Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:architecture:dev:events:init-data [2020/10/20 09:10] tomiskar |
devel:documentation:architecture:dev:events:init-data [2021/10/06 12:20] (current) tomiskar |
||
---|---|---|---|
Line 21: | Line 21: | ||
| core | core-init-codelist-processor | Init base codelists (environment). | -300 | no | | | core | core-init-codelist-processor | Init base codelists (environment). | -300 | no | | ||
| core | core-init-form-definition-processor | Init default extended form definitions for formable types (identity, role, contract, tree node). | -200 | no | | | core | core-init-form-definition-processor | Init default extended form definitions for formable types (identity, role, contract, tree node). | -200 | no | | ||
- | | core | core-init-password-policy-processor | Init base password policies for password validate and generate, when no other policy is defined. Validation policy set 30s fogin blocking time with 5 unsuccessful login attempts. Generate policy is configured to generate 8-12 char length passwords with 2 lower, 2 upper, 2 number and 2 special chars. | -150 | yes | | ||
| core | core-init-generator-processor | Init value generators for set default values of extended form attributes (for identity, role request concepts and assigned role attributes). | -100 | no | | | core | core-init-generator-processor | Init value generators for set default values of extended form attributes (for identity, role request concepts and assigned role attributes). | -100 | no | | ||
| core | core-init-role-catalogue-processor | Init product provided role catalogue item ' | | core | core-init-role-catalogue-processor | Init product provided role catalogue item ' | ||
Line 37: | Line 36: | ||
| core | core-init-organization-processor | Init default organization type ' | | core | core-init-organization-processor | Init default organization type ' | ||
| core | core-init-demo-data-processor | Initialize demo data for application. | 3000 | has own additional property, see below | | | core | core-init-demo-data-processor | Initialize demo data for application. | 3000 | has own additional property, see below | | ||
+ | | core | core-init-password-policy-processor | Init base password policies for password validate and generate, when no other policy is defined. Validation policy set 30s fogin blocking time with 5 unsuccessful login attempts, minimum 8 char length passwords. Generate policy is configured to generate 8-12 char length passwords with 2 lower, 2 upper, 2 number and 2 special chars. | 5000 | yes | | ||
| core | core-init-scheduled-task-processor | Schedule core long running tasks. | 10000 | no | | | core | core-init-scheduled-task-processor | Schedule core long running tasks. | 10000 | no | | ||
| acc | acc-init-scheduled-task-processor | Schedule acc long running tasks. | 10100 | no | | | acc | acc-init-scheduled-task-processor | Schedule acc long running tasks. | 10100 | no | | ||
+ | | core | core-init-monitoring-processor | Init monitoring manager and product provided monitoring evaluators. | 11000 | yes | | ||
+ | | acc | acc-init-monitoring-processor | Init product provided monitoring evaluators. | 11010 | yes | | ||
+ | | vs | vs-init-monitoring-processor | Init product provided monitoring evaluators. | 11020 | yes | | ||
**Column disableable** - processor can be disabled by additional property '' | **Column disableable** - processor can be disabled by additional property '' | ||
Line 50: | Line 53: | ||
Roles to cover basic IdM usecases were designed and provided from product (~person). Product roles are checked, when application is started - they are created for new instalations and updated, when new IdM version is installed, or role definition is changed (e.g. when some required authorization policy has been deleted). | Roles to cover basic IdM usecases were designed and provided from product (~person). Product roles are checked, when application is started - they are created for new instalations and updated, when new IdM version is installed, or role definition is changed (e.g. when some required authorization policy has been deleted). | ||
- | Configured role authorization policies are created or updated after application has started. Additional authorization policies can be configured. | + | Configured role authorization policies are created or updated after application has started. Additional authorization policies can be configured. Authorization policy can be disabled, if is not needed - policy will be not enabled after application has started. |
**Role type enumeration is used now for product provided roles**. Role type '' | **Role type enumeration is used now for product provided roles**. Role type '' | ||
Line 61: | Line 64: | ||
* When authorization policy is changed (permissions or additional configuration properties) - then is updated to product provided configuration again after application starts. | * When authorization policy is changed (permissions or additional configuration properties) - then is updated to product provided configuration again after application starts. | ||
* When authorization policy is added to product provided role - it's preserved without change. **Be careful - different combination of authorizable type and evaluator type can be added only**. | * When authorization policy is added to product provided role - it's preserved without change. **Be careful - different combination of authorizable type and evaluator type can be added only**. | ||
+ | * When authorization policy is disabled, then is updated to product provided configuration again after application starts, but it's still disabled. | ||
- | **[[..: | + | **[[..: |
* [[..: | * [[..: | ||
* '' | * '' | ||
+ | * If product provided role contains authorization policy, which is not needed => policy can be disabled and is not effective anymore. | ||
</ | </ | ||
Line 93: | Line 98: | ||
| core | HrEnableContractProcess | - | Start of contract validity - before end and expire. | 0.35 | | | core | HrEnableContractProcess | - | Start of contract validity - before end and expire. | 0.35 | | ||
| core | IdentityRoleValidRequestTaskExecutor | - | Start of assigned role validity. | 0.45 | | | core | IdentityRoleValidRequestTaskExecutor | - | Start of assigned role validity. | 0.45 | | ||
- | | core | HrEndContractProcess | - | End of contract validity - scheduled before default contract expiration (this task works with disabled state too). | 0.50 | | + | | core | HrEndContractProcess | - | End of contract validity - scheduled before default contract expiration (this task works with disabled state too and set identity state by contract state). | 0.50 | |
| core | HrContractExclusionProcess | - | Exclude contract. | 0.55 | | | core | HrContractExclusionProcess | - | Exclude contract. | 0.55 | | ||
| core | IdentityContractExpirationTaskExecutor | - | Remove roles by expired identity contracts (=> removes assigned roles). | 1.00 | | | core | IdentityContractExpirationTaskExecutor | - | Remove roles by expired identity contracts (=> removes assigned roles). | 1.00 | |