Skip to content
Permalink
a4b0f8c109
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

midPoint_container/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml

Go to file
 
 
Cannot retrieve contributors at this time
783 lines (778 sloc) 35.7 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2010-2019 Evolveum and contributors
~
~ This work is dual-licensed under the Apache License 2.0
~ and European Union Public License. See LICENSE file for details.
-->
<systemConfiguration oid="00000000-0000-0000-0000-000000000001" version="0"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<name>SystemConfiguration</name>
<!-- <globalAccountSynchronizationSettings> -->
<!-- <assignmentPolicyEnforcement>relative</assignmentPolicyEnforcement> -->
<!-- </globalAccountSynchronizationSettings> -->
<globalSecurityPolicyRef oid="00000000-0000-0000-0000-000000000120"/>
<logging>
<classLogger>
<level>ERROR</level>
<package>ro.isdc.wro.extensions.processor.css.Less4jProcessor</package>
</classLogger>
<classLogger>
<!-- disabled because of MID-744, helper insert messages on ERROR
level which should not be there (probably should be on TRACE) -->
<level>OFF</level>
<package>org.hibernate.engine.jdbc.spi.SqlExceptionHelper</package>
</classLogger>
<!-- Disabled because we treat locking-related exceptions in the repository.
Otherwise the log is filled-in with (innocent but ugly-looking) messages like
"ERROR (o.h.engine.jdbc.batch.internal.BatchingBatch): HHH000315: Exception executing batch [Deadlock detected.
The current transaction was rolled back." -->
<classLogger>
<level>OFF</level>
<package>org.hibernate.engine.jdbc.batch.internal.BatchingBatch</package>
</classLogger>
<!-- Disabled because of the same reason; this time concerning messages like
"INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
HHH000010: On release of batch it still contained JDBC statements" -->
<classLogger>
<level>WARN</level>
<package>org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl</package>
</classLogger>
<!-- Diesabled because of MID-4636 -->
<classLogger>
<level>OFF</level>
<package>org.hibernate.internal.ExceptionMapperStandardImpl</package>
</classLogger>
<classLogger>
<!-- disabled because of MID-1612, jasper library needs to be fixed -->
<level>OFF</level>
<package>net.sf.jasperreports.engine.fill.JRFillDataset</package>
</classLogger>
<classLogger>
<!-- disabled because we don't need to see every property file
loading message (unnecessary log pollution) -->
<level>WARN</level>
<package>org.apache.wicket.resource.PropertiesFactory</package>
</classLogger>
<classLogger>
<!-- disabled because we don't need to see every log message for every key
when resource bundle doesn't exist for specific locale (unnecessary log pollution) -->
<level>ERROR</level>
<package>org.springframework.context.support.ResourceBundleMessageSource</package>
</classLogger>
<classLogger>
<!-- Standard useful logger -->
<level>INFO</level>
<package>com.evolveum.midpoint.model.impl.lens.projector.Projector</package>
</classLogger>
<classLogger>
<!-- Standard useful logger -->
<level>INFO</level>
<package>com.evolveum.midpoint.model.impl.lens.Clockwork</package>
</classLogger>
<classLogger>
<level>DEBUG</level>
<package>com.evolveum.polygon.connector.grouper</package>
</classLogger>
<appender xsi:type="c:FileAppenderConfigurationType" name="MIDPOINT_LOG"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern>
<fileName>${midpoint.home}/log/midpoint.log</fileName>
<filePattern>${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log</filePattern>
<maxHistory>10</maxHistory>
<maxFileSize>100MB</maxFileSize>
<append>true</append>
</appender>
<!-- Appender for profiling purposes -->
<appender xsi:type="c:FileAppenderConfigurationType" name="MIDPOINT_PROFILE_LOG"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<pattern>%date %level: %msg%n</pattern>
<fileName>${midpoint.home}/log/midpoint-profile.log</fileName>
<filePattern>${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log</filePattern>
<maxHistory>10</maxHistory>
<maxFileSize>100MB</maxFileSize>
<append>true</append>
</appender>
<rootLoggerAppender>MIDPOINT_LOG</rootLoggerAppender>
<rootLoggerLevel>INFO</rootLoggerLevel>
<auditing>
<enabled>false</enabled>
<details>false</details>
</auditing>
</logging>
<defaultObjectPolicyConfiguration id="101">
<type>UserType</type>
<objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="8098b124-c20c-4965-8adf-e528abedf7a4" relation="org:default" type="tns:ObjectTemplateType"/>
</defaultObjectPolicyConfiguration>
<defaultObjectPolicyConfiguration>
<type>OrgType</type>
<lifecycleStateModel>
<state>
<name>retired</name>
<!-- object in this model is active but on its way to deletion -->
</state>
</lifecycleStateModel>
</defaultObjectPolicyConfiguration>
<cleanupPolicy>
<auditRecords>
<maxAge>P3M</maxAge>
</auditRecords>
<closedTasks>
<maxAge>P1M</maxAge>
</closedTasks>
</cleanupPolicy>
<internals>
<enableExperimentalCode>true</enableExperimentalCode>
<operationExecutionRecording>
<skipWhenSuccess>true</skipWhenSuccess>
</operationExecutionRecording>
<focusConstraintsChecking>
<skipWhenNoChange>true</skipWhenNoChange>
<skipWhenNoIteration>true</skipWhenNoIteration>
</focusConstraintsChecking>
<projectionConstraintsChecking>
<skipWhenNoChange>true</skipWhenNoChange>
<skipWhenNoIteration>true</skipWhenNoIteration>
</projectionConstraintsChecking>
<synchronizationSituationUpdating>
<skipWhenNoChange>true</skipWhenNoChange>
</synchronizationSituationUpdating>
<caching>
<profile>
<global>true</global>
<localRepoCache>
<statistics>
<classification>perCacheAndObjectType</classification>
</statistics>
</localRepoCache>
<globalRepoCache>
<timeToLive>60</timeToLive>
<objectTypeSettings>
<objectType>SystemConfigurationType</objectType>
<objectType>ArchetypeType</objectType>
<objectType>ObjectTemplateType</objectType>
<objectType>SecurityPolicyType</objectType>
<objectType>ValuePolicyType</objectType>
<objectType>ResourceType</objectType>
<objectType>RoleType</objectType>
<objectType>OrgType</objectType>
<objectType>ServiceType</objectType>
<objectType>ShadowType</objectType>
</objectTypeSettings>
<statistics>
<classification>perCacheAndObjectType</classification>
</statistics>
</globalRepoCache>
</profile>
</caching>
<repository>
<statistics>
<classification>perOperationAndObjectType</classification>
</statistics>
</repository>
<tracing>
<profile>
<name>performance</name>
<displayName>Performance tracing</displayName>
<visible>true</visible>
<default>true</default>
<fileNamePattern>performance-trace %{timestamp} %{focusName} %{milliseconds}</fileNamePattern>
<createRepoObject>true</createRepoObject>
<compressOutput>true</compressOutput>
</profile>
<profile>
<name>functional</name>
<displayName>Functional tracing</displayName>
<visible>true</visible>
<fileNamePattern>functional-trace %{timestamp} %{focusName}</fileNamePattern>
<createRepoObject>true</createRepoObject>
<compressOutput>true</compressOutput>
<collectLogEntries>true</collectLogEntries>
<tracingTypeProfile>
<level>normal</level>
</tracingTypeProfile>
</profile>
<profile>
<name>functional-model-logging</name>
<displayName>Functional tracing (with model logging)</displayName>
<visible>true</visible>
<fileNamePattern>functional-trace %{timestamp} %{focusName}</fileNamePattern>
<createRepoObject>true</createRepoObject>
<compressOutput>true</compressOutput>
<collectLogEntries>true</collectLogEntries>
<loggingOverride>
<levelOverride>
<logger>com.evolveum.midpoint.model</logger>
<level>TRACE</level>
</levelOverride>
</loggingOverride>
<tracingTypeProfile>
<level>normal</level>
</tracingTypeProfile>
</profile>
<profile>
<name>functional-sql-logging</name>
<displayName>Functional tracing (with SQL logging)</displayName>
<visible>true</visible>
<fileNamePattern>functional-trace %{timestamp} %{focusName}</fileNamePattern>
<createRepoObject>true</createRepoObject>
<compressOutput>true</compressOutput>
<collectLogEntries>true</collectLogEntries>
<loggingOverride>
<levelOverride>
<logger>org.hibernate.SQL</logger>
<level>TRACE</level>
</levelOverride>
</loggingOverride>
<tracingTypeProfile>
<level>normal</level>
</tracingTypeProfile>
</profile>
</tracing>
</internals>
<deploymentInformation>
<name>demo/grouper</name>
</deploymentInformation>
<adminGuiConfiguration>
<userDashboardLink>
<targetUrl>/self/profile</targetUrl>
<label>Profile</label>
<description>View/edit your profile</description>
<icon>
<cssClass>fa fa-user</cssClass>
</icon>
<color>green</color>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile</authorization>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
</userDashboardLink>
<userDashboardLink>
<targetUrl>/self/credentials</targetUrl>
<label>Credentials</label>
<description>View/edit your credentials</description>
<icon>
<cssClass>fa fa-shield</cssClass>
</icon>
<color>blue</color>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</authorization>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
</userDashboardLink>
<userDashboardLink>
<targetUrl>/admin/users</targetUrl>
<label>List users</label>
<icon>
<cssClass>fa fa-users</cssClass>
</icon>
<color>red</color>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</authorization>
</userDashboardLink>
<userDashboardLink>
<targetUrl>/admin/resources</targetUrl>
<label>List resources</label>
<icon>
<cssClass>fa fa-database</cssClass>
</icon>
<color>purple</color>
<authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</authorization>
</userDashboardLink>
<objectCollectionViews>
<objectCollectionView>
<identifier>my-cases</identifier>
<display>
<label>My cases</label>
<!-- We need to explicitly specify plural label here. Otherwise it will be overwritten by a plural label from archetype. -->
<pluralLabel>My cases</pluralLabel>
<singularLabel>My case</singularLabel>
<icon>
<cssClass>fe fe-case-object</cssClass>
</icon>
</display>
<displayOrder>1000</displayOrder>
<type>CaseType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000344" relation="org:default" type="c:ObjectCollectionType">
</collectionRef>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>manual-case-view</identifier>
<display>
<label>Manual cases</label> <!-- "Manual provisioning cases" is too long for the menu -->
<!-- We need to explicitly specify plural label here. Otherwise it will be overwritten by a plural label from archetype. -->
<pluralLabel>All manual cases</pluralLabel>
<singularLabel>Manual case</singularLabel>
<tooltip>Manual provisioning cases</tooltip>
</display>
<displayOrder>1010</displayOrder>
<type>CaseType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000340" relation="org:default" type="c:ArchetypeType">
</collectionRef>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>operation-request-case-view</identifier>
<display>
<label>Requests</label> <!-- "Operation requests" is too long for the menu -->
<!-- We need to explicitly specify plural label here. Otherwise it will be overwritten by a plural label from archetype. -->
<pluralLabel>All requests</pluralLabel>
<singularLabel>Request</singularLabel>
<tooltip>Operation requests</tooltip>
</display>
<displayOrder>1020</displayOrder>
<type>CaseType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000341" relation="org:default" type="c:ArchetypeType">
</collectionRef>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>approval-case-view</identifier>
<display>
<label>Approvals</label> <!-- "Approval cases" is too long for the menu -->
<!-- We need to explicitly specify plural label here. Otherwise it will be overwritten by a plural label from archetype. -->
<pluralLabel>All approvals</pluralLabel>
<singularLabel>Approval</singularLabel>
<tooltip>Approval cases</tooltip>
</display>
<displayOrder>1030</displayOrder>
<type>CaseType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000342" relation="org:default" type="c:ArchetypeType">
</collectionRef>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>reconciliation-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000501" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>recomputation-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000502" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>import-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000503" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>live-sync-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000504" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>async-update-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000505" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>cleanup-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000506" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>report-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000507" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>single-bulk-action-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000508" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>iterative-bulk-action-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000509" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>certification-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000520" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>approval-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000521" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>utility-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000528" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
<objectCollectionView>
<identifier>system-tasks-view</identifier>
<refreshInterval>30</refreshInterval>
<type>TaskType</type>
<collection>
<collectionRef oid="00000000-0000-0000-0000-000000000529" relation="org:default" type="c:ArchetypeType"/>
</collection>
</objectCollectionView>
</objectCollectionViews>
<objectDetails>
<objectDetailsPage>
<type>c:TaskType</type>
<container>
<displayOrder>150</displayOrder>
<display>
<label>Advanced options</label>
</display>
<item>
<c:path>cleanupAfterCompletion</c:path>
</item>
<item>
<c:path>threadStopAction</c:path>
</item>
<item>
<c:path>binding</c:path>
</item>
<item>
<c:path>dependent</c:path>
</item>
</container>
<container>
<displayOrder>900</displayOrder>
<display>
<label>Operational attributes (state)</label>
</display>
<item>
<c:path>executionStatus</c:path>
</item>
<item>
<c:path>node</c:path>
</item>
<item>
<c:path>nodeAsObserved</c:path>
</item>
<item>
<c:path>resultStatus</c:path>
</item>
<item>
<c:path>result</c:path>
</item>
<item>
<c:path>nextRunStartTimestamp</c:path>
</item>
<item>
<c:path>nextRetryTimestamp</c:path>
</item>
<item>
<c:path>unpauseAction</c:path>
</item>
<item>
<c:path>taskIdentifier</c:path>
</item>
<item>
<c:path>parent</c:path>
</item>
<item>
<c:path>waitingReason</c:path>
</item>
<item>
<c:path>stateBeforeSuspend</c:path>
</item>
<item>
<c:path>category</c:path>
</item>
<item>
<c:path>otherHandlersUriStack</c:path>
</item>
<item>
<c:path>channel</c:path>
</item>
<item>
<c:path>subtaskRef</c:path>
</item>
<item>
<c:path>dependentTaskRef</c:path>
</item>
<item>
<c:path>lastRunStartTimestamp</c:path>
</item>
<item>
<c:path>lastRunFinishTimestamp</c:path>
</item>
<item>
<c:path>completionTimestamp</c:path>
</item>
</container>
<container>
<displayOrder>910</displayOrder>
<visibility>hidden</visibility>
<display>
<label>Operational attributes (progress)</label>
</display>
<item>
<c:path>progress</c:path>
</item>
<item>
<c:path>expectedTotal</c:path>
</item>
<item>
<c:path>stalledSince</c:path>
</item>
</container>
</objectDetailsPage>
</objectDetails>
<enableExperimentalFeatures>true</enableExperimentalFeatures>
</adminGuiConfiguration>
<workflowConfiguration>
<useLegacyApproversSpecification>never</useLegacyApproversSpecification>
<useDefaultApprovalPolicyRules>never</useDefaultApprovalPolicyRules>
</workflowConfiguration>
<expressions>
<expressionProfile>
<identifier>safe</identifier>
<description>
"Safe" expression profile. It is supposed to contain only operations that are "safe",
i.e. operations that have very little risk to harm the system, circumvent midPoint security
and so on. Use of those operations should be reasonably safe in all expressions.
However, there are limitations. This profile may incomplete or it may even be not completely secure.
Proper security testing of this profile was not yet conducted. It is provided here "AS IS",
without any guarantees. Use at your own risk.
</description>
<decision>deny</decision> <!-- default decision of those evaluators that are not explicitly enumerated. -->
<evaluator>
<type>asIs</type>
<decision>allow</decision>
</evaluator>
<evaluator>
<type>path</type>
<decision>allow</decision>
</evaluator>
<evaluator>
<type>value</type>
<decision>allow</decision>
</evaluator>
<evaluator>
<type>const</type>
<decision>allow</decision>
</evaluator>
<evaluator>
<type>script</type>
<decision>deny</decision> <!-- default decision of those script languages that are not explicitly enumerated. -->
<script>
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
<decision>allow</decision>
<typeChecking>true</typeChecking>
<permissionProfile>script-safe</permissionProfile>
</script>
</evaluator>
</expressionProfile>
<permissionProfile>
<identifier>script-safe</identifier>
<decision>deny</decision> <!-- Default decision for those classes that are not explicitly enumerated. -->
<package>
<name>com.evolveum.midpoint.xml.ns._public.common.common_3</name>
<description>MidPoint common schema - generated bean classes</description>
<decision>allow</decision>
</package>
<package>
<name>com.evolveum.prism.xml.ns._public.types_3</name>
<description>Prism schema - bean classes</description>
<decision>allow</decision>
</package>
<class>
<name>java.lang.Integer</name>
<decision>allow</decision>
</class>
<class>
<name>java.lang.Object</name>
<description>Basic Java operations.</description>
<decision>deny</decision>
<method>
<name>equals</name>
<decision>allow</decision>
</method><method>
<name>hashCode</name>
<decision>allow</decision>
</method>
</class>
<class>
<name>java.lang.String</name>
<description>String operations are generally safe. But Groovy is adding execute() method which is very dangerous.</description>
<decision>allow</decision> <!-- Default decision for those methods that are not explicitly enumerated. -->
<method>
<name>execute</name>
<decision>deny</decision>
</method>
</class>
<class>
<name>java.lang.CharSequence</name>
<decision>allow</decision>
</class>
<class>
<name>java.lang.Enum</name>
<decision>allow</decision>
</class>
<class>
<name>java.util.List</name>
<description>List operations are generally safe. But Groovy is adding execute() method which is very dangerous.</description>
<decision>allow</decision>
<method>
<name>execute</name>
<decision>deny</decision>
</method>
</class>
<class>
<name>java.util.ArrayList</name>
<description>List operations are generally safe. But Groovy is adding execute() method which is very dangerous.</description>
<decision>allow</decision>
<method>
<name>execute</name>
<decision>deny</decision>
</method>
</class>
<class>
<name>java.util.Map</name>
<decision>allow</decision>
</class>
<class>
<name>java.util.HashMap</name>
<decision>allow</decision>
</class>
<class>
<name>java.util.Date</name>
<decision>allow</decision>
</class>
<class>
<name>javax.xml.namespace.QName</name>
<decision>allow</decision>
</class>
<class>
<name>javax.xml.datatype.XMLGregorianCalendar</name>
<decision>allow</decision>
</class>
<class>
<name>java.lang.System</name>
<description>Just a few methods of System are safe enough.</description>
<decision>deny</decision>
<method>
<name>currentTimeMillis</name>
<decision>allow</decision>
</method>
</class>
<class>
<name>java.lang.IllegalStateException</name>
<description>Basic Java exception. Also used in test.</description>
<decision>allow</decision>
</class>
<class>
<name>java.lang.IllegalArgumentException</name>
<description>Basic Java exception.</description>
<decision>allow</decision>
</class>
<class>
<name>com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions</name>
<description>MidPoint basic functions library</description>
<decision>allow</decision>
</class>
<class>
<name>com.evolveum.midpoint.model.common.expression.functions.LogExpressionFunctions</name>
<description>MidPoint logging functions library</description>
<decision>allow</decision>
</class>
<class>
<name>com.evolveum.midpoint.report.impl.ReportFunctions</name>
<description>MidPoint report functions library</description>
<decision>allow</decision>
</class>
<class>
<name>org.apache.commons.lang.StringUtils</name>
<description>Apache Commons: Strings</description>
<decision>allow</decision>
</class>
<!-- Following may be needed for audit reports. But they may not be completely safe.
Therefore the following section is commented out. Please closely evaluate those rules
before using them. -->
<!-- <class>
<name>com.evolveum.midpoint.schema.expression.VariablesMap</name>
<description>Expression variables map.</description>
<decision>deny</decision>
<method>
<name>get</name>
<decision>allow</decision>
</method>
<method>
<name>remove</name>
<decision>allow</decision>
</method>
</class>
<class>
<name>com.evolveum.midpoint.schema.expression.TypedValue</name>
<description>Typed values, holding expression variables. Read-only access.</description>
<decision>deny</decision>
<method>
<name>getValue</name>
<decision>allow</decision>
</method>
</class>
<class>
<name>com.evolveum.midpoint.report.impl.ReportUtils</name>
<decision>deny</decision>
<method>
<name>convertDateTime</name>
<decision>allow</decision>
</method>
<method>
<name>getPropertyString</name>
<decision>allow</decision>
</method>
<method>
<name>printDelta</name>
<decision>allow</decision>
</method>
</class>
<class>
<name>com.evolveum.midpoint.prism.PrismReferenceValue</name>
<decision>allow</decision>
</class> -->
</permissionProfile>
</expressions>
</systemConfiguration>