AFAIK all SCIM-based objects should be immutable, but that's not the case. For instance, we're directly returning the backing collections for all multi-valued attributes and when setting collections via the builders, they're not copied, but used as-is. We should always return unmodifiable views of collections and make defensive copies of collection arguments fed into the builders.

Hello,

it is not possible to easy change a single attribute of a Name Object.
For this is would be great if we could create a constructor that takes a Name Objects and copys the values of the old user to the new one. After this the Developer can change the single attribute bei using the setter.

At the moment the scim_group stores only "displayName". In our project we have a need for a technical name. So is it possible to add a new (optional) property "name" for each scim_group?

We should get rid of org.osiam.resources.scim.meta as well as org.osiam.resources.scim.Group_, org.osiam.resources.scim.Resource_ and org.osiam.resources.scim.User_ the attempt to provide a type safe query api can surely be considered as failed. There also doesn't seem to be a demand for it and the additional classes in the scim schema are only confusing.

We had to disable all tests that proof the correctness of the generated JSON, because of licensing problems with JSONAssert. The tests must be enabled again now, due to upcoming development in this project.

In our project we need to add some attributes to a scim_group. So i think we need extensions for a group.

See [https://github.com//issues/130]

If you want to create a User with the User.Builder you haveto watch for a order,

Because setExternalId() is not part of the User.Builder but of CoreResource.Builder you can't set any User attributes after calling setExternalId(). Same goes for Group

Example
possible
setNickName("nick").setExternalId("external").build
not possible
setExternalId("external").setNickName("nick").build

Moved from Jira:

When using Resource.Builder.setSchema() the scim core schema gets overwritten unless you specify it explicitly in the parameter Set

If I try to create an Email object with an upper-cased top level domain, e.g. [email protected], the builder throws an exception, telling me that the email address is invalid.

Steps to reproduce

Create a new Email object via the builder:

Email email = new Email.Builder().setValue("[email protected]").build();

Expected result

A new Email object with the given email address as value

Actual result

A SCIMDataValidationException will be thrown.

org.osiam.resources.exception.SCIMDataValidationException: The value '[email protected]' is not a well-formed email.
    at org.osiam.resources.scim.Email$Builder.setValue(Email.java:179)
    ...

It's not very smart to have a single pool of constants. We should remove the class and move the definitions to the respective classes.

The used URIs in this repo are not up to date with the specification defined URIs. This is just one task of the obvious todo of the adjustment to the scim specfication.

Just played a bit with the osiam docker image.

After a restart of the tomcat server I see some exceptions in the log indicating that scim Users or Resources in general cannot be serialized which makes tomcat bark when it tries to serialize HttpSession contents.

I'd suggest that you make Resources serializable to avoid such problems.

SEVERE: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.osiam.resources.scim.User
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.osiam.resources.scim.User

Because deserialization of Users requires a custom deserializer, one has to register a Jackson module on their ObjectMapper that contains the deserializer. Currently, the scim-schema only provides the deserializer but no Jackson module. I think we should provide a module so that people can set up their ObjectMapper more easily.