← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19638: moved acl/oauth/Authority files into its own security package in dhis-api

 

------------------------------------------------------------
revno: 19638
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2015-07-14 14:21:33 +0700
message:
  moved acl/oauth/Authority files into its own security package in dhis-api
removed:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/JacksonMapListIdentifiableObjectSerializer.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/MapViewXmlAdapter.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2Client.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientService.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientStore.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Authority.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/AuthorityType.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/DefaultOAuth2ClientService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientDeletionHandler.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/hibernate/
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/hibernate/HibernateOAuth2ClientStore.java
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientServiceTest.java
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientStoreTest.java
added:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/Authority.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/AuthorityType.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/Access.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AccessStringHelper.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AclService.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2Client.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientService.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientStore.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/acl/
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/acl/DefaultAclService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultOAuth2ClientService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientDeletionHandler.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/hibernate/
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/hibernate/HibernateOAuth2ClientStore.java
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientServiceTest.java
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientStoreTest.java
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Schema.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/AttributeSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryComboSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionComboSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSetSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategorySchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ChartSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ConstantSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardItemSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataApprovalLevelSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSetSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataSetSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DocumentSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventChartSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventReportSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSetSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorTypeSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MapSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MetaDataFilterSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OAuth2ClientSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSetSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSetSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitLevelSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramIndicatorSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleActionSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleVariableSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageDataElementSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramValidationSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/RelationshipTypeSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportTableSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SectionSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SqlViewSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntitySchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserRoleSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleGroupSchemaDescriptor.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleSchemaDescriptor.java
  dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java
  dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java
  dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/oauth2.hibernate/OAuth2Client.hbm.xml
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/IdentifiableObjectManagerTest.java
  dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/DefaultExportService.java
  dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java
  dhis-2/dhis-services/dhis-service-dxf2/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/deletion/DeletionHandler.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/OAuth2ClientController.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SharingController.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientsAction.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== removed directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl'
=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java	1970-01-01 00:00:00 +0000
@@ -1,142 +0,0 @@
-package org.hisp.dhis.acl;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
-import org.hisp.dhis.common.DxfNamespaces;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-@JacksonXmlRootElement( localName = "access", namespace = DxfNamespaces.DXF_2_0 )
-public class Access
-{
-    private boolean manage;
-
-    private boolean externalize;
-
-    private boolean write;
-
-    private boolean read;
-
-    private boolean update;
-
-    private boolean delete;
-
-    public Access()
-    {
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "manage", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isManage()
-    {
-        return manage;
-    }
-
-    public void setManage( boolean manage )
-    {
-        this.manage = manage;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "externalize", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isExternalize()
-    {
-        return externalize;
-    }
-
-    public void setExternalize( boolean externalize )
-    {
-        this.externalize = externalize;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "write", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isWrite()
-    {
-        return write;
-    }
-
-    public void setWrite( boolean write )
-    {
-        this.write = write;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "read", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isRead()
-    {
-        return read;
-    }
-
-    public void setRead( boolean read )
-    {
-        this.read = read;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "update", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isUpdate()
-    {
-        return update;
-    }
-
-    public void setUpdate( boolean update )
-    {
-        this.update = update;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "delete", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isDelete()
-    {
-        return delete;
-    }
-
-    public void setDelete( boolean delete )
-    {
-        this.delete = delete;
-    }
-
-    @Override
-    public String toString()
-    {
-        return "Access{" +
-            "manage=" + manage +
-            ", externalize=" + externalize +
-            ", write=" + write +
-            ", read=" + read +
-            ", update=" + update +
-            ", delete=" + delete +
-            '}';
-    }
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java	2015-05-26 01:37:51 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java	1970-01-01 00:00:00 +0000
@@ -1,152 +0,0 @@
-package org.hisp.dhis.acl;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Currently only the two first positions in the access string are used - rw.
- *
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class AccessStringHelper
-{
-    public enum Permission
-    {
-        READ( 'r', 0 ), WRITE( 'w', 1 );
-
-        private char value;
-
-        private int position;
-
-        Permission( char value, int position )
-        {
-            this.value = value;
-            this.position = position;
-        }
-
-        public char getValue()
-        {
-            return value;
-        }
-
-        public int getPosition()
-        {
-            return position;
-        }
-    }
-
-    private char[] access = DEFAULT.toCharArray();
-
-    public static final String DEFAULT = "--------";
-
-    public static final String READ = AccessStringHelper.newInstance()
-        .enable( Permission.READ )
-        .build();
-
-    public static final String WRITE = AccessStringHelper.newInstance()
-        .enable( Permission.WRITE )
-        .build();
-
-    public static final String READ_WRITE = AccessStringHelper.newInstance()
-        .enable( Permission.READ )
-        .enable( Permission.WRITE )
-        .build();
-
-    public AccessStringHelper()
-    {
-    }
-
-    public AccessStringHelper( char[] access )
-    {
-        this.access = access;
-    }
-
-    public AccessStringHelper( String access )
-    {
-        this.access = access.toCharArray();
-    }
-
-    public static AccessStringHelper newInstance()
-    {
-        return new AccessStringHelper();
-    }
-
-    public static AccessStringHelper newInstance( char[] access )
-    {
-        return new AccessStringHelper( access );
-    }
-
-    public AccessStringHelper enable( Permission permission )
-    {
-        access[permission.getPosition()] = permission.getValue();
-
-        return this;
-    }
-
-    public AccessStringHelper disable( Permission permission )
-    {
-        access[permission.getPosition()] = '-';
-
-        return this;
-    }
-
-    public String build()
-    {
-        return new String( access );
-    }
-
-    public String toString()
-    {
-        return build();
-    }
-
-    public static boolean canRead( String access )
-    {
-        return isEnabled( access, Permission.READ );
-    }
-
-    public static boolean canWrite( String access )
-    {
-        return isEnabled( access, Permission.WRITE );
-    }
-
-    public static boolean canReadAndWrite( String access )
-    {
-        return isEnabled( access, Permission.WRITE ) && isEnabled( access, Permission.READ );
-    }
-
-    public static boolean canReadOrWrite( String access )
-    {
-        return isEnabled( access, Permission.WRITE ) || isEnabled( access, Permission.READ );
-    }
-
-    public static boolean isEnabled( String access, Permission permission )
-    {
-        return access != null && access.charAt( permission.getPosition() ) == permission.getValue();
-    }
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java	2015-06-10 12:26:55 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java	1970-01-01 00:00:00 +0000
@@ -1,222 +0,0 @@
-package org.hisp.dhis.acl;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.user.User;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public interface AclService
-{
-    /**
-     * Is type supported for acl?
-     *
-     * @param type Type to check
-     * @return true if type is supported
-     */
-    boolean isSupported( String type );
-
-    /**
-     * Is class supported for acl?
-     *
-     * @param klass Class to check
-     * @return true if type is supported
-     */
-    boolean isSupported( Class<?> klass );
-
-    /**
-     * Is type supported for sharing?
-     *
-     * @param type Type to check
-     * @return true if type is supported
-     */
-    boolean isShareable( String type );
-
-    /**
-     * Is class supported for sharing?
-     *
-     * @param klass Class to check
-     * @return true if type is supported
-     */
-    boolean isShareable( Class<?> klass );
-
-    /**
-     * Can user write to this object (create)
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Is the user for the object null?
-     * 3. Is the user of the object equal to current user?
-     * 4. Is the object public write?
-     * 5. Does any of the userGroupAccesses contain public write and the current user is in that group
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    boolean canWrite( User user, IdentifiableObject object );
-
-    /**
-     * Can user read this object
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Is the user for the object null?
-     * 3. Is the user of the object equal to current user?
-     * 4. Is the object public read?
-     * 5. Does any of the userGroupAccesses contain public read and the current user is in that group
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    boolean canRead( User user, IdentifiableObject object );
-
-    /**
-     * Can user update this object
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Can user write to this object?
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    boolean canUpdate( User user, IdentifiableObject object );
-
-    /**
-     * Can user delete this object
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Can user write to this object?
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    boolean canDelete( User user, IdentifiableObject object );
-
-    /**
-     * Can user manage (make public) this object
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Can user write to this object?
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    boolean canManage( User user, IdentifiableObject object );
-
-    /**
-     * Can read an objects of this type.
-     *
-     * @param user  User to User to check against
-     * @param klass Type to check against
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean canRead( User user, Class<T> klass );
-
-    /**
-     * Can create an object of this type.
-     *
-     * @param user  User to User to check against
-     * @param klass Type to check against
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean canCreate( User user, Class<T> klass );
-
-    /**
-     * Checks if a user can create a public instance of a certain object.
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Does user have the authority to create public instances of that object
-     *
-     * @param user  User to check against
-     * @param klass Class to check
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass );
-
-    /**
-     * Checks if a user can create a private instance of a certain object.
-     * <p/>
-     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
-     * 2. Does user have the authority to create private instances of that object
-     *
-     * @param user  User to check against
-     * @param klass Class to check
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass );
-
-    /**
-     * Can user make this object external? (read with no login)
-     *
-     * @param user  User to check against
-     * @param klass Type to check
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass );
-
-    /**
-     * Is the default for this type to be private?
-     *
-     * @param klass Type to check
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean defaultPrivate( Class<T> klass );
-
-    /**
-     * Is the default for this type to be public?
-     *
-     * @param klass Type to check
-     * @return Result of test
-     */
-    <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass );
-
-    Class<? extends IdentifiableObject> classForType( String type );
-
-    /**
-     * Return the access object for a object.
-     *
-     * @param object Object to check for access
-     * @return Populated access instance
-     */
-    <T extends IdentifiableObject> Access getAccess( T object );
-
-    /**
-     * Return the access object for a object for a specific user.
-     *
-     * @param object Object to check for access
-     * @param user   User to check against
-     * @return Populated access instance
-     */
-    <T extends IdentifiableObject> Access getAccess( T object, User user );
-}

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java	2015-07-13 12:34:39 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java	2015-07-14 07:21:33 +0000
@@ -36,13 +36,12 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
 import org.apache.commons.lang3.Validate;
-import org.hisp.dhis.acl.Access;
-import org.hisp.dhis.acl.AccessStringHelper;
+import org.hisp.dhis.security.acl.Access;
+import org.hisp.dhis.security.acl.AccessStringHelper;
 import org.hisp.dhis.common.annotation.Description;
 import org.hisp.dhis.common.view.DetailedView;
 import org.hisp.dhis.common.view.DimensionalView;
 import org.hisp.dhis.common.view.ExportView;
-import org.hisp.dhis.organisationunit.OrganisationUnit;
 import org.hisp.dhis.schema.PropertyType;
 import org.hisp.dhis.schema.annotation.Property;
 import org.hisp.dhis.schema.annotation.PropertyRange;
@@ -55,7 +54,6 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import java.util.UUID;
 
 /**
  * @author Bob Jolliffe

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java	2015-06-01 03:33:13 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java	2015-07-14 07:21:33 +0000
@@ -28,7 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.hisp.dhis.acl.Access;
+import org.hisp.dhis.security.acl.Access;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserGroupAccess;
 

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/JacksonMapListIdentifiableObjectSerializer.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/JacksonMapListIdentifiableObjectSerializer.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/JacksonMapListIdentifiableObjectSerializer.java	1970-01-01 00:00:00 +0000
@@ -1,87 +0,0 @@
-package org.hisp.dhis.common.adapter;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-import org.hisp.dhis.common.IdentifiableObject;
-
-import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.databind.JsonSerializer;
-import com.fasterxml.jackson.databind.SerializerProvider;
-
-/**
- * @author Lars Helge Overland
- */
-public class JacksonMapListIdentifiableObjectSerializer
-    extends JsonSerializer<Map<String, List<IdentifiableObject>>>
-{
-    @Override
-    public void serialize( Map<String, List<IdentifiableObject>> value, JsonGenerator jgen, SerializerProvider provider )
-        throws IOException
-    {
-        if ( value != null )
-        {
-            jgen.writeStartObject();
-            
-            for ( String key : value.keySet() )
-            {
-                jgen.writeArrayFieldStart( key );
-                
-                for ( IdentifiableObject object : value.get( key ) )
-                {
-                    jgen.writeStartObject();
-                    
-                    if ( object.getUid() != null )
-                    {
-                        jgen.writeStringField( "id", object.getUid() );
-                    }
-                    
-                    if ( object.getName() != null )
-                    {
-                        jgen.writeStringField( "name", object.getName() );
-                    }
-                    
-                    if ( object.getCode() != null )
-                    {
-                        jgen.writeStringField( "code", object.getCode() );
-                    }
-                    
-                    jgen.writeEndObject();
-                }
-                
-                jgen.writeEndArray();                
-            }
-            
-            jgen.writeEndObject();
-        }
-    }
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/MapViewXmlAdapter.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/MapViewXmlAdapter.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/adapter/MapViewXmlAdapter.java	1970-01-01 00:00:00 +0000
@@ -1,61 +0,0 @@
-package org.hisp.dhis.common.adapter;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.common.BaseIdentifiableObject;
-import org.hisp.dhis.mapping.MapView;
-
-import javax.xml.bind.annotation.adapters.XmlAdapter;
-import java.util.UUID;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class MapViewXmlAdapter extends XmlAdapter<BaseIdentifiableObject, MapView>
-{
-    private BaseIdentifiableObjectXmlAdapter baseIdentifiableObjectXmlAdapter = new BaseIdentifiableObjectXmlAdapter();
-
-    @Override
-    public MapView unmarshal( BaseIdentifiableObject identifiableObject ) throws Exception
-    {
-        MapView mapView = new MapView();
-
-        mapView.setUid( identifiableObject.getUid() );
-        mapView.setLastUpdated( identifiableObject.getLastUpdated() );
-        mapView.setName( identifiableObject.getName() == null ? UUID.randomUUID().toString() : identifiableObject.getName() );
-
-        return mapView;
-    }
-
-    @Override
-    public BaseIdentifiableObject marshal( MapView mapView ) throws Exception
-    {
-        return baseIdentifiableObjectXmlAdapter.marshal( mapView );
-    }
-}

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java	2015-07-14 07:21:33 +0000
@@ -34,7 +34,7 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
-import org.hisp.dhis.acl.AccessStringHelper;
+import org.hisp.dhis.security.acl.AccessStringHelper;
 import org.hisp.dhis.chart.Chart;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.DxfNamespaces;

=== removed directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2'
=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2Client.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2Client.java	2015-06-25 06:26:15 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2Client.java	1970-01-01 00:00:00 +0000
@@ -1,187 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
-import org.hisp.dhis.common.BaseIdentifiableObject;
-import org.hisp.dhis.common.DxfNamespaces;
-import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.common.MergeStrategy;
-import org.hisp.dhis.schema.PropertyType;
-import org.hisp.dhis.schema.annotation.Property;
-import org.hisp.dhis.schema.annotation.PropertyRange;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-import java.util.UUID;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-@JacksonXmlRootElement( localName = "oAuth2Client", namespace = DxfNamespaces.DXF_2_0 )
-public class OAuth2Client extends BaseIdentifiableObject
-{
-    /**
-     * client_id
-     */
-    private String cid;
-
-    /**
-     * client_secret
-     */
-    private String secret = UUID.randomUUID().toString();
-
-    /**
-     * List of allowed redirect URI targets for this client.
-     */
-    private List<String> redirectUris = new ArrayList<>();
-
-    /**
-     * List of allowed grant types for this client.
-     */
-    private List<String> grantTypes = new ArrayList<>();
-
-    public OAuth2Client()
-    {
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
-    @Property( PropertyType.IDENTIFIER )
-    public String getCid()
-    {
-        return cid;
-    }
-
-    public void setCid( String cid )
-    {
-        this.cid = cid;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
-    @PropertyRange( min = 36, max = 36 )
-    public String getSecret()
-    {
-        return secret;
-    }
-
-    public void setSecret( String secret )
-    {
-        this.secret = secret;
-    }
-
-    @JsonProperty
-    @JacksonXmlElementWrapper( localName = "redirectUris", namespace = DxfNamespaces.DXF_2_0 )
-    @JacksonXmlProperty( localName = "redirectUri", namespace = DxfNamespaces.DXF_2_0 )
-    public List<String> getRedirectUris()
-    {
-        return redirectUris;
-    }
-
-    public void setRedirectUris( List<String> redirectUris )
-    {
-        this.redirectUris = redirectUris;
-    }
-
-    @JsonProperty
-    @JacksonXmlElementWrapper( localName = "grantTypes", namespace = DxfNamespaces.DXF_2_0 )
-    @JacksonXmlProperty( localName = "grantType", namespace = DxfNamespaces.DXF_2_0 )
-    public List<String> getGrantTypes()
-    {
-        return grantTypes;
-    }
-
-    public void setGrantTypes( List<String> grantTypes )
-    {
-        this.grantTypes = grantTypes;
-    }
-
-    @Override
-    public int hashCode()
-    {
-        return 31 * super.hashCode() + Objects.hash( cid, secret, redirectUris, grantTypes );
-    }
-
-    @Override
-    public boolean equals( Object obj )
-    {
-        if ( this == obj )
-        {
-            return true;
-        }
-        if ( obj == null || getClass() != obj.getClass() )
-        {
-            return false;
-        }
-        if ( !super.equals( obj ) )
-        {
-            return false;
-        }
-
-        final OAuth2Client other = (OAuth2Client) obj;
-
-        return Objects.equals( this.cid, other.cid )
-            && Objects.equals( this.secret, other.secret )
-            && Objects.equals( this.redirectUris, other.redirectUris )
-            && Objects.equals( this.grantTypes, other.grantTypes );
-    }
-
-    @Override
-    public void mergeWith( IdentifiableObject other, MergeStrategy strategy )
-    {
-        super.mergeWith( other, strategy );
-
-        if ( other.getClass().isInstance( this ) )
-        {
-            OAuth2Client oAuth2Client = (OAuth2Client) other;
-
-            if ( strategy.isReplace() )
-            {
-                cid = oAuth2Client.getCid();
-                secret = oAuth2Client.getSecret();
-            }
-            else if ( strategy.isMerge() )
-            {
-                cid = oAuth2Client.getCid() == null ? cid : oAuth2Client.getCid();
-                secret = oAuth2Client.getSecret() == null ? secret : oAuth2Client.getSecret();
-            }
-
-            redirectUris.clear();
-            grantTypes.clear();
-
-            redirectUris.addAll( oAuth2Client.getRedirectUris() );
-            grantTypes.addAll( oAuth2Client.getGrantTypes() );
-        }
-    }
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientService.java	2015-06-10 08:13:05 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientService.java	1970-01-01 00:00:00 +0000
@@ -1,51 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import java.util.Collection;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public interface OAuth2ClientService
-{
-    void saveOAuth2Client( OAuth2Client oAuth2Client );
-
-    void updateOAuth2Client( OAuth2Client oAuth2Client );
-
-    void deleteOAuth2Client( OAuth2Client oAuth2Client );
-
-    OAuth2Client getOAuth2Client( int id );
-
-    OAuth2Client getOAuth2Client( String uid );
-
-    OAuth2Client getOAuth2ClientByClientId( String cid );
-
-    Collection<OAuth2Client> getOAuth2Clients();
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientStore.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientStore.java	2015-06-10 08:13:05 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientStore.java	1970-01-01 00:00:00 +0000
@@ -1,48 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.common.GenericIdentifiableObjectStore;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public interface OAuth2ClientStore
-    extends GenericIdentifiableObjectStore<OAuth2Client>
-{
-    String ID = OAuth2ClientStore.class.getName();
-
-    /**
-     * Get OAuth2 client by cid.
-     *
-     * @param cid ClientID
-     * @return Matched OAuth2Client or null if not found
-     */
-    OAuth2Client getByClientId( String cid );
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Authority.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Authority.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Authority.java	1970-01-01 00:00:00 +0000
@@ -1,93 +0,0 @@
-package org.hisp.dhis.schema;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
-import org.hisp.dhis.common.DxfNamespaces;
-
-import java.util.List;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-@JacksonXmlRootElement( localName = "authority", namespace = DxfNamespaces.DXF_2_0 )
-public class Authority
-{
-    private AuthorityType type;
-
-    private List<String> authorities;
-
-    public Authority( AuthorityType type )
-    {
-        this.type = type;
-    }
-
-    public Authority( AuthorityType type, List<String> authorities )
-    {
-        this( type );
-        this.authorities = authorities;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
-    public AuthorityType getType()
-    {
-        return type;
-    }
-
-    public void setType( AuthorityType type )
-    {
-        this.type = type;
-    }
-
-    @JsonProperty
-    @JacksonXmlElementWrapper( localName = "authorities", namespace = DxfNamespaces.DXF_2_0 )
-    @JacksonXmlProperty( localName = "authority", namespace = DxfNamespaces.DXF_2_0 )
-    public List<String> getAuthorities()
-    {
-        return authorities;
-    }
-
-    public void setAuthorities( List<String> authorities )
-    {
-        this.authorities = authorities;
-    }
-
-    @Override
-    public String toString()
-    {
-        return "Authority{" +
-            "type=" + type +
-            ", authorities=" + authorities +
-            '}';
-    }
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/AuthorityType.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/AuthorityType.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/AuthorityType.java	1970-01-01 00:00:00 +0000
@@ -1,43 +0,0 @@
-package org.hisp.dhis.schema;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public enum AuthorityType
-{
-    CREATE,
-    CREATE_PUBLIC,
-    CREATE_PRIVATE,
-    EXTERNALIZE,
-    READ,
-    UPDATE,
-    DELETE
-}

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Schema.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Schema.java	2015-05-26 01:45:28 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/Schema.java	2015-07-14 07:21:33 +0000
@@ -40,6 +40,8 @@
 import org.hisp.dhis.common.DxfNamespaces;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.NameableObject;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.springframework.core.Ordered;
 import org.springframework.util.StringUtils;
 

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/AttributeSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/AttributeSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/AttributeSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.attribute.Attribute;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryComboSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryComboSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryComboSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElementCategoryCombo;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionComboSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionComboSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionComboSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElementCategoryOptionCombo;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.CategoryOptionGroup;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSetSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSetSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionGroupSetSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.CategoryOptionGroupSet;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategoryOptionSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElementCategoryOption;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategorySchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategorySchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/CategorySchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElementCategory;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ChartSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ChartSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ChartSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.chart.Chart;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ConstantSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ConstantSchemaDescriptor.java	2015-05-26 04:17:38 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ConstantSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.constant.Constant;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardItemSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardItemSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardItemSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dashboard.DashboardItem;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardSchemaDescriptor.java	2015-05-26 01:45:28 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DashboardSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dashboard.Dashboard;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataApprovalLevelSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataApprovalLevelSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataApprovalLevelSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataapproval.DataApprovalLevel;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElementGroup;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSetSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSetSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementGroupSetSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElementGroupSet;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataElementSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataelement.DataElement;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataSetSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataSetSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DataSetSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataset.DataSet;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DocumentSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DocumentSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/DocumentSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.document.Document;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventChartSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventChartSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventChartSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import org.hisp.dhis.eventchart.EventChart;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventReportSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventReportSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/EventReportSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.eventreport.EventReport;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.indicator.IndicatorGroup;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSetSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSetSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorGroupSetSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.indicator.IndicatorGroupSet;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.indicator.Indicator;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorTypeSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorTypeSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/IndicatorTypeSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.indicator.IndicatorType;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MapSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MapSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MapSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.mapping.Map;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MetaDataFilterSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MetaDataFilterSchemaDescriptor.java	2015-05-28 18:21:56 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/MetaDataFilterSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import org.hisp.dhis.commons.filter.MetaDataFilter;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OAuth2ClientSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OAuth2ClientSchemaDescriptor.java	2015-06-24 05:11:33 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OAuth2ClientSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,9 +29,9 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.oauth2.OAuth2Client;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.oauth2.OAuth2Client;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.option.Option;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSetSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSetSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OptionSetSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.option.OptionSet;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSetSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSetSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitGroupSetSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.organisationunit.OrganisationUnitGroupSet;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitLevelSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitLevelSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitLevelSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.organisationunit.OrganisationUnitLevel;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/OrganisationUnitSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.organisationunit.OrganisationUnit;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramIndicatorSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramIndicatorSchemaDescriptor.java	2015-07-06 04:56:41 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramIndicatorSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import org.hisp.dhis.program.ProgramIndicator;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleActionSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleActionSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleActionSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.programrule.ProgramRuleAction;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.programrule.ProgramRule;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleVariableSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleVariableSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramRuleVariableSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.programrule.ProgramRuleVariable;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.program.Program;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageDataElementSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageDataElementSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageDataElementSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.program.ProgramStageDataElement;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramStageSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.program.ProgramStage;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramValidationSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramValidationSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ProgramValidationSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.program.ProgramValidation;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/RelationshipTypeSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/RelationshipTypeSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/RelationshipTypeSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.relationship.RelationshipType;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.report.Report;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportTableSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportTableSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ReportTableSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.reporttable.ReportTable;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SectionSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SectionSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SectionSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import com.google.common.collect.Lists;
 import org.hisp.dhis.dataset.Section;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.springframework.stereotype.Component;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SqlViewSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SqlViewSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/SqlViewSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.sqlview.SqlView;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.trackedentity.TrackedEntityAttributeGroup;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntityAttributeSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.trackedentity.TrackedEntityAttribute;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntitySchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntitySchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/TrackedEntitySchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.trackedentity.TrackedEntity;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.user.UserGroup;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserRoleSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserRoleSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserRoleSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.user.UserAuthorityGroup;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/UserSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.user.User;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleGroupSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleGroupSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleGroupSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.validation.ValidationRuleGroup;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleSchemaDescriptor.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleSchemaDescriptor.java	2015-04-29 07:11:23 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/descriptors/ValidationRuleSchemaDescriptor.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.google.common.collect.Lists;
-import org.hisp.dhis.schema.Authority;
-import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.security.Authority;
+import org.hisp.dhis.security.AuthorityType;
 import org.hisp.dhis.schema.Schema;
 import org.hisp.dhis.schema.SchemaDescriptor;
 import org.hisp.dhis.validation.ValidationRule;

=== added directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security'
=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/Authority.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/Authority.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/Authority.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,93 @@
+package org.hisp.dhis.security;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+import org.hisp.dhis.common.DxfNamespaces;
+
+import java.util.List;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+@JacksonXmlRootElement( localName = "authority", namespace = DxfNamespaces.DXF_2_0 )
+public class Authority
+{
+    private AuthorityType type;
+
+    private List<String> authorities;
+
+    public Authority( AuthorityType type )
+    {
+        this.type = type;
+    }
+
+    public Authority( AuthorityType type, List<String> authorities )
+    {
+        this( type );
+        this.authorities = authorities;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
+    public AuthorityType getType()
+    {
+        return type;
+    }
+
+    public void setType( AuthorityType type )
+    {
+        this.type = type;
+    }
+
+    @JsonProperty
+    @JacksonXmlElementWrapper( localName = "authorities", namespace = DxfNamespaces.DXF_2_0 )
+    @JacksonXmlProperty( localName = "authority", namespace = DxfNamespaces.DXF_2_0 )
+    public List<String> getAuthorities()
+    {
+        return authorities;
+    }
+
+    public void setAuthorities( List<String> authorities )
+    {
+        this.authorities = authorities;
+    }
+
+    @Override
+    public String toString()
+    {
+        return "Authority{" +
+            "type=" + type +
+            ", authorities=" + authorities +
+            '}';
+    }
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/AuthorityType.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/AuthorityType.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/AuthorityType.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,43 @@
+package org.hisp.dhis.security;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public enum AuthorityType
+{
+    CREATE,
+    CREATE_PUBLIC,
+    CREATE_PRIVATE,
+    EXTERNALIZE,
+    READ,
+    UPDATE,
+    DELETE
+}

=== added directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl'
=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/Access.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/Access.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/Access.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,142 @@
+package org.hisp.dhis.security.acl;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+import org.hisp.dhis.common.DxfNamespaces;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+@JacksonXmlRootElement( localName = "access", namespace = DxfNamespaces.DXF_2_0 )
+public class Access
+{
+    private boolean manage;
+
+    private boolean externalize;
+
+    private boolean write;
+
+    private boolean read;
+
+    private boolean update;
+
+    private boolean delete;
+
+    public Access()
+    {
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "manage", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isManage()
+    {
+        return manage;
+    }
+
+    public void setManage( boolean manage )
+    {
+        this.manage = manage;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "externalize", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isExternalize()
+    {
+        return externalize;
+    }
+
+    public void setExternalize( boolean externalize )
+    {
+        this.externalize = externalize;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "write", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isWrite()
+    {
+        return write;
+    }
+
+    public void setWrite( boolean write )
+    {
+        this.write = write;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "read", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isRead()
+    {
+        return read;
+    }
+
+    public void setRead( boolean read )
+    {
+        this.read = read;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "update", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isUpdate()
+    {
+        return update;
+    }
+
+    public void setUpdate( boolean update )
+    {
+        this.update = update;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "delete", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isDelete()
+    {
+        return delete;
+    }
+
+    public void setDelete( boolean delete )
+    {
+        this.delete = delete;
+    }
+
+    @Override
+    public String toString()
+    {
+        return "Access{" +
+            "manage=" + manage +
+            ", externalize=" + externalize +
+            ", write=" + write +
+            ", read=" + read +
+            ", update=" + update +
+            ", delete=" + delete +
+            '}';
+    }
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AccessStringHelper.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AccessStringHelper.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AccessStringHelper.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,152 @@
+package org.hisp.dhis.security.acl;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Currently only the two first positions in the access string are used - rw.
+ *
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class AccessStringHelper
+{
+    public enum Permission
+    {
+        READ( 'r', 0 ), WRITE( 'w', 1 );
+
+        private char value;
+
+        private int position;
+
+        Permission( char value, int position )
+        {
+            this.value = value;
+            this.position = position;
+        }
+
+        public char getValue()
+        {
+            return value;
+        }
+
+        public int getPosition()
+        {
+            return position;
+        }
+    }
+
+    private char[] access = DEFAULT.toCharArray();
+
+    public static final String DEFAULT = "--------";
+
+    public static final String READ = AccessStringHelper.newInstance()
+        .enable( Permission.READ )
+        .build();
+
+    public static final String WRITE = AccessStringHelper.newInstance()
+        .enable( Permission.WRITE )
+        .build();
+
+    public static final String READ_WRITE = AccessStringHelper.newInstance()
+        .enable( Permission.READ )
+        .enable( Permission.WRITE )
+        .build();
+
+    public AccessStringHelper()
+    {
+    }
+
+    public AccessStringHelper( char[] access )
+    {
+        this.access = access;
+    }
+
+    public AccessStringHelper( String access )
+    {
+        this.access = access.toCharArray();
+    }
+
+    public static AccessStringHelper newInstance()
+    {
+        return new AccessStringHelper();
+    }
+
+    public static AccessStringHelper newInstance( char[] access )
+    {
+        return new AccessStringHelper( access );
+    }
+
+    public AccessStringHelper enable( Permission permission )
+    {
+        access[permission.getPosition()] = permission.getValue();
+
+        return this;
+    }
+
+    public AccessStringHelper disable( Permission permission )
+    {
+        access[permission.getPosition()] = '-';
+
+        return this;
+    }
+
+    public String build()
+    {
+        return new String( access );
+    }
+
+    public String toString()
+    {
+        return build();
+    }
+
+    public static boolean canRead( String access )
+    {
+        return isEnabled( access, Permission.READ );
+    }
+
+    public static boolean canWrite( String access )
+    {
+        return isEnabled( access, Permission.WRITE );
+    }
+
+    public static boolean canReadAndWrite( String access )
+    {
+        return isEnabled( access, Permission.WRITE ) && isEnabled( access, Permission.READ );
+    }
+
+    public static boolean canReadOrWrite( String access )
+    {
+        return isEnabled( access, Permission.WRITE ) || isEnabled( access, Permission.READ );
+    }
+
+    public static boolean isEnabled( String access, Permission permission )
+    {
+        return access != null && access.charAt( permission.getPosition() ) == permission.getValue();
+    }
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AclService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AclService.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/acl/AclService.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,222 @@
+package org.hisp.dhis.security.acl;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.user.User;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public interface AclService
+{
+    /**
+     * Is type supported for acl?
+     *
+     * @param type Type to check
+     * @return true if type is supported
+     */
+    boolean isSupported( String type );
+
+    /**
+     * Is class supported for acl?
+     *
+     * @param klass Class to check
+     * @return true if type is supported
+     */
+    boolean isSupported( Class<?> klass );
+
+    /**
+     * Is type supported for sharing?
+     *
+     * @param type Type to check
+     * @return true if type is supported
+     */
+    boolean isShareable( String type );
+
+    /**
+     * Is class supported for sharing?
+     *
+     * @param klass Class to check
+     * @return true if type is supported
+     */
+    boolean isShareable( Class<?> klass );
+
+    /**
+     * Can user write to this object (create)
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Is the user for the object null?
+     * 3. Is the user of the object equal to current user?
+     * 4. Is the object public write?
+     * 5. Does any of the userGroupAccesses contain public write and the current user is in that group
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    boolean canWrite( User user, IdentifiableObject object );
+
+    /**
+     * Can user read this object
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Is the user for the object null?
+     * 3. Is the user of the object equal to current user?
+     * 4. Is the object public read?
+     * 5. Does any of the userGroupAccesses contain public read and the current user is in that group
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    boolean canRead( User user, IdentifiableObject object );
+
+    /**
+     * Can user update this object
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Can user write to this object?
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    boolean canUpdate( User user, IdentifiableObject object );
+
+    /**
+     * Can user delete this object
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Can user write to this object?
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    boolean canDelete( User user, IdentifiableObject object );
+
+    /**
+     * Can user manage (make public) this object
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Can user write to this object?
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    boolean canManage( User user, IdentifiableObject object );
+
+    /**
+     * Can read an objects of this type.
+     *
+     * @param user  User to User to check against
+     * @param klass Type to check against
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean canRead( User user, Class<T> klass );
+
+    /**
+     * Can create an object of this type.
+     *
+     * @param user  User to User to check against
+     * @param klass Type to check against
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean canCreate( User user, Class<T> klass );
+
+    /**
+     * Checks if a user can create a public instance of a certain object.
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Does user have the authority to create public instances of that object
+     *
+     * @param user  User to check against
+     * @param klass Class to check
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass );
+
+    /**
+     * Checks if a user can create a private instance of a certain object.
+     * <p/>
+     * 1. Does user have ACL_OVERRIDE_AUTHORITIES authority?
+     * 2. Does user have the authority to create private instances of that object
+     *
+     * @param user  User to check against
+     * @param klass Class to check
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass );
+
+    /**
+     * Can user make this object external? (read with no login)
+     *
+     * @param user  User to check against
+     * @param klass Type to check
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass );
+
+    /**
+     * Is the default for this type to be private?
+     *
+     * @param klass Type to check
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean defaultPrivate( Class<T> klass );
+
+    /**
+     * Is the default for this type to be public?
+     *
+     * @param klass Type to check
+     * @return Result of test
+     */
+    <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass );
+
+    Class<? extends IdentifiableObject> classForType( String type );
+
+    /**
+     * Return the access object for a object.
+     *
+     * @param object Object to check for access
+     * @return Populated access instance
+     */
+    <T extends IdentifiableObject> Access getAccess( T object );
+
+    /**
+     * Return the access object for a object for a specific user.
+     *
+     * @param object Object to check for access
+     * @param user   User to check against
+     * @return Populated access instance
+     */
+    <T extends IdentifiableObject> Access getAccess( T object, User user );
+}

=== added directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2'
=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2Client.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2Client.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2Client.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,187 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+import org.hisp.dhis.common.BaseIdentifiableObject;
+import org.hisp.dhis.common.DxfNamespaces;
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.common.MergeStrategy;
+import org.hisp.dhis.schema.PropertyType;
+import org.hisp.dhis.schema.annotation.Property;
+import org.hisp.dhis.schema.annotation.PropertyRange;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.UUID;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+@JacksonXmlRootElement( localName = "oAuth2Client", namespace = DxfNamespaces.DXF_2_0 )
+public class OAuth2Client extends BaseIdentifiableObject
+{
+    /**
+     * client_id
+     */
+    private String cid;
+
+    /**
+     * client_secret
+     */
+    private String secret = UUID.randomUUID().toString();
+
+    /**
+     * List of allowed redirect URI targets for this client.
+     */
+    private List<String> redirectUris = new ArrayList<>();
+
+    /**
+     * List of allowed grant types for this client.
+     */
+    private List<String> grantTypes = new ArrayList<>();
+
+    public OAuth2Client()
+    {
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
+    @Property( PropertyType.IDENTIFIER )
+    public String getCid()
+    {
+        return cid;
+    }
+
+    public void setCid( String cid )
+    {
+        this.cid = cid;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
+    @PropertyRange( min = 36, max = 36 )
+    public String getSecret()
+    {
+        return secret;
+    }
+
+    public void setSecret( String secret )
+    {
+        this.secret = secret;
+    }
+
+    @JsonProperty
+    @JacksonXmlElementWrapper( localName = "redirectUris", namespace = DxfNamespaces.DXF_2_0 )
+    @JacksonXmlProperty( localName = "redirectUri", namespace = DxfNamespaces.DXF_2_0 )
+    public List<String> getRedirectUris()
+    {
+        return redirectUris;
+    }
+
+    public void setRedirectUris( List<String> redirectUris )
+    {
+        this.redirectUris = redirectUris;
+    }
+
+    @JsonProperty
+    @JacksonXmlElementWrapper( localName = "grantTypes", namespace = DxfNamespaces.DXF_2_0 )
+    @JacksonXmlProperty( localName = "grantType", namespace = DxfNamespaces.DXF_2_0 )
+    public List<String> getGrantTypes()
+    {
+        return grantTypes;
+    }
+
+    public void setGrantTypes( List<String> grantTypes )
+    {
+        this.grantTypes = grantTypes;
+    }
+
+    @Override
+    public int hashCode()
+    {
+        return 31 * super.hashCode() + Objects.hash( cid, secret, redirectUris, grantTypes );
+    }
+
+    @Override
+    public boolean equals( Object obj )
+    {
+        if ( this == obj )
+        {
+            return true;
+        }
+        if ( obj == null || getClass() != obj.getClass() )
+        {
+            return false;
+        }
+        if ( !super.equals( obj ) )
+        {
+            return false;
+        }
+
+        final OAuth2Client other = (OAuth2Client) obj;
+
+        return Objects.equals( this.cid, other.cid )
+            && Objects.equals( this.secret, other.secret )
+            && Objects.equals( this.redirectUris, other.redirectUris )
+            && Objects.equals( this.grantTypes, other.grantTypes );
+    }
+
+    @Override
+    public void mergeWith( IdentifiableObject other, MergeStrategy strategy )
+    {
+        super.mergeWith( other, strategy );
+
+        if ( other.getClass().isInstance( this ) )
+        {
+            OAuth2Client oAuth2Client = (OAuth2Client) other;
+
+            if ( strategy.isReplace() )
+            {
+                cid = oAuth2Client.getCid();
+                secret = oAuth2Client.getSecret();
+            }
+            else if ( strategy.isMerge() )
+            {
+                cid = oAuth2Client.getCid() == null ? cid : oAuth2Client.getCid();
+                secret = oAuth2Client.getSecret() == null ? secret : oAuth2Client.getSecret();
+            }
+
+            redirectUris.clear();
+            grantTypes.clear();
+
+            redirectUris.addAll( oAuth2Client.getRedirectUris() );
+            grantTypes.addAll( oAuth2Client.getGrantTypes() );
+        }
+    }
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientService.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientService.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,51 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import java.util.Collection;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public interface OAuth2ClientService
+{
+    void saveOAuth2Client( OAuth2Client oAuth2Client );
+
+    void updateOAuth2Client( OAuth2Client oAuth2Client );
+
+    void deleteOAuth2Client( OAuth2Client oAuth2Client );
+
+    OAuth2Client getOAuth2Client( int id );
+
+    OAuth2Client getOAuth2Client( String uid );
+
+    OAuth2Client getOAuth2ClientByClientId( String cid );
+
+    Collection<OAuth2Client> getOAuth2Clients();
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientStore.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientStore.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientStore.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,48 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.common.GenericIdentifiableObjectStore;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public interface OAuth2ClientStore
+    extends GenericIdentifiableObjectStore<OAuth2Client>
+{
+    String ID = OAuth2ClientStore.class.getName();
+
+    /**
+     * Get OAuth2 client by cid.
+     *
+     * @param cid ClientID
+     * @return Matched OAuth2Client or null if not found
+     */
+    OAuth2Client getByClientId( String cid );
+}

=== modified file 'dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java'
--- dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java	2015-07-14 07:21:33 +0000
@@ -28,7 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.hisp.dhis.acl.AccessStringHelper;
+import org.hisp.dhis.security.acl.AccessStringHelper;
 import org.junit.Test;
 
 import static org.junit.Assert.assertFalse;

=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java	2015-06-18 14:35:18 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java	2015-07-14 07:21:33 +0000
@@ -28,7 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.BaseAnalyticalObject;
 import org.hisp.dhis.common.BaseDimensionalObject;
 import org.hisp.dhis.common.DimensionService;

=== removed directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl'
=== removed file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2015-06-11 18:33:09 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	1970-01-01 00:00:00 +0000
@@ -1,330 +0,0 @@
-package org.hisp.dhis.acl;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.period.Period;
-import org.hisp.dhis.schema.AuthorityType;
-import org.hisp.dhis.schema.Schema;
-import org.hisp.dhis.schema.SchemaService;
-import org.hisp.dhis.user.CurrentUserService;
-import org.hisp.dhis.user.User;
-import org.hisp.dhis.user.UserGroup;
-import org.hisp.dhis.user.UserGroupAccess;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Collection;
-
-import static org.springframework.util.CollectionUtils.containsAny;
-
-/**
- * Default ACL implementation that uses SchemaDescriptors to get authorities / sharing flags.
- *
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class DefaultAclService implements AclService
-{
-    @Autowired
-    private SchemaService schemaService;
-
-    @Autowired
-    private CurrentUserService currentUserService;
-
-    @Override
-    public boolean isSupported( String type )
-    {
-        return schemaService.getSchemaBySingularName( type ) != null;
-    }
-
-    @Override
-    public boolean isSupported( Class<?> klass )
-    {
-        return schemaService.getSchema( klass ) != null;
-    }
-
-    @Override
-    public boolean isShareable( String type )
-    {
-        Schema schema = schemaService.getSchemaBySingularName( type );
-        return schema != null && schema.isShareable();
-    }
-
-    @Override
-    public boolean isShareable( Class<?> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-        return schema != null && schema.isShareable();
-    }
-
-    @Override
-    public boolean canWrite( User user, IdentifiableObject object )
-    {
-        Schema schema = schemaService.getSchema( object.getClass() );
-
-        if ( schema == null )
-        {
-            return false;
-        }
-
-        if ( !schema.isShareable() )
-        {
-            return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
-        }
-
-        if ( haveOverrideAuthority( user )
-            || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
-            || (user != null && user.equals( object.getUser() ))
-            || ((object instanceof User) && canCreatePrivate( user, object.getClass() ))
-            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
-        {
-            return true;
-        }
-
-        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
-        {
-            /* Is the user allowed to write to this object through group access? */
-            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
-                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    @Override
-    public boolean canRead( User user, IdentifiableObject object )
-    {
-        if ( object == null || Period.class.isInstance( object ) )
-        {
-            return true;
-        }
-
-        Schema schema = schemaService.getSchema( object.getClass() );
-
-        if ( schema == null )
-        {
-            return false;
-        }
-
-        if ( canAccess( user, schema.getAuthorityByType( AuthorityType.READ ) ) )
-        {
-            if ( !schema.isShareable() )
-            {
-                return true;
-            }
-        }
-        else
-        {
-            return false;
-        }
-
-        if ( haveOverrideAuthority( user )
-            || UserGroup.class.isAssignableFrom( object.getClass() )
-            || object.getUser() == null
-            || object.getPublicAccess() == null
-            || user.equals( object.getUser() )
-            || AccessStringHelper.canRead( object.getPublicAccess() ) )
-        {
-            return true;
-        }
-
-        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
-        {
-            /* Is the user allowed to read this object through group access? */
-            if ( AccessStringHelper.canRead( userGroupAccess.getAccess() )
-                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    @Override
-    public boolean canUpdate( User user, IdentifiableObject object )
-    {
-        Schema schema = schemaService.getSchema( object.getClass() );
-        return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && (!schema.isShareable() || canWrite( user, object ));
-    }
-
-    @Override
-    public boolean canDelete( User user, IdentifiableObject object )
-    {
-        Schema schema = schemaService.getSchema( object.getClass() );
-        return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && (!schema.isShareable() || canWrite( user, object ));
-    }
-
-    @Override
-    public boolean canManage( User user, IdentifiableObject object )
-    {
-        Schema schema = schemaService.getSchema( object.getClass() );
-
-        if ( schema == null || !schema.isShareable() )
-        {
-            return false;
-        }
-
-        if ( haveOverrideAuthority( user )
-            || user.equals( object.getUser() )
-            || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
-            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
-        {
-            return true;
-        }
-
-        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
-        {
-            /* Is the user allowed to write to this object through group access? */
-            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
-                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean canRead( User user, Class<T> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-
-        return schema == null || schema.getAuthorityByType( AuthorityType.READ ) == null
-            || canAccess( user, schema.getAuthorityByType( AuthorityType.READ ) );
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean canCreate( User user, Class<T> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-
-        if ( schema == null )
-        {
-            return false;
-        }
-
-        if ( !schema.isShareable() )
-        {
-            return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
-        }
-
-        return canCreatePublic( user, klass ) || canCreatePrivate( user, klass );
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-        return !(schema == null || !schema.isShareable())
-            && canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE_PUBLIC ) );
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-        return !(schema == null || !schema.isShareable())
-            && canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ) );
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-        return !(schema == null || !schema.isShareable())
-            && ((!schema.getAuthorityByType( AuthorityType.EXTERNALIZE ).isEmpty() && haveOverrideAuthority( user ))
-            || haveAuthority( user, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) ));
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean defaultPrivate( Class<T> klass )
-    {
-        Schema schema = schemaService.getSchema( klass );
-        return schema != null && schema.isDefaultPrivate();
-    }
-
-    @Override
-    public <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass )
-    {
-        return !defaultPrivate( klass );
-    }
-
-    @Override
-    @SuppressWarnings( "unchecked" )
-    public Class<? extends IdentifiableObject> classForType( String type )
-    {
-        Schema schema = schemaService.getSchemaBySingularName( type );
-
-        if ( schema != null && schema.isIdentifiableObject() )
-        {
-            return (Class<? extends IdentifiableObject>) schema.getKlass();
-        }
-
-        return null;
-    }
-
-    private boolean haveOverrideAuthority( User user )
-    {
-        return user == null || user.isSuper();
-    }
-
-    private boolean canAccess( User user, Collection<String> requiredAuthorities )
-    {
-        return haveOverrideAuthority( user ) || requiredAuthorities.isEmpty() || haveAuthority( user, requiredAuthorities );
-    }
-
-    private boolean haveAuthority( User user, Collection<String> requiredAuthorities )
-    {
-        return containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
-    }
-
-    @Override
-    public <T extends IdentifiableObject> Access getAccess( T object )
-    {
-        return getAccess( object, currentUserService.getCurrentUser() );
-    }
-
-    @Override
-    public <T extends IdentifiableObject> Access getAccess( T object, User user )
-    {
-        Access access = new Access();
-        access.setManage( canManage( user, object ) );
-        access.setExternalize( canExternalize( user, object.getClass() ) );
-        access.setWrite( canWrite( user, object ) );
-        access.setRead( canRead( user, object ) );
-        access.setUpdate( canUpdate( user, object ) );
-        access.setDelete( canDelete( user, object ) );
-
-        return access;
-    }
-}

=== removed directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2'
=== removed file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/DefaultOAuth2ClientService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/DefaultOAuth2ClientService.java	2015-06-10 08:13:05 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/DefaultOAuth2ClientService.java	1970-01-01 00:00:00 +0000
@@ -1,94 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.Collection;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-@Transactional
-public class DefaultOAuth2ClientService implements OAuth2ClientService
-{
-    // -------------------------------------------------------------------------
-    // Dependencies
-    // -------------------------------------------------------------------------
-
-    @Autowired
-    private OAuth2ClientStore oAuth2ClientStore;
-
-    // -------------------------------------------------------------------------
-    // OAuth2ClientService
-    // -------------------------------------------------------------------------
-
-    @Override
-    public void saveOAuth2Client( OAuth2Client oAuth2Client )
-    {
-        oAuth2ClientStore.save( oAuth2Client );
-    }
-
-    @Override
-    public void updateOAuth2Client( OAuth2Client oAuth2Client )
-    {
-        oAuth2ClientStore.update( oAuth2Client );
-    }
-
-    @Override
-    public void deleteOAuth2Client( OAuth2Client oAuth2Client )
-    {
-        oAuth2ClientStore.delete( oAuth2Client );
-    }
-
-    @Override
-    public OAuth2Client getOAuth2Client( int id )
-    {
-        return oAuth2ClientStore.get( id );
-    }
-
-    @Override
-    public OAuth2Client getOAuth2Client( String uid )
-    {
-        return oAuth2ClientStore.getByUid( uid );
-    }
-
-    @Override
-    public OAuth2Client getOAuth2ClientByClientId( String cid )
-    {
-        return oAuth2ClientStore.getByClientId( cid );
-    }
-
-    @Override
-    public Collection<OAuth2Client> getOAuth2Clients()
-    {
-        return oAuth2ClientStore.getAll();
-    }
-}

=== removed file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientDeletionHandler.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientDeletionHandler.java	2015-06-25 04:16:58 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/OAuth2ClientDeletionHandler.java	1970-01-01 00:00:00 +0000
@@ -1,43 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.system.deletion.DeletionHandler;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class OAuth2ClientDeletionHandler extends DeletionHandler
-{
-    @Override
-    protected String getClassName()
-    {
-        return OAuth2Client.class.getName();
-    }
-}

=== removed directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/hibernate'
=== removed file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/hibernate/HibernateOAuth2ClientStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/hibernate/HibernateOAuth2ClientStore.java	2015-06-10 08:13:05 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/oauth2/hibernate/HibernateOAuth2ClientStore.java	1970-01-01 00:00:00 +0000
@@ -1,48 +0,0 @@
-package org.hisp.dhis.oauth2.hibernate;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hibernate.criterion.Restrictions;
-import org.hisp.dhis.common.hibernate.HibernateIdentifiableObjectStore;
-import org.hisp.dhis.oauth2.OAuth2Client;
-import org.hisp.dhis.oauth2.OAuth2ClientStore;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class HibernateOAuth2ClientStore
-    extends HibernateIdentifiableObjectStore<OAuth2Client>
-    implements OAuth2ClientStore
-{
-    @Override
-    public OAuth2Client getByClientId( String cid )
-    {
-        return (OAuth2Client) getCriteria().add( Restrictions.eq( "cid", cid ) ).uniqueResult();
-    }
-}

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2015-06-25 03:21:23 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2015-07-14 07:21:33 +0000
@@ -30,7 +30,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.CodeGenerator;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.i18n.I18n;

=== added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/acl'
=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/acl/DefaultAclService.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/acl/DefaultAclService.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,330 @@
+package org.hisp.dhis.security.acl;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.period.Period;
+import org.hisp.dhis.security.AuthorityType;
+import org.hisp.dhis.schema.Schema;
+import org.hisp.dhis.schema.SchemaService;
+import org.hisp.dhis.user.CurrentUserService;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserGroup;
+import org.hisp.dhis.user.UserGroupAccess;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Collection;
+
+import static org.springframework.util.CollectionUtils.containsAny;
+
+/**
+ * Default ACL implementation that uses SchemaDescriptors to get authorities / sharing flags.
+ *
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class DefaultAclService implements AclService
+{
+    @Autowired
+    private SchemaService schemaService;
+
+    @Autowired
+    private CurrentUserService currentUserService;
+
+    @Override
+    public boolean isSupported( String type )
+    {
+        return schemaService.getSchemaBySingularName( type ) != null;
+    }
+
+    @Override
+    public boolean isSupported( Class<?> klass )
+    {
+        return schemaService.getSchema( klass ) != null;
+    }
+
+    @Override
+    public boolean isShareable( String type )
+    {
+        Schema schema = schemaService.getSchemaBySingularName( type );
+        return schema != null && schema.isShareable();
+    }
+
+    @Override
+    public boolean isShareable( Class<?> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+        return schema != null && schema.isShareable();
+    }
+
+    @Override
+    public boolean canWrite( User user, IdentifiableObject object )
+    {
+        Schema schema = schemaService.getSchema( object.getClass() );
+
+        if ( schema == null )
+        {
+            return false;
+        }
+
+        if ( !schema.isShareable() )
+        {
+            return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
+        }
+
+        if ( haveOverrideAuthority( user )
+            || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
+            || (user != null && user.equals( object.getUser() ))
+            || ((object instanceof User) && canCreatePrivate( user, object.getClass() ))
+            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            /* Is the user allowed to write to this object through group access? */
+            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    @Override
+    public boolean canRead( User user, IdentifiableObject object )
+    {
+        if ( object == null || Period.class.isInstance( object ) )
+        {
+            return true;
+        }
+
+        Schema schema = schemaService.getSchema( object.getClass() );
+
+        if ( schema == null )
+        {
+            return false;
+        }
+
+        if ( canAccess( user, schema.getAuthorityByType( AuthorityType.READ ) ) )
+        {
+            if ( !schema.isShareable() )
+            {
+                return true;
+            }
+        }
+        else
+        {
+            return false;
+        }
+
+        if ( haveOverrideAuthority( user )
+            || UserGroup.class.isAssignableFrom( object.getClass() )
+            || object.getUser() == null
+            || object.getPublicAccess() == null
+            || user.equals( object.getUser() )
+            || AccessStringHelper.canRead( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            /* Is the user allowed to read this object through group access? */
+            if ( AccessStringHelper.canRead( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    @Override
+    public boolean canUpdate( User user, IdentifiableObject object )
+    {
+        Schema schema = schemaService.getSchema( object.getClass() );
+        return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && (!schema.isShareable() || canWrite( user, object ));
+    }
+
+    @Override
+    public boolean canDelete( User user, IdentifiableObject object )
+    {
+        Schema schema = schemaService.getSchema( object.getClass() );
+        return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && (!schema.isShareable() || canWrite( user, object ));
+    }
+
+    @Override
+    public boolean canManage( User user, IdentifiableObject object )
+    {
+        Schema schema = schemaService.getSchema( object.getClass() );
+
+        if ( schema == null || !schema.isShareable() )
+        {
+            return false;
+        }
+
+        if ( haveOverrideAuthority( user )
+            || user.equals( object.getUser() )
+            || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
+            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            /* Is the user allowed to write to this object through group access? */
+            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean canRead( User user, Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+
+        return schema == null || schema.getAuthorityByType( AuthorityType.READ ) == null
+            || canAccess( user, schema.getAuthorityByType( AuthorityType.READ ) );
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean canCreate( User user, Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+
+        if ( schema == null )
+        {
+            return false;
+        }
+
+        if ( !schema.isShareable() )
+        {
+            return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
+        }
+
+        return canCreatePublic( user, klass ) || canCreatePrivate( user, klass );
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+        return !(schema == null || !schema.isShareable())
+            && canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE_PUBLIC ) );
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+        return !(schema == null || !schema.isShareable())
+            && canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ) );
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+        return !(schema == null || !schema.isShareable())
+            && ((!schema.getAuthorityByType( AuthorityType.EXTERNALIZE ).isEmpty() && haveOverrideAuthority( user ))
+            || haveAuthority( user, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) ));
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean defaultPrivate( Class<T> klass )
+    {
+        Schema schema = schemaService.getSchema( klass );
+        return schema != null && schema.isDefaultPrivate();
+    }
+
+    @Override
+    public <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass )
+    {
+        return !defaultPrivate( klass );
+    }
+
+    @Override
+    @SuppressWarnings( "unchecked" )
+    public Class<? extends IdentifiableObject> classForType( String type )
+    {
+        Schema schema = schemaService.getSchemaBySingularName( type );
+
+        if ( schema != null && schema.isIdentifiableObject() )
+        {
+            return (Class<? extends IdentifiableObject>) schema.getKlass();
+        }
+
+        return null;
+    }
+
+    private boolean haveOverrideAuthority( User user )
+    {
+        return user == null || user.isSuper();
+    }
+
+    private boolean canAccess( User user, Collection<String> requiredAuthorities )
+    {
+        return haveOverrideAuthority( user ) || requiredAuthorities.isEmpty() || haveAuthority( user, requiredAuthorities );
+    }
+
+    private boolean haveAuthority( User user, Collection<String> requiredAuthorities )
+    {
+        return containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
+    }
+
+    @Override
+    public <T extends IdentifiableObject> Access getAccess( T object )
+    {
+        return getAccess( object, currentUserService.getCurrentUser() );
+    }
+
+    @Override
+    public <T extends IdentifiableObject> Access getAccess( T object, User user )
+    {
+        Access access = new Access();
+        access.setManage( canManage( user, object ) );
+        access.setExternalize( canExternalize( user, object.getClass() ) );
+        access.setWrite( canWrite( user, object ) );
+        access.setRead( canRead( user, object ) );
+        access.setUpdate( canUpdate( user, object ) );
+        access.setDelete( canDelete( user, object ) );
+
+        return access;
+    }
+}

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	2015-06-24 05:47:58 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultClientDetailsService.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,6 @@
  */
 
 import com.google.common.collect.Sets;
-import org.hisp.dhis.oauth2.OAuth2Client;
-import org.hisp.dhis.oauth2.OAuth2ClientService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;

=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultOAuth2ClientService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultOAuth2ClientService.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/DefaultOAuth2ClientService.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,94 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Collection;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+@Transactional
+public class DefaultOAuth2ClientService implements OAuth2ClientService
+{
+    // -------------------------------------------------------------------------
+    // Dependencies
+    // -------------------------------------------------------------------------
+
+    @Autowired
+    private OAuth2ClientStore oAuth2ClientStore;
+
+    // -------------------------------------------------------------------------
+    // OAuth2ClientService
+    // -------------------------------------------------------------------------
+
+    @Override
+    public void saveOAuth2Client( OAuth2Client oAuth2Client )
+    {
+        oAuth2ClientStore.save( oAuth2Client );
+    }
+
+    @Override
+    public void updateOAuth2Client( OAuth2Client oAuth2Client )
+    {
+        oAuth2ClientStore.update( oAuth2Client );
+    }
+
+    @Override
+    public void deleteOAuth2Client( OAuth2Client oAuth2Client )
+    {
+        oAuth2ClientStore.delete( oAuth2Client );
+    }
+
+    @Override
+    public OAuth2Client getOAuth2Client( int id )
+    {
+        return oAuth2ClientStore.get( id );
+    }
+
+    @Override
+    public OAuth2Client getOAuth2Client( String uid )
+    {
+        return oAuth2ClientStore.getByUid( uid );
+    }
+
+    @Override
+    public OAuth2Client getOAuth2ClientByClientId( String cid )
+    {
+        return oAuth2ClientStore.getByClientId( cid );
+    }
+
+    @Override
+    public Collection<OAuth2Client> getOAuth2Clients()
+    {
+        return oAuth2ClientStore.getAll();
+    }
+}

=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientDeletionHandler.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientDeletionHandler.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/OAuth2ClientDeletionHandler.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,43 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.system.deletion.DeletionHandler;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class OAuth2ClientDeletionHandler extends DeletionHandler
+{
+    @Override
+    protected String getClassName()
+    {
+        return OAuth2Client.class.getName();
+    }
+}

=== added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/hibernate'
=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/hibernate/HibernateOAuth2ClientStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/hibernate/HibernateOAuth2ClientStore.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oauth2/hibernate/HibernateOAuth2ClientStore.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,48 @@
+package org.hisp.dhis.security.oauth2.hibernate;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hibernate.criterion.Restrictions;
+import org.hisp.dhis.common.hibernate.HibernateIdentifiableObjectStore;
+import org.hisp.dhis.security.oauth2.OAuth2Client;
+import org.hisp.dhis.security.oauth2.OAuth2ClientStore;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class HibernateOAuth2ClientStore
+    extends HibernateIdentifiableObjectStore<OAuth2Client>
+    implements OAuth2ClientStore
+{
+    @Override
+    public OAuth2Client getByClientId( String cid )
+    {
+        return (OAuth2Client) getCriteria().add( Restrictions.eq( "cid", cid ) ).uniqueResult();
+    }
+}

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java	2015-06-16 05:11:29 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java	2015-07-14 07:21:33 +0000
@@ -32,7 +32,7 @@
 import java.util.HashSet;
 import java.util.List;
 
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.GenericIdentifiableObjectStore;
 import org.springframework.transaction.annotation.Transactional;
 

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml	2015-07-08 03:38:42 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml	2015-07-14 07:21:33 +0000
@@ -21,7 +21,7 @@
 
   <bean id="org.hisp.dhis.schema.PropertyIntrospectorService" class="org.hisp.dhis.schema.Jackson2PropertyIntrospectorService" />
 
-  <bean id="org.hisp.dhis.acl.AclService" class="org.hisp.dhis.acl.DefaultAclService" />
+  <bean id="org.hisp.dhis.security.acl.AclService" class="org.hisp.dhis.security.acl.DefaultAclService" />
 
   <bean id="org.hisp.dhis.node.NodeService" class="org.hisp.dhis.node.DefaultNodeService" />
 
@@ -757,7 +757,7 @@
   <bean id="org.hisp.dhis.user.UserGroupService" class="org.hisp.dhis.user.DefaultUserGroupService">
     <property name="userGroupStore" ref="org.hisp.dhis.user.UserGroupStore" />
     <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
-    <property name="aclService" ref="org.hisp.dhis.acl.AclService" />
+    <property name="aclService" ref="org.hisp.dhis.security.acl.AclService" />
   </bean>
 
   <bean id="org.hisp.dhis.user.UserGroupAccessService" class="org.hisp.dhis.user.DefaultUserGroupAccessService">
@@ -847,15 +847,15 @@
     <property name="legendSetStore" ref="org.hisp.dhis.legend.LegendSetStore" />
   </bean>
 
-  <bean id="org.hisp.dhis.oauth2.OAuth2ClientStore" class="org.hisp.dhis.oauth2.hibernate.HibernateOAuth2ClientStore">
-    <property name="clazz" value="org.hisp.dhis.oauth2.OAuth2Client" />
+  <bean id="org.hisp.dhis.security.oauth2.OAuth2ClientStore" class="org.hisp.dhis.security.oauth2.hibernate.HibernateOAuth2ClientStore">
+    <property name="clazz" value="org.hisp.dhis.security.oauth2.OAuth2Client" />
     <property name="sessionFactory" ref="sessionFactory" />
     <property name="cacheable" value="true" />
   </bean>
 
-  <bean id="oAuth2ClientService" class="org.hisp.dhis.oauth2.DefaultOAuth2ClientService" />
+  <bean id="oAuth2ClientService" class="org.hisp.dhis.security.oauth2.DefaultOAuth2ClientService" />
 
-  <bean class="org.hisp.dhis.oauth2.OAuth2ClientDeletionHandler" />
+  <bean class="org.hisp.dhis.security.oauth2.OAuth2ClientDeletionHandler" />
 
   <bean id="org.hisp.dhis.setting.SystemSettingManager" class="org.hisp.dhis.setting.DefaultSystemSettingManager">
     <property name="systemSettingStore" ref="org.hisp.dhis.setting.SystemSettingStore" />

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/oauth2.hibernate/OAuth2Client.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/oauth2.hibernate/OAuth2Client.hbm.xml	2015-06-24 05:11:33 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/oauth2.hibernate/OAuth2Client.hbm.xml	2015-07-14 07:21:33 +0000
@@ -6,7 +6,7 @@
   >
 
 <hibernate-mapping>
-  <class name="org.hisp.dhis.oauth2.OAuth2Client" table="oauth2client">
+  <class name="org.hisp.dhis.security.oauth2.OAuth2Client" table="oauth2client">
 
     <cache usage="read-write" />
 

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/IdentifiableObjectManagerTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/IdentifiableObjectManagerTest.java	2015-06-22 08:07:22 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/IdentifiableObjectManagerTest.java	2015-07-14 07:21:33 +0000
@@ -42,7 +42,7 @@
 
 import org.hibernate.SessionFactory;
 import org.hisp.dhis.DhisSpringTest;
-import org.hisp.dhis.acl.AccessStringHelper;
+import org.hisp.dhis.security.acl.AccessStringHelper;
 import org.hisp.dhis.dataelement.DataElement;
 import org.hisp.dhis.dataelement.DataElementGroup;
 import org.hisp.dhis.dataelement.DataElementService;

=== removed directory 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2'
=== removed file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientServiceTest.java	2015-06-10 08:13:05 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientServiceTest.java	1970-01-01 00:00:00 +0000
@@ -1,94 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.DhisSpringTest;
-import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Collection;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class OAuth2ClientServiceTest
-    extends DhisSpringTest
-{
-    @Autowired
-    private OAuth2ClientService oAuth2ClientService;
-
-    private OAuth2Client clientA;
-
-    private OAuth2Client clientB;
-
-    private OAuth2Client clientC;
-
-    @Override
-    public void setUpTest()
-    {
-        clientA = new OAuth2Client();
-        clientA.setName( "clientA" );
-        clientA.setCid( "clientA" );
-
-        clientB = new OAuth2Client();
-        clientB.setName( "clientB" );
-        clientB.setCid( "clientB" );
-
-        clientC = new OAuth2Client();
-        clientC.setName( "clientC" );
-        clientC.setCid( "clientC" );
-    }
-
-    @Test
-    public void testGetAll()
-    {
-        oAuth2ClientService.saveOAuth2Client( clientA );
-        oAuth2ClientService.saveOAuth2Client( clientB );
-        oAuth2ClientService.saveOAuth2Client( clientC );
-
-        Collection<OAuth2Client> all = oAuth2ClientService.getOAuth2Clients();
-
-        assertEquals( 3, all.size() );
-    }
-
-    @Test
-    public void testGetByClientID()
-    {
-        oAuth2ClientService.saveOAuth2Client( clientA );
-        oAuth2ClientService.saveOAuth2Client( clientB );
-        oAuth2ClientService.saveOAuth2Client( clientC );
-
-        assertNotNull( oAuth2ClientService.getOAuth2ClientByClientId( "clientA" ) );
-        assertNotNull( oAuth2ClientService.getOAuth2ClientByClientId( "clientB" ) );
-        assertNotNull( oAuth2ClientService.getOAuth2ClientByClientId( "clientC" ) );
-    }
-}

=== removed file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientStoreTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientStoreTest.java	2015-06-10 08:13:05 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/oauth2/OAuth2ClientStoreTest.java	1970-01-01 00:00:00 +0000
@@ -1,94 +0,0 @@
-package org.hisp.dhis.oauth2;
-
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.DhisSpringTest;
-import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Collection;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class OAuth2ClientStoreTest
-    extends DhisSpringTest
-{
-    @Autowired
-    private OAuth2ClientStore oAuth2ClientStore;
-
-    private OAuth2Client clientA;
-
-    private OAuth2Client clientB;
-
-    private OAuth2Client clientC;
-
-    @Override
-    public void setUpTest()
-    {
-        clientA = new OAuth2Client();
-        clientA.setName( "clientA" );
-        clientA.setCid( "clientA" );
-
-        clientB = new OAuth2Client();
-        clientB.setName( "clientB" );
-        clientB.setCid( "clientB" );
-
-        clientC = new OAuth2Client();
-        clientC.setName( "clientC" );
-        clientC.setCid( "clientC" );
-    }
-
-    @Test
-    public void testGetAll()
-    {
-        oAuth2ClientStore.save( clientA );
-        oAuth2ClientStore.save( clientB );
-        oAuth2ClientStore.save( clientC );
-
-        Collection<OAuth2Client> all = oAuth2ClientStore.getAll();
-
-        assertEquals( 3, all.size() );
-    }
-
-    @Test
-    public void testGetByClientID()
-    {
-        oAuth2ClientStore.save( clientA );
-        oAuth2ClientStore.save( clientB );
-        oAuth2ClientStore.save( clientC );
-
-        assertNotNull( oAuth2ClientStore.getByClientId( "clientA" ) );
-        assertNotNull( oAuth2ClientStore.getByClientId( "clientB" ) );
-        assertNotNull( oAuth2ClientStore.getByClientId( "clientC" ) );
-    }
-}

=== added directory 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2'
=== added file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientServiceTest.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientServiceTest.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,94 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.DhisSpringTest;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Collection;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class OAuth2ClientServiceTest
+    extends DhisSpringTest
+{
+    @Autowired
+    private OAuth2ClientService oAuth2ClientService;
+
+    private OAuth2Client clientA;
+
+    private OAuth2Client clientB;
+
+    private OAuth2Client clientC;
+
+    @Override
+    public void setUpTest()
+    {
+        clientA = new OAuth2Client();
+        clientA.setName( "clientA" );
+        clientA.setCid( "clientA" );
+
+        clientB = new OAuth2Client();
+        clientB.setName( "clientB" );
+        clientB.setCid( "clientB" );
+
+        clientC = new OAuth2Client();
+        clientC.setName( "clientC" );
+        clientC.setCid( "clientC" );
+    }
+
+    @Test
+    public void testGetAll()
+    {
+        oAuth2ClientService.saveOAuth2Client( clientA );
+        oAuth2ClientService.saveOAuth2Client( clientB );
+        oAuth2ClientService.saveOAuth2Client( clientC );
+
+        Collection<OAuth2Client> all = oAuth2ClientService.getOAuth2Clients();
+
+        assertEquals( 3, all.size() );
+    }
+
+    @Test
+    public void testGetByClientID()
+    {
+        oAuth2ClientService.saveOAuth2Client( clientA );
+        oAuth2ClientService.saveOAuth2Client( clientB );
+        oAuth2ClientService.saveOAuth2Client( clientC );
+
+        assertNotNull( oAuth2ClientService.getOAuth2ClientByClientId( "clientA" ) );
+        assertNotNull( oAuth2ClientService.getOAuth2ClientByClientId( "clientB" ) );
+        assertNotNull( oAuth2ClientService.getOAuth2ClientByClientId( "clientC" ) );
+    }
+}

=== added file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientStoreTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientStoreTest.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/security/oauth2/OAuth2ClientStoreTest.java	2015-07-14 07:21:33 +0000
@@ -0,0 +1,94 @@
+package org.hisp.dhis.security.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.DhisSpringTest;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Collection;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class OAuth2ClientStoreTest
+    extends DhisSpringTest
+{
+    @Autowired
+    private OAuth2ClientStore oAuth2ClientStore;
+
+    private OAuth2Client clientA;
+
+    private OAuth2Client clientB;
+
+    private OAuth2Client clientC;
+
+    @Override
+    public void setUpTest()
+    {
+        clientA = new OAuth2Client();
+        clientA.setName( "clientA" );
+        clientA.setCid( "clientA" );
+
+        clientB = new OAuth2Client();
+        clientB.setName( "clientB" );
+        clientB.setCid( "clientB" );
+
+        clientC = new OAuth2Client();
+        clientC.setName( "clientC" );
+        clientC.setCid( "clientC" );
+    }
+
+    @Test
+    public void testGetAll()
+    {
+        oAuth2ClientStore.save( clientA );
+        oAuth2ClientStore.save( clientB );
+        oAuth2ClientStore.save( clientC );
+
+        Collection<OAuth2Client> all = oAuth2ClientStore.getAll();
+
+        assertEquals( 3, all.size() );
+    }
+
+    @Test
+    public void testGetByClientID()
+    {
+        oAuth2ClientStore.save( clientA );
+        oAuth2ClientStore.save( clientB );
+        oAuth2ClientStore.save( clientC );
+
+        assertNotNull( oAuth2ClientStore.getByClientId( "clientA" ) );
+        assertNotNull( oAuth2ClientStore.getByClientId( "clientB" ) );
+        assertNotNull( oAuth2ClientStore.getByClientId( "clientC" ) );
+    }
+}

=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/DefaultExportService.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/DefaultExportService.java	2015-06-24 09:20:18 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/DefaultExportService.java	2015-07-14 07:21:33 +0000
@@ -33,7 +33,7 @@
 import net.sf.json.JSONObject;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObjectManager;
 import org.hisp.dhis.commons.filter.MetaDataFilter;

=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java	2015-06-10 03:15:14 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java	2015-07-14 07:21:33 +0000
@@ -43,7 +43,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.hibernate.SessionFactory;
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.attribute.Attribute;
 import org.hisp.dhis.attribute.AttributeService;
 import org.hisp.dhis.attribute.AttributeValue;

=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/resources/META-INF/dhis/beans.xml	2015-06-18 13:24:57 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/resources/META-INF/dhis/beans.xml	2015-07-14 07:21:33 +0000
@@ -320,7 +320,7 @@
 
   <bean id="oAuth2ClientImporter" class="org.hisp.dhis.dxf2.metadata.importers.DefaultIdentifiableObjectImporter"
     scope="prototype">
-    <constructor-arg name="importerClass" type="java.lang.Class" value="org.hisp.dhis.oauth2.OAuth2Client" />
+    <constructor-arg name="importerClass" type="java.lang.Class" value="org.hisp.dhis.security.oauth2.OAuth2Client" />
   </bean>
 
   <!-- ADX Service -->

=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java	2015-06-07 12:42:33 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java	2015-07-14 07:21:33 +0000
@@ -43,8 +43,8 @@
 import org.hibernate.criterion.Property;
 import org.hibernate.criterion.Restrictions;
 import org.hibernate.criterion.Subqueries;
-import org.hisp.dhis.acl.AccessStringHelper;
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AccessStringHelper;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.AuditLogUtil;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.GenericStore;

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/deletion/DeletionHandler.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/deletion/DeletionHandler.java	2015-06-25 04:16:58 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/deletion/DeletionHandler.java	2015-07-14 07:21:33 +0000
@@ -66,7 +66,7 @@
 import org.hisp.dhis.mapping.Map;
 import org.hisp.dhis.mapping.MapView;
 import org.hisp.dhis.minmax.MinMaxDataElement;
-import org.hisp.dhis.oauth2.OAuth2Client;
+import org.hisp.dhis.security.oauth2.OAuth2Client;
 import org.hisp.dhis.option.OptionSet;
 import org.hisp.dhis.organisationunit.OrganisationUnit;
 import org.hisp.dhis.organisationunit.OrganisationUnitGroup;

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java	2015-07-13 09:52:25 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java	2015-07-14 07:21:33 +0000
@@ -35,7 +35,7 @@
 import com.google.common.base.Joiner;
 import com.google.common.base.Optional;
 import com.google.common.collect.Lists;
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObjectManager;

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/OAuth2ClientController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/OAuth2ClientController.java	2015-06-10 12:17:45 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/OAuth2ClientController.java	2015-07-14 07:21:33 +0000
@@ -28,7 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.hisp.dhis.oauth2.OAuth2Client;
+import org.hisp.dhis.security.oauth2.OAuth2Client;
 import org.hisp.dhis.schema.descriptors.OAuth2ClientSchemaDescriptor;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SharingController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SharingController.java	2015-07-10 03:05:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SharingController.java	2015-07-14 07:21:33 +0000
@@ -30,8 +30,8 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.hisp.dhis.acl.AccessStringHelper;
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AccessStringHelper;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObjectManager;

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java	2015-07-02 07:05:55 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java	2015-07-14 07:21:33 +0000
@@ -31,7 +31,7 @@
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 
-import org.hisp.dhis.acl.AclService;
+import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.common.DxfNamespaces;
 import org.hisp.dhis.common.IdentifiableObjectManager;
 import org.hisp.dhis.common.view.DetailedView;

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientAction.java	2015-06-25 06:26:15 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientAction.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.opensymphony.xwork2.Action;
-import org.hisp.dhis.oauth2.OAuth2Client;
-import org.hisp.dhis.oauth2.OAuth2ClientService;
+import org.hisp.dhis.security.oauth2.OAuth2Client;
+import org.hisp.dhis.security.oauth2.OAuth2ClientService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.StringUtils;
 

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientsAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientsAction.java	2015-06-25 03:36:52 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/GetOAuth2ClientsAction.java	2015-07-14 07:21:33 +0000
@@ -29,8 +29,8 @@
  */
 
 import com.opensymphony.xwork2.Action;
-import org.hisp.dhis.oauth2.OAuth2Client;
-import org.hisp.dhis.oauth2.OAuth2ClientService;
+import org.hisp.dhis.security.oauth2.OAuth2Client;
+import org.hisp.dhis.security.oauth2.OAuth2ClientService;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import java.util.ArrayList;