrown exceptions in js script to use 'code' to specify the http code instead of 'openidmCode'

To go along with r2395, if the statement gets removed remove the comment that goes with it

Removed a System.out.println statement.

Added request.action property containing the action name of an ActionRequest, for script consumption.

Initial fixes to get Scheduler service create/read working and scripted scheduled jobs executing. Added modifications to the "security" object in scripts to fix errors with retrieving roles.

[OPENIDM-1325][CR-1703] Changed load() function call in router-authz.js script to pass along "this" for access to "openidm" from the loaded script.

UI is inoperable in IE8 due to lowercase request headers https://bugster.forgerock.org/jira/browse/OPENIDM-1208

[OPENIDM-1113][CR-1210] Expanded IndentityServer methods accessible from scripts to include getters for the working, project, and install locations of OpenIDM. Updated router-authz.js to use the project location when loading access.js.

https://bugster.forgerock.org/jira/browse/OPENIDM-1118 http://sources.forgerock.org/cru/CR-1198

https://bugster.forgerock.org/jira/browse/OPENIDM-1118 http://sources.forgerock.org/cru/CR-1183

Using JSLint to validate server-side JavaScript code as part of the maven build process. Updates to server-side JavaScript to pass JSLint validation rules. http://sources.forgerock.org/cru/CR-1175

http://sources.forgerock.org/cru/CR-1107#CFR-20620 - Granting patch for managed/user/password to openidm-cert users. https://bugster.forgerock.org/jira/browse/OPENIDM-988 - OpenDJ Password Synchronization Plugin raising error on password change in OpenDJ

merging trunk r1735-1772

http://sources.forgerock.org/cru/CR-1083 - OpenIDM - fix whitelist to support complex attributes https://bugster.forgerock.org/jira/browse/OPENIDM-1006#comment-17456 - further testing by Laurent, specifically on complex attributes

Whitelist for attributes users are allowed to modify on their account http://sources.forgerock.org/cru/CR-1043 https://bugster.forgerock.org/jira/browse/OPENIDM-1006

Whitelisting user attributes - http://sources.forgerock.org/cru/CR-1043 Changing default behavior in mysql to be case-sensitive for usernames, as in OrientDB - http://sources.forgerock.org/cru/CR-1039

[OPENIDM-962] Added logic to ingore case on method and action matching.

For changes to access.js: https://bugster.forgerock.org/jira/browse/OPENIDM-936 http://sources.forgerock.org/cru/CR-970 For changes to router-authz.js: https://bugster.forgerock.org/jira/browse/OPENIDM-935 http://sources.forgerock.org/cru/CR-969

Restoring disallowQueryExpression customAuthz https://bugster.forgerock.org/jira/browse/OPENIDM-935

[OPENIDM-936] Added support for an "excludePatterns" field in httpAccessConfig entries.

[OPENIDM-922] Renamed accessConfig object to httpAccessConfig and adjusted the comments.

[OPENIDM-922] Added access to Rhino shell commands in OpenIDM scripts. Separated enforcement and helper logic of router authorization script. Moved router-authz.js to bin/defaults.