diff --git a/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/Store.java b/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/Store.java index 793a29147..f7ddb4fc9 100644 --- a/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/Store.java +++ b/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/Store.java @@ -1,5 +1,6 @@ package edu.uiuc.ncsa.security.core; +import java.util.List; import java.util.Map; /** @@ -49,4 +50,11 @@ public interface Store extends Map { */ public void save(V value); + /** + * Method to get every element in the store. This is useful for command line interfaces. Note + * that this might be very expensive. + * @return + */ + public List getAll(); + } diff --git a/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/util/Pool.java b/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/util/Pool.java index dc9ee4b18..dbcc6e74f 100644 --- a/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/util/Pool.java +++ b/ncsa-security-common/ncsa-security-core/src/main/java/edu/uiuc/ncsa/security/core/util/Pool.java @@ -16,7 +16,7 @@ public abstract class Pool { public static final int INFINITE = -1; int maxSize = INFINITE; - protected int inUse = 0; + protected int inUse = 0; List stack = new LinkedList(); /** diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/AggregateStore.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/AggregateStore.java index 3deeb5dc8..f0cff081d 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/AggregateStore.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/AggregateStore.java @@ -40,14 +40,14 @@ public List stores() { * Caveat! This does not check if the store has already been added! This is because store comparison * is probably too expensive and in some cases almost impossible to do. It is up to the application not * to add multiple copies of the same store. + * * @param store */ public void addStore(V store) { - stores.add(store); + stores.add(store); } - protected void checkValid() { if (0 == stores.size()) { throw new GeneralException("Error: Aggregate store is empty. There must be at least one store in the aggregate."); @@ -88,12 +88,12 @@ public void register(Identifiable value) { public void save(Identifiable value) { for (Store s : stores) { // try to get it to the right store. - try{ - if (s.containsKey(value.getIdentifier())) { - s.save(value); - return; - } - }catch(Throwable t){ + try { + if (s.containsKey(value.getIdentifier())) { + s.save(value); + return; + } + } catch (Throwable t) { t.printStackTrace(); } } @@ -232,5 +232,14 @@ public Set entrySet() { } return set; } + + @Override + public List getAll() { + LinkedList allEntries = new LinkedList<>(); + for (Object object : values()) { + allEntries.add((V) object); + } + return allEntries; + } } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/FileStore.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/FileStore.java index 278867b46..2d27213b7 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/FileStore.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/FileStore.java @@ -358,6 +358,14 @@ public V get(Object key) { return (V) loadByIdentifier(key.toString()); } + @Override + public List getAll() { + LinkedList allEntries = new LinkedList<>(); + for(Identifier d : keySet()){ + allEntries.add(get(d)); + } + return allEntries; + } public boolean delete(String identifier) { V t = loadByIdentifier(identifier); @@ -440,4 +448,8 @@ public V create() { checkPermissions(); return super.create(); } + + public MapConverter getConverter() { + return converter; + } } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/MemoryStore.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/MemoryStore.java index 22ddaa074..c6fa30977 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/MemoryStore.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/MemoryStore.java @@ -4,6 +4,8 @@ import edu.uiuc.ncsa.security.core.exceptions.UnregisteredObjectException; import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; /** * An in-memory store. This is useful in several different ways and is in effect @@ -101,5 +103,12 @@ public void save(V value) { realSave(value); } - + @Override + public List getAll() { + LinkedList allEntries = new LinkedList<>(); + for(Identifier d: keySet()){ + allEntries.add(get(d)); + } + return allEntries; + } } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/AdminConnectionParameters.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/AdminConnectionParameters.java index 6ef9d4ec9..ab37c7c8a 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/AdminConnectionParameters.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/AdminConnectionParameters.java @@ -17,8 +17,9 @@ protected AdminConnectionParameters( int port, String jdbcDriver, String clientUsername, - boolean useSSL) { - super(username, password,databaseName,schema, host, port, jdbcDriver, useSSL); + boolean useSSL, + String parameters) { + super(username, password,databaseName,schema, host, port, jdbcDriver, useSSL, parameters); this.clientUsername = clientUsername; } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPool.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPool.java index e7fa72d59..fba1aa45b 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPool.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPool.java @@ -1,5 +1,6 @@ package edu.uiuc.ncsa.security.storage.sql; +import edu.uiuc.ncsa.security.core.util.DebugUtil; import edu.uiuc.ncsa.security.core.util.Pool; import edu.uiuc.ncsa.security.core.util.PoolException; @@ -29,6 +30,7 @@ public Connection create() throws PoolException { Connection con = DriverManager.getConnection(getConnectionParameters().getJdbcUrl()); return con; } catch (Exception x) { + DebugUtil.dbg(this, "Connection failure, JDBC URL=" + getConnectionParameters().getJdbcUrl()); x.printStackTrace(); throw new PoolException(x); } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPoolProvider.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPoolProvider.java index ab59ecb08..f83bdb22d 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPoolProvider.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/ConnectionPoolProvider.java @@ -24,6 +24,7 @@ public abstract class ConnectionPoolProvider extends H public static final String DRIVER = "driver"; public static final String USE_SSL = "useSSL"; public static final String DATABASE = "database"; + public static final String PARAMETERS = "parameters"; public static final String SCHEMA = SQLStoreProvider.SCHEMA; // since this is shared, really. diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/DBInitializer.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/DBInitializer.java index 05d501b4f..1b2a97391 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/DBInitializer.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/DBInitializer.java @@ -105,15 +105,12 @@ public String getUser() { protected void init2() throws SQLException { Connection c = getConnection(); Statement s = c.createStatement(); - try { - createSchema(s); - createTables(s); - setPermissions(s); - - } finally { - s.close(); - c.close(); - } + createSchema(s); + createTables(s); + setPermissions(s); + s.close(); + c.close(); + releaseConnection(c); } public boolean init() { @@ -133,13 +130,11 @@ public boolean init() { protected void destroy2() throws SQLException { Connection c = getConnection(); Statement s = c.createStatement(); - try { - dropTables(s); - dropSchema(s); - } finally { - s.close(); - c.close(); - } + dropTables(s); + dropSchema(s); + s.close(); + c.close(); + releaseConnection(c); } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLConnectionImpl.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLConnectionImpl.java index 7c8399dce..8b464a61f 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLConnectionImpl.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLConnectionImpl.java @@ -18,8 +18,9 @@ protected SQLConnectionImpl( String host, int port, String jdbcDriver, - boolean useSSL - ) { + boolean useSSL, + String parameters + ) { this.databaseName = databaseName; this.host = host; this.jdbcDriver = jdbcDriver; @@ -28,15 +29,52 @@ protected SQLConnectionImpl( this.schema = schema; this.username = username; this.useSSL = useSSL; + this.parameters = parameters; init(); } + /** + * Add parameters from the configuration file if they exist. The parameter string is of the form + * 
+     *     key0=value0&key1=value1&key2=value2...
+     *
+ * NOTE: this method does not set the ssl connection parameter -- tjhat should be done before invoking this method + * because that is very vendor specific. This method passes along whatever parameters to the driver the user needs or skips them + * if there are none. + * @param jdbcURL + * @return + */ + protected String addParameters(String jdbcURL) { + String p = null; + if (getParameters() != null && !getParameters().isEmpty()) { + p = getParameters(); + } + if (p != null) { + if (p.startsWith("&")) { + p = p.substring(1); // drop initial "&" + } + if (p.endsWith("&")) { + p = p.substring(0, p.length() - 1); //shave off final & + } + jdbcURL = jdbcURL + "&" + p; + } + + return jdbcURL; + } + + public String getParameters() { + return parameters; + } + + String parameters; + @Override public String getUsername() { return username; } protected boolean useSSL = false; + protected void init() { if (jdbcDriver == null) { throw new MyConfigurationException("Missing JDBC driver"); @@ -78,34 +116,37 @@ public String toString() { x = x + ", port=" + port; x = x + ", jdbcDriver=" + jdbcDriver; x = x + ", useSSL? " + useSSL; + x = x + ", parameters? " + parameters; x = x + ", jdbcURL=" + getJdbcUrl(); x = x + "]"; return x; } - boolean compareString(String x, String y){ - if(x == null){ - if(y==null) return true; + boolean compareString(String x, String y) { + if (x == null) { + if (y == null) return true; return false; - }else{ - if(y==null) return false; + } else { + if (y == null) return false; } return x.equals(y); } + @Override public boolean equals(Object obj) { - if(obj == null)return false; - if(!(obj instanceof SQLConnectionImpl))return false; + if (obj == null) return false; + if (!(obj instanceof SQLConnectionImpl)) return false; SQLConnectionImpl z = (SQLConnectionImpl) obj; - if(!compareString(username,z.username)) return false; - if(!compareString(password,z.password)) return false; - if(!compareString(schema,z.schema)) return false; - if(!compareString(databaseName,z.databaseName)) return false; - if(!compareString(host,z.host)) return false; - if(!compareString(jdbcDriver,z.jdbcDriver)) return false; - if(port != z.port) return false; - if(useSSL != z.useSSL) return false; + if (!compareString(username, z.username)) return false; + if (!compareString(password, z.password)) return false; + if (!compareString(schema, z.schema)) return false; + if (!compareString(databaseName, z.databaseName)) return false; + if (!compareString(host, z.host)) return false; + if (!compareString(jdbcDriver, z.jdbcDriver)) return false; + // does not compare parameters since that is not well-defined.... + if (port != z.port) return false; + if (useSSL != z.useSSL) return false; return true; } } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLStore.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLStore.java index 14c681bf0..18371fc65 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLStore.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/SQLStore.java @@ -55,6 +55,36 @@ public V create() { protected MapConverter converter; + /** + * This will get every entry in the database. For sparing use since this may be a huge load. + * + * @return + */ + public List getAll() { + LinkedList allEntries = new LinkedList<>(); + Connection c = getConnection(); + V t = null; + try { + PreparedStatement stmt = c.prepareStatement(getTable().createSelectAllStatement()); + stmt.executeQuery(); + ResultSet rs = stmt.getResultSet(); + // Now we have to pull in all the values. + while (rs.next()) { + ColumnMap map = rsToMap(rs); + t = create(); + populate(map, t); + allEntries.add(t); + } + + rs.close(); + stmt.close(); + releaseConnection(c); + } catch (SQLException e) { + destroyConnection(c); + throw new GeneralException("Error getting all entries.", e); + } + return allEntries; + } /** * For an existing entry in the store. This will select it based on the primary key @@ -95,7 +125,6 @@ public void update(V value) { stmt.executeUpdate(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error updating approval with identifier = \"" + value.getIdentifierString(), e); @@ -160,7 +189,6 @@ public void register(V value) { stmt.execute();// just execute() since executeQuery(x) would throw an exception regardless of content of x as per JDBC spec. stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error: could not register object with id \"" + value.getIdentifierString() + "\"", e); @@ -201,6 +229,7 @@ public V get(Object o) { if (!rs.next()) { rs.close(); stmt.close(); + releaseConnection(c); return null; // returning a null fulfills contract for this being a map. } @@ -271,7 +300,6 @@ protected int size(String tablename) { rs.close(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error getting the size.", e); @@ -302,7 +330,6 @@ public boolean containsKey(Object key) { rs.close(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); e.printStackTrace(); @@ -346,7 +373,6 @@ public V remove(Object key) { stmt.execute(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error getting identity providers", e); @@ -375,7 +401,6 @@ public void clear() { stmt.execute(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error getting identity providers", e); @@ -431,7 +456,6 @@ public Collection values() { rs.close(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error: could not get database object", e); @@ -456,7 +480,6 @@ public Set> entrySet() { rs.close(); stmt.close(); releaseConnection(c); - } catch (SQLException e) { destroyConnection(c); throw new GeneralException("Error: could not get database object", e); @@ -546,4 +569,7 @@ public void checkTable() { System.err.println("failed to create " + getTable().getTablename() + " msg=" + x.getMessage()); } } + public MapConverter getConverter(){ + return converter; + } } \ No newline at end of file diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionParameters.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionParameters.java index 4c2c26766..493289db5 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionParameters.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionParameters.java @@ -29,9 +29,10 @@ public DerbyConnectionParameters(String username, int port, String jdbcDriver, boolean useSSL, - boolean inMemory + boolean inMemory, + String parameters ) { - super(username, password, databaseName, schema, host, port, jdbcDriver, useSSL); + super(username, password, databaseName, schema, host, port, jdbcDriver, useSSL, parameters); this.inMemory = inMemory; } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionPoolProvider.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionPoolProvider.java index 0c865ff74..cd2ba7b7e 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionPoolProvider.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/derby/DerbyConnectionPoolProvider.java @@ -54,7 +54,8 @@ public ConnectionPool get() { checkValue(PORT, port), checkValue(DRIVER, driver), checkValue(USE_SSL, useSSL), - checkValue("inMemory", inMemory) + checkValue("inMemory", inMemory), + checkValue(PARAMETERS, "") ); return new ConnectionPool(x); } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionParameters.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionParameters.java index eb0341887..968ee3c8d 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionParameters.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionParameters.java @@ -21,8 +21,9 @@ public H2ConnectionParameters(String username, String host, int port, String jdbcDriver, - boolean useSSL) { - super(username, password, databaseName, schema, host, port, jdbcDriver, useSSL); + boolean useSSL, + String parameters) { + super(username, password, databaseName, schema, host, port, jdbcDriver, useSSL,parameters); } diff --git a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionPoolProvider.java b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionPoolProvider.java index d4583889b..5b1b7a29c 100644 --- a/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionPoolProvider.java +++ b/ncsa-security-common/ncsa-security-storage/src/main/java/edu/uiuc/ncsa/security/storage/sql/h2/H2ConnectionPoolProvider.java @@ -12,7 +12,6 @@ public class H2ConnectionPoolProvider extends ConnectionPoolProvider loadAllEntries() { - Set keys = getStore().keySet(); - allEntries = new LinkedList(); - int i = 0; - for (Object key : keys) { - if (key == null) { - // Fix for OAUTH-119. - System.out.println("Warning, skipping null identifier. Cannot resolve object..."); - } else { - Identifiable x = (Identifiable) getStore().get(key); - allEntries.add(x); - } + // There WAS a fix for Fix for OAUTH-119, skipping null identifiers, but the store should + // now take care of this edge case. I am keeping the JIRA issue number here for future reference. + + allEntries = getStore().getAll(); - } return allEntries; } diff --git a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/ANDLogicBlocks.java b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/ANDLogicBlocks.java new file mode 100644 index 000000000..8cfeb9c93 --- /dev/null +++ b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/ANDLogicBlocks.java @@ -0,0 +1,11 @@ +package edu.uiuc.ncsa.security.util.functor; + +/** + *

Created by Jeff Gaynor
+ * on 6/27/18 at 11:41 AM + */ +public class ANDLogicBlocks extends LogicBlocks { + public ANDLogicBlocks() { + connector = AND; + } +} diff --git a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/JFunctorFactory.java b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/JFunctorFactory.java index 799fa4536..a2d1c7d0e 100644 --- a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/JFunctorFactory.java +++ b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/JFunctorFactory.java @@ -21,7 +21,7 @@ public class JFunctorFactory { /** * This will create a single functor from the object. If you have a full configuration - * file, use the {@link #createLogicBlock(JSONArray)} + * file, use the {@link #createLogicBlock(JSONObject)} * method instead. * * @param jsonObject @@ -52,7 +52,16 @@ public LogicBlocks createLogicBlocks(String rawJSON) { try { JSONArray array = JSONArray.fromObject(rawJSON); - return createLogicBlock(array); + JSONObject j = new JSONObject(); + j.put(FunctorTypeImpl.OR.getValue(), array); + return createLogicBlock(j); + } catch (Throwable t) { + // do nix + } + try { + JSONObject j = JSONObject.fromObject(rawJSON); + return createLogicBlock(j); + } catch (Throwable t) { // do nix } @@ -60,8 +69,8 @@ public LogicBlocks createLogicBlocks(String rawJSON) { } /** - * This creates a list of logic blocks from a JSONArray. There are a few cases for this. The basic format is - * assumed to be + * This creates a list of logic blocks from a JSONArray. There are a few cases for this. The basic format of the blocks + * is assumed to be * 

      *     [{"$if":[..],
      *        "$then":[...],
@@ -83,12 +92,39 @@ public LogicBlocks createLogicBlocks(String rawJSON) {
      * 
      *     [{"$if":...},[COMMANDS]]
      * 

+     * Now, the full format is a functor of the form
+     * 
+     *     {"connector":[array]}
+     * 

+     * where connector is $or, $xor or $and. In the case of or or and, the entire set of blocks will evaluate
+     * and the final result will be available. In the case of xor, evaluation will cease when the first if block is
+     * found to be false. If there is simply an array and no connector, logical or is supplied as the default.
      *
-     * @param array
+     * @param jsonObject
      * @return
      */
-    public LogicBlocks createLogicBlock(JSONArray array) {
-        LogicBlocks bloxx = new LogicBlocks<>();
+    public LogicBlocks createLogicBlock(JSONObject jsonObject) {
+        LogicBlocks bloxx = null;
+        if(jsonObject.isEmpty()){
+            return new ORLogicBlocks(); // default
+        }
+        JSONArray array = null;
+        if (jsonObject.containsKey(FunctorTypeImpl.OR.getValue())) {
+            bloxx = new ORLogicBlocks();
+            array = jsonObject.getJSONArray(FunctorTypeImpl.OR.getValue());
+        }
+        if (jsonObject.containsKey(FunctorTypeImpl.XOR.getValue())) {
+            bloxx = new XORLogicBlocks();
+            array = jsonObject.getJSONArray(FunctorTypeImpl.XOR.getValue());
+        }
+        if (jsonObject.containsKey(FunctorTypeImpl.AND.getValue())) {
+            bloxx = new ANDLogicBlocks();
+            array = jsonObject.getJSONArray(FunctorTypeImpl.AND.getValue());
+        }
+
+        if (bloxx == null) {
+            throw new IllegalArgumentException("Error: No recognized functor type associated with this logic block collection");
+        }
         for (int i = 0; i < array.size(); i++) {
             Object currentObj = array.get(i);
             if (currentObj instanceof JSONObject) {
diff --git a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/LogicBlocks.java b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/LogicBlocks.java
index 8ed92b200..eae6d94dd 100644
--- a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/LogicBlocks.java
+++ b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/LogicBlocks.java
@@ -1,5 +1,7 @@
 package edu.uiuc.ncsa.security.util.functor;
 
+import edu.uiuc.ncsa.security.core.exceptions.NFWException;
+import edu.uiuc.ncsa.security.core.util.DebugUtil;
 import edu.uiuc.ncsa.security.util.functor.logic.FunctorMap;
 import edu.uiuc.ncsa.security.util.functor.logic.jThen;
 import net.sf.json.JSONArray;
@@ -9,39 +11,136 @@
 import java.util.List;
 
 /**
+ * A collection of {@link LogicBlock} objects. A logic block is an if-then-else construct. Executing these
+ * will result in a collection of results. There are various sublcasses of this that do various things:
+ * {@link XORLogicBlocks}, {@link ANDLogicBlocks} and {@link ORLogicBlocks}.
  * 
Created by Jeff Gaynor

  * on 4/20/18 at  10:26 AM
  */
-public class LogicBlocks extends LinkedList implements JMetaFunctor {
+public abstract class LogicBlocks extends LinkedList implements JMetaFunctor {
+    public static final int XOR = 0;
+    public static final int OR = 1;
+    public static final int AND = 2;
+    public static final int UNKNOWN = -1;
+
+    protected int connector = UNKNOWN;
+
+    protected boolean result = false;
+
+
     @Override
     public Object getResult() {
-        return executed;
+        return result;
     }
 
     boolean executed = false;
 
+
     public FunctorMap getFunctorMap() {
         return functorMap;
     }
 
     FunctorMap functorMap = new FunctorMap();
 
+
     public Object execute() {
+        DebugUtil.dbg(this, "starting to execute logic blocks, type #=" + connector);
         if (isExecuted()) {
             return true;
         }
+        result = false;
         for (LogicBlock lb : this) {
-            lb.execute();
-            // It is possible to have a null consequent, e.g. in the case that the conditional
-            // is false and there is no else clause. Only do something if something happened.
-            if (lb.getConsequent() != null) {
-                getFunctorMap().putAll(lb.getConsequent().getFunctorMap());
+            //lb.execute();
+            boolean rc = false;
+            switch (connector) {
+                case XOR:
+                    rc = doXORCase(lb);
+                    break;
+                case OR:
+                    rc = doORCase(lb);
+                    break;
+                case AND:
+                    rc = doANDCase(lb);
+                    break;
+                case UNKNOWN:
+                    throw new NFWException("Error: there is no connector for this set of logic blocks.");
+            }
+            if (!rc) {
+                break;
             }
         }
         executed = true;
-        return executed;
+        return result;
+    }
+
+    /**
+     * The logical connector is excluive or. This means that the processing ends if any of the logic blocks fail to
+     * be true (be careful of nesting if then else -- the else result will be added to the functor map, BUT execution will stop.
+     * Invoking the XOR connector means to stop processing in this case!!!
+     *
+     * @param lb
+     * @return
+     */
+    protected boolean doXORCase(LogicBlock lb) {
+        lb.execute();
+        boolean rc = false;
+        if (lb.getIfBlock().getBooleanResult()) {
+            // this is true, so keep processing
+            result = true;
+            rc = true;
+        } else {
+            // this failed, so execution stops.
+            result = false;
+            rc = false;
+        }
+        updateFunctormap(lb);
+        return rc;
     }
 
+    protected void updateFunctormap(LogicBlock lb) {
+        // It is possible to have a null consequent, e.g. in the case that the conditional
+        // is false and there is no else clause. Only do something if something happened.
+
+        if (lb.getConsequent() != null) {
+            DebugUtil.dbg(this, "Got consequent, adding results to functor map:" + lb.getConsequent().getFunctorMap());
+            getFunctorMap().putAll(lb.getConsequent().getFunctorMap());
+        }
+    }
+
+    /**
+     * This will execute every logic block and take the logical OR of all the results. Each consequent will be
+     * added
+     *
+     * @param lb
+     * @return
+     */
+    protected boolean doORCase(LogicBlock lb) {
+        lb.execute();
+        result = result || lb.getIfBlock().getBooleanResult();
+        // It is possible to have a null consequent, e.g. in the case that the conditional
+        // is false and there is no else clause. Only do something if something happened.
+
+        updateFunctormap(lb);
+        return true; // keep processing
+    }
+
+    /**
+     * This will execute every logic block and take logicla AND of all the results. Processing continues for all of
+     * these. Note that only in the case of XOR is processing interrupted.
+     *
+     * @param lb
+     * @return
+     */
+    protected boolean doANDCase(LogicBlock lb) {
+        lb.execute();
+        result = result && lb.getIfBlock().getBooleanResult();
+        // It is possible to have a null consequent, e.g. in the case that the conditional
+        // is false and there is no else clause. Only do something if something happened.
+        updateFunctormap(lb);
+        return true; // keep processing
+    }
+
+
     /**
      * Clears each of the execution states of the logic blocks
      */
diff --git a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/ORLogicBlocks.java b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/ORLogicBlocks.java
new file mode 100644
index 000000000..f400599f3
--- /dev/null
+++ b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/ORLogicBlocks.java
@@ -0,0 +1,11 @@
+package edu.uiuc.ncsa.security.util.functor;
+
+/**
+ * 
Created by Jeff Gaynor

+ * on 6/27/18 at  11:42 AM
+ */
+public class ORLogicBlocks extends LogicBlocks {
+    public ORLogicBlocks() {
+        connector = OR;
+    }
+}
diff --git a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/XORLogicBlocks.java b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/XORLogicBlocks.java
new file mode 100644
index 000000000..dfba10fd1
--- /dev/null
+++ b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/XORLogicBlocks.java
@@ -0,0 +1,11 @@
+package edu.uiuc.ncsa.security.util.functor;
+
+/**
+ * 
Created by Jeff Gaynor

+ * on 6/27/18 at  11:41 AM
+ */
+public class XORLogicBlocks extends LogicBlocks {
+    public XORLogicBlocks() {
+        connector = XOR;
+    }
+}
diff --git a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/logic/FunctorMap.java b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/logic/FunctorMap.java
index a900095e5..b1d479028 100644
--- a/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/logic/FunctorMap.java
+++ b/ncsa-security-common/ncsa-security-util/src/main/java/edu/uiuc/ncsa/security/util/functor/logic/FunctorMap.java
@@ -7,6 +7,8 @@
 import java.util.List;
 
 /**
+ * A map of all functors that have resulted in the execution of a functor. This lets you recover them in toto
+ * and pass them around.
  * 
Created by Jeff Gaynor

  * on 3/22/18 at  2:16 PM
  */
@@ -27,7 +29,7 @@ public boolean containsKey(JFunctor jFunctor) {
     }
 
     /**
-     * Add all of the funtors in the argument to this map.
+     * Add all of the functors in the argument to this map.
      *
      * @param functorMap
      * @return
diff --git a/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorFactoryTests.java b/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorFactoryTests.java
index 80d48083a..f9e44f26a 100644
--- a/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorFactoryTests.java
+++ b/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorFactoryTests.java
@@ -1,9 +1,6 @@
 package edu.uiuc.ncsa.security.util;
 
-import edu.uiuc.ncsa.security.util.functor.JFunctor;
-import edu.uiuc.ncsa.security.util.functor.JFunctorFactory;
-import edu.uiuc.ncsa.security.util.functor.LogicBlock;
-import edu.uiuc.ncsa.security.util.functor.LogicBlocks;
+import edu.uiuc.ncsa.security.util.functor.*;
 import edu.uiuc.ncsa.security.util.functor.logic.jAnd;
 import edu.uiuc.ncsa.security.util.functor.logic.jTrue;
 import net.sf.json.JSONArray;
@@ -16,7 +13,7 @@
  */
 public class JFunctorFactoryTests extends TestBase {
     @Test
-    public void testAnd() throws Exception{
+    public void testAnd() throws Exception {
         String rawJSON = "{\"$and\": [\n" +
                 "  {\"$endsWith\":   [\n" +
                 "    \"the quick brown fox\",\n" +
@@ -35,8 +32,9 @@ public void testAnd() throws Exception{
         ff.execute();
         assert ((jAnd) ff).getBooleanResult();
     }
+
     @Test
-    public void testConstants() throws Exception{
+    public void testConstants() throws Exception {
         String rawJSON = "{\"$and\": [\n" +
                 "  {\"$endsWith\":   [\n" +
                 "    \"the quick brown fox\",\n" +
@@ -53,12 +51,12 @@ public void testConstants() throws Exception{
         // And again with a logical value of false.
 
         rawJSON = "{\"$and\": [\n" +
-                       "  {\"$endsWith\":   [\n" +
-                       "    \"the quick brown fox\",\n" +
-                       "    \"fox\"\n" +
-                       "  ]},\n" +
-                       "  \"$false\"\n" +
-                       "]}";
+                "  {\"$endsWith\":   [\n" +
+                "    \"the quick brown fox\",\n" +
+                "    \"fox\"\n" +
+                "  ]},\n" +
+                "  \"$false\"\n" +
+                "]}";
         json = JSONObject.fromObject(rawJSON);
         ff = functorFactory.create(json);
         assert ff instanceof jAnd;
@@ -69,18 +67,21 @@ public void testConstants() throws Exception{
     /**
      * The argument is a list of commands (in this case the trivial $true functor). The point of the
      * test is that this is converted internally to a logic block that has a conditional of true and that
-     *  the resulting executable then block of commands can be queried for the functor. This permits
-     *  for instance, introducing variables (as functors that are true or false) into the runtime and checking if they are
-     *  set.
+     * the resulting executable then block of commands can be queried for the functor. This permits
+     * for instance, introducing variables (as functors that are true or false) into the runtime and checking if they are
+     * set.
+     *
      * @throws Exception
      */
     @Test
-    public void testCommndsOnlyLogicBlock() throws Exception{
+    public void testCommndsOnlyLogicBlock() throws Exception {
+        JSONObject j = new JSONObject();
         JSONArray array = new JSONArray();
         jTrue jt = new jTrue();
-                array.add(jt.toJSON());
+        array.add(jt.toJSON());
         JFunctorFactory ff = new JFunctorFactory();
-        LogicBlocks lbs = ff.createLogicBlock(array);
+        j.put(FunctorTypeImpl.OR.getValue(), array);
+        LogicBlocks lbs = ff.createLogicBlock(j);
         assert lbs.size() == 1;
         lbs.execute();
         System.out.println(lbs.get(0).toString());
diff --git a/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorTest.java b/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorTest.java
index 954aece83..9ee0f4e8d 100644
--- a/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorTest.java
+++ b/ncsa-security-common/ncsa-security-util/src/test/java/edu/uiuc/ncsa/security/util/JFunctorTest.java
@@ -412,7 +412,10 @@ public void testLBCreation() throws Exception {
 
         ifBlock.put("$then", jToLowerCase.toJSON());
         array.add(ifBlock);
-        LogicBlocks bloxx = functorFactory.createLogicBlock(array);
+        JSONObject j = new JSONObject();
+        j.put(FunctorTypeImpl.OR.getValue(), array);
+        LogicBlocks bloxx = functorFactory.createLogicBlock(j);
+        assert bloxx instanceof ORLogicBlocks;
         assert bloxx.size() == 1;
         LogicBlock logicBlock = bloxx.get(0);
         logicBlock.execute();
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/servlet/DBConfigLoader.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/servlet/DBConfigLoader.java
index 3fe5862e7..b62256246 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/servlet/DBConfigLoader.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/servlet/DBConfigLoader.java
@@ -10,7 +10,8 @@
 
 
 /**
- * Configurations that deal with storage should extend this.
+ * Configurations that deal with storage should extend this. Note that this is used extensively in OA4MP
+ * though not in this module.
  * 
Created by Jeff Gaynor

  * on 1/31/13 at  3:16 PM
  */
@@ -36,17 +37,27 @@ protected boolean isDefaultStoreDisabled(boolean... x) {
     }
 
 
+    MySQLConnectionPoolProvider mySQLConnectionPoolProvider;
+
     // ALWAYS return a new connection provider or you will only get the same connection repeatedly (and if there
     // are multiple stores with multiple users you will get authentication errors!)
     // ALSO, these get no configuration here since this will be determined later and set by
     // the store provider. At this point which mysql instance is being used is undecidable!
     public MySQLConnectionPoolProvider getMySQLConnectionPoolProvider() {
-        return getMySQLConnectionPoolProvider("oauth", "oauth");  // database, schema are set to default
+        if (mySQLConnectionPoolProvider == null) {
+            mySQLConnectionPoolProvider = getMySQLConnectionPoolProvider("oauth", "oauth");  // database, schema are set to default
+        }
+        return mySQLConnectionPoolProvider;
     }
 
+    MariaDBConnectionPoolProvider mariaDBConnectionPoolProvider;
+
     public MariaDBConnectionPoolProvider getMariaDBConnectionPoolProvider() {
-         return getMariaDBConnectionPoolProvider("oauth", "oauth");  // database, schema are set to default
-     }
+        if (mariaDBConnectionPoolProvider == null) {
+            mariaDBConnectionPoolProvider = getMariaDBConnectionPoolProvider("oauth", "oauth");  // database, schema are set to default
+        }
+        return mariaDBConnectionPoolProvider;
+    }
 
     public PGConnectionPoolProvider getPgConnectionPoolProvider() {
         return getPgConnectionPoolProvider("oauth", "oauth");  // database, schema are set to default
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/AggregateTransactionStore.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/AggregateTransactionStore.java
index 33b01b6a0..82dd1c3d8 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/AggregateTransactionStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/AggregateTransactionStore.java
@@ -1,10 +1,12 @@
 package edu.uiuc.ncsa.security.delegation.storage;
 
+import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
 import edu.uiuc.ncsa.security.delegation.storage.impl.BasicTransaction;
 import edu.uiuc.ncsa.security.delegation.token.AccessToken;
 import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
 import edu.uiuc.ncsa.security.delegation.token.Verifier;
 import edu.uiuc.ncsa.security.storage.AggregateStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 /**
  * An aggregate store for transactions.
@@ -45,4 +47,9 @@ public BasicTransaction get(Verifier verifier) {
         }
         return null;
     }
+
+    @Override
+    public MapConverter getConverter() {
+        throw new NotImplementedException("Error: there is no single converter possible for an aggregate store. Method not implemented");
+    }
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/TransactionStore.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/TransactionStore.java
index c1387ed09..b40be6435 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/TransactionStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/TransactionStore.java
@@ -5,6 +5,7 @@
 import edu.uiuc.ncsa.security.delegation.token.AccessToken;
 import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
 import edu.uiuc.ncsa.security.delegation.token.Verifier;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 /**
  * A store for delegation transactions.
@@ -18,5 +19,6 @@ public interface TransactionStore extends Store {
     V get(AccessToken accessToken);
 
     V get(Verifier verifier);
+    MapConverter getConverter();
 
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/FSTransactionStore.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/FSTransactionStore.java
index 65c3dd1d7..25a85f4d2 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/FSTransactionStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/FSTransactionStore.java
@@ -74,22 +74,6 @@ public V realRemove(V thingie) {
         }
         return thingie;
     }
-/*
-    @Override
-    public boolean delete(String identifier) {
-        V t = (V) loadByIdentifier(identifier);
-        boolean rc = super.delete(identifier);
-        if (t.hasAuthorizationGrant()) {
-            removeIndexEntry(t.getAuthorizationGrant().getToken());
-        }
-        if (t.hasAccessToken()) {
-            removeIndexEntry(t.getAccessToken().getToken());
-        }
-        if (t.hasVerifier()) {
-            removeIndexEntry(t.getVerifier().getToken());
-        }
-        return rc;
-    }*/
 
     public V get(AuthorizationGrant authorizationGrant) {
         return getIndexEntry(authorizationGrant.getToken());
@@ -103,4 +87,5 @@ public V get(Verifier verifier) {
         return getIndexEntry(verifier.getToken());
     }
 
+
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/SQLBaseTransactionStore.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/SQLBaseTransactionStore.java
index 40b173c34..c8b5c2248 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/SQLBaseTransactionStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/SQLBaseTransactionStore.java
@@ -60,19 +60,18 @@ protected V getTransaction(String identifier, String statement) {
             if (!rs.next()) {
                 rs.close();
                 stmt.close();
+                releaseConnection(c);
                 throw new TransactionNotFoundException("No transaction found for identifier \"" + identifier + "\"");
             }
 
             ColumnMap map = rsToMap(rs);
             rs.close();
             stmt.close();
-
+            releaseConnection(c);
             t = create();
             populate(map, t);
         } catch (SQLException e) {
             throw new GeneralException("Error getting transaction with identifier \"" + identifier + "\"", e);
-        }finally {
-            releaseConnection(c);
         }
         return t;
     }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionCache.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionCache.java
index b48bd0d43..fa841960d 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionCache.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionCache.java
@@ -4,18 +4,17 @@
 import edu.uiuc.ncsa.security.core.cache.CachedMapFacade;
 import edu.uiuc.ncsa.security.core.exceptions.DestroyedException;
 import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
+import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
 import edu.uiuc.ncsa.security.core.exceptions.UnregisteredObjectException;
 import edu.uiuc.ncsa.security.core.util.AbstractEnvironment;
 import edu.uiuc.ncsa.security.delegation.storage.TransactionStore;
 import edu.uiuc.ncsa.security.delegation.token.AccessToken;
 import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
 import edu.uiuc.ncsa.security.delegation.token.Verifier;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 import java.net.URI;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 /**
  * A cache. Set the backing store if you have one, otherwise this works perfectly well as an
@@ -33,6 +32,11 @@ public TransactionStore getBackingStore() {
         return (TransactionStore) getTheStore();
     }
 
+    @Override
+    public MapConverter getConverter() {
+        return getBackingStore().getConverter();
+    }
+
     public TransactionCache(TransactionStore backingStore) {
         super(backingStore);
         init();
@@ -102,6 +106,11 @@ protected void checkDestroyed() {
         }
     }
 
+    @Override
+    public List getAll() {
+        throw new NotImplementedException("Error: this is not supported in a cache.");
+    }
+
     public void update(BasicTransaction t) {
         if (t == null) {
             throw new GeneralException("Error: null transaction cannot be updated");
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionMemoryStore.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionMemoryStore.java
index 521486599..e2661733d 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionMemoryStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/main/java/edu/uiuc/ncsa/security/delegation/storage/impl/TransactionMemoryStore.java
@@ -1,11 +1,13 @@
 package edu.uiuc.ncsa.security.delegation.storage.impl;
 
 import edu.uiuc.ncsa.security.core.IdentifiableProvider;
+import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
 import edu.uiuc.ncsa.security.delegation.storage.TransactionStore;
 import edu.uiuc.ncsa.security.delegation.token.AccessToken;
 import edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant;
 import edu.uiuc.ncsa.security.delegation.token.Verifier;
 import edu.uiuc.ncsa.security.storage.MemoryStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 import java.util.HashMap;
 
@@ -141,6 +143,9 @@ public V remove(Object key) {
         }
         return item;
     }
-
+    @Override
+    public MapConverter getConverter() {
+        throw new NotImplementedException("Error: there is no single converter possible for an aggreate store. Method not implemented");
+    }
 
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-common/src/test/java/edu/uiuc/ncsa/security/delegation/storage/FileStoreTest.java b/ncsa-security-delegation/ncsa-security-delegation-common/src/test/java/edu/uiuc/ncsa/security/delegation/storage/FileStoreTest.java
index 15fbf0405..f1d9fc555 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-common/src/test/java/edu/uiuc/ncsa/security/delegation/storage/FileStoreTest.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-common/src/test/java/edu/uiuc/ncsa/security/delegation/storage/FileStoreTest.java
@@ -2,6 +2,7 @@
 
 import edu.uiuc.ncsa.security.core.Identifier;
 import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
+import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
 import edu.uiuc.ncsa.security.core.util.IdentifiableProviderImpl;
 import edu.uiuc.ncsa.security.core.util.IdentifierProvider;
 import edu.uiuc.ncsa.security.delegation.storage.impl.BasicTransaction;
@@ -9,6 +10,7 @@
 import edu.uiuc.ncsa.security.delegation.storage.impl.BasicTransactionProvider;
 import edu.uiuc.ncsa.security.delegation.storage.impl.FSTransactionStore;
 import edu.uiuc.ncsa.security.delegation.token.*;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 import javax.servlet.http.HttpServletRequest;
 import java.io.File;
@@ -114,7 +116,10 @@ public TransactionStore getStore() throws IOException {
 
 
     public static class TestFileStore extends FSTransactionStore {
-
+        @Override
+        public MapConverter getConverter() {
+            throw new NotImplementedException("Error: Method not implemented");
+        }
         public TestFileStore(File file, IdentifiableProviderImpl btp, TestTokenForge ttf) throws IOException {
             super(new File(file, "data"), new File(file, "index"), btp, ttf, new BasicTransactionConverter(btp, ttf));
 
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateCAStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateCAStore.java
index a593a61ef..19254df54 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateCAStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateCAStore.java
@@ -1,7 +1,9 @@
 package edu.uiuc.ncsa.security.delegation.server.storage;
 
 import edu.uiuc.ncsa.security.core.Identifier;
+import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
 import edu.uiuc.ncsa.security.storage.AggregateStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 /**
  * An aggregate client approval store.
@@ -38,4 +40,9 @@ public int getPendingCount() {
         }
         return count;
     }
+
+    @Override
+    public MapConverter getConverter() {
+        throw new NotImplementedException("Error: Cannot have a single converter for an aggregate store.");
+    }
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateClientStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateClientStore.java
index f94b9f5d8..1616805e4 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateClientStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/AggregateClientStore.java
@@ -14,7 +14,7 @@ public AggregateClientStore(V... stores) {
     }
 
     @Override
-    public BaseClientConverter getACConverter() {
+    public BaseClientConverter getConverter() {
         return null;
     }
 
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/BaseClientStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/BaseClientStore.java
index 6464c4e24..f1d3e69d6 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/BaseClientStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/BaseClientStore.java
@@ -3,7 +3,7 @@
 import edu.uiuc.ncsa.security.core.IdentifiableProvider;
 import edu.uiuc.ncsa.security.core.Store;
 import edu.uiuc.ncsa.security.delegation.storage.BaseClient;
-import edu.uiuc.ncsa.security.delegation.storage.impl.BaseClientConverter;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 /**
  * 
Created by Jeff Gaynor

@@ -12,5 +12,5 @@
 public interface BaseClientStore extends Store {
 
     IdentifiableProvider getACProvider();
-    BaseClientConverter getACConverter();
+    MapConverter getConverter();
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/ClientApprovalStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/ClientApprovalStore.java
index c7922d9c0..6d527b379 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/ClientApprovalStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/ClientApprovalStore.java
@@ -2,6 +2,7 @@
 
 import edu.uiuc.ncsa.security.core.Identifier;
 import edu.uiuc.ncsa.security.core.Store;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 /**
  * 
Created by Jeff Gaynor

@@ -22,4 +23,6 @@ public interface ClientApprovalStore extends Store
      */
     int getUnapprovedCount();
     int getPendingCount();
+    MapConverter getConverter();
+
 }
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientApprovalMemoryStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientApprovalMemoryStore.java
deleted file mode 100644
index 067c691bb..000000000
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientApprovalMemoryStore.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package edu.uiuc.ncsa.security.delegation.server.storage.impl;
-
-import edu.uiuc.ncsa.security.core.Identifier;
-import edu.uiuc.ncsa.security.core.util.IdentifiableProviderImpl;
-import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
-import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
-import edu.uiuc.ncsa.security.storage.MemoryStore;
-
-/**
- * 
Created by Jeff Gaynor

- * on 1/18/12 at  11:04 AM
- */
-public class ClientApprovalMemoryStore extends MemoryStore implements ClientApprovalStore {
-
-    public ClientApprovalMemoryStore(IdentifiableProviderImpl vIdentifiableProvider) {
-        super(vIdentifiableProvider);
-    }
-
-    @Override
-    public boolean isApproved(Identifier identifier) {
-        ClientApproval ca = get(identifier);
-        if (ca == null) {
-            return false;
-        }
-        return get(identifier).isApproved();
-    }
-
-    @Override
-    public int getUnapprovedCount() {
-        int count = 0;
-        for (Identifier key : keySet()) {
-            if (isApproved(key)) {
-                count++;
-            }
-        }
-        return count;
-    }
-
-    @Override
-    public int getPendingCount() {
-        int count = 0;
-        for (Identifier key : keySet()) {
-            ClientApproval approval = get(key);
-            if (approval.getStatus() == ClientApproval.Status.PENDING)
-                count++;
-        }
-        return count;
-    }
-}
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientMemoryStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientMemoryStore.java
index 95fe7410c..6dfffc85c 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientMemoryStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/ClientMemoryStore.java
@@ -3,9 +3,9 @@
 import edu.uiuc.ncsa.security.core.IdentifiableProvider;
 import edu.uiuc.ncsa.security.delegation.server.storage.ClientStore;
 import edu.uiuc.ncsa.security.delegation.storage.Client;
-import edu.uiuc.ncsa.security.delegation.storage.impl.BaseClientConverter;
 import edu.uiuc.ncsa.security.delegation.storage.impl.ClientConverter;
 import edu.uiuc.ncsa.security.storage.MemoryStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
 
 /**  Abstract class that gets the inheritance and generics right.
  * 
Created by Jeff Gaynor

@@ -17,7 +17,7 @@ public ClientMemoryStore(IdentifiableProvider vIdentifiableProvider) {
     }
 
     @Override
-    public BaseClientConverter getACConverter() {
+    public MapConverter getConverter() {
         return new ClientConverter(this.identifiableProvider);
     }
 
diff --git a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/FSClientApprovalStore.java b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/FSClientApprovalStore.java
index 1e05c9787..593b488ec 100644
--- a/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/FSClientApprovalStore.java
+++ b/ncsa-security-delegation/ncsa-security-delegation-server/src/main/java/edu/uiuc/ncsa/security/delegation/server/storage/impl/FSClientApprovalStore.java
@@ -61,4 +61,9 @@ public int getPendingCount() {
         }
         return count;
     }
+
+    @Override
+    public MapConverter getConverter() {
+        return converter;
+    }
 }
diff --git a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationFactory.java b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationFactory.java
index 31e141cc0..b8b65c8ec 100644
--- a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationFactory.java
+++ b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationFactory.java
@@ -1,7 +1,6 @@
 package edu.uiuc.ncsa.security.oauth_2_0.server.config;
 
 import edu.uiuc.ncsa.security.util.functor.JFunctorFactory;
-import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 
 import javax.inject.Provider;
@@ -24,8 +23,8 @@ public ClientConfigurationFactory(JFunctorFactory functorFactory) {
      */
     public V newInstance(JSONObject json) {
         V cc = get();
-        JSONArray array = ClientConfigurationUtil.getRuntime(json);
-        cc.setRuntime(functorFactory.createLogicBlock(array));
+        JSONObject j = ClientConfigurationUtil.getRuntime(json);
+        cc.setRuntime(functorFactory.createLogicBlock(j));
         return cc;
     }
 
diff --git a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationUtil.java b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationUtil.java
index 79573789e..92cd7b494 100644
--- a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationUtil.java
+++ b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/ClientConfigurationUtil.java
@@ -3,10 +3,12 @@
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 
+import static edu.uiuc.ncsa.security.util.functor.FunctorTypeImpl.*;
+
 /**
  * This will read the configuration. It is meant to be used by the {@link ClientConfigurationFactory}
  * to modularize operations on the JSON.
- *
+ * 

  * 
Created by Jeff Gaynor

  * on 8/30/17 at  3:37 PM
  */
@@ -14,23 +16,60 @@ public class ClientConfigurationUtil {
     public static final String CLAIM_POST_PROCESSING_KEY = "postProcessing";
     public static final String CLAIM_PRE_PROCESSING_KEY = "preProcessing";
     public static final String RUNTIME_KEY = "runtime";
-    public static void setRuntime(JSONObject config, JSONArray runtime){
-             config.put(RUNTIME_KEY, runtime);
-      }
-
-      public static boolean hasRuntime(JSONObject config){
-              return !getRuntime(config).isEmpty();
-
-      }
-      public static JSONArray getRuntime(JSONObject config){
-          if(config.containsKey(RUNTIME_KEY)){
-              Object obj = config.get(RUNTIME_KEY);
-              if(obj instanceof JSONArray){
-                  return (JSONArray) obj;
-              }
-          }
-          return new JSONArray();
-      }
+
+    public static void setRuntime(JSONObject config, JSONObject runtime) {
+        config.put(RUNTIME_KEY, runtime);
+    }
+
+    public static boolean hasRuntime(JSONObject config) {
+        return config.containsKey(RUNTIME_KEY);
+
+    }
+
+    /**
+     * Retrieve the processor named by key. Processors are eventually {@link edu.uiuc.ncsa.security.util.functor.LogicBlocks}.
+     *
+     * @param config
+     * @param key
+     * @param defaultFunctor
+     * @return
+     */
+    static protected JSONObject getProcessor(JSONObject config, String key, String defaultFunctor) {
+        if (config.containsKey(key)) {
+            Object obj = config.get(key);
+
+            if (obj instanceof JSONArray) {
+                JSONObject json = new JSONObject();
+                json.put(defaultFunctor, obj);
+                return json;
+            }
+            if (obj instanceof JSONObject) {
+                return (JSONObject) obj;
+            }
+        }
+        return new JSONObject();
+
+    }
+
+
+    public static JSONObject getRuntime(JSONObject config) {
+        return getProcessor(config, RUNTIME_KEY, OR.getValue());
+    }
+
+    public static JSONArray getRuntimeArg(JSONObject config) {
+        JSONObject processor = getRuntime(config);
+        if (processor.containsKey(OR.getValue())) {
+            return processor.getJSONArray(OR.getValue());
+        }
+        if (processor.containsKey(AND.getValue())) {
+            return processor.getJSONArray(AND.getValue());
+        }
+        if (processor.containsKey(XOR.getValue())) {
+            return processor.getJSONArray(XOR.getValue());
+        }
+        return new JSONArray();
+
+    }
 
 
 }
diff --git a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/JSONClaimSourceConfig.java b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/JSONClaimSourceConfig.java
index 9a09aad6f..b9aebe1f7 100644
--- a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/JSONClaimSourceConfig.java
+++ b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/JSONClaimSourceConfig.java
@@ -1,6 +1,5 @@
 package edu.uiuc.ncsa.security.oauth_2_0.server.config;
 
-import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 
 /**
@@ -37,16 +36,16 @@ public void fromJSON(JSONObject json) {
     public abstract String getName();
 
 
-    public abstract JSONArray getPostProcessing();
+    public abstract JSONObject getPostProcessing();
 
-    public abstract void setPostProcessing(JSONArray postProcessing);
+    public abstract void setPostProcessing(JSONObject postProcessing);
 
     /**
      * The raw json for the pre-processing directives. This has to be done this way since the directives
      * rely on being constructed with the claims at runtime (e.g. for replacement templates).
      * @return
      */
-    public abstract JSONArray getPreProcessing();
+    public abstract JSONObject getPreProcessing();
 
-    public abstract void setPreProcessing(JSONArray preProcessing);
+    public abstract void setPreProcessing(JSONObject preProcessing);
 }
diff --git a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfiguration.java b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfiguration.java
index ce2b43ca6..c1cf2a8a0 100644
--- a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfiguration.java
+++ b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfiguration.java
@@ -248,13 +248,13 @@ public JSONObject toJSON() {
     public boolean hasJSONObject() {
         return true;
     }
-    JSONArray preProcessing = null;
+    JSONObject preProcessing = null;
 
-    public JSONArray getPostProcessing() {
+    public JSONObject getPostProcessing() {
         return postProcessing;
     }
 
-    public void setPostProcessing(JSONArray postProcessing) {
+    public void setPostProcessing(JSONObject postProcessing) {
         this.postProcessing = postProcessing;
     }
 
@@ -263,14 +263,14 @@ public void setPostProcessing(JSONArray postProcessing) {
      * rely on being constructed with the claims at runtime (e.g. for replacement templates).
      * @return
      */
-    public JSONArray getPreProcessing() {
+    public JSONObject getPreProcessing() {
         return preProcessing;
     }
 
-    public void setPreProcessing(JSONArray preProcessing) {
+    public void setPreProcessing(JSONObject preProcessing) {
         this.preProcessing = preProcessing;
     }
 
-    JSONArray postProcessing = null;
+    JSONObject postProcessing = null;
 
 }
diff --git a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfigurationUtil.java b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfigurationUtil.java
index 53a7541df..925de6397 100644
--- a/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfigurationUtil.java
+++ b/ncsa-security-delegation/ncsa-security-oauth-2.0/src/main/java/edu/uiuc/ncsa/security/oauth_2_0/server/config/LDAPConfigurationUtil.java
@@ -3,6 +3,7 @@
 import edu.uiuc.ncsa.security.core.configuration.Configurations;
 import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
 import edu.uiuc.ncsa.security.delegation.storage.JSONUtil;
+import edu.uiuc.ncsa.security.util.functor.FunctorTypeImpl;
 import edu.uiuc.ncsa.security.util.ssl.SSLConfiguration;
 import edu.uiuc.ncsa.security.util.ssl.SSLConfigurationUtil;
 import net.sf.json.JSON;
@@ -389,22 +390,21 @@ public static LDAPConfiguration fromJSON(LDAPConfiguration config, JSONObject js
 
     }
 
-    protected static JSONArray makeProcessor(JSONObject json, String key) {
+    protected static JSONObject makeProcessor(JSONObject json, String key) {
         String x = jsonUtil.getJSONValueString(json, key);
         if(x!= null && !x.isEmpty()){
             JSONArray array = null;
             try{
                 array = JSONArray.fromObject(x);
-                return array;
+                JSONObject j = new JSONObject();
+                j.put(FunctorTypeImpl.OR.getValue(), array);
+                return j;
             }catch(Throwable t){
                   // do nothing
             }
             // So it's not an array. See if it's a JSONObject
             try{
-                JSONObject obj = JSONObject.fromObject(x);
-                array = new JSONArray();
-                array.add(obj);
-                return array;
+                return JSONObject.fromObject(x);
             }catch(Throwable t){
             }
         }