You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/22 17:44:23 UTC
[04/51] [partial] Rename packages from org.openldap.fortress to
org.apache.directory.fortress.core. Change default suffix to org.apache.
Switch default ldap api from unbound to apache ldap.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
new file mode 100755
index 0000000..7c4f8db
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/rest/ReviewMgrRestImpl.java
@@ -0,0 +1,1446 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.rest;
+
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.ReviewMgr;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.Manageable;
+import org.apache.directory.fortress.core.rbac.OrgUnit;
+import org.apache.directory.fortress.core.rbac.PermObj;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.rbac.SDSet;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.UserRole;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
+/**
+ * This class performs administrative review functions on already provisioned Fortress RBAC entities using HTTP access to En Masse REST server.
+ * These APIs map directly to similar named APIs specified by ANSI and NIST RBAC models.
+ * Many of the java doc function descriptions found below were taken directly from ANSI INCITS 359-2004.
+ * The RBAC Functional specification describes administrative operations for the creation
+ * and maintenance of RBAC element sets and relations; administrative review functions for
+ * performing administrative queries; and system functions for creating and managing
+ * RBAC attributes on user sessions and making access control decisions.
+ * <p/>
+ * <hr>
+ * <h4>RBAC0 - Core</h4>
+ * Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions. API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
+ * <p/>
+ * <img src="../doc-files/RbacCore.png">
+ * <hr>
+ * <h4>RBAC1 - General Hierarchical Roles</h4>
+ * Simplifies role engineering tasks using inheritance of one or more parent roles.
+ * <p/>
+ * <img src="../doc-files/RbacHier.png">
+ * <hr>
+ * <h4>RBAC2 - Static Separation of Duty (SSD) Relations</h4>
+ * Enforce mutual membership exclusions across role assignments. Facilitate dual control policies by restricting which roles may be assigned to users in combination. SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
+ * <p/>
+ * <img src="../doc-files/RbacSSD.png">
+ * <hr>
+ * <h4>RBAC3 - Dynamic Separation of Duty (DSD) Relations</h4>
+ * Control allowed role combinations to be activated within an RBAC session. DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
+ * <p/>
+ * <img src="../doc-files/RbacDSD.png">
+ * <hr>
+ * <p/>
+ * This class is thread safe.
+ * <p/>
+ *
+ * @author Shawn McKinney
+ */
+public class ReviewMgrRestImpl extends Manageable implements ReviewMgr
+{
+ private static final String CLS_NM = ReviewMgrRestImpl.class.getName();
+
+ /**
+ * This method returns a matching permission entity to caller.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param permission must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return Permission entity that is loaded with data.
+ * @throws SecurityException if permission not found or system error occurs.
+ */
+ @Override
+ public Permission readPermission(Permission permission)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(permission, GlobalErrIds.PERM_OPERATION_NULL, CLS_NM + ".readPermission");
+ Permission retPerm;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(permission);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.PERM_READ);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retPerm = (Permission) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retPerm;
+ }
+
+ /**
+ * Method reads permission object from perm container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link PermObj#objName} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param permObj entity contains the {@link PermObj#objName} of target record.
+ * @return PermObj loaded with perm object data.
+ * @throws SecurityException is thrown if object not found or system error.
+ */
+ @Override
+ public PermObj readPermObj(PermObj permObj)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(permObj, GlobalErrIds.PERM_OBJECT_NULL, CLS_NM + ".readPermObj");
+ PermObj retObj;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(permObj);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.OBJ_READ);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retObj = (PermObj) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retObj;
+ }
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains one or more characters of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains one or more characters of existing permission operation</li>
+ * </ul>
+ *
+ * @param permission contains object and operation name search strings. Each contains 1 or more leading chars that correspond to object or op name.
+ * @return List of type Permission. Fortress permissions are object->operation mappings. The permissions may contain
+ * assigned user, role or group entities as well.
+ * @throws SecurityException thrown in the event of system error.
+ */
+ @Override
+ public List<Permission> findPermissions(Permission permission)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(permission, GlobalErrIds.PERM_OPERATION_NULL, CLS_NM + ".findPermissions");
+ List<Permission> retPerms;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(permission);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.PERM_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retPerms = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retPerms;
+ }
+
+ /**
+ * Method returns a list of type PermObj that match the perm object search string.
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link PermObj#objName} - contains one or more characters of existing object being targeted</li>
+ * </ul>
+ *
+ * @param permObj contains object name search string. The search val contains 1 or more leading chars that correspond to object name.
+ * @return List of type PermObj. Fortress permissions are object->operation mappings.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * thrown in the event of system error.
+ */
+ @Override
+ public List<PermObj> findPermObjs(PermObj permObj)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(permObj, GlobalErrIds.PERM_OBJECT_NULL, CLS_NM + ".findPermObjs");
+ List<PermObj> retObjs;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(permObj);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.OBJ_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retObjs = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retObjs;
+ }
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link OrgUnit#name} - contains one or more characters of org unit associated with existing object being targeted</li>
+ * </ul>
+ *
+ * @param ou contains org unit name {@link org.apache.directory.fortress.core.rbac.OrgUnit#name}. The search val contains the full name of matching ou in OS-P data set.
+ * @return List of type PermObj. Fortress permissions are object->operation mappings.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * thrown in the event of system error.
+ */
+ @Override
+ public List<PermObj> findPermObjs(OrgUnit ou)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(ou, GlobalErrIds.ORG_NULL_PERM, CLS_NM + ".findPermObjs");
+ List<PermObj> retObjs;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ PermObj inObj = new PermObj();
+ inObj.setOu(ou.getName());
+ request.setEntity(inObj);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.OBJ_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retObjs = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retObjs;
+ }
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role to read.</li>
+ * </ul>
+ *
+ * @param role contains role name, {@link Role#name}, to be read.
+ * @return Role entity that corresponds with role name.
+ * @throws SecurityException will be thrown if role not found or system error occurs.
+ */
+ @Override
+ public Role readRole(Role role)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".readRole");
+ Role retRole;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_READ);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retRole = (Role) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRole;
+ }
+
+ /**
+ * Method will return a list of type Role matching all or part of Role name, {@link Role#name}.
+ *
+ * @param searchVal contains all or some of the chars corresponding to role entities stored in directory.
+ * @return List of type Role containing role entities that match the search criteria.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of system error.
+ */
+ @Override
+ public List<Role> findRoles(String searchVal)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(searchVal, GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".findRoles");
+ List<Role> retRoles;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setValue(searchVal);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retRoles = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoles;
+ }
+
+ /**
+ * Method returns a list of roles of type String. This method can be limited by integer value that indicates max
+ * number of records that may be contained in the result set. This number can further limit global default but can
+ * not increase the max. This method is called by the Websphere Realm impl.
+ *
+ * @param searchVal contains all or some leading chars that correspond to roles stored in the role container in the directory.
+ * @param limit integer value specifies the max records that may be returned in the result set.
+ * @return List of type Role containing role entities that match the search criteria.
+ * @throws SecurityException in the event of system error.
+ */
+ @Override
+ public List<String> findRoles(String searchVal, int limit)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(searchVal, GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".findRoles");
+ List<String> retRoles;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setValue(searchVal);
+ request.setLimit(limit);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retRoles = response.getValues();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoles;
+ }
+
+ /**
+ * Method returns matching User entity that is contained within the people container in the directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for read.</li>
+ * </ul>
+ *
+ * @param user entity contains a value {@link User#userId} that matches record in the directory. userId is globally unique in
+ * people container.
+ * @return entity containing matching user data.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * if record not found or system error occurs.
+ */
+ @Override
+ public final User readUser(User user)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".readUser");
+ User retUser;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(user);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_READ);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUser = (User) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUser;
+ }
+
+
+ /**
+ * Return a list of type User of all users in the people container that match all or part of the {@link User#userId} field passed in User entity.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
+ * </ul>
+ *
+ * @param user contains all or some leading chars that match userIds stored in the directory.
+ * @return List of type User.
+ * @throws SecurityException In the event of system error.
+ */
+ @Override
+ public final List<User> findUsers(User user)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".findUsers");
+ List<User> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(user);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link OrgUnit#name} - contains one or more characters of org unit associated with existing object(s) being targeted</li>
+ * </ul>
+ *
+ * @param ou contains name of User OU, {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} that match ou attribute associated with User entity in the directory.
+ * @return List of type User.
+ * @throws SecurityException In the event of system error.
+ */
+ @Override
+ public List<User> findUsers(OrgUnit ou)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(ou, GlobalErrIds.ORG_NULL_USER, CLS_NM + ".findUsers");
+ List<User> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ User inUser = new User();
+ inUser.setOu(ou.getName());
+ request.setEntity(inUser);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * Return a list of type String of all users in the people container that match the userId field passed in User entity.
+ * This method is used by the Websphere realm component. The max number of returned users may be set by the integer limit arg.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for read.</li>
+ * <li>limit - max number of objects to return.</li>
+ * </ul>
+ *
+ * @param user contains all or some leading chars that correspond to users stored in the directory.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing matching userIds.
+ * @throws SecurityException in the event of system error.
+ */
+ @Override
+ public final List<String> findUsers(User user, int limit)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".findUsers");
+ List<String> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setLimit(limit);
+ request.setEntity(user);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_SEARCH);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getValues();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * This function returns the set of users assigned to a given role. The function is valid if and
+ * only if the role is a member of the ROLES data set.
+ * The max number of users returned is constrained by limit argument.
+ * This method is used by the Websphere realm component. This method does NOT use hierarchical rbac.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * <li>limit - max number of objects to return.</li>
+ * </ul>
+ *
+ * @param role Contains {@link Role#name} of Role entity assigned to user.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing userIds assigned to a particular role.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation or system error.
+ */
+ @Override
+ public List<String> assignedUsers(Role role, int limit)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".assignedUsers");
+ List<String> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setLimit(limit);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_ASGNED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getValues();
+ // do not return a null list to the caller:
+ if (retUsers == null)
+ {
+ retUsers = new ArrayList<>();
+ }
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * This method returns the data set of all users who are assigned the given role. This searches the User data set for
+ * Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role contains the role name, {@link Role#name} used to search the User data set.
+ * @return List of type User containing the users assigned data.
+ * @throws SecurityException If system error occurs.
+ */
+ @Override
+ public List<User> assignedUsers(Role role)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".assignedUsers");
+ List<User> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_ASGNED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * This function returns the set of roles assigned to a given user. The function is valid if and
+ * only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ *
+ * @param user contains {@link User#userId} matching User entity targeted in the directory.
+ * @return List of type UserRole containing the Roles assigned to User.
+ * @throws SecurityException If user not found or system error occurs.
+ */
+ @Override
+ public List<UserRole> assignedRoles(User user)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles");
+ List<UserRole> retUserRoles;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(user);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_ASGNED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUserRoles = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUserRoles;
+ }
+
+ /**
+ * This function returns the set of roles assigned to a given user. The function is valid if and
+ * only if the user is a member of the USERS data set.
+ *
+ * @param userId matches userId stored in the directory.
+ * @return List of type String containing the role names of all roles assigned to user.
+ * @throws SecurityException If user not found or system error occurs.
+ */
+ @Override
+ public List<String> assignedRoles(String userId)
+ throws SecurityException
+ {
+ VUtil.assertNotNullOrEmpty(userId, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles");
+ List<String> retUserRoles;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setValue(userId);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_ASGNED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUserRoles = response.getValues();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUserRoles;
+ }
+
+ /**
+ * This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that
+ * inherits the given role. The function is valid if and only if the given role is a member of the ROLES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role Contains role name, {@link Role#name} of Role entity assigned to User.
+ * @return List of type User containing all user's that having matching role assignment.
+ * @throws SecurityException In the event the role is not present in directory or system error occurs.
+ */
+ @Override
+ public List<User> authorizedUsers(Role role)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".authorizedUsers");
+ List<User> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_AUTHZED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getEntities();
+ if (retUsers == null)
+ {
+ retUsers = new ArrayList<>();
+ }
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * This function returns the set of roles authorized for a given user. The function is valid if
+ * and only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ *
+ * @param user contains the {@link User#userId} matching User entity stored in the directory.
+ * @return Set of type String containing the roles assigned and roles inherited.
+ * @throws SecurityException If user not found or system error occurs.
+ */
+ @Override
+ public Set<String> authorizedRoles(User user)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".authorizedRoles");
+ Set<String> retRoleNames = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(user);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_AUTHZED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ Set<String> tempNames = response.getValueSet();
+ // This is done to use a case insensitive TreeSet for returned names.
+ retRoleNames.addAll(tempNames);
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoleNames;
+ }
+
+ /**
+ * This function returns the set of all permissions (op, obj), granted to or inherited by a
+ * given role. The function is valid if and only if the role is a member of the ROLES data
+ * set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role contains role name, {@link Role#name} of Role entity Permission is granted to.
+ * @return List of type Permission that contains all perms granted to a role.
+ * @throws SecurityException In the event system error occurs.
+ */
+ @Override
+ public List<Permission> rolePermissions(Role role)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".rolePermissions");
+ List<Permission> retPerms;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.ROLE_PERMS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retPerms = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retPerms;
+ }
+
+ /**
+ * This function returns the set of permissions a given user gets through his/her authorized
+ * roles. The function is valid if and only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ *
+ * @param user contains the {@link User#userId} of User targeted for search.
+ * @return List of type Permission containing matching permission entities.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ *
+ */
+ @Override
+ public List<Permission> userPermissions(User user)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".userPermissions");
+ List<Permission> retPerms;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(user);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.USER_PERMS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retPerms = response.getEntities();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retPerms;
+ }
+
+ /**
+ * Return a list of type String of all roles that have granted a particular permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return List of type string containing the role names that have the matching perm granted.
+ * @throws SecurityException in the event permission not found or system error occurs.
+ */
+ @Override
+ public List<String> permissionRoles(Permission perm)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(perm, GlobalErrIds.PERM_OBJECT_NULL, CLS_NM + ".permissionRoles");
+ List<String> retRoleNames;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(perm);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.PERM_ROLES);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retRoleNames = response.getValues();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoleNames;
+ }
+
+ /**
+ * Return all role names that have been authorized for a given permission. This will process role hierarchies to determine set of all Roles who have access to a given permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return Set of type String containing all roles names that have been granted a particular permission.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of validation or system error.
+ */
+ @Override
+ public Set<String> authorizedPermissionRoles(Permission perm)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(perm, GlobalErrIds.PERM_OPERATION_NULL, CLS_NM + ".authorizedPermissionRoles");
+ Set<String> retRoleNames = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(perm);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.PERM_ROLES_AUTHZED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ Set<String> tempNames = response.getValueSet();
+ // This is done to use a case insensitive TreeSet for returned names.
+ retRoleNames.addAll(tempNames);
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoleNames;
+ }
+
+ /**
+ * Return all userIds that have been granted (directly) a particular permission. This will not consider assigned or authorized Roles.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return List of type String containing all userIds that have been granted a particular permission.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of validation or system error.
+ */
+ @Override
+ public List<String> permissionUsers(Permission perm)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(perm, GlobalErrIds.PERM_OPERATION_NULL, CLS_NM + ".permissionUsers");
+ List<String> retUsers;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(perm);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.PERM_USERS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retUsers = response.getValues();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUsers;
+ }
+
+ /**
+ * Return all userIds that have been authorized for a given permission. This will process role hierarchies to determine set of all Users who have access to a given permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return Set of type String containing all userIds that have been granted a particular permission.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of validation or system error.
+ */
+ @Override
+ public Set<String> authorizedPermissionUsers(Permission perm)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(perm, GlobalErrIds.PERM_OPERATION_NULL, CLS_NM + ".authorizedPermissionUsers");
+ Set<String> retUserIds = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(perm);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.PERM_USERS_AUTHZED);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ Set<String> tempNames = response.getValueSet();
+ // This is done to use a case insensitive TreeSet for returned names.
+ retUserIds.addAll(tempNames);
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retUserIds;
+ }
+
+ /**
+ * This function returns the list of all SSD role sets that have a particular Role as member or Role's
+ * parent as a member. If the Role parameter is left blank, function will return all SSD role sets.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role Will contain the role name, {@link Role#name}, for targeted SSD set or null to return all
+ * @return List containing all matching SSD's.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data or system error.
+ */
+ @Override
+ public List<SDSet> ssdRoleSets(Role role)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".ssdRoleSets");
+ List<SDSet> retSsdRoleSets;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.SSD_ROLE_SETS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retSsdRoleSets = response.getEntities();
+ if (retSsdRoleSets == null)
+ {
+ retSsdRoleSets = new ArrayList<>();
+ }
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retSsdRoleSets;
+ }
+
+ /**
+ * This function returns the SSD data set that matches a particular set name.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param set Will contain the name for existing SSD data set
+ * @return SDSet containing all attributes from matching SSD name.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data or system error.
+ */
+ @Override
+ public SDSet ssdRoleSet(SDSet set)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(set, GlobalErrIds.SSD_NULL, CLS_NM + ".ssdRoleSet");
+ SDSet retSet;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(set);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.SSD_READ);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retSet = (SDSet) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retSet;
+ }
+
+ /**
+ * This function returns the list of SSDs that match a given ssd name value.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param ssd contains the name for the SSD set targeted, {@link SDSet#name}.
+ * @return List containing all SSDSets that match a given SSDSet name.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public List<SDSet> ssdSets(SDSet ssd)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(ssd, GlobalErrIds.ROLE_NULL, CLS_NM + ".ssdSets");
+ List<SDSet> retSsdSets;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(ssd);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.SSD_SETS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retSsdSets = response.getEntities();
+ if (retSsdSets == null)
+ {
+ retSsdSets = new ArrayList<>();
+ }
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retSsdSets;
+ }
+
+ /**
+ * This function returns the set of roles of a SSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param ssd contains the name for the SSD set targeted.
+ * @return Map containing all Roles that are members of SSD data set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ @Override
+ public Set<String> ssdRoleSetRoles(SDSet ssd)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(ssd, GlobalErrIds.SSD_NULL, CLS_NM + ".ssdRoleSetRoles");
+ Set<String> retRoleNames = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(ssd);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.SSD_ROLES);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ Set<String> tempNames = response.getValueSet();
+ // This is done to use a case insensitive TreeSet for returned names.
+ retRoleNames.addAll(tempNames);
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoleNames;
+ }
+
+ /**
+ * This function returns the cardinality associated with a SSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param ssd contains the name of the SSD set targeted, {@link SDSet#name}.
+ * @return int value containing cardinality of SSD set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ @Override
+ public int ssdRoleSetCardinality(SDSet ssd)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(ssd, GlobalErrIds.SSD_NULL, CLS_NM + ".ssdRoleSetCardinality");
+ SDSet retSet;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(ssd);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.SSD_CARD);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retSet = (SDSet) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retSet.getCardinality();
+ }
+
+ /**
+ * This function returns the list of all dSD role sets that have a particular Role as member or Role's
+ * parent as a member. If the Role parameter is left blank, function will return all dSD role sets.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role Will contain the role name, {@link Role#name}, for targeted dSD set or null to return all
+ * @return List containing all matching dSD's.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data or system error.
+ */
+ @Override
+ public List<SDSet> dsdRoleSets(Role role)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".dsdRoleSets");
+ List<SDSet> retDsdRoleSets;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(role);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.DSD_ROLE_SETS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retDsdRoleSets = response.getEntities();
+ if (retDsdRoleSets == null)
+ {
+ retDsdRoleSets = new ArrayList<>();
+ }
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retDsdRoleSets;
+ }
+
+ /**
+ * This function returns the DSD data set that matches a particular set name.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param set Will contain the name for existing DSD data set, {@link SDSet#name}.
+ * @return SDSet containing all attributes from matching DSD name.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data or system error.
+ */
+ @Override
+ public SDSet dsdRoleSet(SDSet set)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(set, GlobalErrIds.DSD_NULL, CLS_NM + ".dsdRoleSet");
+ SDSet retSet;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(set);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.DSD_READ);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retSet = (SDSet) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retSet;
+ }
+
+ /**
+ * This function returns the list of DSDs that match a given dsd name value.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param dsd contains the name for the DSD set targeted, {@link SDSet#name}.
+ * @return List containing all DSDSets that match a given DSDSet name.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public List<SDSet> dsdSets(SDSet dsd)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(dsd, GlobalErrIds.ROLE_NULL, CLS_NM + ".dsdSets");
+ List<SDSet> retDsdSets;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(dsd);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.DSD_SETS);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retDsdSets = response.getEntities();
+ if (retDsdSets == null)
+ {
+ retDsdSets = new ArrayList<>();
+ }
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retDsdSets;
+ }
+
+ /**
+ * This function returns the set of roles of a DSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param dsd contains the name for the DSD set targeted, {@link SDSet#name}.
+ * @return List containing all Roles that are members of DSD data set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ @Override
+ public Set<String> dsdRoleSetRoles(SDSet dsd)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(dsd, GlobalErrIds.SSD_NULL, CLS_NM + ".dsdRoleSetRoles");
+ Set<String> retRoleNames = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(dsd);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.DSD_ROLES);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ Set<String> tempNames = response.getValueSet();
+ // This is done to use a case insensitive TreeSet for returned names.
+ retRoleNames.addAll(tempNames);
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retRoleNames;
+ }
+
+ /**
+ * This function returns the cardinality associated with a DSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param dsd contains the name of the DSD set targeted, {@link SDSet#name}.
+ * @return int value containing cardinality of DSD set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ @Override
+ public int dsdRoleSetCardinality(SDSet dsd)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(dsd, GlobalErrIds.DSD_NULL, CLS_NM + ".dsdRoleSetCardinality");
+ SDSet retSet;
+ FortRequest request = new FortRequest();
+ request.setContextId(this.contextId);
+ request.setEntity(dsd);
+ if (this.adminSess != null)
+ {
+ request.setSession(adminSess);
+ }
+ String szRequest = RestUtils.marshal(request);
+ String szResponse = RestUtils.post(szRequest, HttpIds.DSD_CARD);
+ FortResponse response = RestUtils.unmarshall(szResponse);
+ if (response.getErrorCode() == 0)
+ {
+ retSet = (SDSet) response.getEntity();
+ }
+ else
+ {
+ throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+ }
+ return retSet.getCardinality();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/rest/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/package.html b/src/main/java/org/apache/directory/fortress/core/rest/package.html
new file mode 100755
index 0000000..850a58c
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/rest/package.html
@@ -0,0 +1,43 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+-->
+<html>
+ <head>
+ <title>Package Documentation for org.apache.directory.fortress.rest</title>
+ </head>
+ <body>
+ <p>
+ This package uses <a href="http://hc.apache.org/">Commons HTTP</a> to provide HTTP functionality that is reused across several components in this package.
+ </p>
+ <p>
+ The <b>org.apache.directory.fortress.rest</b> package implements HTTP REST access to En Masse server for Fortress APIs
+ </p>
+ <h3>Fortress Manager APIs implemented in this package</h3>
+ <ol>
+ <li><a href="AccessMgrRestImpl.html">AccessMgrRestImpl</a> - This implements using REST runtime access control operations on objects that are provisioned <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li>
+ <li><a href="AdminMgrRestImpl.html">AdminMgrRestImpl</a> - This implements using REST administrative functions to provision Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities into the LDAP directory.</li>
+ <li><a href="AuditMgrRestImpl.html">AuditMgrRestImpl</a> - This implements using REST methods used to search OpenLDAP's slapd access log.</li>
+ <li><a href="DelegatedAccessMgrRestImpl.html">DelegatedAccessMgrRestImpl</a> - This implements using REST APIs for performing runtime delegated access control operations on objects that are provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that reside in LDAP directory.</li>
+ <li><a href="DelegatedAdminMgrRestImpl.html">DelegatedAdminMgrRestImpl</a> - This implements using REST the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.</li>
+ <li><a href="DelegatedReviewMgrRestImpl.html">DelegatedReviewMgrRestImpl</a> - This implements using REST the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that reside in LDAP directory.</li>
+ <li><a href="PswdPolicyMgr.html">PswdPolicyMgrRestImpl</a> - This implements using REST <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">IETF PW policy draft</a> and is used to perform administrative and review functions on the <a href="org/openldap/fortress/pwpolicy/PswdPolicy.html">PWPOLICIES</a> and <a href="org/openldap/fortress/rbac/User.html">USERS</a> data sets within Fortress.</li>
+ <li><a href="ReviewMgr.html">ReviewMgrRestImpl</a> - This implements using REST the administrative review functions on already provisioned Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li>
+ </ol>
+ </body>
+</html>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/util/LogUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/LogUtil.java b/src/main/java/org/apache/directory/fortress/core/util/LogUtil.java
new file mode 100755
index 0000000..402663a
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/util/LogUtil.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.util;
+
+import org.slf4j.LoggerFactory;
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+
+/**
+ * Contains a simple wrapper for log4j that is used by test utilities.
+ *
+ * @author Shawn McKinney
+ */
+public class LogUtil
+{
+ //final private static Logger log = Logger.getLogger(LogUtil.class.getName());
+ private static final org.slf4j.Logger LOG = LoggerFactory.getLogger( LogUtil.class.getName() );
+
+
+ /**
+ * Write a message out to the appropriate log level.
+ *
+ * @param msg Contains message to write out to log.
+ */
+ public static void logIt(String msg)
+ {
+ if(VUtil.isNotNullOrEmpty( getContext() ))
+ msg = getContext() + " " + msg;
+
+ if(LOG.isDebugEnabled())
+ {
+ LOG.debug( msg );
+ }
+ else if(LOG.isInfoEnabled())
+ {
+ LOG.info( msg );
+ }
+ else if(LOG.isWarnEnabled())
+ {
+ LOG.warn( msg );
+ }
+ else if(LOG.isErrorEnabled())
+ {
+ LOG.error( msg );
+ }
+ }
+
+ public static String getContext()
+ {
+ String contextId = null;
+ String tenant = System.getProperty( GlobalIds.TENANT );
+ if ( VUtil.isNotNullOrEmpty( tenant ) && !tenant.equals( "${tenant}" ) )
+ {
+ contextId = tenant;
+ }
+ return contextId;
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/util/Testable.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/Testable.java b/src/main/java/org/apache/directory/fortress/core/util/Testable.java
new file mode 100644
index 0000000..69d54f0
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/util/Testable.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.util;
+
+import org.apache.tools.ant.Task;
+
+/**
+ * Interface is extended by custom Ant tasks that require JUnit validation.
+ *
+ * @author Shawn McKinney
+ */
+public interface Testable
+{
+ public void execute( Task task );
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/util/attr/AttrHelper.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/attr/AttrHelper.java b/src/main/java/org/apache/directory/fortress/core/util/attr/AttrHelper.java
new file mode 100755
index 0000000..27ae3a7
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/util/attr/AttrHelper.java
@@ -0,0 +1,308 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.util.attr;
+
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.rbac.Administrator;
+import org.apache.directory.fortress.core.rbac.AuthZ;
+import org.apache.directory.fortress.core.rbac.Permission;
+
+import java.text.ParseException;
+import java.util.Date;
+import java.util.List;
+import java.util.StringTokenizer;
+import java.util.Properties;
+
+/**
+ * Class contains static utilities for various conversions of ldap data to application entity and back. These methods are called by the
+ * Fortress DAO's, i.e. {@link org.apache.directory.fortress.core.rbac.dao.UserDAO}.
+ * These are low-level data utilities and no validations are performed. These apis should not be called by outside programs.
+ * <p/>
+ * This class is thread safe.
+ * <p/>
+
+ * @author Shawn McKinney
+ */
+public class AttrHelper
+{
+
+
+ /**
+ * Perform copy on ARBAC attributes. This is used during assignment of {@link org.apache.directory.fortress.core.rbac.AdminRole} to {@link org.apache.directory.fortress.core.rbac.User}.
+ * This method does not perform input validations.
+ *
+ * @param srcR contains source attributes to copy.
+ * @param trgR contains the target reference.
+ */
+ public static void copyAdminAttrs(Administrator srcR, Administrator trgR)
+ {
+ trgR.setBeginInclusive(srcR.isBeginInclusive());
+ trgR.setEndInclusive(srcR.isEndInclusive());
+ trgR.setBeginRange(srcR.getBeginRange());
+ trgR.setEndRange(srcR.getEndRange());
+ // copy the user and perm pools:
+ trgR.setOsP(srcR.getOsP());
+ trgR.setOsU(srcR.getOsU());
+
+ }
+
+ /**
+ * Convert from a {@link java.util.List} of properties stored as name:value pairs to
+ * a {@link java.util.Properties}.
+ *
+ * @param propList contains a list of name-value pairs separated by a ':'.
+ * @return reference to a Properties collection.
+ */
+ public static Properties getProperties(List<String> propList)
+ {
+ return getProperties(propList, GlobalIds.PROP_SEP );
+ }
+
+ /**
+ * Convert from a {@link java.util.List} of properties stored as name:value pairs to
+ * a {@link java.util.Properties}.
+ *
+ * @param propList contains a list of name-value pairs separated by a ':'.
+ * @param separator contains char to be used to separate key and value.
+ * @return reference to a Properties collection.
+ */
+ public static Properties getProperties( List<String> propList, char separator )
+ {
+ Properties props = null;
+ if (propList != null && propList.size() > 0)
+ {
+ props = new Properties();
+ propList.size();
+ for (String raw : propList)
+ {
+
+ int indx = raw.indexOf(separator);
+ if (indx >= 1)
+ {
+ props.setProperty(raw.substring(0, indx), raw.substring(indx + 1));
+ }
+ }
+ }
+ return props;
+ }
+
+ /**
+ * Convert from a comma delimited list of name-value pairs separated by a ':'. Return the pros as {@link java.util.Properties}.
+ *
+ * @param inputString contains comma delimited list of properties.
+ * @return java collection class containing props.
+ */
+ public static Properties getProperties( String inputString )
+ {
+ return getProperties( inputString, GlobalIds.PROP_SEP );
+ }
+
+ /**
+ * Convert from a comma delimited list of name-value pairs separated by a ':'. Return the pros as {@link java.util.Properties}.
+ *
+ * @param inputString contains comma delimited list of properties.
+ * @param separator contains char to be used to separate key and value.
+ * @return java collection class containing props.
+ */
+ public static Properties getProperties( String inputString, char separator )
+ {
+ return getProperties( inputString, separator, GlobalIds.DELIMITER );
+ }
+
+ /**
+ * Convert from a comma delimited list of name-value pairs separated by a ':'. Return the pros as {@link java.util.Properties}.
+ *
+ * @param inputString contains comma delimited list of properties.
+ * @param separator contains char to be used to separate key and value.
+ * @param delimiter contains a single char specifying delimiter between properties.
+ * @return java collection class containing props.
+ */
+ public static Properties getProperties( String inputString, char separator, String delimiter )
+ {
+ Properties props = new Properties();
+ if (inputString != null && inputString.length() > 0)
+ {
+ StringTokenizer maxTkn = new StringTokenizer(inputString, delimiter);
+ if (maxTkn.countTokens() > 0)
+ {
+ while (maxTkn.hasMoreTokens())
+ {
+ String val = maxTkn.nextToken();
+ int indx = val.indexOf(separator);
+ if (indx >= 1)
+ {
+ String name = val.substring(0, indx).trim();
+ String value = val.substring(indx + 1).trim();
+ props.setProperty(name, value);
+ }
+ }
+ }
+ }
+ return props;
+ }
+
+ /**
+ * Parse a raw slapd access log format data string for userId.
+ *
+ * @param inputString raw slapd access log data.
+ * @return string containing userId.
+ */
+ public static String getAuthZId(String inputString)
+ {
+ //reqAuthzID <uid=fttu3user4,ou=people,dc=jts,dc=com>
+ String userId = null;
+ if (inputString != null && inputString.length() > 0)
+ {
+ StringTokenizer maxTkn = new StringTokenizer(inputString, ",");
+ if (maxTkn.countTokens() > 0)
+ {
+ String val = maxTkn.nextToken();
+ int indx = val.indexOf('=');
+ if (indx >= 1)
+ {
+ userId = val.substring(indx + 1);
+ }
+ }
+ }
+ return userId;
+ }
+
+
+ /**
+ * Convert from raw ldap generalized time format to {@link java.util.Date}. Use the UnboundID SDK, <a href="http://www.unboundid.com/products/ldap-sdk/">JGraphT</a>
+ * to decode the string.
+ *
+ * @param inputString containing raw ldap generalized time formatted string.
+ * @return converted to {@link java.util.Date}.
+ */
+ public static Date decodeGeneralizedTime(String inputString) throws ParseException
+ {
+ Date aDate;
+ aDate = com.unboundid.util.StaticUtils.decodeGeneralizedTime(inputString);
+ return aDate;
+ }
+
+
+ /**
+ * Convert from java date {@link java.util.Date} format to raw ldap generalized time format. Use the UnboundID SDK, <a href="http://www.unboundid.com/products/ldap-sdk/">JGraphT</a>
+ * to encode the string.
+ *
+ * @param date reference to standard java date.
+ * @return converted to standardized ldap generalized time format.
+ */
+ public static String encodeGeneralizedTime(Date date)
+ {
+ String szTime;
+ szTime = com.unboundid.util.StaticUtils.encodeGeneralizedTime(date);
+ return szTime;
+ }
+
+ /**
+ * Parse slapd access raw data to pull the permission name out.
+ *
+ * @param authZ raw data contained in Fortress audit entity.
+ * @return Permission contains {@link org.apache.directory.fortress.core.rbac.Permission#objName} and {@link org.apache.directory.fortress.core.rbac.Permission#opName}
+ */
+ public static Permission getAuthZPerm(AuthZ authZ)
+ {
+ int indx = 0;
+ //final int objectClass = 1;
+ final int oPNm = 2;
+ final int oBjNm = 3;
+ final int user = 4;
+ final int roles = 6;
+
+ // reqFilter
+ // <(&(objectClass=ftOperation)
+ // (ftOpNm=top1_10)(ftObjNm=tob2_4)
+ // (|(ftUsers=fttu3user4)
+ // (ftRoles=ftt3role1)
+ // (ftRoles=ftt3role2)
+ // (ftRoles=ftt3role3)
+ // (ftRoles=ftt3role4)
+ // (ftRoles=ftt3role5)
+ // (ftRoles=ftt3role6)
+ // (ftRoles=ftt3role7)
+ // (ftRoles=ftt3role8)
+ // (ftRoles=ftt3role9)
+ // (ftRoles=ftt3role10)))>
+
+ Permission pOp = new Permission();
+ if (authZ.getReqFilter() != null && authZ.getReqFilter().length() > 0)
+ {
+ StringTokenizer maxTkn = new StringTokenizer(authZ.getReqFilter(), "(");
+ //System.out.println("maxTken size=" + maxTkn.countTokens());
+ int numTokens = maxTkn.countTokens();
+ for (int i = 0; i < numTokens; i++)
+ {
+ String val = maxTkn.nextToken();
+ //System.out.println("token[" + i + "]=" + val);
+ switch (i)
+ {
+ //case objectClass:
+ // indx = val.indexOf('=');
+ // if (indx >= 1)
+ // {
+ // String value = val.substring(indx + 1, val.length() - 1);
+ // }
+ // break;
+
+ case oPNm:
+ indx = val.indexOf('=');
+ if (indx >= 1)
+ {
+ pOp.setOpName(val.substring(indx + 1, val.length() - 1));
+ }
+ break;
+
+ case oBjNm:
+ indx = val.indexOf('=');
+ if (indx >= 1)
+ {
+ pOp.setObjName( val.substring( indx + 1, val.length() - 1 ) );
+ }
+ break;
+
+ case user:
+ indx = val.indexOf('=');
+ if (indx >= 1)
+ {
+ pOp.setUser(val.substring(indx + 1, val.length() - 1));
+ }
+ break;
+
+ default:
+ int indx2 = 0;
+ if (i >= roles)
+ {
+ indx = val.indexOf('=');
+ indx2 = val.indexOf(')');
+ }
+ if (indx >= 1)
+ {
+ pOp.setRole(val.substring(indx + 1, indx2));
+ }
+ break;
+ }
+ }
+ }
+ return pOp;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/util/attr/RegExUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/attr/RegExUtil.java b/src/main/java/org/apache/directory/fortress/core/util/attr/RegExUtil.java
new file mode 100755
index 0000000..08d1f80
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/util/attr/RegExUtil.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.util.attr;
+
+import org.apache.directory.fortress.core.GlobalErrIds;
+
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.ValidationException;
+import org.apache.directory.fortress.core.cfg.Config;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Regular expression utilities to perform data validations on Fortress attributes. These utils use the standard
+ * java regular expression library.
+ *
+ * @author Shawn McKinney
+ */
+class RegExUtil
+{
+ private static final String CLS_NM = RegExUtil.class.getName();
+ private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
+ private static final String safeTextPatternStr = Config.getProperty( GlobalIds.REG_EX_SAFE_TEXT );
+
+ /**
+ * Perform safe text validation on character string.
+ *
+ * @param value Contains the string to check.
+ * @exception org.apache.directory.fortress.core.ValidationException In the event the data validation fails.
+ */
+ public static void safeText(String value)
+ throws ValidationException
+ {
+ if (safeTextPatternStr == null || safeTextPatternStr.compareTo("") == 0)
+ {
+ LOG.debug("safeText can't find safeText regular expression pattern. Check your Fortress cfg");
+ }
+ else
+ {
+ Pattern safeTextPattern = Pattern.compile(safeTextPatternStr);
+ Matcher safeTextMatcher = safeTextPattern.matcher(value);
+ if (!safeTextMatcher.find())
+ {
+ String error = "safeText has detected invalid value [" + value + "]";
+ throw new ValidationException(GlobalErrIds.CONST_INVLD_TEXT, error);
+ }
+ }
+ }
+}
\ No newline at end of file