You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/11/11 21:38:40 UTC
[01/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Repository: directory-fortress-enmasse
Updated Branches:
refs/heads/master f10f29576 -> 99852b55d
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/java/org/openldap/enmasse/Client.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/enmasse/Client.java b/src/test/java/org/openldap/enmasse/Client.java
deleted file mode 100644
index c226076..0000000
--- a/src/test/java/org/openldap/enmasse/Client.java
+++ /dev/null
@@ -1,683 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import java.io.File;
-import java.io.InputStream;
-import java.io.StringReader;
-import java.io.StringWriter;
-import java.util.Collection;
-import java.util.Collections;
-
-import org.openldap.fortress.rest.HttpIds;
-import org.openldap.fortress.rbac.OrgUnit;
-import org.openldap.fortress.rbac.PermObj;
-import org.openldap.fortress.rbac.Permission;
-import org.openldap.fortress.rbac.Session;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpMethod;
-import org.apache.commons.httpclient.methods.*;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.io.CachedOutputStream;
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.resource.URIResolver;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-
-
-/**
- * Test Client to drive EnMasse Service methods.
- *
- * @author Shawn McKinney
- */
-public final class Client
-{
- private static final String HOST = "localhost";
- private static final String PORT = "80";
- private static final String SERVICE = "enmasse";
- private static final String URI = "http://" + HOST + ":" + PORT + "/" + SERVICE + "/";
-
- private Client()
- {
- }
-
- public static void main(String args[]) throws Exception
- {
- Client client = new Client();
-
-
- /*
- client.post("demouser4", "password", "UserSample2.xml", HttpIds.USER_ADD);
- client.delete("demouser4", "password", "fortressUser1", null, null, Services.userDelete.toString());
- client.get("demouser4", "password", "demouser4", null, null, Services.userRead.toString());
- client.get("demouser4", "password", "oamuser1", null, null, Services.userRead.toString());
-
- client.get("demouser4", "password", "oamRole1", null, null, Services.roleRead.toString());
- client.delete("demouser4", "password", "ROLE_ADMIN", null, null, Services.roleDelete.toString());
- client.post("demouser4", "password", "RoleSample2.xml", Services.roleAdd.toString());
- client.put("demouser4", "password", "RoleSample2Update.xml", Services.roleUpdate.toString());
- client.get("demouser4", "password", "ROLE_ADMIN", null, null, Services.roleRead.toString());
- client.get("demouser4", "password", "role1", null, null, Services.roleRead.toString());
- client.delete("demouser4", "password", "enMasseTestUser1", null, null, Services.userDelete.toString());
- client.post("demouser4", "password", "UserSample2.xml", Services.userAdd.toString());
-
- client.put("demouser4", "password", "UserSample2Update.xml", Services.userUpdate.toString());
-
- client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.userRead.toString());
-
- client.get("demouser4", "password", "USER", "demousrs1", null, Services.orgRead.toString());
-
- client.findUsers("demouser4", "password", "oam");
- client.findRoles("demouser4", "password", "oam");
-
- client.delete("demouser4", "password", "USER", "TestEnMasseOrg1", null, Services.orgDelete.toString());
- client.post("demouser4", "password", "TestUserOrg.xml", Services.orgAdd.toString());
- client.get("demouser4", "password", "USER", "TestEnMasseOrg1", null, Services.orgRead.toString());
- client.findOrgs("demouser4", "password", "USER", "o");
-
- client.delete("demouser4", "password", "USER", "TestEMPermObj1", "read", Services.permDelete.toString());
- client.delete("demouser4", "password", "USER", "TestEMPermObj1", null, Services.objDelete.toString());
- client.delete("demouser4", "password", "PERM", "TestEnMassePermOrg1", null, Services.orgDelete.toString());
- client.post("demouser4", "password", "TestPermOrg.xml", Services.orgAdd.toString());
- client.get("demouser4", "password", "PERM", "TestEnMassePermOrg1", null, Services.orgRead.toString());
- client.post("demouser4", "password", "TestPermObj.xml", Services.objAdd.toString());
- client.get("demouser4", "password", "USER", "TestEMPermObj1", null, Services.objRead.toString());
- client.findPermObjs("demouser4", "password", "USER", "t");
-
- client.post("demouser4", "password", "TestPermission.xml", Services.permAdd.toString());
- client.get("demouser4", "password", "USER", "TestEMPermObj1", "read", Services.permRead.toString());
- client.findPermissions("demouser4", "password", "USER", "T", "t");
-
- client.get("demouser4", "password", "demouser4", "password", null, Services.rbacCreate.toString());
-
- client.post("demouser4", "password", "FUser.xml", Services.userAdd.toString());
- client.post("demouser4", "password", "TestUserAssign.xml", Services.roleAsgn.toString());
- client.get("demouser4", "password", "fortressUser1", null, null, Services.roleAsigned.toString());
- client.post("demouser4", "password", "TestUserDeassign.xml", Services.roleDeasgn.toString());
-
- client.post("demouser4", "password", "RoleGrant.xml", Services.roleGrant.toString());
- client.post("demouser4", "password", "RoleGrant.xml", Services.roleRevoke.toString());
-
- client.post("demouser4", "password", "UserGrant.xml", Services.userGrant.toString());
- client.post("demouser4", "password", "UserGrant.xml", Services.userRevoke.toString());
-
- client.get("demouser4", "password", "oamrole1", null, null, Services.userAsigned.toString());
- client.get("demouser4", "password", "oamrole1", null, null, Services.rolePerms.toString());
- client.get("demouser4", "password", "oamuser1", null, null, Services.userPerms.toString());
-
- client.put("demouser4", "password", "UserSample2Change.xml", Services.userChange.toString());
- client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.userLock.toString());
- client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.userUnlock.toString());
- client.put("demouser4", "password", "UserSample2Reset.xml", Services.userReset.toString());
-
- client.delete("demouser4", "password", "ROLE_ADMIN_CHILD", null, null, Services.roleDelete.toString());
- client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleDescendant.toString());
- client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleDelinherit.toString());
- client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleAddinherit.toString());
- client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleDelinherit.toString());
-
- client.get("demouser4", "password", "oamT12SSD3", null, null, Services.ssdSets.toString());
- client.get("demouser4", "password", "oamT6Ssd1", null, null, Services.ssdRead.toString());
- client.get("demouser4", "password", "oamT6Ssd1", null, null, Services.ssdRoles.toString());
- client.get("demouser4", "password", "oamT6Ssd1", null, null, Services.ssdCard.toString());
- client.get("demouser4", "password", "oamT12DSD3", null, null, Services.dsdSets.toString());
- client.get("demouser4", "password", "oamT6Dsd1", null, null, Services.dsdRead.toString());
- client.get("demouser4", "password", "oamT6Dsd1", null, null, Services.dsdRoles.toString());
- client.get("demouser4", "password", "oamT6Dsd1", null, null, Services.dsdCard.toString());
-
- client.get("demouser4", "password", "oamrole1", null, null, Services.roleAuthzed.toString());
- client.get("demouser4", "password", "oamuser1", null, null, Services.userAuthzed.toString());
- client.get("demouser4", "password", "TOB3_3", "TOP3_1", null, Services.permRoles.toString());
- client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permRoles.toString());
- client.get("demouser4", "password", "TOB3_3", "TOP3_1", null, Services.permRolesAuthzed.toString());
- client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permRolesAuthzed.toString());
- client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permUsers.toString());
- client.get("demouser4", "password", "TestEMPermObj1", "read", null, Services.permUsers.toString());
- client.get("demouser4", "password", "TOB3_3", "TOP3_1", null, Services.permUsersAuthzed.toString());
- client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permUsersAuthzed.toString());
-
- client.delete("demouser4", "password", "emSsdT1", null, null, Services.ssdDelete.toString());
- client.delete("demouser4", "password", "SSD_ROLE_1", null, null, Services.roleDelete.toString());
- client.delete("demouser4", "password", "SSD_ROLE_2", null, null, Services.roleDelete.toString());
- client.delete("demouser4", "password", "SSD_ROLE_3", null, null, Services.roleDelete.toString());
- client.delete("demouser4", "password", "SSD_ROLE_4", null, null, Services.roleDelete.toString());
- client.post("demouser4", "password", "RoleSSD1.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "RoleSSD2.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "RoleSSD3.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "RoleSSD4.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "TestCreateSSD.xml", Services.ssdAdd.toString());
- client.get("demouser4", "password", "emSsdT1", "SSD_ROLE_4", null, Services.ssdAddMember.toString());
- client.get("demouser4", "password", "emSsdT1", null, null, Services.ssdRead.toString());
- client.get("demouser4", "password", "emSsdT1", "SSD_ROLE_3", null, Services.ssdDelMember.toString());
- client.get("demouser4", "password", "emSsdT1", "3", null, Services.ssdCardUpdate.toString());
- client.get("demouser4", "password", "emSsdT1", null, null, Services.ssdRead.toString());
-
- client.delete("demouser4", "password", "emDsdT1", null, null, Services.dsdDelete.toString());
- client.delete("demouser4", "password", "DSD_ROLE_1", null, null, Services.roleDelete.toString());
- client.delete("demouser4", "password", "DSD_ROLE_2", null, null, Services.roleDelete.toString());
- client.delete("demouser4", "password", "DSD_ROLE_3", null, null, Services.roleDelete.toString());
- client.delete("demouser4", "password", "DSD_ROLE_4", null, null, Services.roleDelete.toString());
- client.post("demouser4", "password", "RoleDSD1.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "RoleDSD2.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "RoleDSD3.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "RoleDSD4.xml", Services.roleAdd.toString());
- client.post("demouser4", "password", "TestCreateDSD.xml", Services.dsdAdd.toString());
- client.get("demouser4", "password", "emDsdT1", "DSD_ROLE_4", null, Services.dsdAddMember.toString());
- client.get("demouser4", "password", "emDsdT1", null, null, Services.dsdRead.toString());
- client.get("demouser4", "password", "emDsdT1", "DSD_ROLE_3", null, Services.dsdDelMember.toString());
- client.get("demouser4", "password", "emDsdT1", "3", null, Services.dsdCardUpdate.toString());
- client.get("demouser4", "password", "emDsdT1", null, null, Services.dsdRead.toString());
-
- client.delete("demouser4", "password", "emPWPolicy1", null, null, Services.pswdDelete.toString());
- client.post("demouser4", "password", "TestPswd.xml", Services.pswdAdd.toString());
- client.get("demouser4", "password", "emPWPolicy1", null, null, Services.pswdRead.toString());
- client.put("demouser4", "password", "TestPswdUpdate.xml", Services.pswdUpdate.toString());
- client.get("demouser4", "password", "emPWPolicy1", null, null, Services.pswdRead.toString());
- client.get("demouser4", "password", "oam", null, null, Services.pswdSearch.toString());
- client.get("demouser4", "password", "enMasseTestUser1", "emPWPolicy1", null, Services.pswdUserAdd.toString());
- client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.pswdUserDelete.toString());
-
- client.post("demouser4", "password", "TestAdminRoleDescendant.xml", Services.arleDelinherit.toString());
- client.delete("demouser4", "password", "EM_TEST_ADMIN_ROLE_1", null, null, Services.arleDelete.toString());
-
-
- client.post("demouser4", "password", "TestAdminRole.xml", Services.arleAdd.toString());
- client.put("demouser4", "password", "TestAdminRoleUpdate.xml", Services.arleUpdate.toString());
- client.get("demouser4", "password", "EM_TEST_ADMIN_ROLE_1", null, null, Services.arleRead.toString());
- client.get("demouser4", "password", "EM", null, null, Services.arleSearch.toString());
- client.get("demouser4", "password", "demouser4", null, null, Services.arleAsigned.toString());
- client.get("demouser4", "password", "oamadmin1", null, null, Services.userAsignedAdmin.toString());
-
- client.post("demouser4", "password", "AuditBind.xml", Services.auditBinds.toString());
-
-
- String szAuthNSession = client.get("demouser4", "password", "demouser4", "password", null, Services.rbacAuthN.toString());
- String szSession = client.get("demouser4", "password", "oamTU3User7", "password7", null, Services.rbacCreate.toString());
- Session session = unmarshallSession(szSession);
- client.checkAccess("demouser4", "password", session, new Permission("TOB3_3", "TOP3_1"));
- szSession = client.dropActiveRole("demouser4", "password", session, new Role("oamT3ROLE4"));
- session = unmarshallSession(szSession);
- szSession = client.addActiveRole("demouser4", "password", session, new Role("oamT3ROLE4"));
- */
-
- //szSession = marshal(session);
- /*
- client.postStr("demouser4", "password", szSession, Services.rbacPerms.toString());
- client.postStr("demouser4", "password", szSession, Services.rbacRoles.toString());
- client.postStr("demouser4", "password", szSession, Services.rbacUserId.toString());
- client.postStr("demouser4", "password", szSession, Services.rbacUser.toString());
- */
-
-
- System.out.println("\n");
- System.exit(0);
- }
-
- private static Session unmarshallSession(String szSession) throws Exception
- {
- // Create a JAXB context passing in the class of the object we want to marshal/unmarshal
- final JAXBContext context = JAXBContext.newInstance(Session.class);
-
- // Create the unmarshaller, this is the nifty little thing that will actually transform the XML back into an object
- final Unmarshaller unmarshaller = context.createUnmarshaller();
- return (Session) unmarshaller.unmarshal(new StringReader(szSession));
- }
-
- private static String marshal(Session session) throws Exception
- {
- // Create a JAXB context passing in the class of the object we want to marshal/unmarshal
- final JAXBContext context = JAXBContext.newInstance(Session.class);
- // =============================================================================================================
- // Marshalling OBJECT to XML
- // =============================================================================================================
- // Create the marshaller, this is the nifty little thing that will actually transform the object into XML
- final Marshaller marshaller = context.createMarshaller();
-
- // Create a stringWriter to hold the XML
- final StringWriter stringWriter = new StringWriter();
- // Marshal the javaObject and write the XML to the stringWriter
- marshaller.marshal(session, stringWriter);
- return stringWriter.toString();
- }
-
- public String postStr(String userId, String password, String szInput, String function) throws Exception
- {
- String szResponse = null;
- Client client = new Client();
- // Sent HTTP POST request to add user
- System.out.println("\n");
- System.out.println("Sent HTTP POST request to:" + function);
- //String inputFile = client.getClass().getResource(xmlFile).getFile();
- //URIResolver resolver = new URIResolver(inputFile);
- //File input = new File(resolver.getURI());
- PostMethod post = new PostMethod(URI + function);
- post.addRequestHeader("Accept", "text/xml");
- setMethodHeaders(post, userId, password);
- //RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
- RequestEntity entity = new StringRequestEntity(szInput, "text/xml; charset=ISO-8859-1", null);
- post.setRequestEntity(entity);
- HttpClient httpclient = new HttpClient();
- try
- {
- int result = httpclient.executeMethod(post);
- System.out.println("Response status code: " + result);
- szResponse = post.getResponseBodyAsString();
- System.out.println(szResponse);
- }
- catch(WebApplicationException we)
- {
- System.out.println("WebApplicationException caught=" + we.getMessage());
- }
- finally
- {
- // Release current connection to the connection pool once you are
- // done
- post.releaseConnection();
- }
- return szResponse;
- }
-
- public void post(String userId, String password, String xmlFile, String function) throws Exception
- {
- Client client = new Client();
- // Sent HTTP POST request to add user
- System.out.println("\n");
- System.out.println("Sent HTTP POST request to:" + function);
- String inputFile = client.getClass().getResource(xmlFile).getFile();
- URIResolver resolver = new URIResolver(inputFile);
- File input = new File(resolver.getURI());
- PostMethod post = new PostMethod(URI + function);
- post.addRequestHeader("Accept", "text/xml");
- setMethodHeaders(post, userId, password);
- RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
- post.setRequestEntity(entity);
- HttpClient httpclient = new HttpClient();
- try
- {
- int result = httpclient.executeMethod(post);
- System.out.println("Response status code: " + result);
- System.out.println(post.getResponseBodyAsString());
- }
- catch(WebApplicationException we)
- {
- System.out.println("WebApplicationException caught=" + we.getMessage());
- }
- finally
- {
- // Release current connection to the connection pool once you are
- // done
- post.releaseConnection();
- }
- }
-
- public void put(String userId, String password, String xmlFile, String function) throws Exception
- {
- Client client = new Client();
- // Sent HTTP POST request to add user
- System.out.println("\n");
- System.out.println("Sent HTTP PUT request to:" + function);
- String inputFile = client.getClass().getResource(xmlFile).getFile();
- URIResolver resolver = new URIResolver(inputFile);
- File input = new File(resolver.getURI());
- PutMethod put = new PutMethod(URI + function);
- put.addRequestHeader("Accept", "text/xml");
- setMethodHeaders(put, userId, password);
- RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
- put.setRequestEntity(entity);
- HttpClient httpclient = new HttpClient();
- try
- {
- int result = httpclient.executeMethod(put);
- System.out.println("Response status code: " + result);
- System.out.println(put.getResponseBodyAsString());
- }
- catch(WebApplicationException we)
- {
- System.out.println("WebApplicationException caught=" + we.getMessage());
- }
- finally
- {
- // Release current connection to the connection pool once you are
- // done
- put.releaseConnection();
- }
- }
-
- public void delete(String userId, String password, String id, String id2, String id3, String function) throws Exception
- {
- String url = URI + function + "/" + id;
- if(id2 != null)
- {
- url += "/" + id2;
- }
- if(id3 != null)
- {
- url += "/" + id3;
- }
- System.out.println("HTTP DELETE to query info, url : " + url);
- System.out.println("Deleting now...");
- DeleteMethod del = new DeleteMethod(url);
- //DeleteMethod del = new DeleteMethod(URI + function + "/" + id);
- setMethodHeaders(del, userId, password);
- handleHttpMethod(del);
- }
-
- public void createSession(String userId, String password, String uid, char[] pw) throws Exception
- {
- String url = URI + HttpIds.RBAC_CREATE + "/" + uid + "/" + pw;
- System.out.println("CREATE SESSION url : " + url);
- GetMethod get = new GetMethod(url);
- setMethodHeaders(get, userId, password);
- handleHttpMethod(get);
- }
-
- public String get(String userId, String password, String id, String id2, String id3, String function) throws Exception
- {
- String url = URI + function + "/" + id;
- if(id2 != null)
- {
- url += "/" + id2;
- }
- if(id3 != null)
- {
- url += "/" + id3;
- }
- System.out.println("HTTP GET to query info, url : " + url);
- GetMethod get = new GetMethod(url);
- setMethodHeaders(get, userId, password);
- return handleHttpMethod(get);
- }
-
- private static void setMethodHeaders(HttpMethod httpMethod, String name, String password)
- {
- if (httpMethod instanceof PostMethod || httpMethod instanceof PutMethod)
- {
- httpMethod.setRequestHeader("Content-Type", "application/xml");
- httpMethod.setRequestHeader("Accept", "application/xml");
- }
- //httpMethod.setDoAuthentication(false);
- httpMethod.setDoAuthentication(true);
- httpMethod.setRequestHeader("Authorization",
- "Basic " + base64Encode(name + ":" + password));
- }
-
- private static String base64Encode(String value)
- {
- return Base64Utility.encode(value.getBytes());
- }
-
- private static String handleHttpMethod(HttpMethod httpMethod) throws Exception
- {
- HttpClient client = new HttpClient();
- String szResponse = null;
-
- try
- {
- int statusCode = client.executeMethod(httpMethod);
- System.out.println("Response status : " + statusCode);
-
- Response.Status status = Response.Status.fromStatusCode(statusCode);
-
- if (status == Response.Status.OK)
- {
- szResponse = httpMethod.getResponseBodyAsString();
- System.out.println(szResponse);
- }
- else if (status == Response.Status.FORBIDDEN)
- {
- System.out.println("Authorization failure");
- }
- else if (status == Response.Status.UNAUTHORIZED)
- {
- System.out.println("Authentication failure");
- }
- else
- {
- //System.out.println("Unknown error: " + status.toString());
- System.out.println("Unknown error");
- }
-
- System.out.println();
-
- }
- finally
- {
- // release any connection resources used by the method
- httpMethod.releaseConnection();
- }
- return szResponse;
- }
-
-
- public void findUsers(String userId, String password, String searchVal) throws Exception
- {
- String endpointAddress = URI + HttpIds.USER_SEARCH + "/" + searchVal;
- System.out.println("now hit:" + endpointAddress);
-
- try
- {
- WebClient wc = WebClient.create(endpointAddress,
- Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
-
- String authorizationHeader = "Basic "
- + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
- wc.header("Authorization", authorizationHeader);
- //wc.accept("application/json");
- wc.accept("application/xml");
- Collection<? extends org.openldap.fortress.rbac.User> collection = wc.getCollection(org.openldap.fortress.rbac.User.class);
-
- int i = 1;
- for (org.openldap.fortress.rbac.User user : collection)
- {
- System.out.println("User[" + i++ + "]");
- System.out.println(" userId: " + user.getUserId());
- System.out.println(" description: " + user.getDescription());
- //System.out.println(" roles: " + user.getRoles());
- System.out.println(" cn: " + user.getCn());
- System.out.println(" sn: " + user.getSn());
- System.out.println(" policy: " + user.getPwPolicy());
- System.out.println(" ou: " + user.getOu());
- System.out.println(" cn: " + user.getCn());
- System.out.println(" beginDate: " + user.getBeginDate());
- System.out.println(" endDate: " + user.getEndDate());
- System.out.println(" beginTime: " + user.getBeginTime());
- System.out.println(" endTime: " + user.getEndTime());
- System.out.println(" beginLockDate: " + user.getBeginLockDate());
- System.out.println(" endLockDate: " + user.getEndLockDate());
- System.out.println(" dayMask: " + user.getDayMask());
- System.out.println(" timeout: " + user.getTimeout());
-
- if(user.getRoles() != null)
- {
- int j = 1;
- for(org.openldap.fortress.rbac.UserRole userRole : user.getRoles())
- {
- System.out.println("--------------------------------------------------------------------------");
- System.out.println("User[" + user.getUserId() + "] UserRole[" + j++ + "]");
- System.out.println(" role name: " + userRole.getName());
- if(userRole.getParents() != null)
- {
- for(String parent : userRole.getParents())
- {
- System.out.println(" parent role: " + parent);
- }
- }
- System.out.println(" beginDate: " + userRole.getBeginDate());
- System.out.println(" endDate: " + userRole.getEndDate());
- System.out.println(" beginTime: " + userRole.getBeginTime());
- System.out.println(" endTime: " + userRole.getEndTime());
- System.out.println(" beginLockDate: " + userRole.getBeginLockDate());
- System.out.println(" endLockDate: " + userRole.getEndLockDate());
- System.out.println(" dayMask: " + userRole.getDayMask());
- System.out.println(" timeout: " + userRole.getTimeout());
- }
- }
- System.out.println("--------------------------------------------------------------------------");
- }
- }
- catch (Exception e)
- {
- System.out.println("Exception caught in findUsers=" + e);
- e.printStackTrace();
- }
- }
-
-
- /**
- * @throws Exception
- */
- public void findRoles(String userId, String password, String searchVal) throws Exception
- {
- String endpointAddress = URI + HttpIds.ROLE_SEARCH + "/" + searchVal;
- System.out.println("now hit:" + endpointAddress);
-
- try
- {
- WebClient wc = WebClient.create(endpointAddress,
- Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
- String authorizationHeader = "Basic "
- + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
- wc.header("Authorization", authorizationHeader);
- wc.accept("application/xml");
- Collection<? extends org.openldap.fortress.rbac.Role> collection = wc.getCollection(org.openldap.fortress.rbac.Role.class);
- for (org.openldap.fortress.rbac.Role role : collection)
- {
- System.out.println("Role: " + role.getName() + " description:" + role.getDescription());
- System.out.println(" parents: " + role.getParents());
- System.out.println(" children: " + role.getChildren());
- System.out.println(" beginDate: " + role.getBeginDate());
- System.out.println(" endDate: " + role.getEndDate());
- System.out.println(" beginTime: " + role.getBeginTime());
- System.out.println(" endTime: " + role.getEndTime());
- System.out.println(" beginLockDate: " + role.getBeginLockDate());
- System.out.println(" endLockDate: " + role.getEndLockDate());
- System.out.println(" dayMask: " + role.getDayMask());
- System.out.println(" timeout: " + role.getTimeout());
- }
- }
- catch (Exception e)
- {
- System.out.println("Exception caught in findRoles=" + e);
- e.printStackTrace();
- }
- }
-
-
- /**
- * @throws Exception
- */
- public void findOrgs(String userId, String password, String type, String searchVal) throws Exception
- {
- String endpointAddress = URI + HttpIds.ORG_SEARCH + "/" + type + "/" + searchVal;
- System.out.println("now hit:" + endpointAddress);
- try
- {
- WebClient wc = WebClient.create(endpointAddress,
- Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
- String authorizationHeader = "Basic "
- + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
- wc.header("Authorization", authorizationHeader);
- wc.accept("application/xml");
- Collection<? extends OrgUnit> collection = wc.getCollection(OrgUnit.class);
- for (OrgUnit orgUnit : collection)
- {
- System.out.println("OrgUnit: " + orgUnit.getName() + " description:" + orgUnit.getDescription());
- }
- }
- catch (Exception e)
- {
- System.out.println("Exception caught in searchUserOrgs=" + e);
- e.printStackTrace();
- }
- }
-
-
- /**
- * @throws Exception
- */
- public void findPermObjs(String userId, String password, String type, String searchVal) throws Exception
- {
- String endpointAddress = URI + HttpIds.OBJ_SEARCH + "/" + type + "/" + searchVal;
- System.out.println("now hit:" + endpointAddress);
- try
- {
- WebClient wc = WebClient.create(endpointAddress,
- Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
- String authorizationHeader = "Basic "
- + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
- wc.header("Authorization", authorizationHeader);
- wc.accept("application/xml");
- Collection<? extends PermObj> collection = wc.getCollection(PermObj.class);
- for (PermObj permObj : collection)
- {
- System.out.println("Object Name: " + permObj.getObjName() + " description:" + permObj.getDescription());
- }
- }
- catch (Exception e)
- {
- System.out.println("Exception caught in findPermObjs=" + e);
- e.printStackTrace();
- }
- }
-
-
- /**
- * @throws Exception
- */
- public void findPermissions(String userId, String password, String type, String objName, String opName) throws Exception
- {
- String endpointAddress = URI + HttpIds.PERM_SEARCH + "/" + type + "/" + objName + "/" + opName;
- System.out.println("now hit:" + endpointAddress);
- try
- {
- WebClient wc = WebClient.create(endpointAddress,
- Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
- String authorizationHeader = "Basic "
- + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
- wc.header("Authorization", authorizationHeader);
- wc.accept("application/xml");
- Collection<? extends Permission> collection = wc.getCollection(Permission.class);
- for (Permission perm : collection)
- {
- System.out.println("Permission ObjectName: " + perm.getObjName() + " opName: " + perm.getOpName());
- }
- }
- catch (Exception e)
- {
- System.out.println("Exception caught in findPermissions=" + e);
- e.printStackTrace();
- }
- }
-
-
- /**
- * @param in
- * @return
- * @throws Exception
- */
- private static String getStringFromInputStream(InputStream in) throws Exception
- {
- CachedOutputStream bos = new CachedOutputStream();
- IOUtils.copy(in, bos);
- in.close();
- bos.close();
- return bos.getOut().toString();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/java/org/openldap/enmasse/EmTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/enmasse/EmTest.java b/src/test/java/org/openldap/enmasse/EmTest.java
deleted file mode 100644
index 69da6a9..0000000
--- a/src/test/java/org/openldap/enmasse/EmTest.java
+++ /dev/null
@@ -1,439 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-
-package org.openldap.enmasse;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.net.URL;
-
-import org.openldap.fortress.RestException;
-import org.openldap.fortress.GlobalErrIds;
-import org.openldap.fortress.rest.FortResponse;
-import org.openldap.fortress.rest.HttpIds;
-import org.openldap.fortress.rest.RestUtils;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpMethod;
-import org.apache.commons.httpclient.methods.*;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.log4j.Logger;
-import org.junit.Test;
-
-import javax.ws.rs.WebApplicationException;
-
-
-/**
- * Test Client to drive EnMasse Service methods.
- *
- * @author Shawn McKinney
- */
-public final class EmTest
-{
- private static final String CLS_NM = EmTest.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
- private static final String HOST = "localhost";
- private static final String PORT = "8080";
- private static final String VERSION = System.getProperty("version");
- private static final String SERVICE = "enmasse-" + VERSION;
- private static final String URI = "http://" + HOST + ":" + PORT + "/" + SERVICE + "/";
- private static final String USER_ID = "demouser4";
- private static final String PASSWORD = "password";
-
- /**
- * Execute test cases with simple validation.
- *
- */
- @Test
- public void testServices()
- {
- log.info(CLS_NM + ".testServices STARTED");
- try
- {
- String szResponse = post(USER_ID, PASSWORD, "addPermGrant1.xml", HttpIds.ROLE_REVOKE);
- FortResponse response = RestUtils.unmarshall(szResponse);
- int rc = response.getErrorCode();
- String szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_REVOKE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "addEmTestPermission.xml", HttpIds.PERM_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.PERM_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "addEmTestObj1.xml", HttpIds.OBJ_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.OBJ_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "emTestPermOrg1.xml", HttpIds.ORG_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "emTestPermOrg1.xml", HttpIds.ORG_ADD);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_ADD + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "assignEmUser1.xml", HttpIds.ROLE_DEASGN);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DEASGN + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "delEmUser1.xml", HttpIds.USER_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.USER_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "emTestOrg1.xml", HttpIds.ORG_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "emTestOrg1.xml", HttpIds.ORG_ADD);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_ADD + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "emRoleDelInheritance.xml", HttpIds.ROLE_DELINHERIT);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DELINHERIT + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "addEmRole1.xml", HttpIds.ROLE_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "delEmRole2.xml", HttpIds.ROLE_DELETE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- // don't fail if the delete was not successful as this may be the first run:
- String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
- log.info(warn);
- }
-
- szResponse = post(USER_ID, PASSWORD, "addEmRole1.xml", HttpIds.ROLE_ADD);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_ADD + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "addEmRole2Ascendent.xml", HttpIds.ROLE_ASC);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_ASC + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "addEmUser1.xml", HttpIds.USER_ADD);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.USER_ADD + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "assignEmUser1.xml", HttpIds.ROLE_ASGN);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_ASGN + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "emTestAuthN.xml", HttpIds.RBAC_AUTHN);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.RBAC_AUTHN + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "createSession.xml", HttpIds.RBAC_CREATE);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.RBAC_AUTHN + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "addEmTestObj1.xml", HttpIds.OBJ_ADD);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.OBJ_ADD + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "addEmTestPermission.xml", HttpIds.PERM_ADD);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.PERM_ADD + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "addPermGrant1.xml", HttpIds.ROLE_GRANT);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_GRANT + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- szResponse = post(USER_ID, PASSWORD, "emTestCheckAccess.xml", HttpIds.RBAC_AUTHZ);
- response = RestUtils.unmarshall(szResponse);
- rc = response.getErrorCode();
- szErrorMsg = response.getErrorMessage();
- if(rc != 0)
- {
- String error = CLS_NM + ".testServices failed calling " + HttpIds.RBAC_AUTHZ + " rc=" + rc + " error message=" + szErrorMsg;
- log.error(error);
- }
- assert(rc == 0);
-
- log.info(CLS_NM + ".testServices SUCCESS");
- }
- catch(RestException re)
- {
- String error = CLS_NM + ".post caught RestException=" + re;
- log.error(error);
- }
- log.info(CLS_NM + ".testServices FINISHED");
- }
-
- /**
- * Perform an HTTP Post to the configured server.
- *
- * @param userId
- * @param password
- * @param xmlFile
- * @param function
- * @throws RestException
- */
- private String post(String userId, String password, String xmlFile, String function) throws RestException
- {
- String szResponse;
- log.info(CLS_NM + ".post file:" + xmlFile + " HTTP POST request to:" + function);
- URL fUrl = EmTest.class.getClassLoader().getResource(xmlFile);
- PostMethod post = null;
- try
- {
- if(fUrl != null && fUrl.toURI() != null)
- {
- File input = new File(fUrl.toURI());
- post = new PostMethod(URI + function);
- post.addRequestHeader("Accept", "text/xml");
- setMethodHeaders(post, userId, password);
- RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
- post.setRequestEntity(entity);
- HttpClient httpclient = new HttpClient();
- int result = httpclient.executeMethod(post);
- szResponse = IOUtils.toString(post.getResponseBodyAsStream(), "UTF-8");
- log.info(CLS_NM + ".post Response status code: " + result);
- log.info(CLS_NM + ".post Response value: " + szResponse);
- }
- else
- {
- String error = CLS_NM + ".post input file: " + xmlFile + " not found";
- throw new RestException(GlobalErrIds.REST_IO_ERR, error);
- }
-
- }
- catch(URISyntaxException ue)
- {
- String error = CLS_NM + ".post caught URISyntaxException=" + ue;
- throw new RestException(GlobalErrIds.REST_IO_ERR, error, ue);
- }
- catch(IOException ie)
- {
- String error = CLS_NM + ".post caught IOException=" + ie;
- throw new RestException(GlobalErrIds.REST_IO_ERR, error, ie);
- }
- catch(WebApplicationException we)
- {
- String error = CLS_NM + ".post caught IOException=" + we;
- throw new RestException(GlobalErrIds.REST_WEB_ERR, error, we);
- }
- finally
- {
- // Release current connection to the connection pool once you are
- // done
- if(post != null)
- {
- post.releaseConnection();
- }
- }
- return szResponse;
- }
-
- /**
- * Add userId, password to HTTP Basic AuthN header.
- *
- * @param httpMethod
- * @param name
- * @param password
- */
- private static void setMethodHeaders(HttpMethod httpMethod, String name, String password)
- {
- if (httpMethod instanceof PostMethod || httpMethod instanceof PutMethod)
- {
- httpMethod.setRequestHeader("Content-Type", "application/xml");
- httpMethod.setRequestHeader("Accept", "application/xml");
- }
- httpMethod.setDoAuthentication(true);
- httpMethod.setRequestHeader("Authorization",
- "Basic " + base64Encode(name + ":" + password));
- }
-
- /**
- * Base64 encode a String value.
- *
- * @param value
- * @return
- */
- private static String base64Encode(String value)
- {
- return Base64Utility.encode(value.getBytes());
- }
-
- /**
- * Main will execute simple test case.
- *
- * @param args
- * @throws Exception
- */
- public static void main(String args[])
- {
- EmTest client = new EmTest();
- client.testServices();
- System.exit(0);
- }
-
- /**
- *
- */
- public void setUp()
- {
- }
-
- /**
- *
- */
- public void tearDown()
- {
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/addEmRole1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/addEmRole1.xml b/src/test/resources/addEmRole1.xml
index 70b688d..27e3c79 100644
--- a/src/test/resources/addEmRole1.xml
+++ b/src/test/resources/addEmRole1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/addEmRole2Ascendent.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/addEmRole2Ascendent.xml b/src/test/resources/addEmRole2Ascendent.xml
index 36df0d5..3498114 100644
--- a/src/test/resources/addEmRole2Ascendent.xml
+++ b/src/test/resources/addEmRole2Ascendent.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/addEmTestObj1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/addEmTestObj1.xml b/src/test/resources/addEmTestObj1.xml
index b52058a..08b0e77 100644
--- a/src/test/resources/addEmTestObj1.xml
+++ b/src/test/resources/addEmTestObj1.xml
@@ -1,23 +1,27 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
<entity xsi:type="permObj" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <objectName>emtestobj1</objectName>
+ <objName>emtestobj1</objName>
<description>em test object 1</description>
<ou>emtestpermorg1</ou>
<admin>false</admin>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/addEmTestPermission.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/addEmTestPermission.xml b/src/test/resources/addEmTestPermission.xml
index 28b8a9c..fb34046 100644
--- a/src/test/resources/addEmTestPermission.xml
+++ b/src/test/resources/addEmTestPermission.xml
@@ -1,23 +1,27 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
<entity xsi:type="permission" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <objectName>emtestobj1</objectName>
+ <objName>emtestobj1</objName>
<opName>add</opName>
</entity>
</FortRequest>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/addEmUser1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/addEmUser1.xml b/src/test/resources/addEmUser1.xml
index a760f85..b925e19 100644
--- a/src/test/resources/addEmUser1.xml
+++ b/src/test/resources/addEmUser1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/addPermGrant1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/addPermGrant1.xml b/src/test/resources/addPermGrant1.xml
index ee45e30..6786140 100644
--- a/src/test/resources/addPermGrant1.xml
+++ b/src/test/resources/addPermGrant1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/assignEmUser1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/assignEmUser1.xml b/src/test/resources/assignEmUser1.xml
index 2199adf..910cef8 100644
--- a/src/test/resources/assignEmUser1.xml
+++ b/src/test/resources/assignEmUser1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/createSession.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/createSession.xml b/src/test/resources/createSession.xml
index 810e938..649c55f 100644
--- a/src/test/resources/createSession.xml
+++ b/src/test/resources/createSession.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/delEmRole2.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/delEmRole2.xml b/src/test/resources/delEmRole2.xml
index cc04571..04663d0 100644
--- a/src/test/resources/delEmRole2.xml
+++ b/src/test/resources/delEmRole2.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/delEmUser1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/delEmUser1.xml b/src/test/resources/delEmUser1.xml
index b2acaa9..9122812 100644
--- a/src/test/resources/delEmUser1.xml
+++ b/src/test/resources/delEmUser1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/emRoleDelInheritance.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/emRoleDelInheritance.xml b/src/test/resources/emRoleDelInheritance.xml
index cbf741b..c93606d 100644
--- a/src/test/resources/emRoleDelInheritance.xml
+++ b/src/test/resources/emRoleDelInheritance.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/emTestAuthN.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/emTestAuthN.xml b/src/test/resources/emTestAuthN.xml
index 810e938..649c55f 100644
--- a/src/test/resources/emTestAuthN.xml
+++ b/src/test/resources/emTestAuthN.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/emTestCheckAccess.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/emTestCheckAccess.xml b/src/test/resources/emTestCheckAccess.xml
index ff78b6f..f1e1c0e 100644
--- a/src/test/resources/emTestCheckAccess.xml
+++ b/src/test/resources/emTestCheckAccess.xml
@@ -1,23 +1,27 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
<entity xsi:type="permission" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <objectName>emtestobj1</objectName>
+ <objName>emtestobj1</objName>
<opName>add</opName>
<admin>false</admin>
</entity>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/emTestOrg1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/emTestOrg1.xml b/src/test/resources/emTestOrg1.xml
index 505a145..46656d6 100644
--- a/src/test/resources/emTestOrg1.xml
+++ b/src/test/resources/emTestOrg1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/resources/emTestPermOrg1.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/emTestPermOrg1.xml b/src/test/resources/emTestPermOrg1.xml
index 7691910..1dc4197 100644
--- a/src/test/resources/emTestPermOrg1.xml
+++ b/src/test/resources/emTestPermOrg1.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<FortRequest>
<contextId>HOME</contextId>
[02/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/java/org/apache/directory/fortress/rest/Client.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/rest/Client.java b/src/test/java/org/apache/directory/fortress/rest/Client.java
new file mode 100644
index 0000000..9eb0f07
--- /dev/null
+++ b/src/test/java/org/apache/directory/fortress/rest/Client.java
@@ -0,0 +1,688 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import java.io.File;
+import java.io.InputStream;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.Collection;
+import java.util.Collections;
+
+import org.apache.directory.fortress.core.rest.HttpIds;
+import org.apache.directory.fortress.core.rbac.OrgUnit;
+import org.apache.directory.fortress.core.rbac.PermObj;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.methods.*;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.io.CachedOutputStream;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.resource.URIResolver;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+
+
+/**
+ * Test Client to drive EnMasse Service methods.
+ *
+ * @author Shawn McKinney
+ */
+public final class Client
+{
+ private static final String HOST = "localhost";
+ private static final String PORT = "80";
+ private static final String SERVICE = "enmasse";
+ private static final String URI = "http://" + HOST + ":" + PORT + "/" + SERVICE + "/";
+
+ private Client()
+ {
+ }
+
+ public static void main(String args[]) throws Exception
+ {
+ Client client = new Client();
+
+
+ /*
+ client.post("demouser4", "password", "UserSample2.xml", HttpIds.USER_ADD);
+ client.delete("demouser4", "password", "fortressUser1", null, null, Services.userDelete.toString());
+ client.get("demouser4", "password", "demouser4", null, null, Services.userRead.toString());
+ client.get("demouser4", "password", "oamuser1", null, null, Services.userRead.toString());
+
+ client.get("demouser4", "password", "oamRole1", null, null, Services.roleRead.toString());
+ client.delete("demouser4", "password", "ROLE_ADMIN", null, null, Services.roleDelete.toString());
+ client.post("demouser4", "password", "RoleSample2.xml", Services.roleAdd.toString());
+ client.put("demouser4", "password", "RoleSample2Update.xml", Services.roleUpdate.toString());
+ client.get("demouser4", "password", "ROLE_ADMIN", null, null, Services.roleRead.toString());
+ client.get("demouser4", "password", "role1", null, null, Services.roleRead.toString());
+ client.delete("demouser4", "password", "enMasseTestUser1", null, null, Services.userDelete.toString());
+ client.post("demouser4", "password", "UserSample2.xml", Services.userAdd.toString());
+
+ client.put("demouser4", "password", "UserSample2Update.xml", Services.userUpdate.toString());
+
+ client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.userRead.toString());
+
+ client.get("demouser4", "password", "USER", "demousrs1", null, Services.orgRead.toString());
+
+ client.findUsers("demouser4", "password", "oam");
+ client.findRoles("demouser4", "password", "oam");
+
+ client.delete("demouser4", "password", "USER", "TestEnMasseOrg1", null, Services.orgDelete.toString());
+ client.post("demouser4", "password", "TestUserOrg.xml", Services.orgAdd.toString());
+ client.get("demouser4", "password", "USER", "TestEnMasseOrg1", null, Services.orgRead.toString());
+ client.findOrgs("demouser4", "password", "USER", "o");
+
+ client.delete("demouser4", "password", "USER", "TestEMPermObj1", "read", Services.permDelete.toString());
+ client.delete("demouser4", "password", "USER", "TestEMPermObj1", null, Services.objDelete.toString());
+ client.delete("demouser4", "password", "PERM", "TestEnMassePermOrg1", null, Services.orgDelete.toString());
+ client.post("demouser4", "password", "TestPermOrg.xml", Services.orgAdd.toString());
+ client.get("demouser4", "password", "PERM", "TestEnMassePermOrg1", null, Services.orgRead.toString());
+ client.post("demouser4", "password", "TestPermObj.xml", Services.objAdd.toString());
+ client.get("demouser4", "password", "USER", "TestEMPermObj1", null, Services.objRead.toString());
+ client.findPermObjs("demouser4", "password", "USER", "t");
+
+ client.post("demouser4", "password", "TestPermission.xml", Services.permAdd.toString());
+ client.get("demouser4", "password", "USER", "TestEMPermObj1", "read", Services.permRead.toString());
+ client.findPermissions("demouser4", "password", "USER", "T", "t");
+
+ client.get("demouser4", "password", "demouser4", "password", null, Services.rbacCreate.toString());
+
+ client.post("demouser4", "password", "FUser.xml", Services.userAdd.toString());
+ client.post("demouser4", "password", "TestUserAssign.xml", Services.roleAsgn.toString());
+ client.get("demouser4", "password", "fortressUser1", null, null, Services.roleAsigned.toString());
+ client.post("demouser4", "password", "TestUserDeassign.xml", Services.roleDeasgn.toString());
+
+ client.post("demouser4", "password", "RoleGrant.xml", Services.roleGrant.toString());
+ client.post("demouser4", "password", "RoleGrant.xml", Services.roleRevoke.toString());
+
+ client.post("demouser4", "password", "UserGrant.xml", Services.userGrant.toString());
+ client.post("demouser4", "password", "UserGrant.xml", Services.userRevoke.toString());
+
+ client.get("demouser4", "password", "oamrole1", null, null, Services.userAsigned.toString());
+ client.get("demouser4", "password", "oamrole1", null, null, Services.rolePerms.toString());
+ client.get("demouser4", "password", "oamuser1", null, null, Services.userPerms.toString());
+
+ client.put("demouser4", "password", "UserSample2Change.xml", Services.userChange.toString());
+ client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.userLock.toString());
+ client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.userUnlock.toString());
+ client.put("demouser4", "password", "UserSample2Reset.xml", Services.userReset.toString());
+
+ client.delete("demouser4", "password", "ROLE_ADMIN_CHILD", null, null, Services.roleDelete.toString());
+ client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleDescendant.toString());
+ client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleDelinherit.toString());
+ client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleAddinherit.toString());
+ client.post("demouser4", "password", "TestRoleDescendant.xml", Services.roleDelinherit.toString());
+
+ client.get("demouser4", "password", "oamT12SSD3", null, null, Services.ssdSets.toString());
+ client.get("demouser4", "password", "oamT6Ssd1", null, null, Services.ssdRead.toString());
+ client.get("demouser4", "password", "oamT6Ssd1", null, null, Services.ssdRoles.toString());
+ client.get("demouser4", "password", "oamT6Ssd1", null, null, Services.ssdCard.toString());
+ client.get("demouser4", "password", "oamT12DSD3", null, null, Services.dsdSets.toString());
+ client.get("demouser4", "password", "oamT6Dsd1", null, null, Services.dsdRead.toString());
+ client.get("demouser4", "password", "oamT6Dsd1", null, null, Services.dsdRoles.toString());
+ client.get("demouser4", "password", "oamT6Dsd1", null, null, Services.dsdCard.toString());
+
+ client.get("demouser4", "password", "oamrole1", null, null, Services.roleAuthzed.toString());
+ client.get("demouser4", "password", "oamuser1", null, null, Services.userAuthzed.toString());
+ client.get("demouser4", "password", "TOB3_3", "TOP3_1", null, Services.permRoles.toString());
+ client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permRoles.toString());
+ client.get("demouser4", "password", "TOB3_3", "TOP3_1", null, Services.permRolesAuthzed.toString());
+ client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permRolesAuthzed.toString());
+ client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permUsers.toString());
+ client.get("demouser4", "password", "TestEMPermObj1", "read", null, Services.permUsers.toString());
+ client.get("demouser4", "password", "TOB3_3", "TOP3_1", null, Services.permUsersAuthzed.toString());
+ client.get("demouser4", "password", "TOB1_1", "TOP1_1", "001", Services.permUsersAuthzed.toString());
+
+ client.delete("demouser4", "password", "emSsdT1", null, null, Services.ssdDelete.toString());
+ client.delete("demouser4", "password", "SSD_ROLE_1", null, null, Services.roleDelete.toString());
+ client.delete("demouser4", "password", "SSD_ROLE_2", null, null, Services.roleDelete.toString());
+ client.delete("demouser4", "password", "SSD_ROLE_3", null, null, Services.roleDelete.toString());
+ client.delete("demouser4", "password", "SSD_ROLE_4", null, null, Services.roleDelete.toString());
+ client.post("demouser4", "password", "RoleSSD1.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "RoleSSD2.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "RoleSSD3.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "RoleSSD4.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "TestCreateSSD.xml", Services.ssdAdd.toString());
+ client.get("demouser4", "password", "emSsdT1", "SSD_ROLE_4", null, Services.ssdAddMember.toString());
+ client.get("demouser4", "password", "emSsdT1", null, null, Services.ssdRead.toString());
+ client.get("demouser4", "password", "emSsdT1", "SSD_ROLE_3", null, Services.ssdDelMember.toString());
+ client.get("demouser4", "password", "emSsdT1", "3", null, Services.ssdCardUpdate.toString());
+ client.get("demouser4", "password", "emSsdT1", null, null, Services.ssdRead.toString());
+
+ client.delete("demouser4", "password", "emDsdT1", null, null, Services.dsdDelete.toString());
+ client.delete("demouser4", "password", "DSD_ROLE_1", null, null, Services.roleDelete.toString());
+ client.delete("demouser4", "password", "DSD_ROLE_2", null, null, Services.roleDelete.toString());
+ client.delete("demouser4", "password", "DSD_ROLE_3", null, null, Services.roleDelete.toString());
+ client.delete("demouser4", "password", "DSD_ROLE_4", null, null, Services.roleDelete.toString());
+ client.post("demouser4", "password", "RoleDSD1.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "RoleDSD2.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "RoleDSD3.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "RoleDSD4.xml", Services.roleAdd.toString());
+ client.post("demouser4", "password", "TestCreateDSD.xml", Services.dsdAdd.toString());
+ client.get("demouser4", "password", "emDsdT1", "DSD_ROLE_4", null, Services.dsdAddMember.toString());
+ client.get("demouser4", "password", "emDsdT1", null, null, Services.dsdRead.toString());
+ client.get("demouser4", "password", "emDsdT1", "DSD_ROLE_3", null, Services.dsdDelMember.toString());
+ client.get("demouser4", "password", "emDsdT1", "3", null, Services.dsdCardUpdate.toString());
+ client.get("demouser4", "password", "emDsdT1", null, null, Services.dsdRead.toString());
+
+ client.delete("demouser4", "password", "emPWPolicy1", null, null, Services.pswdDelete.toString());
+ client.post("demouser4", "password", "TestPswd.xml", Services.pswdAdd.toString());
+ client.get("demouser4", "password", "emPWPolicy1", null, null, Services.pswdRead.toString());
+ client.put("demouser4", "password", "TestPswdUpdate.xml", Services.pswdUpdate.toString());
+ client.get("demouser4", "password", "emPWPolicy1", null, null, Services.pswdRead.toString());
+ client.get("demouser4", "password", "oam", null, null, Services.pswdSearch.toString());
+ client.get("demouser4", "password", "enMasseTestUser1", "emPWPolicy1", null, Services.pswdUserAdd.toString());
+ client.get("demouser4", "password", "enMasseTestUser1", null, null, Services.pswdUserDelete.toString());
+
+ client.post("demouser4", "password", "TestAdminRoleDescendant.xml", Services.arleDelinherit.toString());
+ client.delete("demouser4", "password", "EM_TEST_ADMIN_ROLE_1", null, null, Services.arleDelete.toString());
+
+
+ client.post("demouser4", "password", "TestAdminRole.xml", Services.arleAdd.toString());
+ client.put("demouser4", "password", "TestAdminRoleUpdate.xml", Services.arleUpdate.toString());
+ client.get("demouser4", "password", "EM_TEST_ADMIN_ROLE_1", null, null, Services.arleRead.toString());
+ client.get("demouser4", "password", "EM", null, null, Services.arleSearch.toString());
+ client.get("demouser4", "password", "demouser4", null, null, Services.arleAsigned.toString());
+ client.get("demouser4", "password", "oamadmin1", null, null, Services.userAsignedAdmin.toString());
+
+ client.post("demouser4", "password", "AuditBind.xml", Services.auditBinds.toString());
+
+
+ String szAuthNSession = client.get("demouser4", "password", "demouser4", "password", null, Services.rbacAuthN.toString());
+ String szSession = client.get("demouser4", "password", "oamTU3User7", "password7", null, Services.rbacCreate.toString());
+ Session session = unmarshallSession(szSession);
+ client.checkAccess("demouser4", "password", session, new Permission("TOB3_3", "TOP3_1"));
+ szSession = client.dropActiveRole("demouser4", "password", session, new Role("oamT3ROLE4"));
+ session = unmarshallSession(szSession);
+ szSession = client.addActiveRole("demouser4", "password", session, new Role("oamT3ROLE4"));
+ */
+
+ //szSession = marshal(session);
+ /*
+ client.postStr("demouser4", "password", szSession, Services.rbacPerms.toString());
+ client.postStr("demouser4", "password", szSession, Services.rbacRoles.toString());
+ client.postStr("demouser4", "password", szSession, Services.rbacUserId.toString());
+ client.postStr("demouser4", "password", szSession, Services.rbacUser.toString());
+ */
+
+
+ System.out.println("\n");
+ System.exit(0);
+ }
+
+ private static Session unmarshallSession(String szSession) throws Exception
+ {
+ // Create a JAXB context passing in the class of the object we want to marshal/unmarshal
+ final JAXBContext context = JAXBContext.newInstance(Session.class);
+
+ // Create the unmarshaller, this is the nifty little thing that will actually transform the XML back into an object
+ final Unmarshaller unmarshaller = context.createUnmarshaller();
+ return (Session) unmarshaller.unmarshal(new StringReader(szSession));
+ }
+
+ private static String marshal(Session session) throws Exception
+ {
+ // Create a JAXB context passing in the class of the object we want to marshal/unmarshal
+ final JAXBContext context = JAXBContext.newInstance(Session.class);
+ // =============================================================================================================
+ // Marshalling OBJECT to XML
+ // =============================================================================================================
+ // Create the marshaller, this is the nifty little thing that will actually transform the object into XML
+ final Marshaller marshaller = context.createMarshaller();
+
+ // Create a stringWriter to hold the XML
+ final StringWriter stringWriter = new StringWriter();
+ // Marshal the javaObject and write the XML to the stringWriter
+ marshaller.marshal(session, stringWriter);
+ return stringWriter.toString();
+ }
+
+ public String postStr(String userId, String password, String szInput, String function) throws Exception
+ {
+ String szResponse = null;
+ Client client = new Client();
+ // Sent HTTP POST request to add user
+ System.out.println("\n");
+ System.out.println("Sent HTTP POST request to:" + function);
+ //String inputFile = client.getClass().getResource(xmlFile).getFile();
+ //URIResolver resolver = new URIResolver(inputFile);
+ //File input = new File(resolver.getURI());
+ PostMethod post = new PostMethod(URI + function);
+ post.addRequestHeader("Accept", "text/xml");
+ setMethodHeaders(post, userId, password);
+ //RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
+ RequestEntity entity = new StringRequestEntity(szInput, "text/xml; charset=ISO-8859-1", null);
+ post.setRequestEntity(entity);
+ HttpClient httpclient = new HttpClient();
+ try
+ {
+ int result = httpclient.executeMethod(post);
+ System.out.println("Response status code: " + result);
+ szResponse = post.getResponseBodyAsString();
+ System.out.println(szResponse);
+ }
+ catch(WebApplicationException we)
+ {
+ System.out.println("WebApplicationException caught=" + we.getMessage());
+ }
+ finally
+ {
+ // Release current connection to the connection pool once you are
+ // done
+ post.releaseConnection();
+ }
+ return szResponse;
+ }
+
+ public void post(String userId, String password, String xmlFile, String function) throws Exception
+ {
+ Client client = new Client();
+ // Sent HTTP POST request to add user
+ System.out.println("\n");
+ System.out.println("Sent HTTP POST request to:" + function);
+ String inputFile = client.getClass().getResource(xmlFile).getFile();
+ URIResolver resolver = new URIResolver(inputFile);
+ File input = new File(resolver.getURI());
+ PostMethod post = new PostMethod(URI + function);
+ post.addRequestHeader("Accept", "text/xml");
+ setMethodHeaders(post, userId, password);
+ RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
+ post.setRequestEntity(entity);
+ HttpClient httpclient = new HttpClient();
+ try
+ {
+ int result = httpclient.executeMethod(post);
+ System.out.println("Response status code: " + result);
+ System.out.println(post.getResponseBodyAsString());
+ }
+ catch(WebApplicationException we)
+ {
+ System.out.println("WebApplicationException caught=" + we.getMessage());
+ }
+ finally
+ {
+ // Release current connection to the connection pool once you are
+ // done
+ post.releaseConnection();
+ }
+ }
+
+ public void put(String userId, String password, String xmlFile, String function) throws Exception
+ {
+ Client client = new Client();
+ // Sent HTTP POST request to add user
+ System.out.println("\n");
+ System.out.println("Sent HTTP PUT request to:" + function);
+ String inputFile = client.getClass().getResource(xmlFile).getFile();
+ URIResolver resolver = new URIResolver(inputFile);
+ File input = new File(resolver.getURI());
+ PutMethod put = new PutMethod(URI + function);
+ put.addRequestHeader("Accept", "text/xml");
+ setMethodHeaders(put, userId, password);
+ RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
+ put.setRequestEntity(entity);
+ HttpClient httpclient = new HttpClient();
+ try
+ {
+ int result = httpclient.executeMethod(put);
+ System.out.println("Response status code: " + result);
+ System.out.println(put.getResponseBodyAsString());
+ }
+ catch(WebApplicationException we)
+ {
+ System.out.println("WebApplicationException caught=" + we.getMessage());
+ }
+ finally
+ {
+ // Release current connection to the connection pool once you are
+ // done
+ put.releaseConnection();
+ }
+ }
+
+ public void delete(String userId, String password, String id, String id2, String id3, String function) throws Exception
+ {
+ String url = URI + function + "/" + id;
+ if(id2 != null)
+ {
+ url += "/" + id2;
+ }
+ if(id3 != null)
+ {
+ url += "/" + id3;
+ }
+ System.out.println("HTTP DELETE to query info, url : " + url);
+ System.out.println("Deleting now...");
+ DeleteMethod del = new DeleteMethod(url);
+ //DeleteMethod del = new DeleteMethod(URI + function + "/" + id);
+ setMethodHeaders(del, userId, password);
+ handleHttpMethod(del);
+ }
+
+ public void createSession(String userId, String password, String uid, char[] pw) throws Exception
+ {
+ String url = URI + HttpIds.RBAC_CREATE + "/" + uid + "/" + pw;
+ System.out.println("CREATE SESSION url : " + url);
+ GetMethod get = new GetMethod(url);
+ setMethodHeaders(get, userId, password);
+ handleHttpMethod(get);
+ }
+
+ public String get(String userId, String password, String id, String id2, String id3, String function) throws Exception
+ {
+ String url = URI + function + "/" + id;
+ if(id2 != null)
+ {
+ url += "/" + id2;
+ }
+ if(id3 != null)
+ {
+ url += "/" + id3;
+ }
+ System.out.println("HTTP GET to query info, url : " + url);
+ GetMethod get = new GetMethod(url);
+ setMethodHeaders(get, userId, password);
+ return handleHttpMethod(get);
+ }
+
+ private static void setMethodHeaders(HttpMethod httpMethod, String name, String password)
+ {
+ if (httpMethod instanceof PostMethod || httpMethod instanceof PutMethod)
+ {
+ httpMethod.setRequestHeader("Content-Type", "application/xml");
+ httpMethod.setRequestHeader("Accept", "application/xml");
+ }
+ //httpMethod.setDoAuthentication(false);
+ httpMethod.setDoAuthentication(true);
+ httpMethod.setRequestHeader("Authorization",
+ "Basic " + base64Encode(name + ":" + password));
+ }
+
+ private static String base64Encode(String value)
+ {
+ return Base64Utility.encode(value.getBytes());
+ }
+
+ private static String handleHttpMethod(HttpMethod httpMethod) throws Exception
+ {
+ HttpClient client = new HttpClient();
+ String szResponse = null;
+
+ try
+ {
+ int statusCode = client.executeMethod(httpMethod);
+ System.out.println("Response status : " + statusCode);
+
+ Response.Status status = Response.Status.fromStatusCode(statusCode);
+
+ if (status == Response.Status.OK)
+ {
+ szResponse = httpMethod.getResponseBodyAsString();
+ System.out.println(szResponse);
+ }
+ else if (status == Response.Status.FORBIDDEN)
+ {
+ System.out.println("Authorization failure");
+ }
+ else if (status == Response.Status.UNAUTHORIZED)
+ {
+ System.out.println("Authentication failure");
+ }
+ else
+ {
+ //System.out.println("Unknown error: " + status.toString());
+ System.out.println("Unknown error");
+ }
+
+ System.out.println();
+
+ }
+ finally
+ {
+ // release any connection resources used by the method
+ httpMethod.releaseConnection();
+ }
+ return szResponse;
+ }
+
+
+ public void findUsers(String userId, String password, String searchVal) throws Exception
+ {
+ String endpointAddress = URI + HttpIds.USER_SEARCH + "/" + searchVal;
+ System.out.println("now hit:" + endpointAddress);
+
+ try
+ {
+ WebClient wc = WebClient.create(endpointAddress,
+ Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
+
+ String authorizationHeader = "Basic "
+ + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
+ wc.header("Authorization", authorizationHeader);
+ //wc.accept("application/json");
+ wc.accept("application/xml");
+ Collection<? extends org.apache.directory.fortress.core.rbac.User> collection = wc.getCollection(org.apache.directory.fortress.core.rbac.User.class);
+
+ int i = 1;
+ for (org.apache.directory.fortress.core.rbac.User user : collection)
+ {
+ System.out.println("User[" + i++ + "]");
+ System.out.println(" userId: " + user.getUserId());
+ System.out.println(" description: " + user.getDescription());
+ //System.out.println(" roles: " + user.getRoles());
+ System.out.println(" cn: " + user.getCn());
+ System.out.println(" sn: " + user.getSn());
+ System.out.println(" policy: " + user.getPwPolicy());
+ System.out.println(" ou: " + user.getOu());
+ System.out.println(" cn: " + user.getCn());
+ System.out.println(" beginDate: " + user.getBeginDate());
+ System.out.println(" endDate: " + user.getEndDate());
+ System.out.println(" beginTime: " + user.getBeginTime());
+ System.out.println(" endTime: " + user.getEndTime());
+ System.out.println(" beginLockDate: " + user.getBeginLockDate());
+ System.out.println(" endLockDate: " + user.getEndLockDate());
+ System.out.println(" dayMask: " + user.getDayMask());
+ System.out.println(" timeout: " + user.getTimeout());
+
+ if(user.getRoles() != null)
+ {
+ int j = 1;
+ for(org.apache.directory.fortress.core.rbac.UserRole userRole : user.getRoles())
+ {
+ System.out.println("--------------------------------------------------------------------------");
+ System.out.println("User[" + user.getUserId() + "] UserRole[" + j++ + "]");
+ System.out.println(" role name: " + userRole.getName());
+ if(userRole.getParents() != null)
+ {
+ for(String parent : userRole.getParents())
+ {
+ System.out.println(" parent role: " + parent);
+ }
+ }
+ System.out.println(" beginDate: " + userRole.getBeginDate());
+ System.out.println(" endDate: " + userRole.getEndDate());
+ System.out.println(" beginTime: " + userRole.getBeginTime());
+ System.out.println(" endTime: " + userRole.getEndTime());
+ System.out.println(" beginLockDate: " + userRole.getBeginLockDate());
+ System.out.println(" endLockDate: " + userRole.getEndLockDate());
+ System.out.println(" dayMask: " + userRole.getDayMask());
+ System.out.println(" timeout: " + userRole.getTimeout());
+ }
+ }
+ System.out.println("--------------------------------------------------------------------------");
+ }
+ }
+ catch (Exception e)
+ {
+ System.out.println("Exception caught in findUsers=" + e);
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * @throws Exception
+ */
+ public void findRoles(String userId, String password, String searchVal) throws Exception
+ {
+ String endpointAddress = URI + HttpIds.ROLE_SEARCH + "/" + searchVal;
+ System.out.println("now hit:" + endpointAddress);
+
+ try
+ {
+ WebClient wc = WebClient.create(endpointAddress,
+ Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
+ String authorizationHeader = "Basic "
+ + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
+ wc.header("Authorization", authorizationHeader);
+ wc.accept("application/xml");
+ Collection<? extends org.apache.directory.fortress.core.rbac.Role> collection = wc.getCollection(org.apache.directory.fortress.core.rbac.Role.class);
+ for (org.apache.directory.fortress.core.rbac.Role role : collection)
+ {
+ System.out.println("Role: " + role.getName() + " description:" + role.getDescription());
+ System.out.println(" parents: " + role.getParents());
+ System.out.println(" children: " + role.getChildren());
+ System.out.println(" beginDate: " + role.getBeginDate());
+ System.out.println(" endDate: " + role.getEndDate());
+ System.out.println(" beginTime: " + role.getBeginTime());
+ System.out.println(" endTime: " + role.getEndTime());
+ System.out.println(" beginLockDate: " + role.getBeginLockDate());
+ System.out.println(" endLockDate: " + role.getEndLockDate());
+ System.out.println(" dayMask: " + role.getDayMask());
+ System.out.println(" timeout: " + role.getTimeout());
+ }
+ }
+ catch (Exception e)
+ {
+ System.out.println("Exception caught in findRoles=" + e);
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * @throws Exception
+ */
+ public void findOrgs(String userId, String password, String type, String searchVal) throws Exception
+ {
+ String endpointAddress = URI + HttpIds.ORG_SEARCH + "/" + type + "/" + searchVal;
+ System.out.println("now hit:" + endpointAddress);
+ try
+ {
+ WebClient wc = WebClient.create(endpointAddress,
+ Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
+ String authorizationHeader = "Basic "
+ + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
+ wc.header("Authorization", authorizationHeader);
+ wc.accept("application/xml");
+ Collection<? extends OrgUnit> collection = wc.getCollection(OrgUnit.class);
+ for (OrgUnit orgUnit : collection)
+ {
+ System.out.println("OrgUnit: " + orgUnit.getName() + " description:" + orgUnit.getDescription());
+ }
+ }
+ catch (Exception e)
+ {
+ System.out.println("Exception caught in searchUserOrgs=" + e);
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * @throws Exception
+ */
+ public void findPermObjs(String userId, String password, String type, String searchVal) throws Exception
+ {
+ String endpointAddress = URI + HttpIds.OBJ_SEARCH + "/" + type + "/" + searchVal;
+ System.out.println("now hit:" + endpointAddress);
+ try
+ {
+ WebClient wc = WebClient.create(endpointAddress,
+ Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
+ String authorizationHeader = "Basic "
+ + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
+ wc.header("Authorization", authorizationHeader);
+ wc.accept("application/xml");
+ Collection<? extends PermObj> collection = wc.getCollection(PermObj.class);
+ for (PermObj permObj : collection)
+ {
+ System.out.println("Object Name: " + permObj.getObjName() + " description:" + permObj.getDescription());
+ }
+ }
+ catch (Exception e)
+ {
+ System.out.println("Exception caught in findPermObjs=" + e);
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * @throws Exception
+ */
+ public void findPermissions(String userId, String password, String type, String objName, String opName) throws Exception
+ {
+ String endpointAddress = URI + HttpIds.PERM_SEARCH + "/" + type + "/" + objName + "/" + opName;
+ System.out.println("now hit:" + endpointAddress);
+ try
+ {
+ WebClient wc = WebClient.create(endpointAddress,
+ Collections.singletonList(new org.codehaus.jackson.jaxrs.JacksonJsonProvider()));
+ String authorizationHeader = "Basic "
+ + org.apache.cxf.common.util.Base64Utility.encode(new String(userId + ":" + password).getBytes());
+ wc.header("Authorization", authorizationHeader);
+ wc.accept("application/xml");
+ Collection<? extends Permission> collection = wc.getCollection(Permission.class);
+ for (Permission perm : collection)
+ {
+ System.out.println("Permission ObjectName: " + perm.getObjName() + " opName: " + perm.getOpName());
+ }
+ }
+ catch (Exception e)
+ {
+ System.out.println("Exception caught in findPermissions=" + e);
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * @param in
+ * @return
+ * @throws Exception
+ */
+ private static String getStringFromInputStream(InputStream in) throws Exception
+ {
+ CachedOutputStream bos = new CachedOutputStream();
+ IOUtils.copy(in, bos);
+ in.close();
+ bos.close();
+ return bos.getOut().toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/test/java/org/apache/directory/fortress/rest/EmTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/rest/EmTest.java b/src/test/java/org/apache/directory/fortress/rest/EmTest.java
new file mode 100644
index 0000000..58b797f
--- /dev/null
+++ b/src/test/java/org/apache/directory/fortress/rest/EmTest.java
@@ -0,0 +1,445 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.fortress.rest;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import org.apache.directory.fortress.core.RestException;
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.directory.fortress.core.rest.HttpIds;
+import org.apache.directory.fortress.core.rest.RestUtils;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.methods.*;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.log4j.Logger;
+import org.junit.Test;
+
+import javax.ws.rs.WebApplicationException;
+
+
+/**
+ * Test Client to drive EnMasse Service methods.
+ *
+ * @author Shawn McKinney
+ */
+public final class EmTest
+{
+ private static final String CLS_NM = EmTest.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+ private static final String HOST = "localhost";
+ private static final String PORT = "8080";
+ private static final String VERSION = System.getProperty("version");
+ private static final String SERVICE = "fortress-rest-" + VERSION;
+ //private static final String SERVICE = "enmasse-" + VERSION;
+ private static final String URI = "http://" + HOST + ":" + PORT + "/" + SERVICE + "/";
+ private static final String USER_ID = "demouser4";
+ private static final String PASSWORD = "password";
+
+ /**
+ * Execute test cases with simple validation.
+ *
+ */
+ @Test
+ public void testServices()
+ {
+ log.info(CLS_NM + ".testServices STARTED");
+ try
+ {
+ String szResponse = post(USER_ID, PASSWORD, "addPermGrant1.xml", HttpIds.ROLE_REVOKE);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ int rc = response.getErrorCode();
+ String szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_REVOKE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "addEmTestPermission.xml", HttpIds.PERM_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.PERM_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "addEmTestObj1.xml", HttpIds.OBJ_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.OBJ_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "emTestPermOrg1.xml", HttpIds.ORG_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "emTestPermOrg1.xml", HttpIds.ORG_ADD);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_ADD + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "assignEmUser1.xml", HttpIds.ROLE_DEASGN);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DEASGN + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "delEmUser1.xml", HttpIds.USER_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.USER_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "emTestOrg1.xml", HttpIds.ORG_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "emTestOrg1.xml", HttpIds.ORG_ADD);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ORG_ADD + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "emRoleDelInheritance.xml", HttpIds.ROLE_DELINHERIT);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DELINHERIT + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "addEmRole1.xml", HttpIds.ROLE_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "delEmRole2.xml", HttpIds.ROLE_DELETE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ // don't fail if the delete was not successful as this may be the first run:
+ String warn = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_DELETE + " rc=" + rc + " error message=" + szErrorMsg;
+ log.info(warn);
+ }
+
+ szResponse = post(USER_ID, PASSWORD, "addEmRole1.xml", HttpIds.ROLE_ADD);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_ADD + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "addEmRole2Ascendent.xml", HttpIds.ROLE_ASC);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_ASC + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "addEmUser1.xml", HttpIds.USER_ADD);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.USER_ADD + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "assignEmUser1.xml", HttpIds.ROLE_ASGN);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_ASGN + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "emTestAuthN.xml", HttpIds.RBAC_AUTHN);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.RBAC_AUTHN + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "createSession.xml", HttpIds.RBAC_CREATE);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.RBAC_AUTHN + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "addEmTestObj1.xml", HttpIds.OBJ_ADD);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.OBJ_ADD + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "addEmTestPermission.xml", HttpIds.PERM_ADD);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.PERM_ADD + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "addPermGrant1.xml", HttpIds.ROLE_GRANT);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices FAILED calling " + HttpIds.ROLE_GRANT + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ szResponse = post(USER_ID, PASSWORD, "emTestCheckAccess.xml", HttpIds.RBAC_AUTHZ);
+ response = RestUtils.unmarshall(szResponse);
+ rc = response.getErrorCode();
+ szErrorMsg = response.getErrorMessage();
+ if(rc != 0)
+ {
+ String error = CLS_NM + ".testServices failed calling " + HttpIds.RBAC_AUTHZ + " rc=" + rc + " error message=" + szErrorMsg;
+ log.error(error);
+ }
+ assert(rc == 0);
+
+ log.info(CLS_NM + ".testServices SUCCESS");
+ }
+ catch(RestException re)
+ {
+ String error = CLS_NM + ".post caught RestException=" + re;
+ log.error(error);
+ }
+ log.info(CLS_NM + ".testServices FINISHED");
+ }
+
+ /**
+ * Perform an HTTP Post to the configured server.
+ *
+ * @param userId
+ * @param password
+ * @param xmlFile
+ * @param function
+ * @throws RestException
+ */
+ private String post(String userId, String password, String xmlFile, String function) throws RestException
+ {
+ String szResponse;
+ log.info(CLS_NM + ".post file:" + xmlFile + " HTTP POST request to:" + function);
+ URL fUrl = EmTest.class.getClassLoader().getResource(xmlFile);
+ PostMethod post = null;
+ try
+ {
+ if(fUrl != null && fUrl.toURI() != null)
+ {
+ File input = new File(fUrl.toURI());
+ post = new PostMethod(URI + function);
+ post.addRequestHeader("Accept", "text/xml");
+ setMethodHeaders(post, userId, password);
+ RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
+ post.setRequestEntity(entity);
+ HttpClient httpclient = new HttpClient();
+ int result = httpclient.executeMethod(post);
+ szResponse = IOUtils.toString(post.getResponseBodyAsStream(), "UTF-8");
+ log.info(CLS_NM + ".post Response status code: " + result);
+ log.info(CLS_NM + ".post Response value: " + szResponse);
+ }
+ else
+ {
+ String error = CLS_NM + ".post input file: " + xmlFile + " not found";
+ throw new RestException(GlobalErrIds.REST_IO_ERR, error);
+ }
+
+ }
+ catch(URISyntaxException ue)
+ {
+ String error = CLS_NM + ".post caught URISyntaxException=" + ue;
+ throw new RestException(GlobalErrIds.REST_IO_ERR, error, ue);
+ }
+ catch(IOException ie)
+ {
+ String error = CLS_NM + ".post caught IOException=" + ie;
+ throw new RestException(GlobalErrIds.REST_IO_ERR, error, ie);
+ }
+ catch(WebApplicationException we)
+ {
+ String error = CLS_NM + ".post caught IOException=" + we;
+ throw new RestException(GlobalErrIds.REST_WEB_ERR, error, we);
+ }
+ finally
+ {
+ // Release current connection to the connection pool once you are
+ // done
+ if(post != null)
+ {
+ post.releaseConnection();
+ }
+ }
+ return szResponse;
+ }
+
+ /**
+ * Add userId, password to HTTP Basic AuthN header.
+ *
+ * @param httpMethod
+ * @param name
+ * @param password
+ */
+ private static void setMethodHeaders(HttpMethod httpMethod, String name, String password)
+ {
+ if (httpMethod instanceof PostMethod || httpMethod instanceof PutMethod)
+ {
+ httpMethod.setRequestHeader("Content-Type", "application/xml");
+ httpMethod.setRequestHeader("Accept", "application/xml");
+ }
+ httpMethod.setDoAuthentication(true);
+ httpMethod.setRequestHeader("Authorization",
+ "Basic " + base64Encode(name + ":" + password));
+ }
+
+ /**
+ * Base64 encode a String value.
+ *
+ * @param value
+ * @return
+ */
+ private static String base64Encode(String value)
+ {
+ return Base64Utility.encode(value.getBytes());
+ }
+
+ /**
+ * Main will execute simple test case.
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[])
+ {
+ EmTest client = new EmTest();
+ client.testServices();
+ System.exit(0);
+ }
+
+ /**
+ *
+ */
+ public void setUp()
+ {
+ }
+
+ /**
+ *
+ */
+ public void tearDown()
+ {
+ }
+}
[04/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/FortressServiceImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/FortressServiceImpl.java b/src/main/java/org/openldap/enmasse/FortressServiceImpl.java
deleted file mode 100644
index 21c47f9..0000000
--- a/src/main/java/org/openldap/enmasse/FortressServiceImpl.java
+++ /dev/null
@@ -1,4370 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import javax.annotation.security.RolesAllowed;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.openldap.fortress.rest.HttpIds;
-import org.springframework.stereotype.Service;
-
-/**
- * Implementation for EnMasse Service methods forwards to delegate. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-@Service("fortressService")
-public class FortressServiceImpl implements FortressService
-{
- // Instantiate the implementation classes where the actual work is done:
- private final ReviewMgrImpl reviewMgrImpl = new ReviewMgrImpl();
- private final AdminMgrImpl adminMgrImpl = new AdminMgrImpl();
- private final PswdPolicyMgrImpl pswdPolicyMgrImpl = new PswdPolicyMgrImpl();
- private final DelegatedAccessMgrImpl delegatedAccessMgrImpl = new DelegatedAccessMgrImpl();
- private final DelegatedReviewMgrImpl delegatedReviewMgrImpl = new DelegatedReviewMgrImpl();
- private final DelegatedAdminMgrImpl delegatedAdminMgrImpl = new DelegatedAdminMgrImpl();
- private final AccessMgrImpl accessMgrImpl = new AccessMgrImpl();
- private final AuditMgrImpl auditMgrImpl = new AuditMgrImpl();
- private final ConfigMgrImpl configMgrImpl = new ConfigMgrImpl();
-
- // These are the allowed roles for the EnMasse services:
- private static final String ENMASSE_SUPER_USER = "EnmasseSuperUser";
- private static final String ACCESS_MGR_USER = "AccessMgrUser";
- private static final String ADMIN_MGR_USER = "AdminMgrUser";
- private static final String REVIEW_MGR_USER = "ReviewMgrUser";
- private static final String DELEGATED_ACCESS_MGR_USER = "DelegatedAccessMgrUser";
- private static final String DELEGATED_ADMIN_MGR_USER = "DelegatedAdminMgrUser";
- private static final String DELEGATED_REVIEW_MGR_USER = "DelegatedReviewMgrUser";
- private static final String PASSWORD_MGR_USER = "PasswordMgrUser";
- private static final String AUDIT_MGR_USER = "AuditMgrUser";
- private static final String CONFIG_MGR_USER = "ConfigMgrUser";
-
- /**
- * ************************************************************************************************************************************
- * BEGIN ADMINMGR
- * **************************************************************************************************************************************
- */
-
- /**
- * This command creates a new RBAC user. The command is valid only if the new user is
- * not already a member of the USERS data set. The USER data set is updated. The new user
- * does not own any session at the time of its creation.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>{@link org.openldap.fortress.rbac.User#password} - used to authenticate the User</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains the name of an already existing User OU node</li>
- * </ul>
- * <h5>User optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
- * <li>{@link org.openldap.fortress.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#description} - maps to INetOrgPerson description attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
- * <li>{@link org.openldap.fortress.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
- * <li>{@link org.openldap.fortress.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
- * <li>{@link org.openldap.fortress.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addUser(FortRequest request)
- {
- return adminMgrImpl.addUser(request);
- }
-
- /**
- * This command deletes an existing user from the RBAC database. The command is valid
- * if and only if the user to be deleted is a member of the USERS data set. The USERS and
- * UA data sets and the assigned_users function are updated.
- * This method performs a "hard" delete. It completely removes all data associated with this user from the directory.
- * User entity must exist in directory prior to making this call else exception will be thrown.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteUser(FortRequest request)
- {
- return adminMgrImpl.deleteUser(request);
- }
-
- /**
- * This command deletes an existing user from the RBAC database. The command is valid
- * if and only if the user to be deleted is a member of the USERS data set. The USERS and
- * UA data sets and the assigned_users function are updated.
- * Method performs a "soft" delete. It performs the following:
- * - sets the user status to "deleted"
- * - deassigns all roles from the user
- * - locks the user's password in LDAP
- * - revokes all perms that have been granted to user entity.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_DISABLE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse disableUser(FortRequest request)
- {
- return adminMgrImpl.disableUser(request);
- }
-
- /**
- * This method performs an update on User entity in directory. Prior to making this call the entity must exist in
- * directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * <h5>User optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#password} - used to authenticate the User</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains the name of an already existing User OU node</li>
- * <li>{@link org.openldap.fortress.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
- * <li>{@link org.openldap.fortress.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#description} - maps to INetOrgPerson description attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
- * <li>{@link org.openldap.fortress.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
- * <li>{@link org.openldap.fortress.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
- * <li>{@link org.openldap.fortress.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateUser(FortRequest request)
- {
- return adminMgrImpl.updateUser(request);
- }
-
- /**
- * Method will change user's password. This method will evaluate user's password policies.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>{@link org.openldap.fortress.rbac.User#password} - contains the User's old password</li>
- * <li>newPassword - contains the User's new password</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_CHGPW + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse changePassword(FortRequest request)
- {
- return adminMgrImpl.changePassword(request);
- }
-
- /**
- * Method will lock user's password which will prevent the user from authenticating with directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_LOCK + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse lockUserAccount(FortRequest request)
- {
- return adminMgrImpl.lockUserAccount(request);
- }
-
- /**
- * Method will unlock user's password which will enable user to authenticate with directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_UNLOCK + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse unlockUserAccount(FortRequest request)
- {
- return adminMgrImpl.unlockUserAccount(request);
- }
-
- /**
- * Method will reset user's password which will require user to change password before successful authentication with directory.
- * This method will not evaluate password policies on the new user password as it must be changed before use.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>newPassword - contains the User's new password</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_RESET + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse resetPassword(FortRequest request)
- {
- return adminMgrImpl.resetPassword(request);
- }
-
- /**
- * This command creates a new role. The command is valid if and only if the new role is not
- * already a member of the ROLES data set. The ROLES data set is updated.
- * Initially, no user or permission is assigned to the new role.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be created.</li>
- * </ul>
- * </ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addRole(FortRequest request)
- {
- return adminMgrImpl.addRole(request);
- }
-
- /**
- * This command deletes an existing role from the RBAC database. The command is valid
- * if and only if the role to be deleted is a member of the ROLES data set. This command will
- * also deassign role from all users.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
- * </ul>
- * <ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteRole(FortRequest request)
- {
- return adminMgrImpl.deleteRole(request);
- }
-
- /**
- * Method will update a Role entity in the directory. The role must exist in role container prior to this call. *
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
- * </ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateRole(FortRequest request)
- {
- return adminMgrImpl.updateRole(request);
- }
-
- /**
- * This command assigns a user to a role.
- * <p>
- * <ul>
- * <li> The command is valid if and only if:
- * <li> The user is a member of the USERS data set
- * <li> The role is a member of the ROLES data set
- * <li> The user is not already assigned to the role
- * <li> The SSD constraints are satisfied after assignment.
- * </ul>
- * </p>
- * <p>
- * Successful completion of this op, the following occurs:
- * </p>
- * <ul>
- * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
- * <li> Role entity (resides in role container) has userId added as role occupant.
- * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
- * <ul>
- * <li> timeout - number in seconds of session inactivity time allowed.
- * <li> beginDate - YYYYMMDD - determines date when role may be activated.
- * <li> endDate - YYMMDD - indicates latest date role may be activated.
- * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
- * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
- * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
- * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
- * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
- * </ul>
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.UserRole} object</li>
- * <h5>UserRole required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>UserRole optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ASGN + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse assignUser(FortRequest request)
- {
- return adminMgrImpl.assignUser(request);
- }
-
- /**
- * This command deletes the assignment of the User from the Role entities. The command is
- * valid if and only if the user is a member of the USERS data set, the role is a member of
- * the ROLES data set, and the user is assigned to the role.
- * Any sessions that currently have this role activated will not be effected.
- * Successful completion includes:
- * User entity in USER data set has role assignment removed.
- * Role entity in ROLE data set has userId removed as role occupant.
- * (optional) Temporal constraints will be removed from user aux object if set prior to call.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.UserRole} object</li>
- * <h5>UserRole required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#userId} - contains the userId for existing User</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DEASGN + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deassignUser(FortRequest request)
- {
- return adminMgrImpl.deassignUser(request);
- }
-
- /**
- * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
- * The perm operation entity may have {@link org.openldap.fortress.rbac.Role} or {@link org.openldap.fortress.rbac.User} associations. The target {@link org.openldap.fortress.rbac.Permission} must not exist prior to calling.
- * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission add</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being added</li>
- * </ul>
- * <h5>Permission optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#type} - any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.PERM_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addPermission(FortRequest request)
- {
- return adminMgrImpl.addPermission(request);
- }
-
- /**
- * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
- * The perm operation entity may also contain {@link org.openldap.fortress.rbac.Role} or {@link org.openldap.fortress.rbac.User} associations to add or remove using this function.
- * The perm operation must exist before making this call. Only non-null attributes will be updated.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission update</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
- * </ul>
- * <h5>Permission optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#type} - any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.PERM_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updatePermission(FortRequest request)
- {
- return adminMgrImpl.updatePermission(request);
- }
-
- /**
- * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
- * The perm operation must exist before making this call.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission removal</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.PERM_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deletePermission(FortRequest request)
- {
- return adminMgrImpl.deletePermission(request);
- }
-
- /**
- * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
- * A {@link org.openldap.fortress.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being added</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
- * </ul>
- * <h5>PermObj optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#description} - any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#type} - contains any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.OBJ_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addPermObj(FortRequest request)
- {
- return adminMgrImpl.addPermObj(request);
- }
-
- /**
- * This method will update permission object in perms container in directory. The perm object must exist before making this call.
- * A {@link org.openldap.fortress.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being updated</li>
- * </ul>
- * <h5>PermObj optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#description} - any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#type} - contains any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.OBJ_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updatePermObj(FortRequest request)
- {
- return adminMgrImpl.updatePermObj(request);
- }
-
- /**
- * This method will remove permission object to perms container in directory. This method will also remove
- * in associated permission objects that are attached to this object.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being removed</li>
- * </ul>
- * </ul>
- * <h5>optional parameters</h5>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.OBJ_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deletePermObj(FortRequest request)
- {
- return adminMgrImpl.deletePermObj(request);
- }
-
- /**
- * This command grants a role the permission to perform an operation on an object to a role.
- * The command is implemented by granting permission by setting the access control list of
- * the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * and the role is a member of the ROLES data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#roleNm} - contains the role name</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_GRANT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse grant(FortRequest request)
- {
- return adminMgrImpl.grant(request, this);
- }
-
- /**
- * This command revokes the permission to perform an operation on an object from the set
- * of permissions assigned to a role. The command is implemented by setting the access control
- * list of the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * the role is a member of the ROLES data set, and the permission is assigned to that role.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#roleNm} - contains the role name</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_REVOKE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse revoke(FortRequest request)
- {
- return adminMgrImpl.revoke(request, this);
- }
-
- /**
- * This command grants a user the permission to perform an operation on an object to a role.
- * The command is implemented by granting permission by setting the access control list of
- * the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * and the user is a member of the USERS data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_GRANT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse grantUser(FortRequest request)
- {
- return adminMgrImpl.grantUser(request, this);
- }
-
- /**
- * This command revokes the permission to perform an operation on an object from the set
- * of permissions assigned to a user. The command is implemented by setting the access control
- * list of the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * the user is a member of the USERS data set, and the permission is assigned to that user.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_REVOKE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse revokeUser(FortRequest request)
- {
- return adminMgrImpl.revokeUser(request, this);
- }
-
- /**
- * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
- * the existing role parentRole.
- * <p>
- * The command is valid if and only if:
- * <ul>
- * <li> The childRole is not a member of the ROLES data set.
- * <li> The parentRole is a member of the ROLES data set.
- * </ul>
- * </p>
- * <p> This method:
- * <ul>
- * <li> Adds new role.
- * <li> Assigns role relationship between new childRole and pre-existing parentRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
- * </ul>
- * <h5>optional parameters {@link org.openldap.fortress.rbac.RoleRelationship#child}</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DESC + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addDescendant(FortRequest request)
- {
- return adminMgrImpl.addDescendant(request);
- }
-
- /**
- * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
- * the existing role childRole.
- * <p>
- * The command is valid if and only if:
- * <ul>
- * <li> The parentRole is not a member of the ROLES data set.
- * <li> The childRole is a member of the ROLES data set.
- * </ul>
- * </p>
- * <p> This method:
- * <ul>
- * <li> Adds new role.
- * <li> Assigns role relationship between new parentRole and pre-existing childRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>childRole - {@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
- * <li>parentRole - {@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
- * </ul>
- * <h5>optional parameters {@link org.openldap.fortress.rbac.RoleRelationship#parent}</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ASC + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addAscendant(FortRequest request)
- {
- return adminMgrImpl.addAscendant(request);
- }
-
- /**
- * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
- * roles parentRole, childRole.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The parentRole and childRole are members of the ROLES data set.
- * <li> The parentRole is not an immediate ascendant of childRole.
- * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ADDINHERIT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addInheritance(FortRequest request)
- {
- return adminMgrImpl.addInheritance(request);
- }
-
- /**
- * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The roles parentRole and childRole are members of the ROLES data set.
- * <li> The parentRole is an immediate ascendant of childRole.
- * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
- * relation resulted after deleting the relationship parentRole <<-- childRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DELINHERIT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteInheritance(FortRequest request)
- {
- return adminMgrImpl.deleteInheritance(request);
- }
-
- /**
- * This command creates a named SSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the SSD set is not already in use.
- * <li> All the roles in the SSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- * <li> The SSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse createSsdSet(FortRequest request)
- {
- return adminMgrImpl.createSsdSet(request);
- }
-
- /**
- * This command updates existing SSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the SSD set exists in directory.
- * <li> All the roles in the SSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- * <li> The SSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateSsdSet(FortRequest request)
- {
- return adminMgrImpl.updateSsdSet(request);
- }
-
-
- /**
- * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
- * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_ADD_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addSsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.addSsdRoleMember(request);
- }
-
- /**
- * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The role to be removed is a member of the SSD role set.
- * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
- * </ul>
- * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_DEL_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteSsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.deleteSsdRoleMember(request);
- }
-
- /**
- * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteSsdSet(FortRequest request)
- {
- return adminMgrImpl.deleteSsdSet(request);
- }
-
- /**
- * This command sets the cardinality associated with a given SSD role set.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
- * <li> The SSD constraint is satisfied after setting the new cardinality.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_CARD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse setSsdSetCardinality(FortRequest request)
- {
- return adminMgrImpl.setSsdSetCardinality(request);
- }
-
- /**
- * This command creates a named DSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the DSD set is not already in use.
- * <li> All the roles in the DSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
- * <li> The DSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse createDsdSet(FortRequest request)
- {
- return adminMgrImpl.createDsdSet(request);
- }
-
- /**
- * This command updates existing DSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the DSD set exists in directory.
- * <li> All the roles in the DSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
- * <li> The DSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateDsdSet(FortRequest request)
- {
- return adminMgrImpl.updateDsdSet(request);
- }
-
- /**
- * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
- * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_ADD_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addDsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.addDsdRoleMember(request);
- }
-
- /**
- * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The role to be removed is a member of the DSD role set.
- * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
- * </ul>
- * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_DEL_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteDsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.deleteDsdRoleMember(request);
- }
-
- /**
- * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteDsdSet(FortRequest request)
- {
- return adminMgrImpl.deleteDsdSet(request);
- }
-
- /**
- * This command sets the cardinality associated with a given DSD role set.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
- * <li> The DSD constraint is satisfied after setting the new cardinality.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_CARD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse setDsdSetCardinality(FortRequest request)
- {
- return adminMgrImpl.setDsdSetCardinality(request);
- }
-
- /**
- * ************************************************************************************************************************************
- * BEGIN REVIEWMGR
- * **************************************************************************************************************************************
- */
-
- /**
- * This method returns a matching permission entity to caller.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.Permission}
- */
- @POST
- @Path("/" + HttpIds.PERM_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readPermission(FortRequest request)
- {
- return reviewMgrImpl.readPermission(request);
- }
-
- /**
- * Method reads permission object from perm container in directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.PermObj} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of existing object being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.PermObj}
- */
- @POST
- @Path("/" + HttpIds.OBJ_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readPermObj(FortRequest request)
- {
- return reviewMgrImpl.readPermObj(request);
- }
-
- /**
- * Method returns a list of type Permission that match the perm object search string.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains one or more characters of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Permission}
- */
- @POST
- @Path("/" + HttpIds.PERM_SEARCH + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse findPermissions(FortRequest request)
- {
- return reviewMgrImpl.findPermissions(request);
- }
-
- /**
- * Method returns a list of type Permission that match the perm object search string.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.PermObj} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains one or more characters of existing object being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.PermObj}
- */
- @POST
- @Path("/" + HttpIds.OBJ_SEARCH + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse findPermObjs(FortRequest request)
- {
- return reviewMgrImpl.findPermObjs(request);
- }
-
- /**
- * Method reads Role entity from the role container in directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Role} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to read.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.Role}
- */
- @POST
- @Path("/" + HttpIds.ROLE_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readRole(FortRequest request)
- {
- return reviewMgrImpl.readRole(request);
- }
-
- /**
- * Method will return a list of type Role matching all or part of {@link org.openldap.fortress.rbac.Role#name}.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains all or some of the chars corresponding to role entities stored in directory.</li>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Role}
- */
- @POST
- @Path("/" + HttpIds.ROLE_SEARCH + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse findRoles(FortRequest request)
- {
- return reviewMgrImpl.findRoles(request);
- }
-
- /**
- * Method returns matching User entity that is contained within the people container in the directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains the userId associated with the User object targeted for read.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.User}
- */
- @POST
- @Path("/" + HttpIds.USER_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readUser(FortRequest request)
- {
- return reviewMgrImpl.readUserM(request);
- }
-
- /**
- * Return a list of type User of all users in the people container that match all or part of the {@link org.openldap.fortress.rbac.User#userId} or {@link org.openldap.fortress.rbac.User#ou} fields passed in User entity.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li
<TRUNCATED>
[08/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
new file mode 100644
index 0000000..336e921
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
@@ -0,0 +1,4375 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.directory.fortress.core.rest.HttpIds;
+import org.springframework.stereotype.Service;
+
+/**
+ * Implementation for EnMasse Service methods forwards to delegate. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+@Service("fortressService")
+public class FortressServiceImpl implements FortressService
+{
+ // Instantiate the implementation classes where the actual work is done:
+ private final ReviewMgrImpl reviewMgrImpl = new ReviewMgrImpl();
+ private final AdminMgrImpl adminMgrImpl = new AdminMgrImpl();
+ private final PswdPolicyMgrImpl pswdPolicyMgrImpl = new PswdPolicyMgrImpl();
+ private final DelegatedAccessMgrImpl delegatedAccessMgrImpl = new DelegatedAccessMgrImpl();
+ private final DelegatedReviewMgrImpl delegatedReviewMgrImpl = new DelegatedReviewMgrImpl();
+ private final DelegatedAdminMgrImpl delegatedAdminMgrImpl = new DelegatedAdminMgrImpl();
+ private final AccessMgrImpl accessMgrImpl = new AccessMgrImpl();
+ private final AuditMgrImpl auditMgrImpl = new AuditMgrImpl();
+ private final ConfigMgrImpl configMgrImpl = new ConfigMgrImpl();
+
+ // These are the allowed roles for the Fortress Rest services:
+ private static final String SUPER_USER = "fortress-rest-super-user";
+ private static final String ACCESS_MGR_USER = "fortress-rest-access-user";
+ private static final String ADMIN_MGR_USER = "fortress-rest-admin-user";
+ private static final String REVIEW_MGR_USER = "fortress-rest-review-user";
+ private static final String DELEGATED_ACCESS_MGR_USER = "fortress-rest-delaccess-user";
+ private static final String DELEGATED_ADMIN_MGR_USER = "fortress-rest-deladmin-user";
+ private static final String DELEGATED_REVIEW_MGR_USER = "fortress-rest-delreview-user";
+ private static final String PASSWORD_MGR_USER = "fortress-rest-pwmgr-user";
+ private static final String AUDIT_MGR_USER = "fortress-rest-audit-user";
+ private static final String CONFIG_MGR_USER = "fortress-rest-config-user";
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN ADMINMGR
+ * **************************************************************************************************************************************
+ */
+
+ /**
+ * This command creates a new RBAC user. The command is valid only if the new user is
+ * not already a member of the USERS data set. The USER data set is updated. The new user
+ * does not own any session at the time of its creation.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+ * </ul>
+ * <h5>User optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addUser(FortRequest request)
+ {
+ return adminMgrImpl.addUser(request);
+ }
+
+ /**
+ * This command deletes an existing user from the RBAC database. The command is valid
+ * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+ * UA data sets and the assigned_users function are updated.
+ * This method performs a "hard" delete. It completely removes all data associated with this user from the directory.
+ * User entity must exist in directory prior to making this call else exception will be thrown.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteUser(FortRequest request)
+ {
+ return adminMgrImpl.deleteUser(request);
+ }
+
+ /**
+ * This command deletes an existing user from the RBAC database. The command is valid
+ * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+ * UA data sets and the assigned_users function are updated.
+ * Method performs a "soft" delete. It performs the following:
+ * - sets the user status to "deleted"
+ * - deassigns all roles from the user
+ * - locks the user's password in LDAP
+ * - revokes all perms that have been granted to user entity.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_DISABLE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse disableUser(FortRequest request)
+ {
+ return adminMgrImpl.disableUser(request);
+ }
+
+ /**
+ * This method performs an update on User entity in directory. Prior to making this call the entity must exist in
+ * directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * <h5>User optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateUser(FortRequest request)
+ {
+ return adminMgrImpl.updateUser(request);
+ }
+
+ /**
+ * Method will change user's password. This method will evaluate user's password policies.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - contains the User's old password</li>
+ * <li>newPassword - contains the User's new password</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_CHGPW + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse changePassword(FortRequest request)
+ {
+ return adminMgrImpl.changePassword(request);
+ }
+
+ /**
+ * Method will lock user's password which will prevent the user from authenticating with directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_LOCK + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse lockUserAccount(FortRequest request)
+ {
+ return adminMgrImpl.lockUserAccount(request);
+ }
+
+ /**
+ * Method will unlock user's password which will enable user to authenticate with directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_UNLOCK + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse unlockUserAccount(FortRequest request)
+ {
+ return adminMgrImpl.unlockUserAccount(request);
+ }
+
+ /**
+ * Method will reset user's password which will require user to change password before successful authentication with directory.
+ * This method will not evaluate password policies on the new user password as it must be changed before use.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>newPassword - contains the User's new password</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_RESET + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse resetPassword(FortRequest request)
+ {
+ return adminMgrImpl.resetPassword(request);
+ }
+
+ /**
+ * This command creates a new role. The command is valid if and only if the new role is not
+ * already a member of the ROLES data set. The ROLES data set is updated.
+ * Initially, no user or permission is assigned to the new role.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be created.</li>
+ * </ul>
+ * </ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addRole(FortRequest request)
+ {
+ return adminMgrImpl.addRole(request);
+ }
+
+ /**
+ * This command deletes an existing role from the RBAC database. The command is valid
+ * if and only if the role to be deleted is a member of the ROLES data set. This command will
+ * also deassign role from all users.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
+ * </ul>
+ * <ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteRole(FortRequest request)
+ {
+ return adminMgrImpl.deleteRole(request);
+ }
+
+ /**
+ * Method will update a Role entity in the directory. The role must exist in role container prior to this call. *
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
+ * </ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateRole(FortRequest request)
+ {
+ return adminMgrImpl.updateRole(request);
+ }
+
+ /**
+ * This command assigns a user to a role.
+ * <p>
+ * <ul>
+ * <li> The command is valid if and only if:
+ * <li> The user is a member of the USERS data set
+ * <li> The role is a member of the ROLES data set
+ * <li> The user is not already assigned to the role
+ * <li> The SSD constraints are satisfied after assignment.
+ * </ul>
+ * </p>
+ * <p>
+ * Successful completion of this op, the following occurs:
+ * </p>
+ * <ul>
+ * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
+ * <li> Role entity (resides in role container) has userId added as role occupant.
+ * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
+ * <ul>
+ * <li> timeout - number in seconds of session inactivity time allowed.
+ * <li> beginDate - YYYYMMDD - determines date when role may be activated.
+ * <li> endDate - YYMMDD - indicates latest date role may be activated.
+ * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
+ * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
+ * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
+ * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
+ * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
+ * </ul>
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+ * <h5>UserRole required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>UserRole optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ASGN + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse assignUser(FortRequest request)
+ {
+ return adminMgrImpl.assignUser(request);
+ }
+
+ /**
+ * This command deletes the assignment of the User from the Role entities. The command is
+ * valid if and only if the user is a member of the USERS data set, the role is a member of
+ * the ROLES data set, and the user is assigned to the role.
+ * Any sessions that currently have this role activated will not be effected.
+ * Successful completion includes:
+ * User entity in USER data set has role assignment removed.
+ * Role entity in ROLE data set has userId removed as role occupant.
+ * (optional) Temporal constraints will be removed from user aux object if set prior to call.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+ * <h5>UserRole required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DEASGN + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deassignUser(FortRequest request)
+ {
+ return adminMgrImpl.deassignUser(request);
+ }
+
+ /**
+ * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+ * The perm operation entity may have {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations. The target {@link org.apache.directory.fortress.core.rbac.Permission} must not exist prior to calling.
+ * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission add</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being added</li>
+ * </ul>
+ * <h5>Permission optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addPermission(FortRequest request)
+ {
+ return adminMgrImpl.addPermission(request);
+ }
+
+ /**
+ * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+ * The perm operation entity may also contain {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations to add or remove using this function.
+ * The perm operation must exist before making this call. Only non-null attributes will be updated.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
+ * </ul>
+ * <h5>Permission optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updatePermission(FortRequest request)
+ {
+ return adminMgrImpl.updatePermission(request);
+ }
+
+ /**
+ * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
+ * The perm operation must exist before making this call.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission removal</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deletePermission(FortRequest request)
+ {
+ return adminMgrImpl.deletePermission(request);
+ }
+
+ /**
+ * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
+ * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being added</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+ * </ul>
+ * <h5>PermObj optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addPermObj(FortRequest request)
+ {
+ return adminMgrImpl.addPermObj(request);
+ }
+
+ /**
+ * This method will update permission object in perms container in directory. The perm object must exist before making this call.
+ * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being updated</li>
+ * </ul>
+ * <h5>PermObj optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updatePermObj(FortRequest request)
+ {
+ return adminMgrImpl.updatePermObj(request);
+ }
+
+ /**
+ * This method will remove permission object to perms container in directory. This method will also remove
+ * in associated permission objects that are attached to this object.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being removed</li>
+ * </ul>
+ * </ul>
+ * <h5>optional parameters</h5>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deletePermObj(FortRequest request)
+ {
+ return adminMgrImpl.deletePermObj(request);
+ }
+
+ /**
+ * This command grants a role the permission to perform an operation on an object to a role.
+ * The command is implemented by granting permission by setting the access control list of
+ * the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * and the role is a member of the ROLES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_GRANT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse grant(FortRequest request)
+ {
+ return adminMgrImpl.grant(request, this);
+ }
+
+ /**
+ * This command revokes the permission to perform an operation on an object from the set
+ * of permissions assigned to a role. The command is implemented by setting the access control
+ * list of the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * the role is a member of the ROLES data set, and the permission is assigned to that role.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_REVOKE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse revoke(FortRequest request)
+ {
+ return adminMgrImpl.revoke(request, this);
+ }
+
+ /**
+ * This command grants a user the permission to perform an operation on an object to a role.
+ * The command is implemented by granting permission by setting the access control list of
+ * the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * and the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_GRANT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse grantUser(FortRequest request)
+ {
+ return adminMgrImpl.grantUser(request, this);
+ }
+
+ /**
+ * This command revokes the permission to perform an operation on an object from the set
+ * of permissions assigned to a user. The command is implemented by setting the access control
+ * list of the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * the user is a member of the USERS data set, and the permission is assigned to that user.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.USER_REVOKE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse revokeUser(FortRequest request)
+ {
+ return adminMgrImpl.revokeUser(request, this);
+ }
+
+ /**
+ * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
+ * the existing role parentRole.
+ * <p>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The childRole is not a member of the ROLES data set.
+ * <li> The parentRole is a member of the ROLES data set.
+ * </ul>
+ * </p>
+ * <p> This method:
+ * <ul>
+ * <li> Adds new role.
+ * <li> Assigns role relationship between new childRole and pre-existing parentRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
+ * </ul>
+ * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#child}</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DESC + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addDescendant(FortRequest request)
+ {
+ return adminMgrImpl.addDescendant(request);
+ }
+
+ /**
+ * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
+ * the existing role childRole.
+ * <p>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The parentRole is not a member of the ROLES data set.
+ * <li> The childRole is a member of the ROLES data set.
+ * </ul>
+ * </p>
+ * <p> This method:
+ * <ul>
+ * <li> Adds new role.
+ * <li> Assigns role relationship between new parentRole and pre-existing childRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>childRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
+ * <li>parentRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
+ * </ul>
+ * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#parent}</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ASC + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addAscendant(FortRequest request)
+ {
+ return adminMgrImpl.addAscendant(request);
+ }
+
+ /**
+ * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
+ * roles parentRole, childRole.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The parentRole and childRole are members of the ROLES data set.
+ * <li> The parentRole is not an immediate ascendant of childRole.
+ * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_ADDINHERIT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addInheritance(FortRequest request)
+ {
+ return adminMgrImpl.addInheritance(request);
+ }
+
+ /**
+ * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The roles parentRole and childRole are members of the ROLES data set.
+ * <li> The parentRole is an immediate ascendant of childRole.
+ * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
+ * relation resulted after deleting the relationship parentRole <<-- childRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ @POST
+ @Path("/" + HttpIds.ROLE_DELINHERIT + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteInheritance(FortRequest request)
+ {
+ return adminMgrImpl.deleteInheritance(request);
+ }
+
+ /**
+ * This command creates a named SSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the SSD set is not already in use.
+ * <li> All the roles in the SSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+ * <li> The SSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse createSsdSet(FortRequest request)
+ {
+ return adminMgrImpl.createSsdSet(request);
+ }
+
+ /**
+ * This command updates existing SSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the SSD set exists in directory.
+ * <li> All the roles in the SSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+ * <li> The SSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateSsdSet(FortRequest request)
+ {
+ return adminMgrImpl.updateSsdSet(request);
+ }
+
+
+ /**
+ * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
+ * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_ADD_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addSsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.addSsdRoleMember(request);
+ }
+
+ /**
+ * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The role to be removed is a member of the SSD role set.
+ * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
+ * </ul>
+ * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_DEL_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteSsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.deleteSsdRoleMember(request);
+ }
+
+ /**
+ * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteSsdSet(FortRequest request)
+ {
+ return adminMgrImpl.deleteSsdSet(request);
+ }
+
+ /**
+ * This command sets the cardinality associated with a given SSD role set.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
+ * <li> The SSD constraint is satisfied after setting the new cardinality.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.SSD_CARD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse setSsdSetCardinality(FortRequest request)
+ {
+ return adminMgrImpl.setSsdSetCardinality(request);
+ }
+
+ /**
+ * This command creates a named DSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the DSD set is not already in use.
+ * <li> All the roles in the DSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+ * <li> The DSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_ADD + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse createDsdSet(FortRequest request)
+ {
+ return adminMgrImpl.createDsdSet(request);
+ }
+
+ /**
+ * This command updates existing DSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the DSD set exists in directory.
+ * <li> All the roles in the DSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+ * <li> The DSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse updateDsdSet(FortRequest request)
+ {
+ return adminMgrImpl.updateDsdSet(request);
+ }
+
+ /**
+ * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
+ * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_ADD_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse addDsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.addDsdRoleMember(request);
+ }
+
+ /**
+ * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The role to be removed is a member of the DSD role set.
+ * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
+ * </ul>
+ * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_DEL_MEMBER + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteDsdRoleMember(FortRequest request)
+ {
+ return adminMgrImpl.deleteDsdRoleMember(request);
+ }
+
+ /**
+ * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_DELETE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse deleteDsdSet(FortRequest request)
+ {
+ return adminMgrImpl.deleteDsdSet(request);
+ }
+
+ /**
+ * This command sets the cardinality associated with a given DSD role set.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
+ * <li> The DSD constraint is satisfied after setting the new cardinality.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ @POST
+ @Path("/" + HttpIds.DSD_CARD_UPDATE + "/")
+ @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+ @Override
+ public FortResponse setDsdSetCardinality(FortRequest request)
+ {
+ return adminMgrImpl.setDsdSetCardinality(request);
+ }
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN REVIEWMGR
+ * **************************************************************************************************************************************
+ */
+
+ /**
+ * This method returns a matching permission entity to caller.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_READ + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse readPermission(FortRequest request)
+ {
+ return reviewMgrImpl.readPermission(request);
+ }
+
+ /**
+ * Method reads permission object from perm container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of existing object being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_READ + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse readPermObj(FortRequest request)
+ {
+ return reviewMgrImpl.readPermObj(request);
+ }
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains one or more characters of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Permission}
+ */
+ @POST
+ @Path("/" + HttpIds.PERM_SEARCH + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse findPermissions(FortRequest request)
+ {
+ return reviewMgrImpl.findPermissions(request);
+ }
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains one or more characters of existing object being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.PermObj}
+ */
+ @POST
+ @Path("/" + HttpIds.OBJ_SEARCH + "/")
+ @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+ @Override
+ public FortResponse findPermObjs(FortRequest request)
+ {
+ return reviewMgrImpl.findPermObjs(request);
+ }
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required p
<TRUNCATED>
[10/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/AuditMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/AuditMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/AuditMgrImpl.java
new file mode 100644
index 0000000..2baba96
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/AuditMgrImpl.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.AuditMgr;
+import org.apache.directory.fortress.core.AuditMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.AuthZ;
+import org.apache.directory.fortress.core.rbac.Bind;
+import org.apache.directory.fortress.core.rbac.Mod;
+import org.apache.directory.fortress.core.rbac.UserAudit;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+import java.util.List;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class AuditMgrImpl
+{
+ private static final String CLS_NM = AuditMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN AUDIT
+ * **************************************************************************************************************************************
+ */
+
+ FortResponse searchBinds(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAudit inAudit = (UserAudit) request.getEntity();
+ AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
+ auditMgr.setAdmin(request.getSession());
+ List<Bind> outAudit = auditMgr.searchBinds(inAudit);
+ response.setEntities(outAudit);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse getUserAuthZs(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAudit inAudit = (UserAudit)request.getEntity();
+ AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
+ auditMgr.setAdmin(request.getSession());
+ List<AuthZ> outAudit = auditMgr.getUserAuthZs(inAudit);
+ response.setEntities(outAudit);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse searchAuthZs(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAudit inAudit = (UserAudit)request.getEntity();
+ AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
+ auditMgr.setAdmin(request.getSession());
+ List<AuthZ> outAudit = auditMgr.searchAuthZs(inAudit);
+ response.setEntities(outAudit);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse searchUserSessions(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAudit inAudit = (UserAudit)request.getEntity();
+ AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
+ auditMgr.setAdmin(request.getSession());
+ List<Mod> outAudit = auditMgr.searchUserSessions(inAudit);
+ response.setEntities(outAudit);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse searchAdminMods(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAudit inAudit = (UserAudit)request.getEntity();
+ AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
+ auditMgr.setAdmin(request.getSession());
+ List<Mod> outAudit = auditMgr.searchAdminMods(inAudit);
+ response.setEntities(outAudit);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse searchInvalidUsers(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAudit inAudit = (UserAudit)request.getEntity();
+ AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
+ auditMgr.setAdmin(request.getSession());
+ List<AuthZ> outAudit = auditMgr.searchInvalidUsers(inAudit);
+ response.setEntities(outAudit);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/ConfigMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/ConfigMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/ConfigMgrImpl.java
new file mode 100644
index 0000000..ccc0e4f
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/ConfigMgrImpl.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.cfg.ConfigMgr;
+import org.apache.directory.fortress.core.cfg.ConfigMgrFactory;
+import org.apache.directory.fortress.core.rbac.Props;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.directory.fortress.core.rest.RestUtils;
+import org.apache.log4j.Logger;
+
+import java.util.Properties;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class ConfigMgrImpl
+{
+ private static final String CLS_NM = ConfigMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ *
+ * @param request
+ * @return
+ */
+ FortResponse addConfig(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ConfigMgr configMgr = ConfigMgrFactory.createInstance();
+ Properties inProperties = RestUtils.getProperties((Props)request.getEntity());
+ Properties outProperties = configMgr.add(request.getValue(), inProperties);
+ Props retProps = RestUtils.getProps(outProperties);
+ if (retProps != null)
+ {
+ response.setEntity(retProps);
+ response.setErrorCode(0);
+ }
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ /**
+ *
+ * @param request
+ * @return
+ */
+ FortResponse updateConfig(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ConfigMgr configMgr = ConfigMgrFactory.createInstance();
+ Properties inProperties = RestUtils.getProperties((Props)request.getEntity());
+ Properties outProperties = configMgr.update(request.getValue(), inProperties);
+ Props retProps = RestUtils.getProps(outProperties);
+ if (retProps != null)
+ {
+ response.setEntity(retProps);
+ response.setErrorCode(0);
+ }
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ /**
+ *
+ * @param request
+ * @return
+ */
+ FortResponse deleteConfig(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ConfigMgr configMgr = ConfigMgrFactory.createInstance();
+ if(request.getEntity() == null)
+ {
+ configMgr.delete(request.getValue());
+ }
+ else
+ {
+ Properties inProperties = RestUtils.getProperties((Props)request.getEntity());
+ configMgr.delete(request.getValue(), inProperties);
+
+ }
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ /**
+ *
+ * @param request
+ * @return
+ */
+ FortResponse readConfig(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ConfigMgr configMgr = ConfigMgrFactory.createInstance();
+ Properties properties = configMgr.read(request.getValue());
+ Props props = RestUtils.getProps(properties);
+ if (properties != null)
+ {
+ response.setEntity(props);
+ response.setErrorCode(0);
+ }
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/DelegatedAccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/DelegatedAccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/DelegatedAccessMgrImpl.java
new file mode 100644
index 0000000..e8d01db
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/DelegatedAccessMgrImpl.java
@@ -0,0 +1,269 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.DelAccessMgr;
+import org.apache.directory.fortress.core.DelAccessMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.RolePerm;
+import org.apache.directory.fortress.core.rbac.UserAdminRole;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.UserRole;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class DelegatedAccessMgrImpl
+{
+ private static final String CLS_NM = DelegatedAccessMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN DELEGATEDACCESSMGR
+ * **************************************************************************************************************************************
+ */
+
+ FortResponse canAssign(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserRole uRole = (UserRole) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ boolean result = accessMgr.canAssign(session, new User(uRole.getUserId()), new Role(uRole.getName()));
+ response.setSession(session);
+ response.setAuthorized(result);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse canDeassign(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserRole uRole = (UserRole) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ boolean result = accessMgr.canDeassign(session, new User(uRole.getUserId()), new Role(uRole.getName()));
+ response.setSession(session);
+ response.setAuthorized(result);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse canGrant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ RolePerm context = (RolePerm) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ boolean result = accessMgr.canGrant(session, new Role(context.getRole().getName()), context.getPerm());
+ response.setSession(session);
+ response.setAuthorized(result);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse canRevoke(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ RolePerm context = (RolePerm) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ boolean result = accessMgr.canRevoke(session, new Role(context.getRole().getName()), context.getPerm());
+ response.setSession(session);
+ response.setAuthorized(result);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ public FortResponse checkAdminAccess(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ Permission perm = (Permission) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ perm.setAdmin(true);
+ boolean result = accessMgr.checkAccess(session, perm);
+ response.setSession(session);
+ response.setAuthorized(result);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addActiveAdminRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAdminRole uAdminRole = (UserAdminRole) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ accessMgr.addActiveRole(session, uAdminRole);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse dropActiveAdminRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAdminRole uAdminRole = (UserAdminRole) request.getEntity();
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ accessMgr.dropActiveRole(session, uAdminRole);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse sessionAdminRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ Session session = request.getSession();
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ List<UserAdminRole> roles = accessMgr.sessionAdminRoles(session);
+ response.setEntities(roles);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse sessionAdminPermissions(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ List<Permission> perms = accessMgr.sessionPermissions(session);
+ response.setSession(session);
+ response.setEntities(perms);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse authorizedSessionRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ Set<String> roles = accessMgr.authorizedAdminRoles(session);
+ response.setValueSet(roles);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/DelegatedAdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/DelegatedAdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/DelegatedAdminMgrImpl.java
new file mode 100644
index 0000000..46e9674
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/DelegatedAdminMgrImpl.java
@@ -0,0 +1,386 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.DelAdminMgr;
+import org.apache.directory.fortress.core.DelAdminMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.AdminRole;
+import org.apache.directory.fortress.core.rbac.AdminRoleRelationship;
+import org.apache.directory.fortress.core.rbac.OrgUnit;
+import org.apache.directory.fortress.core.rbac.OrgUnitRelationship;
+import org.apache.directory.fortress.core.rbac.UserAdminRole;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class DelegatedAdminMgrImpl
+{
+ private static final String CLS_NM = DelegatedAdminMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN DELEGATEDADMINMGR
+ * **************************************************************************************************************************************
+ */
+
+ FortResponse addAdminRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRole inRole = (AdminRole) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ AdminRole retRole = delegatedAdminMgr.addRole(inRole);
+ response.setEntity(retRole);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se + " warnId=" + se.getErrorId());
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteAdminRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRole inRole = (AdminRole) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.deleteRole(inRole);
+ response.setEntity(inRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateAdminRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRole inRole = (AdminRole) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ AdminRole retRole = delegatedAdminMgr.updateRole(inRole);
+ response.setEntity(retRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se + " errorId=" + se.getErrorId());
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse assignAdminUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAdminRole inRole = (UserAdminRole) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.assignUser(inRole);
+ response.setEntity(inRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deassignAdminUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ UserAdminRole inRole = (UserAdminRole) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.deassignUser(inRole);
+ response.setEntity(inRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addAdminDescendant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.addDescendant(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addAdminAscendant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.addAscendant(relationship.getChild(), relationship.getParent());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addAdminInheritance(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.addInheritance(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteAdminInheritance(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.deleteInheritance(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addOrg(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnit inOrg = (OrgUnit) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ OrgUnit retOrg = delegatedAdminMgr.add(inOrg);
+ response.setEntity(retOrg);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateOrg(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnit inOrg = (OrgUnit) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ OrgUnit retOrg = delegatedAdminMgr.update(inOrg);
+ response.setEntity(retOrg);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteOrg(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnit inOrg = (OrgUnit) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ OrgUnit retOrg = delegatedAdminMgr.delete(inOrg);
+ response.setEntity(retOrg);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addOrgDescendant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.addDescendant(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addOrgAscendant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.addAscendant(relationship.getChild(), relationship.getParent());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addOrgInheritance(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.addInheritance(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteOrgInheritance(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ delegatedAdminMgr.deleteInheritance(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/DelegatedReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/DelegatedReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/DelegatedReviewMgrImpl.java
new file mode 100644
index 0000000..44d32d2
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/DelegatedReviewMgrImpl.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.DelReviewMgr;
+import org.apache.directory.fortress.core.DelReviewMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.AdminRole;
+import org.apache.directory.fortress.core.rbac.OrgUnit;
+import org.apache.directory.fortress.core.rbac.UserAdminRole;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+import java.util.List;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class DelegatedReviewMgrImpl
+{
+ private static final String CLS_NM = DelegatedReviewMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN DELEGATEDREVIEWMGR
+ * **************************************************************************************************************************************
+ */
+
+ FortResponse readAdminRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRole inRole = (AdminRole) request.getEntity();
+ DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
+ AdminRole outRole = delegatedReviewMgr.readRole(inRole);
+ response.setEntity(outRole);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse findAdminRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ String searchVal = request.getValue();
+ DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
+ delegatedReviewMgr.setAdmin(request.getSession());
+ List<AdminRole> outRoles = delegatedReviewMgr.findRoles(searchVal);
+ response.setEntities(outRoles);
+ response.setErrorCode(0);
+
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse assignedAdminRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ User inUser = (User)request.getEntity();
+ DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
+ delegatedReviewMgr.setAdmin(request.getSession());
+ List<UserAdminRole> uRoles = delegatedReviewMgr.assignedRoles(inUser);
+ response.setEntities(uRoles);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse assignedAdminUsers(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminRole inRole = (AdminRole) request.getEntity();
+ DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
+ delegatedReviewMgr.setAdmin(request.getSession());
+ List<User> users = delegatedReviewMgr.assignedUsers(inRole);
+ response.setEntities(users);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse readOrg(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnit inOrg = (OrgUnit) request.getEntity();
+ DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
+ delegatedReviewMgr.setAdmin(request.getSession());
+ OrgUnit returnOrg = delegatedReviewMgr.read(inOrg);
+ response.setEntity(returnOrg);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse searchOrg(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ OrgUnit inOrg = (OrgUnit) request.getEntity();
+ DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
+ delegatedReviewMgr.setAdmin(request.getSession());
+ List<OrgUnit> orgs = delegatedReviewMgr.search(inOrg.getType(), inOrg.getName());
+ response.setEntities(orgs);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/FortressInterceptor.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressInterceptor.java b/src/main/java/org/apache/directory/fortress/rest/FortressInterceptor.java
new file mode 100644
index 0000000..072065f
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressInterceptor.java
@@ -0,0 +1,192 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.util.ClassHelper;
+import org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor;
+
+
+/**
+ * Security Utility for EnMasse Server.
+ *
+ * @author Shawn McKinney
+ */
+public class FortressInterceptor extends SimpleAuthorizingInterceptor
+{
+ private static final String CLS_NM = FortressInterceptor.class.getName();
+ private static final org.apache.log4j.Logger log = org.apache.log4j.Logger.getLogger(CLS_NM);
+
+ private static final String DEFAULT_ANNOTATION_CLASS_NAME = "javax.annotation.security.RolesAllowed";
+ private static final Set<String> SKIP_METHODS;
+
+ static
+ {
+ SKIP_METHODS = new HashSet<String>();
+ SKIP_METHODS.addAll(Arrays.asList(
+ new String[]{"wait", "notify", "notifyAll",
+ "equals", "toString", "hashCode"}));
+ }
+
+ private String annotationClassName = DEFAULT_ANNOTATION_CLASS_NAME;
+
+ /**
+ *
+ * @param name
+ */
+ public void setAnnotationClassName(String name)
+ {
+ try
+ {
+ log.info(CLS_NM + ".setAnnotationClassName:" + name);
+ ClassLoaderUtils.loadClass(name, FortressInterceptor.class);
+ annotationClassName = name;
+ }
+ catch (ClassNotFoundException ex)
+ {
+ String warning = CLS_NM + ".setAnnotationClassName caught ClassNotFoundException-" + ex;
+ log.info((warning));
+ }
+ }
+
+ /**
+ *
+ * @param object
+ */
+ public void setSecuredObject(Object object)
+ {
+ log.info(CLS_NM + ".setSecuredObject:" + object);
+ Class<?> cls = ClassHelper.getRealClass(object);
+ Map<String, String> rolesMap = new HashMap<String, String>();
+ findRoles(cls, rolesMap);
+ if (rolesMap.isEmpty())
+ {
+ log.info(CLS_NM + ".setSecuredObject The roles map is empty, the service object is not protected");
+ }
+ else if (log.isDebugEnabled())
+ {
+ for (Map.Entry<String, String> entry : rolesMap.entrySet())
+ {
+ log.debug(CLS_NM + ".setSecuredObject Method: " + entry.getKey() + ", roles: " + entry.getValue());
+ }
+ }
+ super.setMethodRolesMap(rolesMap);
+ }
+
+ /**
+ *
+ * @param cls
+ * @param rolesMap
+ */
+ protected void findRoles(Class<?> cls, Map<String, String> rolesMap)
+ {
+ log.info(CLS_NM + ".findRoles:" + rolesMap);
+ if (cls == null || cls == Object.class)
+ {
+ return;
+ }
+ String classRolesAllowed = getRoles(cls.getAnnotations(), annotationClassName);
+ for (Method m : cls.getMethods())
+ {
+ if (SKIP_METHODS.contains(m.getName()))
+ {
+ continue;
+ }
+ String methodRolesAllowed = getRoles(m.getAnnotations(), annotationClassName);
+ String theRoles = methodRolesAllowed != null ? methodRolesAllowed : classRolesAllowed;
+ if (theRoles != null)
+ {
+ rolesMap.put(m.getName(), theRoles);
+ }
+ }
+ if (!rolesMap.isEmpty())
+ {
+ return;
+ }
+
+ findRoles(cls.getSuperclass(), rolesMap);
+
+ if (!rolesMap.isEmpty())
+ {
+ return;
+ }
+
+ for (Class<?> interfaceCls : cls.getInterfaces())
+ {
+ findRoles(interfaceCls, rolesMap);
+ }
+ }
+
+ /**
+ *
+ * @param anns
+ * @param annName
+ * @return String roles
+ */
+ private String getRoles(Annotation[] anns, String annName)
+ {
+ log.debug(CLS_NM + ".getRoles:" + annName);
+ for (Annotation ann : anns)
+ {
+ if (ann.annotationType().getName().equals(annName))
+ {
+ try
+ {
+ Method valueMethod = ann.annotationType().getMethod("value", new Class[]{});
+ String[] roles = (String[]) valueMethod.invoke(ann, new Object[]{});
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < roles.length; i++)
+ {
+ sb.append(roles[i]);
+ if (i + 1 < roles.length)
+ {
+ sb.append(" ");
+ }
+ }
+ return sb.toString();
+ }
+ catch (java.lang.NoSuchMethodException ex)
+ {
+ log.info(CLS_NM + ".getRoles annName=" + annName + ", caught NoSuchMethodException=" + ex);
+ }
+ catch (java.lang.IllegalAccessException ex)
+ {
+ log.info(CLS_NM + ".getRoles annName=" + annName + ", caught IllegalAccessException=" + ex);
+ }
+ catch (InvocationTargetException ex)
+ {
+ log.info(CLS_NM + ".getRoles annName=" + annName + ", caught InvocationTargetException=" + ex);
+ }
+ break;
+ }
+ }
+ return null;
+ }
+}
+
[07/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/PswdPolicyMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/PswdPolicyMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/PswdPolicyMgrImpl.java
new file mode 100644
index 0000000..080fa2c
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/PswdPolicyMgrImpl.java
@@ -0,0 +1,192 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.PwPolicyMgr;
+import org.apache.directory.fortress.core.PwPolicyMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.PwPolicy;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+import java.util.List;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class PswdPolicyMgrImpl
+{
+ private static final String CLS_NM = PswdPolicyMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN PSWDPOLICYMGR
+ * **************************************************************************************************************************************
+ */
+ FortResponse addPolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PwPolicy inPolicy = (PwPolicy) request.getEntity();
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ policyMgr.add(inPolicy);
+ response.setEntity(inPolicy);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updatePolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PwPolicy inPolicy = (PwPolicy) request.getEntity();
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ policyMgr.update(inPolicy);
+ response.setEntity(inPolicy);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deletePolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PwPolicy inPolicy = (PwPolicy) request.getEntity();
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ policyMgr.delete(inPolicy);
+ response.setEntity(inPolicy);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse readPolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ PwPolicy outPolicy;
+ try
+ {
+ PwPolicy inPolicy = (PwPolicy) request.getEntity();
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ outPolicy = policyMgr.read(inPolicy.getName());
+ response.setEntity(outPolicy);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse searchPolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ List<PwPolicy> policyList;
+ try
+ {
+ PwPolicy inPolicy = (PwPolicy) request.getEntity();
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ policyList = policyMgr.search(inPolicy.getName());
+ response.setEntities(policyList);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateUserPolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PwPolicy inPolicy = (PwPolicy) request.getEntity();
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ String userId = request.getValue();
+ policyMgr.updateUserPolicy(userId, inPolicy.getName());
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteUserPolicy(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
+ policyMgr.setAdmin(request.getSession());
+ String userId = request.getValue();
+ policyMgr.deletePasswordPolicy(userId);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/ReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/ReviewMgrImpl.java
new file mode 100644
index 0000000..8e53b9a
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/ReviewMgrImpl.java
@@ -0,0 +1,679 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.ReviewMgr;
+import org.apache.directory.fortress.core.ReviewMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.OrgUnit;
+import org.apache.directory.fortress.core.rbac.PermObj;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.rbac.SDSet;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.UserRole;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+import org.apache.log4j.Logger;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class ReviewMgrImpl
+{
+ private static final String CLS_NM = ReviewMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ FortResponse readPermission(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ Permission inPerm = (Permission) request.getEntity();
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Permission retPerm = reviewMgr.readPermission(inPerm);
+ response.setEntity(retPerm);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse readPermObj(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PermObj inObj = (PermObj) request.getEntity();
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ PermObj retObj = reviewMgr.readPermObj(inObj);
+ response.setEntity(retObj);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse findPermissions(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Permission inPerm = (Permission) request.getEntity();
+ List<Permission> perms = reviewMgr.findPermissions(inPerm);
+ response.setEntities(perms);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse findPermObjs(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ PermObj inObj = (PermObj) request.getEntity();
+ List<PermObj> objs = null;
+ if (VUtil.isNotNullOrEmpty(inObj.getOu()))
+ {
+ objs = reviewMgr.findPermObjs(new OrgUnit(inObj.getOu(), OrgUnit.Type.PERM));
+ }
+ else
+ {
+ objs = reviewMgr.findPermObjs(inObj);
+ }
+ response.setEntities(objs);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse readRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ Role outRole = reviewMgr.readRole(inRole);
+ response.setEntity(outRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse findRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ String searchValue = request.getValue();
+ if (request.getLimit() != null)
+ {
+ List<String> retRoles = reviewMgr.findRoles(searchValue, request.getLimit());
+ response.setValues(retRoles);
+ }
+ else
+ {
+ List<Role> roles = reviewMgr.findRoles(searchValue);
+ response.setEntities(roles);
+ }
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse readUserM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ User outUser = reviewMgr.readUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse findUsersM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ if (request.getLimit() != null)
+ {
+ List<String> retUsers = reviewMgr.findUsers(inUser, request.getLimit());
+ response.setValues(retUsers);
+ }
+ else
+ {
+ List<User> retUsers;
+ if (VUtil.isNotNullOrEmpty(inUser.getOu()))
+ {
+ retUsers = reviewMgr.findUsers(new OrgUnit(inUser.getOu(), OrgUnit.Type.USER));
+ }
+ else
+ {
+ retUsers = reviewMgr.findUsers(inUser);
+ }
+ response.setEntities(retUsers);
+ }
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse assignedUsersM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ if (request.getLimit() != null)
+ {
+ List<String> retUsers = reviewMgr.assignedUsers(inRole, request.getLimit());
+ response.setValues(retUsers);
+ }
+ else
+ {
+ List<User> users = reviewMgr.assignedUsers(inRole);
+ response.setEntities(users);
+ response.setEntities(users);
+ }
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse assignedRolesM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ if (VUtil.isNotNullOrEmpty(request.getValue()))
+ {
+ String userId = request.getValue();
+ List<String> retRoles = reviewMgr.assignedRoles(userId);
+ response.setValues(retRoles);
+ }
+ else
+ {
+ User inUser = (User) request.getEntity();
+ List<UserRole> uRoles = reviewMgr.assignedRoles(inUser);
+ response.setEntities(uRoles);
+ }
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse authorizedUsersM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ List<User> users = reviewMgr.authorizedUsers(inRole);
+ response.setEntities(users);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse authorizedRoleM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ Set<String> outSet = reviewMgr.authorizedRoles(inUser);
+ response.setValueSet(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse permissionRolesM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Permission inPerm = (Permission) request.getEntity();
+ List<String> outList = reviewMgr.permissionRoles(inPerm);
+ response.setValues(outList);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse authorizedPermissionRolesM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Permission inPerm = (Permission) request.getEntity();
+ Set<String> outSet = reviewMgr.authorizedPermissionRoles(inPerm);
+ response.setValueSet(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse permissionUsersM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ Permission inPerm = (Permission) request.getEntity();
+ List<String> outList = reviewMgr.permissionUsers(inPerm);
+ response.setValues(outList);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse authorizedPermissionUsersM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ Permission inPerm = (Permission) request.getEntity();
+ Set<String> outSet = reviewMgr.authorizedPermissionUsers(inPerm);
+ response.setValueSet(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse userPermissionsM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ List<Permission> perms = reviewMgr.userPermissions(inUser);
+ response.setEntities(perms);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse rolePermissionsM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ List<Permission> perms = reviewMgr.rolePermissions(inRole);
+ response.setEntities(perms);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse ssdRoleSetsM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ List<SDSet> outSets = reviewMgr.ssdRoleSets(inRole);
+ response.setEntities(outSets);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse ssdRoleSetM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = reviewMgr.ssdRoleSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse ssdRoleSetRolesM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ SDSet inSet = (SDSet) request.getEntity();
+ Set<String> outSet = reviewMgr.ssdRoleSetRoles(inSet);
+ response.setValueSet(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse ssdRoleSetCardinalityM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ SDSet inSet = (SDSet) request.getEntity();
+ int cardinality = reviewMgr.ssdRoleSetCardinality(inSet);
+ inSet.setCardinality(cardinality);
+ response.setEntity(inSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ }
+ return response;
+ }
+
+ FortResponse ssdSetsM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ SDSet inSdSet = (SDSet) request.getEntity();
+ List<SDSet> outSets = reviewMgr.ssdSets(inSdSet);
+ response.setEntities(outSets);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse dsdRoleSetsM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ List<SDSet> outSets = reviewMgr.dsdRoleSets(inRole);
+ response.setEntities(outSets);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse dsdRoleSetM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = reviewMgr.dsdRoleSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse dsdRoleSetRolesM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ SDSet inSet = (SDSet) request.getEntity();
+ Set<String> outSet = reviewMgr.dsdRoleSetRoles(inSet);
+ response.setValueSet(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse dsdRoleSetCardinalityM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ SDSet inSet = (SDSet) request.getEntity();
+ int cardinality = reviewMgr.dsdRoleSetCardinality(inSet);
+ inSet.setCardinality(cardinality);
+ response.setEntity(inSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ }
+ return response;
+ }
+
+ FortResponse dsdSetsM(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ reviewMgr.setAdmin(request.getSession());
+ SDSet inSdSet = (SDSet) request.getEntity();
+ List<SDSet> outSets = reviewMgr.dsdSets(inSdSet);
+ response.setEntities(outSets);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/SecurityOutFaultInterceptor.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/SecurityOutFaultInterceptor.java b/src/main/java/org/apache/directory/fortress/rest/SecurityOutFaultInterceptor.java
new file mode 100644
index 0000000..4b29d34
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/SecurityOutFaultInterceptor.java
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.security.AccessDeniedException;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.transport.http.AbstractHTTPDestination;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+
+public class SecurityOutFaultInterceptor extends AbstractPhaseInterceptor<Message>
+{
+ public SecurityOutFaultInterceptor()
+ {
+ super(Phase.PRE_STREAM);
+
+ }
+
+ public void handleMessage(Message message) throws Fault
+ {
+ Fault fault = (Fault) message.getContent(Exception.class);
+ Throwable ex = fault.getCause();
+ if (!(ex instanceof SecurityException))
+ {
+ throw new RuntimeException("Security Exception is expected:" + ex);
+ }
+
+ HttpServletResponse response = (HttpServletResponse) message.getExchange().getInMessage()
+ .get(AbstractHTTPDestination.HTTP_RESPONSE);
+ int status = ex instanceof AccessDeniedException ? 403 : 401;
+ response.setStatus(status);
+ try
+ {
+ response.getOutputStream().write(ex.getMessage().getBytes());
+ response.getOutputStream().flush();
+ }
+ catch (IOException iex)
+ {
+ // ignore
+ }
+
+ message.getInterceptorChain().abort();
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/fortress-javadoc.css
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/fortress-javadoc.css b/src/main/java/org/apache/directory/fortress/rest/fortress-javadoc.css
new file mode 100755
index 0000000..8f2e4cc
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/fortress-javadoc.css
@@ -0,0 +1,33 @@
+BODY { color: #000000;
+ background-color: #FFFFFF;
+ font-family: sans-serif }
+
+A:link { color: #0101DF;
+ text-decoration: underline }
+
+A:visited { color: #610B38;
+ text-decoration: underline }
+
+A:hover { color: #0B3B0B;
+ text-decoration: underline }
+
+PRE { background-color: #99CC66;
+ margin: 15px 30px;
+ padding: 10px 10px;
+ border: 1px solid #000000 }
+
+# the following will add space between list items:
+#LI { margin: 10px 0px }
+
+TH { background-color: #FFFFFF; color: #003300;
+ font-size: 125%;
+ font-weight: bold }
+
+
+# Classes defined specifically for Javadoc
+.TableHeadingColor { background-color: #D8D8D8 }
+
+.NavBarCell1 { background-color: #99CC66 }
+
+.FrameItemFont { font-size: 90% }
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/overview.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/overview.html b/src/main/java/org/apache/directory/fortress/rest/overview.html
new file mode 100755
index 0000000..a7c3a3a
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/overview.html
@@ -0,0 +1,97 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<html>
+ <head>
+ <title>Overview of the org.apache.directory.fortress.rest component</title>
+ </head>
+ <body>
+ Fortress Rest is a web application that implements <A HREF="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</A> Web services to interface with
+ <A HREF="http://symas.com/javadocs/fortress/index.html?overview-summary.html">Fortress Core</A> and a directory server like <A HREF="http://www.openldap.org/">OpenLDAP</A>
+ or <A HREF="http://directory.apache.org/apacheds//">ApacheDS</A>.
+
+ <h2>What technologies are in use?</h2>
+
+ Fortress Rest was built using established <A HREF="http://www.opensource.org/">Open Source</A> technologies including
+ <A HREF="http://cxf.apache.org/">Apache CXF</A> (web services stack), <A HREF="http://www.springsource.org/">Spring Framework</A> (glue), <A HREF="http://maven.apache.org/">Maven</A> (dependencies)
+ and <A HREF="http://java.sun.com/xml/downloads/jaxb.html">JAXB</A> (data binding layer) and runs inside any reasonably compliant Java Servlets container.
+
+ <a href="org/apache/directory/fortress/rest/FortressService.html">Fortress Rest service</a> access control decisions are enforced using <A HREF="https://symas.com/javadocs/sentry/">Fortress Realm</A> which itself
+ uses declarative <A HREF="http://docs.oracle.com/javaee/5/tutorial/doc/bnbwk.html">Java EE Security</A> and <A HREF="http://static.springsource.org/spring-security/site/">Spring Security</A> policy hooks that are wired to
+ connect back to the <A HREF="org.apache.directory.fortress.core/rbac/package-summary.html">Fortress</A> <A HREF="http://en.wikipedia.org/wiki/Role-based_access_control">RBAC</A> component.
+
+ Fortress Rest is a <a href="http://java.sun.com/developer/technicalArticles/tools/webapps_1/">Java Web program</a> artifact and is wholly dependent on <A HREF="org.apache.directory.fortress.core/package-summary.html">Fortress</A>
+ but also needs a <A HREF="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">V3 compliant LDAP</A> server like OpenLDAP. For more information on installing and setting up OpenLDAP check out
+ <A HREF="http://directory.apache.org/fortress/quick-start/apacheds/apacheds.html">Fortress ApacheDS Quickstart</A>
+
+ <h2>What can Fortress Rest do?</h2>
+
+ Contained within this application are Web APIs to perform authentication, authorization, administration, audit and password policies.
+ The most important package in this system, <A HREF="org/apache/directory/fortress/rest/package-summary.html">org.apache.directory.fortress.rest</A>, contains the public Web APIs that are called by external systems.
+
+ There is a one-to-one correspondence between a Fortress Core API and a Fortress Rest service. The Fortress Core
+ APIs are organized into 'Managers' each implementing a specific area of functionality within the
+ Identity and Access Management lifecycle.
+ For a list of Fortress Rest services, see <a href="org/apache/directory/fortress/rest/FortressService.html">FortressService</a>.
+
+ <h3>Fortress Manager Overview</h3>
+ <ol>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/AccessMgr.html">AccessMgr</a> - This object performs runtime access control operations on objects that are provisioned <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/AdminMgr.html">AdminMgr</a> - This object performs administrative functions to provision Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities into the LDAP directory.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/AuditMgr.html">AuditMgr</a> - This interface prescribes methods used to search OpenLDAP's slapd access log.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/DelAccessMgr.html">DelegatedAccessMgr</a> - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that reside in LDAP directory.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/DelAdminMgr.html">DelegatedAdminMgr</a> - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/DelReviewMgr.html">DelegatedReviewMgr</a> - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that reside in LDAP directory.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/PwPolicyMgr.html">PswdPolicyMgr</a> - This object adheres to <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">IETF PW policy draft</a> and is used to perform administrative and review functions on the <a href="http://symas.com/javadocs/fortress/org/openldap/fortress/rbac/PwPolicy.html">PWPOLICIES</a> and <a href="http://symas.com/javadocs/fortress/org/openldap/fortress/rbac/User.html">USERS</a> data sets within Fortress.</li>
+ <li><a href="http://symas.com/javadocs/fortress/org/openldap/fortress/ReviewMgr.html">ReviewMgr</a> - This interface prescribes the administrative review functions on already provisioned Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li>
+ </ol>
+
+ <h2>How can I connect with Fortress Rest?</h2>
+
+ Clients have a choice in how to connect with the Fortress Rest services. Integration can occur using a
+ preferred Web service toolkit like <a href="http://axis.apache.org/axis/">AXIS 1</a>, <a href="http://axis.apache.org/axis2/java/core/">AXIS 2</a>,
+ <a href="http://metro.java.net/">Metro</a>, <a href="http://cxf.apache.org/">CXF</a>, <a href="http://static.springsource.org/spring-ws/sites/1.5/">Spring Web Services</a>,
+ <a href="http://wso2.com/products/web-services-framework/php">WSO2</a>, <a href="http://jquery.com/">JQuery</a>, etc, or by using the Fortress Core APIs
+ themselves which have built in support for calling Fortress Rest.
+
+ The Fortress Core APIs plugs into its backend data repository (LDAP) using a simple facade pattern that
+ shields its clients from downstream details. The behavior of the Fortress APIs does not change based
+ on the route it takes.
+
+ <h3>Options for Fortress Rest service Integration</h3>
+ <ol>
+ <li>Client uses Fortress Core to connect to LDAP via Fortress Rest:<br>
+ Client-->Fortress Core-->HTTP/S-->Fortress Rest</li>
+ <li>Client uses other Web frameworks to connect to Fortress Rest:<br>
+ Client[Axis, Metro, CXF, SpringWS,...]-->HTTP/S-->Fortress Rest</li>
+ </ol>
+ </p>
+ <h2>What are the conditions of use?</h2>
+ <p>
+ This software development kit is open source, thus free to use and distribute via the <a href="http://www.apache.org/licenses/">Apache License, Version 2.0</a>.
+ It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and was helped along
+ by the following open source products:
+ <ol>
+ <li><a href="http://www.openldap.org/project/">The OpenLDAP Project</a></li>
+ <li><a href="http://www.apache.org/">The Apache Software Foundation</a></li>
+ <li><a href="http://www.eigenbase.org/">The Eigenbase Project</a></li>
+ <li><a href="http://ehcache.org/">Ehcache</a></li>
+ </ol>
+ </p>
+ </body>
+</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/package.html b/src/main/java/org/apache/directory/fortress/rest/package.html
new file mode 100755
index 0000000..01c3b25
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/package.html
@@ -0,0 +1,29 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<html>
+ <head>
+ <title>Package Documentation for {@link org.apache.directory.fortress.rest.FortressService}</title>
+ </head>
+ <body>
+ <p>
+ This package contains REST APIs that are used by HTTP programs to provide Identity and Access Management functionality.
+ The javadoc for the Fortress REST services: {@link org.apache.directory.fortress.rest.FortressService}
+ </p>
+ </body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/AccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/AccessMgrImpl.java b/src/main/java/org/openldap/enmasse/AccessMgrImpl.java
deleted file mode 100644
index 0e9cf02..0000000
--- a/src/main/java/org/openldap/enmasse/AccessMgrImpl.java
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.AccessMgr;
-import org.openldap.fortress.AccessMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.Permission;
-import org.openldap.fortress.rbac.Session;
-import org.openldap.fortress.rbac.User;
-import org.openldap.fortress.rbac.UserRole;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class AccessMgrImpl
-{
- private static final String CLS_NM = AccessMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- * ************************************************************************************************************************************
- * BEGIN ACCESSMGR
- * **************************************************************************************************************************************
- */
-
- FortResponse authenticate(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- User inUser = (User) request.getEntity();
- Session outSession = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
- response.setSession(outSession);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse createSession(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- User inUser = (User) request.getEntity();
- Session outSession = accessMgr.createSession(inUser, false);
- response.setSession(outSession);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse createSessionTrusted(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- User inUser = (User) request.getEntity();
- Session outSession = accessMgr.createSession(inUser, true);
- response.setSession(outSession);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse checkAccess(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- Permission perm = (Permission)request.getEntity();
- perm.setAdmin(false);
- Session session = request.getSession();
- boolean result = accessMgr.checkAccess(session, perm);
- response.setSession(session);
- response.setAuthorized(result);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse sessionPermissions(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- List<Permission> perms = accessMgr.sessionPermissions(session);
- response.setSession(session);
- response.setEntities(perms);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse sessionRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- List<UserRole> roles = accessMgr.sessionRoles(session);
- response.setEntities(roles);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse authorizedSessionRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- Set<String> roles = accessMgr.authorizedRoles(session);
- response.setValueSet(roles);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addActiveRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- UserRole uRole = (UserRole)request.getEntity();
- Session session = request.getSession();
- accessMgr.addActiveRole(session, uRole);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse dropActiveRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- UserRole uRole = (UserRole)request.getEntity();
- Session session = request.getSession();
- accessMgr.dropActiveRole(session, uRole);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse getUserId(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- String userId = accessMgr.getUserId(session);
- User outUser = new User(userId);
- response.setSession(session);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse getUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- User outUser = accessMgr.getUser(session);
- response.setSession(session);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
[03/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/PswdPolicyMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/PswdPolicyMgrImpl.java b/src/main/java/org/openldap/enmasse/PswdPolicyMgrImpl.java
deleted file mode 100644
index bab630b..0000000
--- a/src/main/java/org/openldap/enmasse/PswdPolicyMgrImpl.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.PwPolicyMgr;
-import org.openldap.fortress.PwPolicyMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.PwPolicy;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-import java.util.List;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class PswdPolicyMgrImpl
-{
- private static final String CLS_NM = PswdPolicyMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- * ************************************************************************************************************************************
- * BEGIN PSWDPOLICYMGR
- * **************************************************************************************************************************************
- */
- FortResponse addPolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- PwPolicy inPolicy = (PwPolicy) request.getEntity();
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- policyMgr.add(inPolicy);
- response.setEntity(inPolicy);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updatePolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- PwPolicy inPolicy = (PwPolicy) request.getEntity();
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- policyMgr.update(inPolicy);
- response.setEntity(inPolicy);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deletePolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- PwPolicy inPolicy = (PwPolicy) request.getEntity();
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- policyMgr.delete(inPolicy);
- response.setEntity(inPolicy);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse readPolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- PwPolicy outPolicy;
- try
- {
- PwPolicy inPolicy = (PwPolicy) request.getEntity();
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- outPolicy = policyMgr.read(inPolicy.getName());
- response.setEntity(outPolicy);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse searchPolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- List<PwPolicy> policyList;
- try
- {
- PwPolicy inPolicy = (PwPolicy) request.getEntity();
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- policyList = policyMgr.search(inPolicy.getName());
- response.setEntities(policyList);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateUserPolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- PwPolicy inPolicy = (PwPolicy) request.getEntity();
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- String userId = request.getValue();
- policyMgr.updateUserPolicy(userId, inPolicy.getName());
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteUserPolicy(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- PwPolicyMgr policyMgr = PwPolicyMgrFactory.createInstance(request.getContextId());
- policyMgr.setAdmin(request.getSession());
- String userId = request.getValue();
- policyMgr.deletePasswordPolicy(userId);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/ReviewMgrImpl.java b/src/main/java/org/openldap/enmasse/ReviewMgrImpl.java
deleted file mode 100644
index b647e34..0000000
--- a/src/main/java/org/openldap/enmasse/ReviewMgrImpl.java
+++ /dev/null
@@ -1,674 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.ReviewMgr;
-import org.openldap.fortress.ReviewMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.OrgUnit;
-import org.openldap.fortress.rbac.PermObj;
-import org.openldap.fortress.rbac.Permission;
-import org.openldap.fortress.rbac.Role;
-import org.openldap.fortress.rbac.SDSet;
-import org.openldap.fortress.rbac.User;
-import org.openldap.fortress.rbac.UserRole;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.openldap.fortress.util.attr.VUtil;
-import org.apache.log4j.Logger;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class ReviewMgrImpl
-{
- private static final String CLS_NM = ReviewMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- FortResponse readPermission(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- Permission inPerm = (Permission) request.getEntity();
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Permission retPerm = reviewMgr.readPermission(inPerm);
- response.setEntity(retPerm);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse readPermObj(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- PermObj inObj = (PermObj) request.getEntity();
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- PermObj retObj = reviewMgr.readPermObj(inObj);
- response.setEntity(retObj);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse findPermissions(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Permission inPerm = (Permission) request.getEntity();
- List<Permission> perms = reviewMgr.findPermissions(inPerm);
- response.setEntities(perms);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse findPermObjs(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- PermObj inObj = (PermObj) request.getEntity();
- List<PermObj> objs = null;
- if (VUtil.isNotNullOrEmpty(inObj.getOu()))
- {
- objs = reviewMgr.findPermObjs(new OrgUnit(inObj.getOu(), OrgUnit.Type.PERM));
- }
- else
- {
- objs = reviewMgr.findPermObjs(inObj);
- }
- response.setEntities(objs);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse readRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- Role outRole = reviewMgr.readRole(inRole);
- response.setEntity(outRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse findRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- String searchValue = request.getValue();
- if (request.getLimit() != null)
- {
- List<String> retRoles = reviewMgr.findRoles(searchValue, request.getLimit());
- response.setValues(retRoles);
- }
- else
- {
- List<Role> roles = reviewMgr.findRoles(searchValue);
- response.setEntities(roles);
- }
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse readUserM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- User outUser = reviewMgr.readUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse findUsersM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- if (request.getLimit() != null)
- {
- List<String> retUsers = reviewMgr.findUsers(inUser, request.getLimit());
- response.setValues(retUsers);
- }
- else
- {
- List<User> retUsers;
- if (VUtil.isNotNullOrEmpty(inUser.getOu()))
- {
- retUsers = reviewMgr.findUsers(new OrgUnit(inUser.getOu(), OrgUnit.Type.USER));
- }
- else
- {
- retUsers = reviewMgr.findUsers(inUser);
- }
- response.setEntities(retUsers);
- }
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse assignedUsersM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- if (request.getLimit() != null)
- {
- List<String> retUsers = reviewMgr.assignedUsers(inRole, request.getLimit());
- response.setValues(retUsers);
- }
- else
- {
- List<User> users = reviewMgr.assignedUsers(inRole);
- response.setEntities(users);
- response.setEntities(users);
- }
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse assignedRolesM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- if (VUtil.isNotNullOrEmpty(request.getValue()))
- {
- String userId = request.getValue();
- List<String> retRoles = reviewMgr.assignedRoles(userId);
- response.setValues(retRoles);
- }
- else
- {
- User inUser = (User) request.getEntity();
- List<UserRole> uRoles = reviewMgr.assignedRoles(inUser);
- response.setEntities(uRoles);
- }
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse authorizedUsersM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- List<User> users = reviewMgr.authorizedUsers(inRole);
- response.setEntities(users);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse authorizedRoleM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- Set<String> outSet = reviewMgr.authorizedRoles(inUser);
- response.setValueSet(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse permissionRolesM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Permission inPerm = (Permission) request.getEntity();
- List<String> outList = reviewMgr.permissionRoles(inPerm);
- response.setValues(outList);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse authorizedPermissionRolesM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Permission inPerm = (Permission) request.getEntity();
- Set<String> outSet = reviewMgr.authorizedPermissionRoles(inPerm);
- response.setValueSet(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse permissionUsersM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- Permission inPerm = (Permission) request.getEntity();
- List<String> outList = reviewMgr.permissionUsers(inPerm);
- response.setValues(outList);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse authorizedPermissionUsersM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- Permission inPerm = (Permission) request.getEntity();
- Set<String> outSet = reviewMgr.authorizedPermissionUsers(inPerm);
- response.setValueSet(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse userPermissionsM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- List<Permission> perms = reviewMgr.userPermissions(inUser);
- response.setEntities(perms);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse rolePermissionsM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- List<Permission> perms = reviewMgr.rolePermissions(inRole);
- response.setEntities(perms);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse ssdRoleSetsM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- List<SDSet> outSets = reviewMgr.ssdRoleSets(inRole);
- response.setEntities(outSets);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse ssdRoleSetM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = reviewMgr.ssdRoleSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse ssdRoleSetRolesM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- SDSet inSet = (SDSet) request.getEntity();
- Set<String> outSet = reviewMgr.ssdRoleSetRoles(inSet);
- response.setValueSet(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse ssdRoleSetCardinalityM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- SDSet inSet = (SDSet) request.getEntity();
- int cardinality = reviewMgr.ssdRoleSetCardinality(inSet);
- inSet.setCardinality(cardinality);
- response.setEntity(inSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- }
- return response;
- }
-
- FortResponse ssdSetsM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- SDSet inSdSet = (SDSet) request.getEntity();
- List<SDSet> outSets = reviewMgr.ssdSets(inSdSet);
- response.setEntities(outSets);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse dsdRoleSetsM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- List<SDSet> outSets = reviewMgr.dsdRoleSets(inRole);
- response.setEntities(outSets);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse dsdRoleSetM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = reviewMgr.dsdRoleSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse dsdRoleSetRolesM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- SDSet inSet = (SDSet) request.getEntity();
- Set<String> outSet = reviewMgr.dsdRoleSetRoles(inSet);
- response.setValueSet(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse dsdRoleSetCardinalityM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- SDSet inSet = (SDSet) request.getEntity();
- int cardinality = reviewMgr.dsdRoleSetCardinality(inSet);
- inSet.setCardinality(cardinality);
- response.setEntity(inSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- }
- return response;
- }
-
- FortResponse dsdSetsM(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- reviewMgr.setAdmin(request.getSession());
- SDSet inSdSet = (SDSet) request.getEntity();
- List<SDSet> outSets = reviewMgr.dsdSets(inSdSet);
- response.setEntities(outSets);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/SecurityOutFaultInterceptor.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/SecurityOutFaultInterceptor.java b/src/main/java/org/openldap/enmasse/SecurityOutFaultInterceptor.java
deleted file mode 100644
index 0bfd174..0000000
--- a/src/main/java/org/openldap/enmasse/SecurityOutFaultInterceptor.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.interceptor.security.AccessDeniedException;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.transport.http.AbstractHTTPDestination;
-
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-
-public class SecurityOutFaultInterceptor extends AbstractPhaseInterceptor<Message>
-{
- public SecurityOutFaultInterceptor()
- {
- super(Phase.PRE_STREAM);
-
- }
-
- public void handleMessage(Message message) throws Fault
- {
- Fault fault = (Fault) message.getContent(Exception.class);
- Throwable ex = fault.getCause();
- if (!(ex instanceof SecurityException))
- {
- throw new RuntimeException("Security Exception is expected:" + ex);
- }
-
- HttpServletResponse response = (HttpServletResponse) message.getExchange().getInMessage()
- .get(AbstractHTTPDestination.HTTP_RESPONSE);
- int status = ex instanceof AccessDeniedException ? 403 : 401;
- response.setStatus(status);
- try
- {
- response.getOutputStream().write(ex.getMessage().getBytes());
- response.getOutputStream().flush();
- }
- catch (IOException iex)
- {
- // ignore
- }
-
- message.getInterceptorChain().abort();
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/fortress-javadoc.css
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/fortress-javadoc.css b/src/main/java/org/openldap/enmasse/fortress-javadoc.css
deleted file mode 100755
index 8f2e4cc..0000000
--- a/src/main/java/org/openldap/enmasse/fortress-javadoc.css
+++ /dev/null
@@ -1,33 +0,0 @@
-BODY { color: #000000;
- background-color: #FFFFFF;
- font-family: sans-serif }
-
-A:link { color: #0101DF;
- text-decoration: underline }
-
-A:visited { color: #610B38;
- text-decoration: underline }
-
-A:hover { color: #0B3B0B;
- text-decoration: underline }
-
-PRE { background-color: #99CC66;
- margin: 15px 30px;
- padding: 10px 10px;
- border: 1px solid #000000 }
-
-# the following will add space between list items:
-#LI { margin: 10px 0px }
-
-TH { background-color: #FFFFFF; color: #003300;
- font-size: 125%;
- font-weight: bold }
-
-
-# Classes defined specifically for Javadoc
-.TableHeadingColor { background-color: #D8D8D8 }
-
-.NavBarCell1 { background-color: #99CC66 }
-
-.FrameItemFont { font-size: 90% }
-
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/overview.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/overview.html b/src/main/java/org/openldap/enmasse/overview.html
deleted file mode 100755
index 559c5a5..0000000
--- a/src/main/java/org/openldap/enmasse/overview.html
+++ /dev/null
@@ -1,93 +0,0 @@
-<!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
-<html>
- <head>
- <title>Overview of the org.openldap.enmasse component</title>
- </head>
- <body>
- EnMasse is a web application that implements <A HREF="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</A> Web services to interface with
- <A HREF="http://www.jts.us/iamfortress/javadocs/api/index.html">Fortress</A> and <A HREF="http://www.openldap.org/">OpenLDAP</A>.
-
- <h2>What technologies are in use?</h2>
-
- EnMasse was built using established <A HREF="http://www.opensource.org/">Open Source</A> technologies including
- <A HREF="http://cxf.apache.org/">Apache CXF</A> (web services stack), <A HREF="http://www.springsource.org/">Spring Framework</A> (glue), <A HREF="http://maven.apache.org/">Maven</A> (dependencies)
- and <A HREF="http://java.sun.com/xml/downloads/jaxb.html">JAXB</A> (data binding layer) and runs inside any reasonably compliant Java Servlets container.
-
- <a href="org/openldap/enmasse/FortressService.html">EnMasse service</a> access control decisions are enforced using <A HREF="http://www.jts.us/iamfortress/javadocs/api-sentry/index.html?overview-summary.html">Sentry</A> which itself
- uses declarative <A HREF="http://docs.oracle.com/javaee/5/tutorial/doc/bnbwk.html">Java EE Security</A> and <A HREF="http://static.springsource.org/spring-security/site/">Spring Security</A> policy hooks that are wired to
- connect back to the <A HREF="org/openldap/fortress/rbac/package-summary.html">Fortress</A> <A HREF="http://en.wikipedia.org/wiki/Role-based_access_control">RBAC</A> component.
-
- EnMasse server-side is a <a href="http://java.sun.com/developer/technicalArticles/tools/webapps_1/">Java Web program</a> artifact and is wholly dependent on <A HREF="org/openldap/fortress/package-summary.html">Fortress</A>
- but also needs a <A HREF="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">V3 compliant LDAP</A> server like OpenLDAP. For more information on installing and setting up OpenLDAP check out
- <A HREF="http://www.jts.us/iamfortress/guides/README-QUICKSTART.html">Fortress Quickstart</A>
-
- <h2>What can EnMasse do?</h2>
-
- Contained within this application are Web APIs to perform authentication, authorization, administration, audit and password policies.
- The most important package in this system, <A HREF="org/openldap/enmasse/package-summary.html">org.openldap.enmasse</A>, contains the public Web APIs that are called by external systems.
-
- There is a one-to-one correspondence between a Fortress API and an EnMasse Web service. The Fortress
- APIs are organized into 'Managers' each implementing a specific area of functionality within the
- Identity and Access Management lifecycle.
- For a list of EnMasse services, see <a href="org/openldap/enmasse/FortressService.html">FortressService</a>.
-
- <h3>Fortress Manager Overview</h3>
- <ol>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/AccessMgr.html">AccessMgr</a> - This object performs runtime access control operations on objects that are provisioned <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/AdminMgr.html">AdminMgr</a> - This object performs administrative functions to provision Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities into the LDAP directory.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/AuditMgr.html">AuditMgr</a> - This interface prescribes methods used to search OpenLDAP's slapd access log.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/DelAccessMgr.html">DelegatedAccessMgr</a> - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that reside in LDAP directory.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/DelAdminMgr.html">DelegatedAdminMgr</a> - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/DelReviewMgr.html">DelegatedReviewMgr</a> - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that reside in LDAP directory.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/PwPolicyMgr.html">PswdPolicyMgr</a> - This object adheres to <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">IETF PW policy draft</a> and is used to perform administrative and review functions on the <a href="org/openldap/fortress/pwpolicy/PswdPolicy.html">PWPOLICIES</a> and <a href="org/openldap/fortress/rbac/User.html">USERS</a> data sets within Fortress.</li>
- <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/ReviewMgr.html">ReviewMgr</a> - This interface prescribes the administrative review functions on already provisioned Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li>
- </ol>
-
- <h2>How can I connect with EnMasse?</h2>
-
- Clients have a choice in how to connect with the EnMasse Web services. Integration can occur using a
- preferred Web service toolkit like <a href="http://axis.apache.org/axis/">AXIS 1</a>, <a href="http://axis.apache.org/axis2/java/core/">AXIS 2</a>,
- <a href="http://metro.java.net/">Metro</a>, <a href="http://cxf.apache.org/">CXF</a>, <a href="http://static.springsource.org/spring-ws/sites/1.5/">Spring Web Services</a>,
- <a href="http://wso2.com/products/web-services-framework/php">WSO2</a>, <a href="http://jquery.com/">JQuery</a>, etc, or by using the Fortress APIs
- themselves which have built in support for calling EnMasse.
-
- The Fortress API plugs into its backend data repository (LDAP) using a simple facade pattern that
- shields its clients from downstream details. The behavior of the Fortress APIs does not change based
- on the route it takes.
-
- <h3>Options for EnMasse service Integration</h3>
- <ol>
- <li>Client uses Fortress to connect to EnMasse:<br>
- Client-->Fortress-->HTTP/S-->EnMasse</li>
- <li>Client uses other Web frameworks to connect to EnMasse:<br>
- Client[Axis, Metro, CXF, SpringWS,...]-->HTTP/S-->EnMasse</li>
- </ol>
- </p>
- <h2>What are the conditions of use?</h2>
- <p>
- This software development kit is open source, thus free to use and distribute via the <a href="http://www.OpenLDAP.org/license.html">OpenLDAP Public License</a>.
- It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and was helped along
- by the following open source products:
- <ol>
- <li><a href="http://www.openldap.org/project/">The OpenLDAP Project</a></li>
- <li><a href="http://www.apache.org/">The Apache Software Foundation</a></li>
- <li><a href="http://www.unboundid.com/">UnboundID</a></li>
- <li><a href="http://www.eigenbase.org/">The Eigenbase Project</a></li>
- <li><a href="http://ehcache.org/">Ehcache</a></li>
- </ol>
- </p>
- </body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/package.html b/src/main/java/org/openldap/enmasse/package.html
deleted file mode 100755
index c83365d..0000000
--- a/src/main/java/org/openldap/enmasse/package.html
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
- Copyright (C) 2011-2014, JoshuaTree. All Rights Reserved.
- Licensed to Joshua Tree Software, LLC under New BSD license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- JTS licenses this file to You under the New BSD License
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- https://joshuatreesoftware.us/
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<html>
- <head>
- <title>Package Documentation for {@link us.jts.enmasse.FortressService}</title>
- </head>
- <body>
- <p>
- This package contains Web APIs that are used by HTTP programs to provide Identity and Access Management functionality.
- The javadoc for the EnMasse services: {@link us.jts.enmasse.FortressService}
- </p>
- </body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/resources/FortressRestServerRoles.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/FortressRestServerRoles.xml b/src/main/resources/FortressRestServerRoles.xml
new file mode 100644
index 0000000..5d80d8c
--- /dev/null
+++ b/src/main/resources/FortressRestServerRoles.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project basedir="." default="all" name="Fortress Rest Server Role Policy">
+ <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" >
+ <classpath path="${java.class.path}"/>
+ </taskdef>
+
+ <target name="all">
+ <FortressAdmin>
+
+ <addrole>
+ <!-- This role is checked by the servlet container using JavaEE security. All callers must be assigned this role
+ plus at least one more of the interceptor roles from below -->
+ <role name="fortress-rest-user" description="This is JavaEE role required to call Fortress Rest server"/>
+
+ <!-- These roles are checked by the FortressInterceptor authorization annotation inside FortressServiceImpl class. -->
+
+ <!-- Users assigned the fortress-rest-super-user role will gain access to services.
+ This is hard-wired in the FortressServiceImpl policy-->
+ <role name="fortress-rest-super-user" description="This role is accepted by all of the Fortress Rest services"/>
+
+ <!-- Users assigned to the fortress-power-user role will gain access to all services.
+ This is via inheritance relationship with all of the other service roles-->
+ <role name="fortress-rest-power-user" description="This role inherits all of the other Fortress Rest services roles"/>
+ <role name="fortress-rest-access-user" description="This role gains access to the Fortress Rest Access Mgr services"/>
+ <role name="fortress-rest-admin-user" description="This role gains access to the Fortress Rest Admin Mgr services"/>
+ <role name="fortress-rest-review-user" description="This role gains access to the Fortress Rest Delegated Access services"/>
+ <role name="fortress-rest-delaccess-user" description="This role gains access to the Fortress Rest Delegatged Admin services"/>
+ <role name="fortress-rest-deladmin-user" description="This role gains access to the Fortress Rest Delegated Admin services"/>
+ <role name="fortress-rest-delreview-user" description="This role gains access to the Fortress Rest Delegated Review services"/>
+ <role name="fortress-rest-pwmgr-user" description="This role gains access to the Fortress Rest Password Policy Mgr services"/>
+ <role name="fortress-rest-audit-user" description="This role gains access to the Fortress Rest Audit Mgr services"/>
+ <role name="fortress-rest-config-user" description="This role gains access to the Fortress Rest Config Mgr services"/>
+ </addrole>
+
+ <addroleinheritance>
+ <!-- Users assigned fortress-web-power-user role will inherit each of the following roles. -->
+ <relationship child="fortress-web-power-user" parent="fortress-rest-access-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-admin-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-review-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-delaccess-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-deladmin-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-delreview-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-pwmgr-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-audit-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-config-user"/>
+ </addroleinheritance>
+
+ </FortressAdmin>
+ </target>
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/resources/META-INF/context.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/META-INF/context.xml b/src/main/resources/META-INF/context.xml
index efcb9b4..35ce73c 100644
--- a/src/main/resources/META-INF/context.xml
+++ b/src/main/resources/META-INF/context.xml
@@ -1,6 +1,25 @@
-<Context path="/commander" reloadable="true">
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
- <Realm className="org.openldap.sentry.tomcat.Tc7AccessMgrProxy"
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<Context reloadable="true">
+
+ <Realm className="org.apache.directory.fortress.realm.tomcat.Tc7AccessMgrProxy"
debug="0"
resourceName="UserDatabase"
defaultRoles=""
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/resources/applicationContext.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/applicationContext.xml b/src/main/resources/applicationContext.xml
index 1c88ed4..f88693d 100644
--- a/src/main/resources/applicationContext.xml
+++ b/src/main/resources/applicationContext.xml
@@ -1,4 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
<beans default-autowire="byName"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -13,7 +32,7 @@
http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
- <context:component-scan base-package="org.openldap" />
+ <context:component-scan base-package="org.apache.directory" />
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
@@ -28,15 +47,15 @@
</jaxrs:inInterceptors>
<jaxrs:outFaultInterceptors>
- <bean class="org.openldap.enmasse.SecurityOutFaultInterceptor"/>
+ <bean class="org.apache.directory.fortress.rest.SecurityOutFaultInterceptor"/>
</jaxrs:outFaultInterceptors>
</jaxrs:server>
- <bean id="annotationsInterceptor" class="org.openldap.enmasse.FortressInterceptor">
+ <bean id="annotationsInterceptor" class="org.apache.directory.fortress.rest.FortressInterceptor">
<property name="securedObject" ref="securedObject"/>
</bean>
- <bean id="securedObject" class="org.openldap.enmasse.FortressServiceImpl"/>
+ <bean id="securedObject" class="org.apache.directory.fortress.rest.FortressServiceImpl"/>
</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/resources/ehcache.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/ehcache.xml b/src/main/resources/ehcache.xml
index d5d394b..411716e 100755
--- a/src/main/resources/ehcache.xml
+++ b/src/main/resources/ehcache.xml
@@ -1,26 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<!--
Fortress CacheManager Configuration
==========================
This ehcache.xml corresponds to a single CacheManager.
-->
-<ehcache name="fortress-enmasse" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<ehcache name="fortress-rest" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="ehcache.xsd"
updateCheck="true" monitoring="autodetect"
dynamicConfig="true"
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/resources/fortress.properties
----------------------------------------------------------------------
diff --git a/src/main/resources/fortress.properties b/src/main/resources/fortress.properties
index ab5de01..ef88874 100644
--- a/src/main/resources/fortress.properties
+++ b/src/main/resources/fortress.properties
@@ -1,13 +1,29 @@
#
-# Copyright (c) 2011-2014. JoshuaTree. All Rights Reserved.
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
#
# Host name and port of LDAP DIT:
host=localhost
-port=389
+port=10389
# These credentials are used for read/write access to all nodes under suffix:
-admin.user=cn=Manager,dc=openldap,dc=org
+admin.user=uid=admin,ou=system
# LDAP admin root pass is encrypted using 'encrypt' target in build.xml:
admin.pw=secret
@@ -24,7 +40,7 @@ max.admin.conn=25
# This node contains fortress properties stored on behalf of connecting LDAP clients:
config.realm=DEFAULT
-config.root=ou=Config,dc=openldap,dc=org
+config.root=ou=Config,dc=example,dc=com
# enable this to see trace statements when connection pool allocates new connections:
debug.ldap.pool=true
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/resources/log4j.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/log4j.xml b/src/main/resources/log4j.xml
index 24dc054..fef9954 100644
--- a/src/main/resources/log4j.xml
+++ b/src/main/resources/log4j.xml
@@ -1,7 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- ~ Copyright © 2011-2014. JoshuaTree. All Rights Reserved.
- -->
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration debug="false" xmlns:log4j="http://jakarta.apache.org/log4j/">
@@ -21,7 +36,7 @@
</layout>
</appender>
- <category name="org.openldap.enmasse.FortressInterceptor" class="org.apache.log4j.Logger" additivity="false">
+ <category name="org.apache.directory.fortress.rest.FortressInterceptor" class="org.apache.log4j.Logger" additivity="false">
<priority value="INFO" class="org.apache.log4j.Level"/>
<appender-ref ref="console"/>
</category>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 828ded2..d5e012a 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -1,30 +1,27 @@
<!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
- <display-name>EnMasse Policy Server</display-name>
-
- <!--
- <error-page>
- <exception-type>java.lang.Throwable</exception-type>
- <location>/myErrorPage.html</location>
- </error-page>
- -->
+ <display-name>Fortress Rest Server</display-name>
<!-- Add for Spring support -->
<context-param>
@@ -46,43 +43,8 @@
<url-pattern>/*</url-pattern>
</servlet-mapping>
- <!--filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter-->
-
- <!--filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping-->
-
- <!--security-constraint>
- <display-name>EnMasse Security Constraint</display-name>
- <web-resource-collection>
- <web-resource-name>Protected Area</web-resource-name>
- <url-pattern>/*</url-pattern>
- <http-method>DELETE</http-method>
- <http-method>GET</http-method>
- <http-method>POST</http-method>
- <http-method>PUT</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>role1</role-name>
- </auth-constraint>
- </security-constraint-->
-
- <!--filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping-->
-
<security-constraint>
- <display-name>En Masse Security Constraint</display-name>
+ <display-name>Fortress Rest Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
@@ -92,19 +54,19 @@
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
- <role-name>role1</role-name>
+ <role-name>fortress-rest-user</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
- <realm-name>Java Sentry Realm Authentication Area</realm-name>
+ <realm-name>Fortress Rest Realm Authentication Area</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
- <role-name>role1</role-name>
+ <role-name>fortress-rest</role-name>
</security-role>
</web-app>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/site/apt/README.apt
----------------------------------------------------------------------
diff --git a/src/site/apt/README.apt b/src/site/apt/README.apt
index b3c1fc8..3aba5e6 100755
--- a/src/site/apt/README.apt
+++ b/src/site/apt/README.apt
@@ -85,7 +85,7 @@ binaries: http://iamfortress.org/projects
http://tomcat.apache.org/download-70.cgi
6. Fortress Sentry package (a.k.a Realm) installed:
-instructions: http://jts.us/iamfortress/javadocs/api-sentry/org/openldap/fortress/sentry/tomcat/package-summary.html
+instructions: http://jts.us/iamfortress/javadocs/api-sentry/org.apache.directory.fortress.core/sentry/tomcat/package-summary.html
binaries: http://iamfortress.org/projects
_________________________________________________________________________________
###################################################################################
[11/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
change package structure and names, pom improvements, license
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/commit/99852b55
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/tree/99852b55
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/diff/99852b55
Branch: refs/heads/master
Commit: 99852b55d0bd5b66e79cc2665780f4ef56c6b8ff
Parents: f10f295
Author: Shawn McKinney <sm...@apache.org>
Authored: Tue Nov 11 14:38:26 2014 -0600
Committer: Shawn McKinney <sm...@apache.org>
Committed: Tue Nov 11 14:38:26 2014 -0600
----------------------------------------------------------------------
ENMASSE-SUBMISSION-OPENLDAP.txt | 38 -
LICENSE | 47 -
LICENSE.ttx | 176 +
NOTICE.txt | 42 +-
README.txt | 42 +-
pom.xml | 179 +-
src/main/assembly/distsrc.xml | 33 +-
.../directory/fortress/rest/AccessMgrImpl.java | 282 ++
.../directory/fortress/rest/AdminMgrImpl.java | 991 ++++
.../directory/fortress/rest/AuditMgrImpl.java | 176 +
.../directory/fortress/rest/ConfigMgrImpl.java | 159 +
.../fortress/rest/DelegatedAccessMgrImpl.java | 269 ++
.../fortress/rest/DelegatedAdminMgrImpl.java | 386 ++
.../fortress/rest/DelegatedReviewMgrImpl.java | 176 +
.../fortress/rest/FortressInterceptor.java | 192 +
.../fortress/rest/FortressService.java | 3421 ++++++++++++++
.../fortress/rest/FortressServiceImpl.java | 4375 ++++++++++++++++++
.../fortress/rest/PswdPolicyMgrImpl.java | 192 +
.../directory/fortress/rest/ReviewMgrImpl.java | 679 +++
.../rest/SecurityOutFaultInterceptor.java | 72 +
.../fortress/rest/fortress-javadoc.css | 33 +
.../directory/fortress/rest/overview.html | 97 +
.../apache/directory/fortress/rest/package.html | 29 +
.../org/openldap/enmasse/AccessMgrImpl.java | 277 --
.../java/org/openldap/enmasse/AdminMgrImpl.java | 986 ----
.../java/org/openldap/enmasse/AuditMgrImpl.java | 171 -
.../org/openldap/enmasse/ConfigMgrImpl.java | 154 -
.../enmasse/DelegatedAccessMgrImpl.java | 264 --
.../openldap/enmasse/DelegatedAdminMgrImpl.java | 381 --
.../enmasse/DelegatedReviewMgrImpl.java | 171 -
.../openldap/enmasse/FortressInterceptor.java | 176 -
.../org/openldap/enmasse/FortressService.java | 3416 --------------
.../openldap/enmasse/FortressServiceImpl.java | 4370 -----------------
.../org/openldap/enmasse/PswdPolicyMgrImpl.java | 187 -
.../org/openldap/enmasse/ReviewMgrImpl.java | 674 ---
.../enmasse/SecurityOutFaultInterceptor.java | 67 -
.../org/openldap/enmasse/fortress-javadoc.css | 33 -
.../java/org/openldap/enmasse/overview.html | 93 -
src/main/java/org/openldap/enmasse/package.html | 27 -
src/main/resources/FortressRestServerRoles.xml | 68 +
src/main/resources/META-INF/context.xml | 23 +-
src/main/resources/applicationContext.xml | 27 +-
src/main/resources/ehcache.xml | 32 +-
src/main/resources/fortress.properties | 24 +-
src/main/resources/log4j.xml | 21 +-
src/main/webapp/WEB-INF/web.xml | 82 +-
src/site/apt/README.apt | 2 +-
.../apache/directory/fortress/rest/Client.java | 688 +++
.../apache/directory/fortress/rest/EmTest.java | 445 ++
src/test/java/org/openldap/enmasse/Client.java | 683 ---
src/test/java/org/openldap/enmasse/EmTest.java | 439 --
src/test/resources/addEmRole1.xml | 32 +-
src/test/resources/addEmRole2Ascendent.xml | 32 +-
src/test/resources/addEmTestObj1.xml | 34 +-
src/test/resources/addEmTestPermission.xml | 34 +-
src/test/resources/addEmUser1.xml | 32 +-
src/test/resources/addPermGrant1.xml | 32 +-
src/test/resources/assignEmUser1.xml | 32 +-
src/test/resources/createSession.xml | 32 +-
src/test/resources/delEmRole2.xml | 32 +-
src/test/resources/delEmUser1.xml | 32 +-
src/test/resources/emRoleDelInheritance.xml | 32 +-
src/test/resources/emTestAuthN.xml | 32 +-
src/test/resources/emTestCheckAccess.xml | 34 +-
src/test/resources/emTestOrg1.xml | 32 +-
src/test/resources/emTestPermOrg1.xml | 32 +-
66 files changed, 13499 insertions(+), 13054 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/ENMASSE-SUBMISSION-OPENLDAP.txt
----------------------------------------------------------------------
diff --git a/ENMASSE-SUBMISSION-OPENLDAP.txt b/ENMASSE-SUBMISSION-OPENLDAP.txt
deleted file mode 100755
index ae4680a..0000000
--- a/ENMASSE-SUBMISSION-OPENLDAP.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-Hello,
-
-We have created a new application, called EnMasse.
-
-EnMasse is a web application that implements RESTful Web services to interface with
-Fortress/OpenLDAP. EnMasse was built using established Open Source technologies including
-Apache CXF (web services stack), Spring Framework (glue), Maven (dependencies) and JAXB (data
-binding layer) and runs inside any reasonably compliant Java Servlets container. EnMasse’s service
-access decisions are made using declarative Java EE and Spring security policy hooks that are wired to
-connect back to the Fortress RBAC component itself.
-
-This product has not been published and we would like to release it as one of
-the products under OpenLDAP family of products.
-
-What we would like from OpenLDAP foundation is the following:
-
-1. Separate GIT project called EnMasse.
-2. Mailing list for developers and users to communicate with project team.
-3. Issue tracking for EnMasse project.
-4. Project page for overview and how to find out more information.
-
-I have uploaded one package, entitled enmasse-openldap-submission.zip to our FTP server that contains the source, documentation and other items for you to look at.
-host: joshuatreesoftware.us
-user: jtreeguest
-pw: Guest123
-
-Everything under the target folder contain generated project artifacts including deployable web archive (war) and javadoc and will not be checked into GIT.
-The source is located /src folder in the package.
-
-Statement of origin for submitted works:
-
-The contributed EnMasse works described above were provided by JoshuaTree Software, LLC and referenced in this ITS were created by JoshuaTree Software, LLC,
-who is the exclusive owner of the contributed works. The contributed works are made available as indicated in the copyright and license statements attached to the work.
-
-Sincerely,
-
-Shawn McKinney
-Principal, JoshuaTree Software, LLC
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/LICENSE
----------------------------------------------------------------------
diff --git a/LICENSE b/LICENSE
deleted file mode 100755
index 6295703..0000000
--- a/LICENSE
+++ /dev/null
@@ -1,47 +0,0 @@
-The OpenLDAP Public License
- Version 2.8, 17 August 2003
-
-Redistribution and use of this software and associated documentation
-("Software"), with or without modification, are permitted provided
-that the following conditions are met:
-
-1. Redistributions in source form must retain copyright statements
- and notices,
-
-2. Redistributions in binary form must reproduce applicable copyright
- statements and notices, this list of conditions, and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution, and
-
-3. Redistributions must contain a verbatim copy of this document.
-
-The OpenLDAP Foundation may revise this license from time to time.
-Each revision is distinguished by a version number. You may use
-this Software under terms of this license revision or under the
-terms of any subsequent revision of the license.
-
-THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
-CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
-OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
-The names of the authors and copyright holders must not be used in
-advertising or otherwise to promote the sale, use or other dealing
-in this Software without specific, written prior permission. Title
-to copyright in this Software shall at all times remain with copyright
-holders.
-
-OpenLDAP is a registered trademark of the OpenLDAP Foundation.
-
-Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
-California, USA. All Rights Reserved. Permission to copy and
-distribute verbatim copies of this document is granted.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/LICENSE.ttx
----------------------------------------------------------------------
diff --git a/LICENSE.ttx b/LICENSE.ttx
new file mode 100755
index 0000000..6512b11
--- /dev/null
+++ b/LICENSE.ttx
@@ -0,0 +1,176 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
index 1132c9c..46dc66a 100755
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -1,18 +1,32 @@
-Fortress EnMasse Web Application
-Copyright (c) 2011-2014 JoshuaTree. All rights reserved.
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+Apache Directory Fortress Web
-This product distribution source code was developed by JoshuaTree (http://jts.us/).
+The purpose of this NOTICE.txt file is to include notices that are required by the copyright owner and their license. Some of the accompanying products have an attribution requirement, so see below. Other accompanying products do not require attribution, so are not listed.
-The purpose of this NOTICE.txt file is to include notices that are required by the copyright owner and their license. Some of the accompanying products have an attribution requirement, so see below. Other accompanying products do not require attribution, so are not listed.
-
-This product includes open source software developed by the following:
+This product includes software developed by:
1. The Apache Software Foundation (http://www.apache.org/)
-2. UnBoundID Corp (http://www.unboundid.com/)
-3. The Eigenbase Project (http://www.eigenbase.org/)
-4. JUnit.org (http://www.junit.org/)
-5. The Java Community Process (http://www.jcp.org/)
-6. SLF4J (http://www.slf4j.org/)
-7. Terracotta (http://www.terracotta.org/TPL)
-8. Spring (http://www.springsource.org/)
-9. AspectJ (http://www.eclipse.org/aspectj/)
+2. The Eigenbase Project (http://www.eigenbase.org/)
+3. JUnit.org (http://www.junit.org/)
+4. The Java Community Process (http://www.jcp.org/)
+5. SLF4J (http://www.slf4j.org/)
+6. Terracotta (http://www.terracotta.org/TPL)
+7. Spring (http://www.springsource.org/)
+8. AspectJ (http://www.eclipse.org/aspectj/)
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 7af24d2..6bab8d0 100755
--- a/README.txt
+++ b/README.txt
@@ -1,16 +1,22 @@
#
-# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
#
-# Copyright 1998-2014 The OpenLDAP Foundation.
-# All rights reserved.
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted only as authorized by the OpenLDAP
-# Public License.
#
-# A copy of this license is available in the file LICENSE in the
-# top-level directory of the distribution or, alternatively, at
-# <http://www.OpenLDAP.org/license.html>.
#
# Fortress slapd.conf default settings.
# Note: Directives that begin with '@' are substitution parms for Fortress' build.xml 'init-slapd' target.
@@ -173,15 +179,15 @@ http.host=localhost
http.port=80
# These will override default and enable client to call REST implementations:
-reviewmgr.implementation=org.openldap.fortress.rest.ReviewMgrRestImpl
-adminmgr.implementation=org.openldap.fortress.rest.AdminMgrRestImpl
-accessmgr.implementation=org.openldap.fortress.rest.AccessMgrRestImpl
-delegated.adminmgr.implementation=org.openldap.fortress.rest.DelegatedAdminMgrRestImpl
-delegated.reviewmgr.implementation=org.openldap.fortress.rest.DelegatedReviewMgrRestImpl
-policymgr.implementation=org.openldap.fortress.rest.PswdPolicyMgrRestImpl
-delegated.accessmgr.implementation=org.openldap.fortress.rest.DelegatedAccessMgrRestImpl
-auditmgr.implementation=org.openldap.fortress.rest.AuditMgrRestImpl
-configmgr.implementation=org.openldap.fortress.rest.ConfigMgrRestImpl
+reviewmgr.implementation=org.apache.directory.fortress.core.rest.ReviewMgrRestImpl
+adminmgr.implementation=org.apache.directory.fortress.core.rest.AdminMgrRestImpl
+accessmgr.implementation=org.apache.directory.fortress.core.rest.AccessMgrRestImpl
+delegated.adminmgr.implementation=org.apache.directory.fortress.core.rest.DelegatedAdminMgrRestImpl
+delegated.reviewmgr.implementation=org.apache.directory.fortress.core.rest.DelegatedReviewMgrRestImpl
+policymgr.implementation=org.apache.directory.fortress.core.rest.PswdPolicyMgrRestImpl
+delegated.accessmgr.implementation=org.apache.directory.fortress.core.rest.DelegatedAccessMgrRestImpl
+auditmgr.implementation=org.apache.directory.fortress.core.rest.AuditMgrRestImpl
+configmgr.implementation=org.apache.directory.fortress.core.rest.ConfigMgrRestImpl
___________________________________________________________________________________
###################################################################################
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c425ca4..6c4a11f 100755
--- a/pom.xml
+++ b/pom.xml
@@ -1,53 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
<!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.openldap</groupId>
- <artifactId>enmasse</artifactId>
+ <groupId>org.apache.directory</groupId>
+ <artifactId>fortress-rest</artifactId>
<packaging>war</packaging>
- <version>1.0-RC39</version>
- <name>Fortress EnMasse</name>
- <url>http://www.openldap.org/fortress/</url>
- <description>EnMasse is a Web application that provides a RESTful implementation of Fortress' ANSI RBAC INCITS 359 engine.</description>
+ <version>1.0-RC40</version>
+ <name>Apache Fortress Web</name>
+ <url>http://directory.apache.org/foress/</url>
+ <description>Fortress Rest provides a RESTful implementation of Fortress' ANSI RBAC INCITS 359 engine</description>
<licenses>
<license>
- <name>OpenLDAP Public License</name>
- <url>http://www.OpenLDAP.org/license.html</url>
- <distribution>repo</distribution>
+ <name>Apache License 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0</url>
</license>
</licenses>
<scm>
- <url>http://www.openldap.org/software/repo/openldap-fortress-enmasse.git/</url>
- <connection>git://git.openldap.org/openldap-fortress-enmasse.git</connection>
+ <connection>scm:git:http://git-wip-us.apache.org/repos/asf/directory-fortress-rest.git</connection>
+ <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/directory-fortress-rest.git
+ </developerConnection>
+ <tag>HEAD</tag>
</scm>
+ <issueManagement>
+ <system>jira</system>
+ <url>https://issues.apache.org/jira/browse/DIRFORTRESS</url>
+ </issueManagement>
+
+ <!-- ====================================================== -->
+ <!-- The list of current developers -->
+ <!-- ====================================================== -->
+ <developers>
+ <developer>
+ <id>smckinney</id>
+ <name>Shawn McKinney</name>
+ <email>smckinney@apache.org</email>
+ </developer>
+ </developers>
+
<parent>
<groupId>org.sonatype.oss</groupId>
<artifactId>oss-parent</artifactId>
<version>7</version>
</parent>
- <issueManagement>
- <system>EnMasse JIRA</system>
- <url>https://fortress.atlassian.net/browse/EN/</url>
- </issueManagement>
-
<mailingLists>
<mailingList>
<name>openldap-fortress -- OpenLDAP Fortress Discussion list</name>
@@ -56,24 +73,15 @@
</mailingList>
</mailingLists>
- <developers>
- <developer>
- <id>smckinney</id>
- <name>Shawn McKinney</name>
- <email>smckinney@symas.com</email>
- <roles>
- <role>Developer</role>
- </roles>
- <organization>jts.us</organization>
- <timezone>-5</timezone>
- </developer>
- </developers>
-
<properties>
+ <title>${project.name} ${project.version}</title>
+
<!-- leave this hardcoded, else get cyclic version error from maven -->
- <version>1.0-RC39</version>
+<!-- <version>1.0-RC39</version>-->
<spring.security.version>3.1.4.RELEASE</spring.security.version>
<spring.version>3.0.4.RELEASE</spring.version>
+ <version.log4j>1.2.17</version.log4j>
+ <version.slf4j.log4j12>1.7.7</version.slf4j.log4j12>
<java.version>1.7</java.version>
<javadoc.version>2.9.1</javadoc.version>
<servlet-api.version>2.5.0</servlet-api.version>
@@ -82,25 +90,37 @@
<base.dir>.</base.dir>
<src.java.dir>${base.dir}/src/main/java</src.java.dir>
<!--cxf.surefire.fork.mode>pertest</cxf.surefire.fork.mode-->
- <test>org.openldap.enmasse.EmTest</test>
+ <test>org.apache.directory.fortress.rest.EmTest</test>
<javadoc.stylesheet>${basedir}/src/main/java/org/openldap/enmasse/fortress-javadoc.css</javadoc.stylesheet>
<title>${name} ${version}</title>
<skipTests>true</skipTests>
</properties>
<dependencies>
- <!-- Fortress -->
+ <!-- Fortress Realm pulls in Fortress Core for RBAC 'CRUD' & policy enforcement apis. -->
<dependency>
- <groupId>org.openldap</groupId>
- <artifactId>sentry</artifactId>
- <version>1.0-RC39</version>
+ <groupId>org.apache.directory</groupId>
+ <artifactId>fortress-realm-impl</artifactId>
+ <version>${project.version}</version>
</dependency>
+
<!-- EnMasse Dependencies -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-bundle</artifactId>
<version>2.5.0</version>
</dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${version.log4j}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${version.slf4j.log4j12}</version>
+ </dependency>
<!-- Spring Dependencies -->
<dependency>
@@ -186,7 +206,8 @@
</dependencies>
<build>
- <finalName>enmasse-${version}</finalName>
+ <finalName>${artifactId}-${version}</finalName>
+<!-- <finalName>enmasse-${version}</finalName>-->
<plugins>
<plugin>
@@ -265,7 +286,8 @@
<warFile>target/${project.artifactId}.war</warFile>
<server>local-tomcat</server>
<url>http://localhost:8080/manager/html</url>
- <path>/enmasse-${version}</path>
+ <path>/${artifactId}-${version}</path>
+<!-- <path>/enmasse-${version}</path>-->
<!-- Warning the tomcat manager creds here are for deploying into a demo environment only. -->
<username>tcmanager</username>
<password>m@nager123</password>
@@ -280,7 +302,7 @@
<stylesheet>java</stylesheet>
<bottom><small>Copyright &copy; 1998-2014 The OpenLDAP Foundation. All Rights Reserved.
Generated ${maven.build.timestamp}.</small></bottom>
- <overview>src/main/java/org/openldap/enmasse/overview.html</overview>
+ <overview>src/main/java/org/apache/directory/fortress/rest/overview.html</overview>
<version>true</version>
<author>true</author>
<doctitle>${title}</doctitle>
@@ -366,6 +388,61 @@
</executions>
</plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>1.7</version>
+ <executions>
+ <execution>
+ <phase>test</phase>
+ <configuration>
+ <target name="fortress-load"
+ unless="noload"
+ description="Loads fortress rest rbac policy into ldap">
+ <echo message="############### Run Fortress Ant script to load policy ###############"/>
+ <java
+ classname="org.apache.tools.ant.launch.Launcher"
+ fork="true"
+ failonerror="true"
+ dir="${basedir}"
+ timeout="4000000"
+ taskname="startAnt">
+ <classpath>
+ <pathelement location="./src/main/resources"/>
+ <pathelement location="${org.apache.ant:ant-launcher:jar}"/>
+ <pathelement location="${org.apache.ant:ant:jar}"/>
+ <pathelement location="${org.apache.directory:fortress-core:jar}"/>
+ <pathelement location="${org.openldap:accelerator-api:jar}"/>
+ <pathelement location="${org.openldap:accelerator-impl:jar}"/>
+ <pathelement location="${log4j:log4j:jar}"/>
+ <pathelement location="${org.apache.directory.api:api-all:jar}"/>
+ <pathelement location="${org.apache.mina:mina-core:jar}"/>
+ <pathelement location="${org.jgrapht:jgrapht-jdk1.5:jar}"/>
+ <pathelement location="${org.jasypt:jasypt:jar}"/>
+ <pathelement location="${commons-configuration:commons-configuration:jar}"/>
+ <pathelement location="${commons-lang:commons-lang:jar}"/>
+ <pathelement location="${commons-collections:commons-collections:jar}"/>
+ <pathelement location="${commons-logging:commons-logging:jar}"/>
+ <pathelement location="${commons-io:commons-io:jar}"/>
+ <pathelement location="${commons-pool:commons-pool:jar}"/>
+ <pathelement location="${net.sf.ehcache:ehcache-core:jar}"/>
+ <pathelement location="${org.slf4j:slf4j-api:jar}"/>
+ <pathelement location="${org.slf4j:slf4j-log4j12:jar}"/>
+ <pathelement location="${antlr:antlr:jar}"/>
+ </classpath>
+ <sysproperty key="version" value="${project.version}"/>
+ <sysproperty key="tenant" value="HOME"/>
+ <arg value="-buildfile"/>
+ <arg file="./src/main/resources/FortressRestServerRoles.xml"/>
+ </java>
+ </target>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
</build>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/assembly/distsrc.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/distsrc.xml b/src/main/assembly/distsrc.xml
index be44303..715961d 100644
--- a/src/main/assembly/distsrc.xml
+++ b/src/main/assembly/distsrc.xml
@@ -1,18 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<assembly xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/xsd/assembly-1.1.1.xsd">
@@ -23,9 +27,6 @@
<fileSets>
<fileSet>
<directory>.</directory>
- <!--<outputDirectory>.</outputDirectory>-->
- <!--<includeBaseDirectory>false</includeBaseDirectory>-->
- <!--<baseDirectory>enmasse</baseDirectory>-->
<includes>
<include>pom.xml</include>
<include>README.txt</include>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
new file mode 100644
index 0000000..98ab26f
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/AccessMgrImpl.java
@@ -0,0 +1,282 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.AccessMgr;
+import org.apache.directory.fortress.core.AccessMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.UserRole;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class AccessMgrImpl
+{
+ private static final String CLS_NM = AccessMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ /**
+ * ************************************************************************************************************************************
+ * BEGIN ACCESSMGR
+ * **************************************************************************************************************************************
+ */
+
+ FortResponse authenticate(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ User inUser = (User) request.getEntity();
+ Session outSession = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
+ response.setSession(outSession);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse createSession(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ User inUser = (User) request.getEntity();
+ Session outSession = accessMgr.createSession(inUser, false);
+ response.setSession(outSession);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse createSessionTrusted(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ User inUser = (User) request.getEntity();
+ Session outSession = accessMgr.createSession(inUser, true);
+ response.setSession(outSession);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse checkAccess(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ Permission perm = (Permission)request.getEntity();
+ perm.setAdmin(false);
+ Session session = request.getSession();
+ boolean result = accessMgr.checkAccess(session, perm);
+ response.setSession(session);
+ response.setAuthorized(result);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse sessionPermissions(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ List<Permission> perms = accessMgr.sessionPermissions(session);
+ response.setSession(session);
+ response.setEntities(perms);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse sessionRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ List<UserRole> roles = accessMgr.sessionRoles(session);
+ response.setEntities(roles);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse authorizedSessionRoles(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ Set<String> roles = accessMgr.authorizedRoles(session);
+ response.setValueSet(roles);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addActiveRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ UserRole uRole = (UserRole)request.getEntity();
+ Session session = request.getSession();
+ accessMgr.addActiveRole(session, uRole);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse dropActiveRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ UserRole uRole = (UserRole)request.getEntity();
+ Session session = request.getSession();
+ accessMgr.dropActiveRole(session, uRole);
+ response.setSession(session);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse getUserId(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ String userId = accessMgr.getUserId(session);
+ User outUser = new User(userId);
+ response.setSession(session);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse getUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AccessMgr accessMgr = AccessMgrFactory.createInstance(request.getContextId());
+ Session session = request.getSession();
+ User outUser = accessMgr.getUser(session);
+ response.setSession(session);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
new file mode 100644
index 0000000..c12bb59
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/AdminMgrImpl.java
@@ -0,0 +1,991 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.AdminMgr;
+import org.apache.directory.fortress.core.AdminMgrFactory;
+import org.apache.directory.fortress.core.DelAdminMgr;
+import org.apache.directory.fortress.core.DelAdminMgrFactory;
+import org.apache.directory.fortress.core.ReviewMgr;
+import org.apache.directory.fortress.core.ReviewMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.AdminRole;
+import org.apache.directory.fortress.core.rbac.PermGrant;
+import org.apache.directory.fortress.core.rbac.PermObj;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.rbac.RoleRelationship;
+import org.apache.directory.fortress.core.rbac.SDSet;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.UserRole;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.log4j.Logger;
+
+/**
+ * Utility for EnMasse Server. This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+class AdminMgrImpl
+{
+ private static final String CLS_NM = AdminMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+
+ FortResponse addUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ User outUser = adminMgr.addUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (org.apache.directory.fortress.core.SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ adminMgr.deleteUser(inUser);
+ response.setErrorCode(0);
+ response.setEntity(inUser);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse disableUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ adminMgr.disableUser(inUser);
+ response.setErrorCode(0);
+ response.setEntity(inUser);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ User outUser = adminMgr.updateUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse changePassword(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ adminMgr.changePassword(inUser, inUser.getNewPassword());
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ User outUser = reviewMgr.readUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse lockUserAccount(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ adminMgr.lockUserAccount(inUser);
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ User outUser = reviewMgr.readUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse unlockUserAccount(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ adminMgr.unlockUserAccount(inUser);
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ User outUser = reviewMgr.readUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse resetPassword(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User inUser = (User) request.getEntity();
+ adminMgr.resetPassword(inUser, inUser.getNewPassword());
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
+ User outUser = reviewMgr.readUser(inUser);
+ response.setEntity(outUser);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ Role outRole = adminMgr.addRole(inRole);
+ response.setEntity(outRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ adminMgr.deleteRole(inRole);
+ response.setEntity(inRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateRole(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Role inRole = (Role) request.getEntity();
+ Role outRole = adminMgr.updateRole(inRole);
+ response.setEntity(outRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse assignUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ UserRole inRole = (UserRole) request.getEntity();
+ adminMgr.assignUser(inRole);
+ response.setEntity(inRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deassignUser(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ UserRole inRole = (UserRole) request.getEntity();
+ adminMgr.deassignUser(inRole);
+ response.setEntity(inRole);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addPermission(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Permission inPerm = (Permission) request.getEntity();
+ Permission outPerm = adminMgr.addPermission(inPerm);
+ response.setEntity(outPerm);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updatePermission(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Permission inPerm = (Permission) request.getEntity();
+ Permission outPerm = adminMgr.updatePermission(inPerm);
+ response.setEntity(outPerm);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deletePermission(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Permission inPerm = (Permission) request.getEntity();
+ adminMgr.deletePermission(inPerm);
+ response.setEntity(inPerm);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addPermObj(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ PermObj inObj = (PermObj) request.getEntity();
+ PermObj outObj = adminMgr.addPermObj(inObj);
+ response.setEntity(outObj);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updatePermObj(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ PermObj inObj = (PermObj) request.getEntity();
+ PermObj outObj = adminMgr.updatePermObj(inObj);
+ response.setEntity(outObj);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deletePermObj(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ PermObj inObj = (PermObj) request.getEntity();
+ adminMgr.deletePermObj(inObj);
+ response.setEntity(inObj);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ private void grantPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Role role = new Role(permGrant.getRoleNm());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(false);
+ adminMgr.grantPermission(perm, role);
+ }
+
+ private void grantAdminPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ AdminRole role = new AdminRole(permGrant.getRoleNm());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(true);
+ delegatedAdminMgr.grantPermission(perm, role);
+ }
+
+ private void revokePerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ Role role = new Role(permGrant.getRoleNm());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(false);
+ adminMgr.revokePermission(perm, role);
+ }
+
+ private void revokeAdminPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ AdminRole role = new AdminRole(permGrant.getRoleNm());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(true);
+ delegatedAdminMgr.revokePermission(perm, role);
+ }
+
+ private void grantUserPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User user = new User(permGrant.getUserId());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(false);
+ adminMgr.grantPermission(perm, user);
+ }
+
+ private void grantAdminUserPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ User user = new User(permGrant.getUserId());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(true);
+ delegatedAdminMgr.grantPermission(perm, user);
+ }
+
+ private void revokeUserPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ User user = new User(permGrant.getUserId());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(false);
+ adminMgr.revokePermission(perm, user);
+ }
+
+ private void revokeAdminUserPerm(FortRequest request) throws SecurityException
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
+ delegatedAdminMgr.setAdmin(request.getSession());
+ User user = new User(permGrant.getUserId());
+ Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
+ perm.setAdmin(true);
+ delegatedAdminMgr.revokePermission(perm, user);
+ }
+
+ FortResponse grant(FortRequest request, FortressServiceImpl fortressService)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ if (permGrant.isAdmin())
+ {
+ grantAdminPerm(request);
+ }
+ else
+ {
+ grantPerm(request);
+ }
+ response.setEntity(permGrant);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse revoke(FortRequest request, FortressServiceImpl fortressService)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ if (permGrant.isAdmin())
+ {
+ revokeAdminPerm(request);
+ }
+ else
+ {
+ revokePerm(request);
+ }
+ response.setEntity(permGrant);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse grantUser(FortRequest request, FortressServiceImpl fortressService)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ if (permGrant.isAdmin())
+ {
+ grantAdminUserPerm(request);
+ }
+ else
+ {
+ grantUserPerm(request);
+ }
+ response.setEntity(permGrant);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse revokeUser(FortRequest request, FortressServiceImpl fortressService)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ PermGrant permGrant = (PermGrant) request.getEntity();
+ if (permGrant.isAdmin())
+ {
+ revokeAdminUserPerm(request);
+ }
+ else
+ {
+ revokeUserPerm(request);
+ }
+ response.setEntity(permGrant);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addDescendant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ RoleRelationship relationship = (RoleRelationship) request.getEntity();
+ adminMgr.addDescendant(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addAscendant(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ RoleRelationship relationship = (RoleRelationship) request.getEntity();
+ adminMgr.addAscendant(relationship.getChild(), relationship.getParent());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addInheritance(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ RoleRelationship relationship = (RoleRelationship) request.getEntity();
+ adminMgr.addInheritance(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteInheritance(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ RoleRelationship relationship = (RoleRelationship) request.getEntity();
+ adminMgr.deleteInheritance(relationship.getParent(), relationship.getChild());
+ response.setEntity(relationship);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse createSsdSet(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.createSsdSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateSsdSet(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.updateSsdSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addSsdRoleMember(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ Role role = new Role(request.getValue());
+ SDSet outSet = adminMgr.addSsdRoleMember(inSet, role);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteSsdRoleMember(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ Role role = new Role(request.getValue());
+ SDSet outSet = adminMgr.deleteSsdRoleMember(inSet, role);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteSsdSet(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.deleteSsdSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse setSsdSetCardinality(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.setSsdSetCardinality(inSet, inSet.getCardinality());
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse createDsdSet(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.createDsdSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse updateDsdSet(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.updateDsdSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse addDsdRoleMember(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ Role role = new Role(request.getValue());
+ SDSet outSet = adminMgr.addDsdRoleMember(inSet, role);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteDsdRoleMember(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ Role role = new Role(request.getValue());
+ SDSet outSet = adminMgr.deleteDsdRoleMember(inSet, role);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse deleteDsdSet(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.deleteDsdSet(inSet);
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+
+ FortResponse setDsdSetCardinality(FortRequest request)
+ {
+ FortResponse response = new FortResponse();
+ try
+ {
+ AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
+ adminMgr.setAdmin(request.getSession());
+ SDSet inSet = (SDSet) request.getEntity();
+ SDSet outSet = adminMgr.setDsdSetCardinality(inSet, inSet.getCardinality());
+ response.setEntity(outSet);
+ response.setErrorCode(0);
+ }
+ catch (SecurityException se)
+ {
+ log.info(CLS_NM + " caught " + se);
+ response.setErrorCode(se.getErrorId());
+ response.setErrorMessage(se.getMessage());
+ }
+ return response;
+ }
+}
\ No newline at end of file
[06/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/AdminMgrImpl.java b/src/main/java/org/openldap/enmasse/AdminMgrImpl.java
deleted file mode 100644
index 055934b..0000000
--- a/src/main/java/org/openldap/enmasse/AdminMgrImpl.java
+++ /dev/null
@@ -1,986 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.AdminMgr;
-import org.openldap.fortress.AdminMgrFactory;
-import org.openldap.fortress.DelAdminMgr;
-import org.openldap.fortress.DelAdminMgrFactory;
-import org.openldap.fortress.ReviewMgr;
-import org.openldap.fortress.ReviewMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.AdminRole;
-import org.openldap.fortress.rbac.PermGrant;
-import org.openldap.fortress.rbac.PermObj;
-import org.openldap.fortress.rbac.Permission;
-import org.openldap.fortress.rbac.Role;
-import org.openldap.fortress.rbac.RoleRelationship;
-import org.openldap.fortress.rbac.SDSet;
-import org.openldap.fortress.rbac.User;
-import org.openldap.fortress.rbac.UserRole;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class AdminMgrImpl
-{
- private static final String CLS_NM = AdminMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- FortResponse addUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- User outUser = adminMgr.addUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- adminMgr.deleteUser(inUser);
- response.setErrorCode(0);
- response.setEntity(inUser);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse disableUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- adminMgr.disableUser(inUser);
- response.setErrorCode(0);
- response.setEntity(inUser);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- User outUser = adminMgr.updateUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse changePassword(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- adminMgr.changePassword(inUser, inUser.getNewPassword());
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- User outUser = reviewMgr.readUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse lockUserAccount(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- adminMgr.lockUserAccount(inUser);
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- User outUser = reviewMgr.readUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse unlockUserAccount(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- adminMgr.unlockUserAccount(inUser);
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- User outUser = reviewMgr.readUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse resetPassword(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User inUser = (User) request.getEntity();
- adminMgr.resetPassword(inUser, inUser.getNewPassword());
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(request.getContextId());
- User outUser = reviewMgr.readUser(inUser);
- response.setEntity(outUser);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- Role outRole = adminMgr.addRole(inRole);
- response.setEntity(outRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- adminMgr.deleteRole(inRole);
- response.setEntity(inRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Role inRole = (Role) request.getEntity();
- Role outRole = adminMgr.updateRole(inRole);
- response.setEntity(outRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse assignUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- UserRole inRole = (UserRole) request.getEntity();
- adminMgr.assignUser(inRole);
- response.setEntity(inRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deassignUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- UserRole inRole = (UserRole) request.getEntity();
- adminMgr.deassignUser(inRole);
- response.setEntity(inRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addPermission(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Permission inPerm = (Permission) request.getEntity();
- Permission outPerm = adminMgr.addPermission(inPerm);
- response.setEntity(outPerm);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updatePermission(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Permission inPerm = (Permission) request.getEntity();
- Permission outPerm = adminMgr.updatePermission(inPerm);
- response.setEntity(outPerm);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deletePermission(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Permission inPerm = (Permission) request.getEntity();
- adminMgr.deletePermission(inPerm);
- response.setEntity(inPerm);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addPermObj(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- PermObj inObj = (PermObj) request.getEntity();
- PermObj outObj = adminMgr.addPermObj(inObj);
- response.setEntity(outObj);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updatePermObj(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- PermObj inObj = (PermObj) request.getEntity();
- PermObj outObj = adminMgr.updatePermObj(inObj);
- response.setEntity(outObj);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deletePermObj(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- PermObj inObj = (PermObj) request.getEntity();
- adminMgr.deletePermObj(inObj);
- response.setEntity(inObj);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- private void grantPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Role role = new Role(permGrant.getRoleNm());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(false);
- adminMgr.grantPermission(perm, role);
- }
-
- private void grantAdminPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- AdminRole role = new AdminRole(permGrant.getRoleNm());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(true);
- delegatedAdminMgr.grantPermission(perm, role);
- }
-
- private void revokePerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- Role role = new Role(permGrant.getRoleNm());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(false);
- adminMgr.revokePermission(perm, role);
- }
-
- private void revokeAdminPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- AdminRole role = new AdminRole(permGrant.getRoleNm());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(true);
- delegatedAdminMgr.revokePermission(perm, role);
- }
-
- private void grantUserPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User user = new User(permGrant.getUserId());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(false);
- adminMgr.grantPermission(perm, user);
- }
-
- private void grantAdminUserPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- User user = new User(permGrant.getUserId());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(true);
- delegatedAdminMgr.grantPermission(perm, user);
- }
-
- private void revokeUserPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- User user = new User(permGrant.getUserId());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(false);
- adminMgr.revokePermission(perm, user);
- }
-
- private void revokeAdminUserPerm(FortRequest request) throws SecurityException
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- User user = new User(permGrant.getUserId());
- Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
- perm.setAdmin(true);
- delegatedAdminMgr.revokePermission(perm, user);
- }
-
- FortResponse grant(FortRequest request, FortressServiceImpl fortressService)
- {
- FortResponse response = new FortResponse();
- try
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- if (permGrant.isAdmin())
- {
- grantAdminPerm(request);
- }
- else
- {
- grantPerm(request);
- }
- response.setEntity(permGrant);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse revoke(FortRequest request, FortressServiceImpl fortressService)
- {
- FortResponse response = new FortResponse();
- try
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- if (permGrant.isAdmin())
- {
- revokeAdminPerm(request);
- }
- else
- {
- revokePerm(request);
- }
- response.setEntity(permGrant);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse grantUser(FortRequest request, FortressServiceImpl fortressService)
- {
- FortResponse response = new FortResponse();
- try
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- if (permGrant.isAdmin())
- {
- grantAdminUserPerm(request);
- }
- else
- {
- grantUserPerm(request);
- }
- response.setEntity(permGrant);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse revokeUser(FortRequest request, FortressServiceImpl fortressService)
- {
- FortResponse response = new FortResponse();
- try
- {
- PermGrant permGrant = (PermGrant) request.getEntity();
- if (permGrant.isAdmin())
- {
- revokeAdminUserPerm(request);
- }
- else
- {
- revokeUserPerm(request);
- }
- response.setEntity(permGrant);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addDescendant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- RoleRelationship relationship = (RoleRelationship) request.getEntity();
- adminMgr.addDescendant(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
-
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addAscendant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- RoleRelationship relationship = (RoleRelationship) request.getEntity();
- adminMgr.addAscendant(relationship.getChild(), relationship.getParent());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addInheritance(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- RoleRelationship relationship = (RoleRelationship) request.getEntity();
- adminMgr.addInheritance(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteInheritance(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- RoleRelationship relationship = (RoleRelationship) request.getEntity();
- adminMgr.deleteInheritance(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse createSsdSet(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.createSsdSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateSsdSet(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.updateSsdSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addSsdRoleMember(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- Role role = new Role(request.getValue());
- SDSet outSet = adminMgr.addSsdRoleMember(inSet, role);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteSsdRoleMember(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- Role role = new Role(request.getValue());
- SDSet outSet = adminMgr.deleteSsdRoleMember(inSet, role);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteSsdSet(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.deleteSsdSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse setSsdSetCardinality(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.setSsdSetCardinality(inSet, inSet.getCardinality());
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse createDsdSet(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.createDsdSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateDsdSet(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.updateDsdSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addDsdRoleMember(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- Role role = new Role(request.getValue());
- SDSet outSet = adminMgr.addDsdRoleMember(inSet, role);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteDsdRoleMember(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- Role role = new Role(request.getValue());
- SDSet outSet = adminMgr.deleteDsdRoleMember(inSet, role);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteDsdSet(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.deleteDsdSet(inSet);
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse setDsdSetCardinality(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminMgr adminMgr = AdminMgrFactory.createInstance(request.getContextId());
- adminMgr.setAdmin(request.getSession());
- SDSet inSet = (SDSet) request.getEntity();
- SDSet outSet = adminMgr.setDsdSetCardinality(inSet, inSet.getCardinality());
- response.setEntity(outSet);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/AuditMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/AuditMgrImpl.java b/src/main/java/org/openldap/enmasse/AuditMgrImpl.java
deleted file mode 100644
index d653eb6..0000000
--- a/src/main/java/org/openldap/enmasse/AuditMgrImpl.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.AuditMgr;
-import org.openldap.fortress.AuditMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.AuthZ;
-import org.openldap.fortress.rbac.Bind;
-import org.openldap.fortress.rbac.Mod;
-import org.openldap.fortress.rbac.UserAudit;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-import java.util.List;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class AuditMgrImpl
-{
- private static final String CLS_NM = AuditMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- * ************************************************************************************************************************************
- * BEGIN AUDIT
- * **************************************************************************************************************************************
- */
-
- FortResponse searchBinds(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAudit inAudit = (UserAudit) request.getEntity();
- AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
- auditMgr.setAdmin(request.getSession());
- List<Bind> outAudit = auditMgr.searchBinds(inAudit);
- response.setEntities(outAudit);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse getUserAuthZs(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAudit inAudit = (UserAudit)request.getEntity();
- AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
- auditMgr.setAdmin(request.getSession());
- List<AuthZ> outAudit = auditMgr.getUserAuthZs(inAudit);
- response.setEntities(outAudit);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse searchAuthZs(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAudit inAudit = (UserAudit)request.getEntity();
- AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
- auditMgr.setAdmin(request.getSession());
- List<AuthZ> outAudit = auditMgr.searchAuthZs(inAudit);
- response.setEntities(outAudit);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse searchUserSessions(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAudit inAudit = (UserAudit)request.getEntity();
- AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
- auditMgr.setAdmin(request.getSession());
- List<Mod> outAudit = auditMgr.searchUserSessions(inAudit);
- response.setEntities(outAudit);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse searchAdminMods(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAudit inAudit = (UserAudit)request.getEntity();
- AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
- auditMgr.setAdmin(request.getSession());
- List<Mod> outAudit = auditMgr.searchAdminMods(inAudit);
- response.setEntities(outAudit);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse searchInvalidUsers(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAudit inAudit = (UserAudit)request.getEntity();
- AuditMgr auditMgr = AuditMgrFactory.createInstance(request.getContextId());
- auditMgr.setAdmin(request.getSession());
- List<AuthZ> outAudit = auditMgr.searchInvalidUsers(inAudit);
- response.setEntities(outAudit);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/ConfigMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/ConfigMgrImpl.java b/src/main/java/org/openldap/enmasse/ConfigMgrImpl.java
deleted file mode 100644
index ffb2c8d..0000000
--- a/src/main/java/org/openldap/enmasse/ConfigMgrImpl.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.cfg.ConfigMgr;
-import org.openldap.fortress.cfg.ConfigMgrFactory;
-import org.openldap.fortress.rbac.Props;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.openldap.fortress.rest.RestUtils;
-import org.apache.log4j.Logger;
-
-import java.util.Properties;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class ConfigMgrImpl
-{
- private static final String CLS_NM = ConfigMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- *
- * @param request
- * @return
- */
- FortResponse addConfig(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ConfigMgr configMgr = ConfigMgrFactory.createInstance();
- Properties inProperties = RestUtils.getProperties((Props)request.getEntity());
- Properties outProperties = configMgr.add(request.getValue(), inProperties);
- Props retProps = RestUtils.getProps(outProperties);
- if (retProps != null)
- {
- response.setEntity(retProps);
- response.setErrorCode(0);
- }
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- /**
- *
- * @param request
- * @return
- */
- FortResponse updateConfig(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ConfigMgr configMgr = ConfigMgrFactory.createInstance();
- Properties inProperties = RestUtils.getProperties((Props)request.getEntity());
- Properties outProperties = configMgr.update(request.getValue(), inProperties);
- Props retProps = RestUtils.getProps(outProperties);
- if (retProps != null)
- {
- response.setEntity(retProps);
- response.setErrorCode(0);
- }
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- /**
- *
- * @param request
- * @return
- */
- FortResponse deleteConfig(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ConfigMgr configMgr = ConfigMgrFactory.createInstance();
- if(request.getEntity() == null)
- {
- configMgr.delete(request.getValue());
- }
- else
- {
- Properties inProperties = RestUtils.getProperties((Props)request.getEntity());
- configMgr.delete(request.getValue(), inProperties);
-
- }
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- /**
- *
- * @param request
- * @return
- */
- FortResponse readConfig(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- ConfigMgr configMgr = ConfigMgrFactory.createInstance();
- Properties properties = configMgr.read(request.getValue());
- Props props = RestUtils.getProps(properties);
- if (properties != null)
- {
- response.setEntity(props);
- response.setErrorCode(0);
- }
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/DelegatedAccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/DelegatedAccessMgrImpl.java b/src/main/java/org/openldap/enmasse/DelegatedAccessMgrImpl.java
deleted file mode 100644
index ac8ccc4..0000000
--- a/src/main/java/org/openldap/enmasse/DelegatedAccessMgrImpl.java
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.DelAccessMgr;
-import org.openldap.fortress.DelAccessMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.RolePerm;
-import org.openldap.fortress.rbac.UserAdminRole;
-import org.openldap.fortress.rbac.Permission;
-import org.openldap.fortress.rbac.Role;
-import org.openldap.fortress.rbac.Session;
-import org.openldap.fortress.rbac.User;
-import org.openldap.fortress.rbac.UserRole;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class DelegatedAccessMgrImpl
-{
- private static final String CLS_NM = DelegatedAccessMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- * ************************************************************************************************************************************
- * BEGIN DELEGATEDACCESSMGR
- * **************************************************************************************************************************************
- */
-
- FortResponse canAssign(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserRole uRole = (UserRole) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- boolean result = accessMgr.canAssign(session, new User(uRole.getUserId()), new Role(uRole.getName()));
- response.setSession(session);
- response.setAuthorized(result);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse canDeassign(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserRole uRole = (UserRole) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- boolean result = accessMgr.canDeassign(session, new User(uRole.getUserId()), new Role(uRole.getName()));
- response.setSession(session);
- response.setAuthorized(result);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse canGrant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- RolePerm context = (RolePerm) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- boolean result = accessMgr.canGrant(session, new Role(context.getRole().getName()), context.getPerm());
- response.setSession(session);
- response.setAuthorized(result);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse canRevoke(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- RolePerm context = (RolePerm) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- boolean result = accessMgr.canRevoke(session, new Role(context.getRole().getName()), context.getPerm());
- response.setSession(session);
- response.setAuthorized(result);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- public FortResponse checkAdminAccess(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- Permission perm = (Permission) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- perm.setAdmin(true);
- boolean result = accessMgr.checkAccess(session, perm);
- response.setSession(session);
- response.setAuthorized(result);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addActiveAdminRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAdminRole uAdminRole = (UserAdminRole) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- accessMgr.addActiveRole(session, uAdminRole);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse dropActiveAdminRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAdminRole uAdminRole = (UserAdminRole) request.getEntity();
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- accessMgr.dropActiveRole(session, uAdminRole);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse sessionAdminRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- Session session = request.getSession();
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- List<UserAdminRole> roles = accessMgr.sessionAdminRoles(session);
- response.setEntities(roles);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse sessionAdminPermissions(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- List<Permission> perms = accessMgr.sessionPermissions(session);
- response.setSession(session);
- response.setEntities(perms);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse authorizedSessionRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
- Session session = request.getSession();
- Set<String> roles = accessMgr.authorizedAdminRoles(session);
- response.setValueSet(roles);
- response.setSession(session);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/DelegatedAdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/DelegatedAdminMgrImpl.java b/src/main/java/org/openldap/enmasse/DelegatedAdminMgrImpl.java
deleted file mode 100644
index 0d46af7..0000000
--- a/src/main/java/org/openldap/enmasse/DelegatedAdminMgrImpl.java
+++ /dev/null
@@ -1,381 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.DelAdminMgr;
-import org.openldap.fortress.DelAdminMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.AdminRole;
-import org.openldap.fortress.rbac.AdminRoleRelationship;
-import org.openldap.fortress.rbac.OrgUnit;
-import org.openldap.fortress.rbac.OrgUnitRelationship;
-import org.openldap.fortress.rbac.UserAdminRole;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class DelegatedAdminMgrImpl
-{
- private static final String CLS_NM = DelegatedAdminMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- * ************************************************************************************************************************************
- * BEGIN DELEGATEDADMINMGR
- * **************************************************************************************************************************************
- */
-
- FortResponse addAdminRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRole inRole = (AdminRole) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- AdminRole retRole = delegatedAdminMgr.addRole(inRole);
- response.setEntity(retRole);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se + " warnId=" + se.getErrorId());
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteAdminRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRole inRole = (AdminRole) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.deleteRole(inRole);
- response.setEntity(inRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateAdminRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRole inRole = (AdminRole) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- AdminRole retRole = delegatedAdminMgr.updateRole(inRole);
- response.setEntity(retRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se + " errorId=" + se.getErrorId());
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse assignAdminUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAdminRole inRole = (UserAdminRole) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.assignUser(inRole);
- response.setEntity(inRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deassignAdminUser(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- UserAdminRole inRole = (UserAdminRole) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.deassignUser(inRole);
- response.setEntity(inRole);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addAdminDescendant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.addDescendant(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addAdminAscendant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.addAscendant(relationship.getChild(), relationship.getParent());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addAdminInheritance(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.addInheritance(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteAdminInheritance(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRoleRelationship relationship = (AdminRoleRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.deleteInheritance(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addOrg(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnit inOrg = (OrgUnit) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- OrgUnit retOrg = delegatedAdminMgr.add(inOrg);
- response.setEntity(retOrg);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse updateOrg(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnit inOrg = (OrgUnit) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- OrgUnit retOrg = delegatedAdminMgr.update(inOrg);
- response.setEntity(retOrg);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteOrg(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnit inOrg = (OrgUnit) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- OrgUnit retOrg = delegatedAdminMgr.delete(inOrg);
- response.setEntity(retOrg);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addOrgDescendant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.addDescendant(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addOrgAscendant(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.addAscendant(relationship.getChild(), relationship.getParent());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse addOrgInheritance(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.addInheritance(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse deleteOrgInheritance(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnitRelationship relationship = (OrgUnitRelationship) request.getEntity();
- DelAdminMgr delegatedAdminMgr = DelAdminMgrFactory.createInstance(request.getContextId());
- delegatedAdminMgr.setAdmin(request.getSession());
- delegatedAdminMgr.deleteInheritance(relationship.getParent(), relationship.getChild());
- response.setEntity(relationship);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/DelegatedReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/DelegatedReviewMgrImpl.java b/src/main/java/org/openldap/enmasse/DelegatedReviewMgrImpl.java
deleted file mode 100644
index e6c8d71..0000000
--- a/src/main/java/org/openldap/enmasse/DelegatedReviewMgrImpl.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.DelReviewMgr;
-import org.openldap.fortress.DelReviewMgrFactory;
-import org.openldap.fortress.SecurityException;
-import org.openldap.fortress.rbac.AdminRole;
-import org.openldap.fortress.rbac.OrgUnit;
-import org.openldap.fortress.rbac.UserAdminRole;
-import org.openldap.fortress.rbac.User;
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.apache.log4j.Logger;
-
-import java.util.List;
-
-/**
- * Utility for EnMasse Server. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-class DelegatedReviewMgrImpl
-{
- private static final String CLS_NM = DelegatedReviewMgrImpl.class.getName();
- private static final Logger log = Logger.getLogger(CLS_NM);
-
- /**
- * ************************************************************************************************************************************
- * BEGIN DELEGATEDREVIEWMGR
- * **************************************************************************************************************************************
- */
-
- FortResponse readAdminRole(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRole inRole = (AdminRole) request.getEntity();
- DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
- AdminRole outRole = delegatedReviewMgr.readRole(inRole);
- response.setEntity(outRole);
- response.setErrorCode(0);
- }
- catch (org.openldap.fortress.SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse findAdminRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- String searchVal = request.getValue();
- DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
- delegatedReviewMgr.setAdmin(request.getSession());
- List<AdminRole> outRoles = delegatedReviewMgr.findRoles(searchVal);
- response.setEntities(outRoles);
- response.setErrorCode(0);
-
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse assignedAdminRoles(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- User inUser = (User)request.getEntity();
- DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
- delegatedReviewMgr.setAdmin(request.getSession());
- List<UserAdminRole> uRoles = delegatedReviewMgr.assignedRoles(inUser);
- response.setEntities(uRoles);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse assignedAdminUsers(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- AdminRole inRole = (AdminRole) request.getEntity();
- DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
- delegatedReviewMgr.setAdmin(request.getSession());
- List<User> users = delegatedReviewMgr.assignedUsers(inRole);
- response.setEntities(users);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse readOrg(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnit inOrg = (OrgUnit) request.getEntity();
- DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
- delegatedReviewMgr.setAdmin(request.getSession());
- OrgUnit returnOrg = delegatedReviewMgr.read(inOrg);
- response.setEntity(returnOrg);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-
- FortResponse searchOrg(FortRequest request)
- {
- FortResponse response = new FortResponse();
- try
- {
- OrgUnit inOrg = (OrgUnit) request.getEntity();
- DelReviewMgr delegatedReviewMgr = DelReviewMgrFactory.createInstance(request.getContextId());
- delegatedReviewMgr.setAdmin(request.getSession());
- List<OrgUnit> orgs = delegatedReviewMgr.search(inOrg.getType(), inOrg.getName());
- response.setEntities(orgs);
- response.setErrorCode(0);
- }
- catch (SecurityException se)
- {
- log.info(CLS_NM + " caught " + se);
- response.setErrorCode(se.getErrorId());
- response.setErrorMessage(se.getMessage());
- }
- return response;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/FortressInterceptor.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/FortressInterceptor.java b/src/main/java/org/openldap/enmasse/FortressInterceptor.java
deleted file mode 100644
index f5bcc51..0000000
--- a/src/main/java/org/openldap/enmasse/FortressInterceptor.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 2011-2014, JoshuaTree. All Rights Reserved.
- */
-package org.openldap.enmasse;
-
-import java.lang.annotation.Annotation;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.util.ClassHelper;
-import org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor;
-
-
-/**
- * Security Utility for EnMasse Server.
- *
- * @author Shawn McKinney
- */
-public class FortressInterceptor extends SimpleAuthorizingInterceptor
-{
- private static final String CLS_NM = FortressInterceptor.class.getName();
- private static final org.apache.log4j.Logger log = org.apache.log4j.Logger.getLogger(CLS_NM);
-
- private static final String DEFAULT_ANNOTATION_CLASS_NAME = "javax.annotation.security.RolesAllowed";
- private static final Set<String> SKIP_METHODS;
-
- static
- {
- SKIP_METHODS = new HashSet<String>();
- SKIP_METHODS.addAll(Arrays.asList(
- new String[]{"wait", "notify", "notifyAll",
- "equals", "toString", "hashCode"}));
- }
-
- private String annotationClassName = DEFAULT_ANNOTATION_CLASS_NAME;
-
- /**
- *
- * @param name
- */
- public void setAnnotationClassName(String name)
- {
- try
- {
- log.info(CLS_NM + ".setAnnotationClassName:" + name);
- ClassLoaderUtils.loadClass(name, FortressInterceptor.class);
- annotationClassName = name;
- }
- catch (ClassNotFoundException ex)
- {
- String warning = CLS_NM + ".setAnnotationClassName caught ClassNotFoundException-" + ex;
- log.info((warning));
- }
- }
-
- /**
- *
- * @param object
- */
- public void setSecuredObject(Object object)
- {
- log.info(CLS_NM + ".setSecuredObject:" + object);
- Class<?> cls = ClassHelper.getRealClass(object);
- Map<String, String> rolesMap = new HashMap<String, String>();
- findRoles(cls, rolesMap);
- if (rolesMap.isEmpty())
- {
- log.info(CLS_NM + ".setSecuredObject The roles map is empty, the service object is not protected");
- }
- else if (log.isDebugEnabled())
- {
- for (Map.Entry<String, String> entry : rolesMap.entrySet())
- {
- log.debug(CLS_NM + ".setSecuredObject Method: " + entry.getKey() + ", roles: " + entry.getValue());
- }
- }
- super.setMethodRolesMap(rolesMap);
- }
-
- /**
- *
- * @param cls
- * @param rolesMap
- */
- protected void findRoles(Class<?> cls, Map<String, String> rolesMap)
- {
- log.info(CLS_NM + ".findRoles:" + rolesMap);
- if (cls == null || cls == Object.class)
- {
- return;
- }
- String classRolesAllowed = getRoles(cls.getAnnotations(), annotationClassName);
- for (Method m : cls.getMethods())
- {
- if (SKIP_METHODS.contains(m.getName()))
- {
- continue;
- }
- String methodRolesAllowed = getRoles(m.getAnnotations(), annotationClassName);
- String theRoles = methodRolesAllowed != null ? methodRolesAllowed : classRolesAllowed;
- if (theRoles != null)
- {
- rolesMap.put(m.getName(), theRoles);
- }
- }
- if (!rolesMap.isEmpty())
- {
- return;
- }
-
- findRoles(cls.getSuperclass(), rolesMap);
-
- if (!rolesMap.isEmpty())
- {
- return;
- }
-
- for (Class<?> interfaceCls : cls.getInterfaces())
- {
- findRoles(interfaceCls, rolesMap);
- }
- }
-
- /**
- *
- * @param anns
- * @param annName
- * @return String roles
- */
- private String getRoles(Annotation[] anns, String annName)
- {
- log.debug(CLS_NM + ".getRoles:" + annName);
- for (Annotation ann : anns)
- {
- if (ann.annotationType().getName().equals(annName))
- {
- try
- {
- Method valueMethod = ann.annotationType().getMethod("value", new Class[]{});
- String[] roles = (String[]) valueMethod.invoke(ann, new Object[]{});
- StringBuilder sb = new StringBuilder();
- for (int i = 0; i < roles.length; i++)
- {
- sb.append(roles[i]);
- if (i + 1 < roles.length)
- {
- sb.append(" ");
- }
- }
- return sb.toString();
- }
- catch (java.lang.NoSuchMethodException ex)
- {
- log.info(CLS_NM + ".getRoles annName=" + annName + ", caught NoSuchMethodException=" + ex);
- }
- catch (java.lang.IllegalAccessException ex)
- {
- log.info(CLS_NM + ".getRoles annName=" + annName + ", caught IllegalAccessException=" + ex);
- }
- catch (InvocationTargetException ex)
- {
- log.info(CLS_NM + ".getRoles annName=" + annName + ", caught InvocationTargetException=" + ex);
- }
- break;
- }
- }
- return null;
- }
-}
-
[09/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/FortressService.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressService.java b/src/main/java/org/apache/directory/fortress/rest/FortressService.java
new file mode 100644
index 0000000..b858f2e
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressService.java
@@ -0,0 +1,3421 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+
+/**
+ * Interface for EnMasse Service methods.
+ *
+ * @author Shawn McKinney
+ */
+public interface FortressService
+{
+ // AdminMgr
+
+ /**
+ * This command creates a new RBAC user. The command is valid only if the new user is
+ * not already a member of the USERS data set. The USER data set is updated. The new user
+ * does not own any session at the time of its creation.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+ * </ul>
+ * <h5>User optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addUser(FortRequest request);
+
+ /**
+ * This command deletes an existing user from the RBAC database. The command is valid
+ * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+ * UA data sets and the assigned_users function are updated.
+ * This method performs a "hard" delete. It completely removes all data associated with this user from the directory.
+ * User entity must exist in directory prior to making this call else exception will be thrown.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse deleteUser(FortRequest request);
+
+ /**
+ * This command deletes an existing user from the RBAC database. The command is valid
+ * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+ * UA data sets and the assigned_users function are updated.
+ * Method performs a "soft" delete. It performs the following:
+ * - sets the user status to "deleted"
+ * - deassigns all roles from the user
+ * - locks the user's password in LDAP
+ * - revokes all perms that have been granted to user entity.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse disableUser(FortRequest request);
+
+ /**
+ * This method performs an update on User entity in directory. Prior to making this call the entity must exist in
+ * directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * <h5>User optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse updateUser(FortRequest request);
+
+ /**
+ * Method will change user's password. This method will evaluate user's password policies.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - contains the User's old password</li>
+ * <li>newPassword - contains the User's new password</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse changePassword(FortRequest request);
+
+ /**
+ * Method will lock user's password which will prevent the user from authenticating with directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse lockUserAccount(FortRequest request);
+
+ /**
+ * Method will unlock user's password which will enable user to authenticate with directory.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse unlockUserAccount(FortRequest request);
+
+ /**
+ * Method will reset user's password which will require user to change password before successful authentication with directory.
+ * This method will not evaluate password policies on the new user password as it must be changed before use.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+ * <h5>User required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+ * <li>newPassword - contains the User's new password</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse resetPassword(FortRequest request);
+
+ /**
+ * This command creates a new role. The command is valid if and only if the new role is not
+ * already a member of the ROLES data set. The ROLES data set is updated.
+ * Initially, no user or permission is assigned to the new role.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be created.</li>
+ * </ul>
+ * </ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addRole(FortRequest request);
+
+ /**
+ * This command deletes an existing role from the RBAC database. The command is valid
+ * if and only if the role to be deleted is a member of the ROLES data set. This command will
+ * also deassign role from all users.
+ * <p/>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
+ * </ul>
+ * <ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse deleteRole(FortRequest request);
+
+ /**
+ * Method will update a Role entity in the directory. The role must exist in role container prior to this call. *
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+ * <h4>Role required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
+ * </ul>
+ * <h4>Role optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse updateRole(FortRequest request);
+
+ /**
+ * This command assigns a user to a role.
+ * <p>
+ * <ul>
+ * <li> The command is valid if and only if:
+ * <li> The user is a member of the USERS data set
+ * <li> The role is a member of the ROLES data set
+ * <li> The user is not already assigned to the role
+ * <li> The SSD constraints are satisfied after assignment.
+ * </ul>
+ * </p>
+ * <p>
+ * Successful completion of this op, the following occurs:
+ * </p>
+ * <ul>
+ * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
+ * <li> Role entity (resides in role container) has userId added as role occupant.
+ * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
+ * <ul>
+ * <li> timeout - number in seconds of session inactivity time allowed.
+ * <li> beginDate - YYYYMMDD - determines date when role may be activated.
+ * <li> endDate - YYMMDD - indicates latest date role may be activated.
+ * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
+ * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
+ * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
+ * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
+ * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
+ * </ul>
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+ * <h5>UserRole required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>UserRole optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse assignUser(FortRequest request);
+
+ /**
+ * This command deletes the assignment of the User from the Role entities. The command is
+ * valid if and only if the user is a member of the USERS data set, the role is a member of
+ * the ROLES data set, and the user is assigned to the role.
+ * Any sessions that currently have this role activated will not be effected.
+ * Successful completion includes:
+ * User entity in USER data set has role assignment removed.
+ * Role entity in ROLE data set has userId removed as role occupant.
+ * (optional) Temporal constraints will be removed from user aux object if set prior to call.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+ * <h5>UserRole required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse deassignUser(FortRequest request);
+
+ /**
+ * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+ * The perm operation entity may have {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations. The target {@link org.apache.directory.fortress.core.rbac.Permission} must not exist prior to calling.
+ * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission add</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being added</li>
+ * </ul>
+ * <h5>Permission optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addPermission(FortRequest request);
+
+ /**
+ * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+ * The perm operation entity may also contain {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations to add or remove using this function.
+ * The perm operation must exist before making this call. Only non-null attributes will be updated.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
+ * </ul>
+ * <h5>Permission optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse updatePermission(FortRequest request);
+
+ /**
+ * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
+ * The perm operation must exist before making this call.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+ * <h5>Permission required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission removal</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse deletePermission(FortRequest request);
+
+ /**
+ * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
+ * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of new object being added</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+ * </ul>
+ * <h5>PermObj optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addPermObj(FortRequest request);
+
+ /**
+ * This method will update permission object in perms container in directory. The perm object must exist before making this call.
+ * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of new object being updated</li>
+ * </ul>
+ * <h5>PermObj optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse updatePermObj(FortRequest request);
+
+ /**
+ * This method will remove permission object to perms container in directory. This method will also remove
+ * in associated permission objects that are attached to this object.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>PermObj required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of new object being removed</li>
+ * </ul>
+ * </ul>
+ * <h5>optional parameters</h5>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse deletePermObj(FortRequest request);
+
+ /**
+ * This command grants a role the permission to perform an operation on an object to a role.
+ * The command is implemented by granting permission by setting the access control list of
+ * the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * and the role is a member of the ROLES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse grant(FortRequest request);
+
+ /**
+ * This command revokes the permission to perform an operation on an object from the set
+ * of permissions assigned to a role. The command is implemented by setting the access control
+ * list of the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * the role is a member of the ROLES data set, and the permission is assigned to that role.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse revoke(FortRequest request);
+
+ /**
+ * This command grants a user the permission to perform an operation on an object to a role.
+ * The command is implemented by granting permission by setting the access control list of
+ * the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * and the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse grantUser(FortRequest request);
+
+ /**
+ * This command revokes the permission to perform an operation on an object from the set
+ * of permissions assigned to a user. The command is implemented by setting the access control
+ * list of the object involved.
+ * The command is valid if and only if the pair (operation, object) represents a permission,
+ * the user is a member of the USERS data set, and the permission is assigned to that user.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+ * <h5>PermGrant required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+ * </ul>
+ * <h5>PermGrant optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse revokeUser(FortRequest request);
+
+ /**
+ * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
+ * the existing role parentRole.
+ * <p>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The childRole is not a member of the ROLES data set.
+ * <li> The parentRole is a member of the ROLES data set.
+ * </ul>
+ * </p>
+ * <p> This method:
+ * <ul>
+ * <li> Adds new role.
+ * <li> Assigns role relationship between new childRole and pre-existing parentRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
+ * </ul>
+ * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#child}</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addDescendant(FortRequest request);
+
+ /**
+ * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
+ * the existing role childRole.
+ * <p>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The parentRole is not a member of the ROLES data set.
+ * <li> The childRole is a member of the ROLES data set.
+ * </ul>
+ * </p>
+ * <p> This method:
+ * <ul>
+ * <li> Adds new role.
+ * <li> Assigns role relationship between new parentRole and pre-existing childRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>childRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
+ * <li>parentRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
+ * </ul>
+ * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#parent}</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addAscendant(FortRequest request);
+
+ /**
+ * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
+ * roles parentRole, childRole.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The parentRole and childRole are members of the ROLES data set.
+ * <li> The parentRole is not an immediate ascendant of childRole.
+ * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse addInheritance(FortRequest request);
+
+ /**
+ * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The roles parentRole and childRole are members of the ROLES data set.
+ * <li> The parentRole is an immediate ascendant of childRole.
+ * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
+ * relation resulted after deleting the relationship parentRole <<-- childRole.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+ * <h5>RoleRelationship required parameters</h5>
+ * <ul>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
+ * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}
+ */
+ public FortResponse deleteInheritance(FortRequest request);
+
+ /**
+ * This command creates a named SSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the SSD set is not already in use.
+ * <li> All the roles in the SSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+ * <li> The SSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse createSsdSet(FortRequest request);
+
+ /**
+ * This command updates existing SSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the SSD set exists in directory.
+ * <li> All the roles in the SSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+ * <li> The SSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse updateSsdSet(FortRequest request);
+
+ /**
+ * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
+ * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse addSsdRoleMember(FortRequest request);
+
+ /**
+ * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The role to be removed is a member of the SSD role set.
+ * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
+ * </ul>
+ * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse deleteSsdRoleMember(FortRequest request);
+
+ /**
+ * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse deleteSsdSet(FortRequest request);
+
+ /**
+ * This command sets the cardinality associated with a given SSD role set.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The SSD role set exists.
+ * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
+ * <li> The SSD constraint is satisfied after setting the new cardinality.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse setSsdSetCardinality(FortRequest request);
+
+ /**
+ * This command creates a named DSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the DSD set is not already in use.
+ * <li> All the roles in the DSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+ * <li> The DSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse createDsdSet(FortRequest request);
+
+ /**
+ * This command updates existing DSD set of roles and sets the cardinality n of its subsets
+ * that cannot have common users.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li>The name of the DSD set exists in directory.
+ * <li> All the roles in the DSD set are members of the ROLES data set.
+ * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+ * <li> The DSD constraint for the new role set is satisfied.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+ * </ul>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse updateDsdSet(FortRequest request);
+
+ /**
+ * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
+ * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse addDsdRoleMember(FortRequest request);
+
+ /**
+ * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The role to be removed is a member of the DSD role set.
+ * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
+ * </ul>
+ * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse deleteDsdRoleMember(FortRequest request);
+
+ /**
+ * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse deleteDsdSet(FortRequest request);
+
+ /**
+ * This command sets the cardinality associated with a given DSD role set.
+ * <p/>
+ * The command is valid if and only if:
+ * <ul>
+ * <li> The DSD role set exists.
+ * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
+ * <li> The DSD constraint is satisfied after setting the new cardinality.
+ * </ul>
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+ */
+ public FortResponse setDsdSetCardinality(FortRequest request);
+
+ // ReviewMgr
+
+ /**
+ * This method returns a matching permission entity to caller.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission}
+ */
+ public FortResponse readPermission(FortRequest request);
+
+ /**
+ * Method reads permission object from perm container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of existing object being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj}
+ */
+ public FortResponse readPermObj(FortRequest request);
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains one or more characters of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Permission}
+ */
+ public FortResponse findPermissions(FortRequest request);
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains one or more characters of existing object being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.PermObj}
+ */
+ public FortResponse findPermObjs(FortRequest request);
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to read.</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Role}
+ */
+ public FortResponse readRole(FortRequest request);
+
+ /**
+ * Method will return a list of type Role matching all or part of {@link org.apache.directory.fortress.core.rbac.Role#name}.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#value} - contains all or some of the chars corresponding to role entities stored in directory.</li>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Role}
+ */
+ public FortResponse findRoles(FortRequest request);
+
+ /**
+ * Method returns matching User entity that is contained within the people container in the directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.User} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for read.</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.User}
+ */
+ public FortResponse readUser(FortRequest request);
+
+ /**
+ * Return a list of type User of all users in the people container that match all or part of the {@link org.apache.directory.fortress.core.rbac.User#userId} or {@link org.apache.directory.fortress.core.rbac.User#ou} fields passed in User entity.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.User} optional parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains one or more characters of org unit associated with existing object(s) being targeted</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.User}
+ */
+ public FortResponse findUsers(FortRequest request);
+
+ /**
+ * This method returns the data set of all users who are assigned the given role. This searches the User data set for
+ * Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.User}
+ */
+ public FortResponse assignedUsers(FortRequest request);
+
+ /**
+ * This function returns the set of roles assigned to a given user. The function is valid if and
+ * only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.User} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.UserRole}
+ */
+ public FortResponse assignedRoles(FortRequest request);
+
+ /**
+ * This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that
+ * inherits the given role. The function is valid if and only if the given role is a member of the ROLES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.User}
+ */
+ public FortResponse authorizedUsers(FortRequest request);
+
+ /**
+ * This function returns the set of roles authorized for a given user. The function is valid if
+ * and only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.User} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing the User's authorized role names.
+ */
+ public FortResponse authorizedRoles(FortRequest request);
+
+ /**
+ * Return a list of type String of all roles that have granted a particular permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+ * </ul>
+ *
+ * @param request contains a reference to {@code FortRequest}
+ * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing role names that permission has been granted to.
+ */
+ public FortResponse permissionRoles(FortRequest request);
+
+ /**
+ * This function returns the set of all permissions (op, obj), granted to or inherited by a
+ * given role. The function is valid if and only if the role is a member of the ROLES data
+ * set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+ * <h5>{@link org.apache.directory.fortress.core.rbac.Role} requ
<TRUNCATED>
[05/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
Posted by sm...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/FortressService.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/FortressService.java b/src/main/java/org/openldap/enmasse/FortressService.java
deleted file mode 100644
index 1e5d01b..0000000
--- a/src/main/java/org/openldap/enmasse/FortressService.java
+++ /dev/null
@@ -1,3416 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-
-/**
- * Interface for EnMasse Service methods.
- *
- * @author Shawn McKinney
- */
-public interface FortressService
-{
- // AdminMgr
-
- /**
- * This command creates a new RBAC user. The command is valid only if the new user is
- * not already a member of the USERS data set. The USER data set is updated. The new user
- * does not own any session at the time of its creation.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>{@link org.openldap.fortress.rbac.User#password} - used to authenticate the User</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains the name of an already existing User OU node</li>
- * </ul>
- * <h5>User optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
- * <li>{@link org.openldap.fortress.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#description} - maps to INetOrgPerson description attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
- * <li>{@link org.openldap.fortress.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
- * <li>{@link org.openldap.fortress.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
- * <li>{@link org.openldap.fortress.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addUser(FortRequest request);
-
- /**
- * This command deletes an existing user from the RBAC database. The command is valid
- * if and only if the user to be deleted is a member of the USERS data set. The USERS and
- * UA data sets and the assigned_users function are updated.
- * This method performs a "hard" delete. It completely removes all data associated with this user from the directory.
- * User entity must exist in directory prior to making this call else exception will be thrown.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse deleteUser(FortRequest request);
-
- /**
- * This command deletes an existing user from the RBAC database. The command is valid
- * if and only if the user to be deleted is a member of the USERS data set. The USERS and
- * UA data sets and the assigned_users function are updated.
- * Method performs a "soft" delete. It performs the following:
- * - sets the user status to "deleted"
- * - deassigns all roles from the user
- * - locks the user's password in LDAP
- * - revokes all perms that have been granted to user entity.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse disableUser(FortRequest request);
-
- /**
- * This method performs an update on User entity in directory. Prior to making this call the entity must exist in
- * directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * <h5>User optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#password} - used to authenticate the User</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains the name of an already existing User OU node</li>
- * <li>{@link org.openldap.fortress.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
- * <li>{@link org.openldap.fortress.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#description} - maps to INetOrgPerson description attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
- * <li>{@link org.openldap.fortress.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
- * <li>{@link org.openldap.fortress.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
- * <li>{@link org.openldap.fortress.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse updateUser(FortRequest request);
-
- /**
- * Method will change user's password. This method will evaluate user's password policies.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>{@link org.openldap.fortress.rbac.User#password} - contains the User's old password</li>
- * <li>newPassword - contains the User's new password</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse changePassword(FortRequest request);
-
- /**
- * Method will lock user's password which will prevent the user from authenticating with directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse lockUserAccount(FortRequest request);
-
- /**
- * Method will unlock user's password which will enable user to authenticate with directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse unlockUserAccount(FortRequest request);
-
- /**
- * Method will reset user's password which will require user to change password before successful authentication with directory.
- * This method will not evaluate password policies on the new user password as it must be changed before use.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>newPassword - contains the User's new password</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse resetPassword(FortRequest request);
-
- /**
- * This command creates a new role. The command is valid if and only if the new role is not
- * already a member of the ROLES data set. The ROLES data set is updated.
- * Initially, no user or permission is assigned to the new role.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be created.</li>
- * </ul>
- * </ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addRole(FortRequest request);
-
- /**
- * This command deletes an existing role from the RBAC database. The command is valid
- * if and only if the role to be deleted is a member of the ROLES data set. This command will
- * also deassign role from all users.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
- * </ul>
- * <ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse deleteRole(FortRequest request);
-
- /**
- * Method will update a Role entity in the directory. The role must exist in role container prior to this call. *
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
- * </ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse updateRole(FortRequest request);
-
- /**
- * This command assigns a user to a role.
- * <p>
- * <ul>
- * <li> The command is valid if and only if:
- * <li> The user is a member of the USERS data set
- * <li> The role is a member of the ROLES data set
- * <li> The user is not already assigned to the role
- * <li> The SSD constraints are satisfied after assignment.
- * </ul>
- * </p>
- * <p>
- * Successful completion of this op, the following occurs:
- * </p>
- * <ul>
- * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
- * <li> Role entity (resides in role container) has userId added as role occupant.
- * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
- * <ul>
- * <li> timeout - number in seconds of session inactivity time allowed.
- * <li> beginDate - YYYYMMDD - determines date when role may be activated.
- * <li> endDate - YYMMDD - indicates latest date role may be activated.
- * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
- * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
- * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
- * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
- * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
- * </ul>
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.UserRole} object</li>
- * <h5>UserRole required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>UserRole optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse assignUser(FortRequest request);
-
- /**
- * This command deletes the assignment of the User from the Role entities. The command is
- * valid if and only if the user is a member of the USERS data set, the role is a member of
- * the ROLES data set, and the user is assigned to the role.
- * Any sessions that currently have this role activated will not be effected.
- * Successful completion includes:
- * User entity in USER data set has role assignment removed.
- * Role entity in ROLE data set has userId removed as role occupant.
- * (optional) Temporal constraints will be removed from user aux object if set prior to call.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.UserRole} object</li>
- * <h5>UserRole required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#userId} - contains the userId for existing User</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse deassignUser(FortRequest request);
-
- /**
- * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
- * The perm operation entity may have {@link org.openldap.fortress.rbac.Role} or {@link org.openldap.fortress.rbac.User} associations. The target {@link org.openldap.fortress.rbac.Permission} must not exist prior to calling.
- * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission add</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being added</li>
- * </ul>
- * <h5>Permission optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#type} - any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addPermission(FortRequest request);
-
- /**
- * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
- * The perm operation entity may also contain {@link org.openldap.fortress.rbac.Role} or {@link org.openldap.fortress.rbac.User} associations to add or remove using this function.
- * The perm operation must exist before making this call. Only non-null attributes will be updated.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission update</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
- * </ul>
- * <h5>Permission optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#type} - any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse updatePermission(FortRequest request);
-
- /**
- * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
- * The perm operation must exist before making this call.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission removal</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse deletePermission(FortRequest request);
-
- /**
- * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
- * A {@link org.openldap.fortress.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being added</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
- * </ul>
- * <h5>PermObj optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#description} - any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#type} - contains any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addPermObj(FortRequest request);
-
- /**
- * This method will update permission object in perms container in directory. The perm object must exist before making this call.
- * A {@link org.openldap.fortress.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being updated</li>
- * </ul>
- * <h5>PermObj optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#description} - any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#type} - contains any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse updatePermObj(FortRequest request);
-
- /**
- * This method will remove permission object to perms container in directory. This method will also remove
- * in associated permission objects that are attached to this object.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being removed</li>
- * </ul>
- * </ul>
- * <h5>optional parameters</h5>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse deletePermObj(FortRequest request);
-
- /**
- * This command grants a role the permission to perform an operation on an object to a role.
- * The command is implemented by granting permission by setting the access control list of
- * the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * and the role is a member of the ROLES data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#roleNm} - contains the role name</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse grant(FortRequest request);
-
- /**
- * This command revokes the permission to perform an operation on an object from the set
- * of permissions assigned to a role. The command is implemented by setting the access control
- * list of the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * the role is a member of the ROLES data set, and the permission is assigned to that role.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#roleNm} - contains the role name</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse revoke(FortRequest request);
-
- /**
- * This command grants a user the permission to perform an operation on an object to a role.
- * The command is implemented by granting permission by setting the access control list of
- * the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * and the user is a member of the USERS data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse grantUser(FortRequest request);
-
- /**
- * This command revokes the permission to perform an operation on an object from the set
- * of permissions assigned to a user. The command is implemented by setting the access control
- * list of the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * the user is a member of the USERS data set, and the permission is assigned to that user.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse revokeUser(FortRequest request);
-
- /**
- * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
- * the existing role parentRole.
- * <p>
- * The command is valid if and only if:
- * <ul>
- * <li> The childRole is not a member of the ROLES data set.
- * <li> The parentRole is a member of the ROLES data set.
- * </ul>
- * </p>
- * <p> This method:
- * <ul>
- * <li> Adds new role.
- * <li> Assigns role relationship between new childRole and pre-existing parentRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
- * </ul>
- * <h5>optional parameters {@link org.openldap.fortress.rbac.RoleRelationship#child}</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addDescendant(FortRequest request);
-
- /**
- * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
- * the existing role childRole.
- * <p>
- * The command is valid if and only if:
- * <ul>
- * <li> The parentRole is not a member of the ROLES data set.
- * <li> The childRole is a member of the ROLES data set.
- * </ul>
- * </p>
- * <p> This method:
- * <ul>
- * <li> Adds new role.
- * <li> Assigns role relationship between new parentRole and pre-existing childRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>childRole - {@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
- * <li>parentRole - {@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
- * </ul>
- * <h5>optional parameters {@link org.openldap.fortress.rbac.RoleRelationship#parent}</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addAscendant(FortRequest request);
-
- /**
- * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
- * roles parentRole, childRole.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The parentRole and childRole are members of the ROLES data set.
- * <li> The parentRole is not an immediate ascendant of childRole.
- * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse addInheritance(FortRequest request);
-
- /**
- * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The roles parentRole and childRole are members of the ROLES data set.
- * <li> The parentRole is an immediate ascendant of childRole.
- * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
- * relation resulted after deleting the relationship parentRole <<-- childRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- public FortResponse deleteInheritance(FortRequest request);
-
- /**
- * This command creates a named SSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the SSD set is not already in use.
- * <li> All the roles in the SSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- * <li> The SSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse createSsdSet(FortRequest request);
-
- /**
- * This command updates existing SSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the SSD set exists in directory.
- * <li> All the roles in the SSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- * <li> The SSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse updateSsdSet(FortRequest request);
-
- /**
- * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
- * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse addSsdRoleMember(FortRequest request);
-
- /**
- * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The role to be removed is a member of the SSD role set.
- * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
- * </ul>
- * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse deleteSsdRoleMember(FortRequest request);
-
- /**
- * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse deleteSsdSet(FortRequest request);
-
- /**
- * This command sets the cardinality associated with a given SSD role set.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
- * <li> The SSD constraint is satisfied after setting the new cardinality.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse setSsdSetCardinality(FortRequest request);
-
- /**
- * This command creates a named DSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the DSD set is not already in use.
- * <li> All the roles in the DSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
- * <li> The DSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse createDsdSet(FortRequest request);
-
- /**
- * This command updates existing DSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the DSD set exists in directory.
- * <li> All the roles in the DSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
- * <li> The DSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse updateDsdSet(FortRequest request);
-
- /**
- * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
- * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse addDsdRoleMember(FortRequest request);
-
- /**
- * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The role to be removed is a member of the DSD role set.
- * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
- * </ul>
- * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse deleteDsdRoleMember(FortRequest request);
-
- /**
- * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse deleteDsdSet(FortRequest request);
-
- /**
- * This command sets the cardinality associated with a given DSD role set.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
- * <li> The DSD constraint is satisfied after setting the new cardinality.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- public FortResponse setDsdSetCardinality(FortRequest request);
-
- // ReviewMgr
-
- /**
- * This method returns a matching permission entity to caller.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.Permission}
- */
- public FortResponse readPermission(FortRequest request);
-
- /**
- * Method reads permission object from perm container in directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.PermObj} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of existing object being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.PermObj}
- */
- public FortResponse readPermObj(FortRequest request);
-
- /**
- * Method returns a list of type Permission that match the perm object search string.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains one or more characters of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Permission}
- */
- public FortResponse findPermissions(FortRequest request);
-
- /**
- * Method returns a list of type Permission that match the perm object search string.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.PermObj} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains one or more characters of existing object being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.PermObj}
- */
- public FortResponse findPermObjs(FortRequest request);
-
- /**
- * Method reads Role entity from the role container in directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Role} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to read.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.Role}
- */
- public FortResponse readRole(FortRequest request);
-
- /**
- * Method will return a list of type Role matching all or part of {@link org.openldap.fortress.rbac.Role#name}.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains all or some of the chars corresponding to role entities stored in directory.</li>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Role}
- */
- public FortResponse findRoles(FortRequest request);
-
- /**
- * Method returns matching User entity that is contained within the people container in the directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains the userId associated with the User object targeted for read.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.User}
- */
- public FortResponse readUser(FortRequest request);
-
- /**
- * Return a list of type User of all users in the people container that match all or part of the {@link org.openldap.fortress.rbac.User#userId} or {@link org.openldap.fortress.rbac.User#ou} fields passed in User entity.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains one or more characters of org unit associated with existing object(s) being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.User}
- */
- public FortResponse findUsers(FortRequest request);
-
- /**
- * This method returns the data set of all users who are assigned the given role. This searches the User data set for
- * Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Role} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.User}
- */
- public FortResponse assignedUsers(FortRequest request);
-
- /**
- * This function returns the set of roles assigned to a given user. The function is valid if and
- * only if the user is a member of the USERS data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.UserRole}
- */
- public FortResponse assignedRoles(FortRequest request);
-
- /**
- * This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that
- * inherits the given role. The function is valid if and only if the given role is a member of the ROLES data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Role} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.User}
- */
- public FortResponse authorizedUsers(FortRequest request);
-
- /**
- * This function returns the set of roles authorized for a given user. The function is valid if
- * and only if the user is a member of the USERS data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing the User's authorized role names.
- */
- public FortResponse authorizedRoles(FortRequest request);
-
- /**
- * Return a list of type String of all roles that have granted a particular permission.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing role names that permission has been granted to.
- */
- public FortResponse permissionRoles(FortRequest request);
-
- /**
- * This function returns the set of all permissions (op, obj), granted to or inherited by a
- * given role. The function is valid if and only if the role is a member of the ROLES data
- * set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Role} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Permission} containing permissions for role.
- */
- public FortResponse rolePermissions(FortRequest request);
-
- /**
- * This function returns the set of permissions a given user gets through his/her authorized
- * roles. The function is valid if and only if the user is a member of the USERS data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Permission} containing permissions for user.
- */
- public FortResponse userPermissions(FortRequest request);
-
- /**
- * Return all role names that have been authorized for a given permission. This will process role hierarchies to determine set of all Roles who have access to a given permission.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing role names that permission has been granted to.
- */
- public FortResponse authorizedPermissionRoles(FortRequest request);
-
- /**
- * Return all userIds that have been granted (directly) a particular permission. This will not consider assigned or authorized Roles.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing userIds that permission has been granted to.
- */
- public FortResponse permissionUsers(FortRequest request);
-
- /*
<TRUNCATED>