You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/11/11 21:16:29 UTC
[5/5] directory-fortress-realm git commit: change package structure,
names, license, and pom improvements
change package structure, names, license, and pom improvements
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/commit/cdfe5ba7
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/tree/cdfe5ba7
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/diff/cdfe5ba7
Branch: refs/heads/master
Commit: cdfe5ba74b91e0208aedb35b8033a4fe3b493e24
Parents: 3d941e8
Author: Shawn <sm...@apache.org>
Authored: Tue Nov 11 14:16:03 2014 -0600
Committer: Shawn <sm...@apache.org>
Committed: Tue Nov 11 14:16:03 2014 -0600
----------------------------------------------------------------------
LICENSE.txt | 225 ++++++--
NOTICE.txt | 34 +-
TOMCAT-SETUP-NOTES.txt | 23 +-
build.properties | 2 +-
build.xml | 96 ++--
conf/fortress.properties | 37 ++
getIvy.xml | 26 +-
impl/pom.xml | 81 +++
.../directory/fortress/realm/J2eePolicyMgr.java | 322 +++++++++++
.../fortress/realm/J2eePolicyMgrFactory.java | 89 +++
.../fortress/realm/J2eePolicyMgrImpl.java | 575 +++++++++++++++++++
.../directory/fortress/realm/package.html | 27 +
.../realm/tomcat/TC7AccessMgrFascade.java | 238 ++++++++
.../fortress/realm/tomcat/TcAccessMgrImpl.java | 156 +++++
.../fortress/realm/tomcat/TcPrincipal.java | 146 +++++
ivy.xml | 35 +-
pom.xml | 418 +++++++++++++-
proxy/pom.xml | 78 +++
proxy/src/main/java/fortress-javadoc.css | 32 ++
.../realm/tomcat/Tc7AccessMgrProxy.java | 328 +++++++++++
.../fortress/realm/tomcat/TcAccessMgr.java | 60 ++
.../fortress/realm/tomcat/package.html | 348 +++++++++++
.../realm/util/ChildFirstUrlClassLoader.java | 125 ++++
.../directory/fortress/realm/util/CpUtil.java | 178 ++++++
.../directory/fortress/realm/util/package.html | 30 +
proxy/src/main/java/overview.html | 46 ++
src/main/assembly/distsrc.xml | 65 +++
src/main/java/Prod.iml | 14 -
src/main/java/fortress-javadoc.css | 32 --
.../impl/org/openldap/sentry/J2eePolicyMgr.java | 318 ----------
.../openldap/sentry/J2eePolicyMgrFactory.java | 85 ---
.../org/openldap/sentry/J2eePolicyMgrImpl.java | 571 ------------------
.../java/impl/org/openldap/sentry/package.html | 27 -
.../openldap/sentry/tomcat/TcAccessMgrImpl.java | 152 -----
.../org/openldap/sentry/tomcat/TcPrincipal.java | 142 -----
.../sentry/websphere/WsAccessMgrImpl.java | 557 ------------------
src/main/java/overview.html | 44 --
.../sentry/tomcat/Tc7AccessMgrProxy.java | 324 -----------
.../org/openldap/sentry/tomcat/TcAccessMgr.java | 56 --
.../sentry/tomcat/TcAccessMgrProxy.java | 268 ---------
.../org/openldap/sentry/tomcat/package.html | 344 -----------
.../sentry/util/ChildFirstUrlClassLoader.java | 121 ----
.../proxy/org/openldap/sentry/util/CpUtil.java | 174 ------
.../proxy/org/openldap/sentry/util/package.html | 26 -
.../sentry/websphere/WsAccessMgrProxy.java | 450 ---------------
.../org/openldap/sentry/websphere/package.html | 359 ------------
46 files changed, 3659 insertions(+), 4225 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/LICENSE.txt
----------------------------------------------------------------------
diff --git a/LICENSE.txt b/LICENSE.txt
old mode 100644
new mode 100755
index 6295703..37a8cc9
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,47 +1,178 @@
-The OpenLDAP Public License
- Version 2.8, 17 August 2003
-
-Redistribution and use of this software and associated documentation
-("Software"), with or without modification, are permitted provided
-that the following conditions are met:
-
-1. Redistributions in source form must retain copyright statements
- and notices,
-
-2. Redistributions in binary form must reproduce applicable copyright
- statements and notices, this list of conditions, and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution, and
-
-3. Redistributions must contain a verbatim copy of this document.
-
-The OpenLDAP Foundation may revise this license from time to time.
-Each revision is distinguished by a version number. You may use
-this Software under terms of this license revision or under the
-terms of any subsequent revision of the license.
-
-THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
-CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
-OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
-The names of the authors and copyright holders must not be used in
-advertising or otherwise to promote the sale, use or other dealing
-in this Software without specific, written prior permission. Title
-to copyright in this Software shall at all times remain with copyright
-holders.
-
-OpenLDAP is a registered trademark of the OpenLDAP Foundation.
-
-Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
-California, USA. All Rights Reserved. Permission to copy and
-distribute verbatim copies of this document is granted.
\ No newline at end of file
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
index 5436283..8876de8 100755
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -1,16 +1,30 @@
-Fortress Identity Access Management SDK
-Copyright (c) 2009-2013 JoshuaTree Software, LLC
-
-This product distribution source code was developed by JoshuaTree Software (http://jts.us/).
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+Apache Directory Fortress Realm
The purpose of this NOTICE.txt file is to include notices that are required by the copyright owner and their license. Some of the accompanying products have an attribution requirement, so see below. Other accompanying products do not require attribution, so are not listed.
This product includes software developed by:
1. The Apache Software Foundation (http://www.apache.org/)
-2. UnBoundID Corp (http://www.unboundid.com/)
-3. The Eigenbase Project (http://www.eigenbase.org/)
-4. JUnit.org (http://www.junit.org/)
-5. The Java Community Process (http://www.jcp.org/)
-6. SLF4J (http://www.slf4j.org/)
-7. Terracotta (http://www.terracotta.org/TPL)
+2. The Eigenbase Project (http://www.eigenbase.org/)
+3. JUnit.org (http://www.junit.org/)
+4. The Java Community Process (http://www.jcp.org/)
+5. SLF4J (http://www.slf4j.org/)
+6. Terracotta (http://www.terracotta.org/TPL)
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/TOMCAT-SETUP-NOTES.txt
----------------------------------------------------------------------
diff --git a/TOMCAT-SETUP-NOTES.txt b/TOMCAT-SETUP-NOTES.txt
index 7f1b1d1..1d3a793 100644
--- a/TOMCAT-SETUP-NOTES.txt
+++ b/TOMCAT-SETUP-NOTES.txt
@@ -1,7 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
--------------------------------------------------------------
-JoshuaTree Fortress Java Sentry Setup Notes for Tomcat App Sever
-created: October 8, 2010
-last updated: February 18, 2012
+Apache Directory Fortress Realm Setup Notes for Tomcat App Sever
+last updated: October 31, 2014
--------------------------------------------------------------
###################################################################################
# Guidelines & Tips
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 0395d84..dc812b8 100644
--- a/build.properties
+++ b/build.properties
@@ -16,7 +16,7 @@
# Note: Directives that begin with '@' are substitution parms for Fortress' build.xml 'init-slapd' target.
#Use this property file to specify environment specific settings.
-version=1.0-RC39
+version=1.0-RC40
# Enable this property if computer does not have external connection to Internet:
#local.mode=true
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 009048b..58eb70e 100644
--- a/build.xml
+++ b/build.xml
@@ -1,19 +1,22 @@
<!--
- ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
- ~
- ~ Copyright 1998-2014 The OpenLDAP Foundation.
- ~ All rights reserved.
- ~
- ~ Redistribution and use in source and binary forms, with or without
- ~ modification, are permitted only as authorized by the OpenLDAP
- ~ Public License.
- ~
- ~ A copy of this license is available in the file LICENSE in the
- ~ top-level directory of the distribution or, alternatively, at
- ~ <http://www.OpenLDAP.org/license.html>.
- -->
-
-<project name="fortress-sentry" default="build" basedir="." xmlns:ivy="antlib:org.apache.ivy.ant"
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project name="fortress-realm" default="build" basedir="." xmlns:ivy="antlib:org.apache.ivy.ant"
xmlns:artifact="antlib:org.apache.maven.artifact.ant">
<target name="init">
@@ -27,20 +30,18 @@
<property name="user-propfile" value="${user.home}/build.properties"/>
<property file="${user-propfile}"/>
- <property name="project.name" value="Fortress Java Sentry"/>
+ <property name="project.name" value="Fortress Realm"/>
<property name="name" value="fortressSentry"/>
- <property name="title" value="Fortress Java Sentry ${version}"/>
- <property name="vendor" value="Joshua Tree Software"/>
- <property name="package" value="org.openldap.sentry.*"/>
+ <property name="title" value="Fortress Tomcat Realm ${version}"/>
+ <property name="vendor" value="Apache Software Foundation"/>
+ <property name="package" value="org.apache.directory.fortress.realm.*"/>
<property name="ivy.install.version" value="2.2.0"/>
<!-- Env vars -->
- <property name="src.dir" value="${basedir}/src"/>
<property name="lib.dir" value="${basedir}/lib"/>
<property name="config.dir" value="${basedir}/conf"/>
- <property name="src.java.dir" value="${src.dir}/main/java"/>
- <property name="src.java.proxy.dir" value="${src.java.dir}/proxy"/>
- <property name="src.java.impl.dir" value="${src.java.dir}/impl"/>
+ <property name="src.java.proxy.dir" value="${basedir}/proxy/src/main/java"/>
+ <property name="src.java.impl.dir" value="${basedir}/impl/src/main/java"/>
<property name="build.dir" value="${basedir}/build"/>
<property name="build.classes.dir" value="${build.dir}/classes"/>
<property name="build.classes.proxy.dir" value="${build.classes.dir}/proxy"/>
@@ -70,7 +71,7 @@
<property name="config.dir" value="${basedir}/conf"/>
<!-- Dependent LIBs in maven -->
- <property name="fortress.jar" value="${lib.dir}/fortress-${version}.jar"/>
+ <property name="fortress.jar" value="${lib.dir}/fortress-core-${version}.jar"/>
<property name="catalina7.jar" value="${lib.dir}/tomcat-catalina-7.0.22.jar"/>
<property name="catalina.jar" value="${lib.dir}/catalina-6.0.33.jar"/>
<property name="commons-config.jar" value="${lib.dir}/commons-configuration-1.6.jar"/>
@@ -127,9 +128,9 @@
<property name="javadoc.dir" value="${dist.dir}/docs/api"/>
<property name="javadoc.images.dir" value="${javadoc.dir}/images"/>
<property name="javadoc.bottom"
- value="<small>Copyright &copy; 1998-2014, The OpenLDAP Foundation. All Rights Reserved."/>
- <property name="javadoc.overview" value="${src.java.dir}/overview.html"/>
- <property name="javadoc.stylesheet" value="${src.java.dir}/fortress-javadoc.css"/>
+ value="<small>Copyright &copy; 2003-2014, The Apache Software Foundation. All Rights Reserved."/>
+ <property name="javadoc.overview" value="${src.java.proxy.dir}/overview.html"/>
+ <property name="javadoc.stylesheet" value="${src.java.proxy.dir}/fortress-javadoc.css"/>
<path id="javadoc.source.path">
<pathelement location="${src.java.proxy.dir}"/>
@@ -206,6 +207,7 @@
<delete dir="${dist.dir}"/>
</target>
+
<!-- ############### create javadoc ############################### -->
<target name="javadoc" depends="init" description="generates javadocs">
<mkdir dir="${javadoc.dir}"/>
@@ -239,8 +241,12 @@
debug="${javac.debug}"
deprecation="${javac.deprecation}"
destdir="${build.classes.proxy.dir}">
- <exclude name="org/openldap/sentry/tomcat/Tc7AccessMgrProxy.java"/>
- <exclude name="org/openldap/sentry/websphere/**"/>
+ <exclude name="org/apache/directory/fortress/realm/tomcat/Tc7AccessMgrProxy.java"/>
+ <exclude name="org/apache/directory/fortress/realm/websphere/**"/>
+ <!--
+ <exclude name="org/openldap/sentry/tomcat/Tc7AccessMgrProxy.java"/>
+ <exclude name="org/openldap/sentry/websphere/**"/>
+ -->
<classpath refid="build.proxy.class.path"/>
</javac>
</target>
@@ -250,8 +256,8 @@
debug="${javac.debug}"
deprecation="${javac.deprecation}"
destdir="${build.classes.proxy.dir}">
- <exclude name="org/openldap/sentry/tomcat/TcAccessMgrProxy.java"/>
- <exclude name="org/openldap/sentry/websphere/**"/>
+ <exclude name="org/apache/directory/fortress/realm/tomcat/TcAccessMgrProxy.java"/>
+ <exclude name="org/apache/directory/fortress/realm/websphere/**"/>
<classpath refid="build.proxy.tc7.class.path"/>
</javac>
</target>
@@ -262,7 +268,7 @@
debug="${javac.debug}"
deprecation="${javac.deprecation}"
destdir="${build.classes.impl.dir}">
- <exclude name="org/openldap/sentry/websphere/**"/>
+ <exclude name="org/apache/directory/fortress/realm/websphere/**"/>
<classpath refid="build.impl.class.path"/>
</javac>
</target>
@@ -271,12 +277,12 @@
<mkdir dir="${dist.dir}"/>
<fortressSentry.jar destfile="${fortressTomcatSentry.jar}">
<fileset dir="${build.classes.proxy.dir}">
- <include name="org/openldap/sentry/tomcat/**"/>
- <include name="org/openldap/sentry/util/**"/>
- <exclude name="org/openldap/sentry/tomcat/Tc7AccessMgrProxy.class"/>
+ <include name="org/apache/directory/fortress/realm/tomcat/**"/>
+ <include name="org/apache/directory/fortress/realm/util/**"/>
+ <exclude name="org/apache/directory/fortress/realm/tomcat/Tc7AccessMgrProxy.class"/>
</fileset>
<fileset dir="${build.classes.impl.dir}">
- <include name="org/openldap/sentry/tomcat/TcPrincipal.class"/>
+ <include name="org/apache/directory/fortress/realm/tomcat/TcPrincipal.class"/>
</fileset>
<metainf dir="${basedir}" includes="LICENSE.txt,NOTICE.txt"/>
</fortressSentry.jar>
@@ -286,12 +292,12 @@
<mkdir dir="${dist.dir}"/>
<fortressSentry.jar destfile="${fortressTomcat7Sentry.jar}">
<fileset dir="${build.classes.proxy.dir}">
- <include name="org/openldap/sentry/tomcat/**"/>
- <include name="org/openldap/sentry/util/**"/>
- <exclude name="org/openldap/sentry/tomcat/TcAccessMgrProxy.class"/>
+ <include name="org/apache/directory/fortress/realm/tomcat/**"/>
+ <include name="org/apache/directory/fortress/realm/util/**"/>
+ <exclude name="org/apache/directory/fortress/realm/tomcat/TcAccessMgrProxy.class"/>
</fileset>
<fileset dir="${build.classes.impl.dir}">
- <include name="org/openldap/sentry/tomcat/TcPrincipal.class"/>
+ <include name="org/apache/directory/fortress/realm/tomcat/TcPrincipal.class"/>
</fileset>
<metainf dir="${basedir}" includes="LICENSE.txt,NOTICE.txt"/>
</fortressSentry.jar>
@@ -351,7 +357,8 @@
<target name="dist" depends="build" description="Create source and binary distribution">
<zip destfile='${src.dist.zip}'>
- <zipfileset dir='${src.java.dir}'/>
+ <zipfileset dir='${src.java.proxy.dir}'/>
+ <zipfileset dir='${src.java.impl.dir}'/>
<zipfileset dir='${dist.dir}' prefix='META-INF'>
<include name="*.txt"/>
@@ -423,7 +430,12 @@
<zip destfile="${fortressSentryBuilder.zip}"
update="true">
- <zipfileset dir="${src.dir}" prefix="sentry-${version}/src">
+ <zipfileset dir="${src.java.proxy.dir}" prefix="sentry-${version}/src">
+ <include name="*/**"/>
+ <exclude name="*.iml"/>
+ </zipfileset>
+
+ <zipfileset dir="${src.java.impl.dir}" prefix="sentry-${version}/src">
<include name="*/**"/>
<exclude name="*.iml"/>
</zipfileset>
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/conf/fortress.properties
----------------------------------------------------------------------
diff --git a/conf/fortress.properties b/conf/fortress.properties
new file mode 100644
index 0000000..11074c0
--- /dev/null
+++ b/conf/fortress.properties
@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2009-2013. Joshua Tree Software, LLC. All Rights Reserved.
+#
+
+# Host name and port of LDAP DIT:
+host=localhost
+port=389
+
+# These credentials are used for read/write access to all nodes under suffix:
+admin.user=cn=Manager,dc=openldap,dc=org
+# LDAP admin root pass is encrypted using 'encrypt' target in build.xml:
+admin.pw=secret
+
+# This is min/max connection pool settings for User's who access their accounts in ou=People:
+min.admin.conn=1
+max.admin.conn=10
+
+# Used for SSL Connection to LDAP Server:
+enable.ldap.ssl=${enable.ldap.ssl}
+enable.ldap.ssl.debug=${enable.ldap.ssl.debug}
+trust.store=${trust.store}
+trust.store.password=${trust.store.password}
+trust.store.set.prop=${trust.store.set.prop}
+
+# This node contains fortress properties stored on behalf of connecting LDAP clients (in this case specific to Tomcat Realm connectivity):
+config.realm=TOMCAT
+config.root=ou=Config,dc=openldap,dc=org
+
+# enable this to see trace statements when connection pool allocates new connections:
+debug.ldap.pool=true
+
+# Default for pool reconnect flag is false:
+enable.pool.reconnect=true
+
+crypto.prop=${crypto.prop}
+
+ehcache.config.file=ehcache.xml
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/getIvy.xml
----------------------------------------------------------------------
diff --git a/getIvy.xml b/getIvy.xml
index d5d240b..ef1052f 100644
--- a/getIvy.xml
+++ b/getIvy.xml
@@ -1,18 +1,20 @@
<!--
- Copyright (C) 2009-2013, JoshuaTree. All Rights Reserved.
- Licensed to Joshua Tree Software, LLC under New BSD license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- JTS licenses this file to You under the New BSD License
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
- https://joshuatreesoftware.us/
+ http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
-->
<project name="fortress-sentry" default="download" basedir="." >
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/pom.xml
----------------------------------------------------------------------
diff --git a/impl/pom.xml b/impl/pom.xml
new file mode 100644
index 0000000..8ee93df
--- /dev/null
+++ b/impl/pom.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory</groupId>
+ <artifactId>fortress-realm</artifactId>
+ <version>1.0-RC40</version>
+ </parent>
+
+ <artifactId>fortress-realm-impl</artifactId>
+ <name>Apache Fortress Realm Implementation</name>
+ <packaging>jar</packaging>
+ <description>
+ Implementation classes for the Fortress Realm Component.
+ </description>
+
+ <properties>
+ <fortress-core.version>1.0-RC40</fortress-core.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.directory.junit</groupId>
+ <artifactId>junit-addons</artifactId>
+ <scope>test</scope>
+ <version>0.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>fortress-realm-proxy</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>fortress-core</artifactId>
+ <version>${fortress-core.version}</version>
+ </dependency>
+
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>3.1</version>
+ <configuration>
+ <source>1.7</source>
+ <target>1.7</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.5</version>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java
new file mode 100644
index 0000000..ee79046
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.realm;
+
+import java.util.List;
+import java.security.Principal;
+
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.directory.fortress.realm.tomcat.TcPrincipal;
+
+/**
+ * This interface is for components that use Websphere and Tomcat Container SPI's to provide
+ * Java EE Security capabilities. These APIs may be called by external programs as needed though the recommended
+ * practice is to use Fortress Core APIs like {@link org.apache.directory.fortress.core.AccessMgr} and {@link org.apache.directory.fortress.core.ReviewMgr}.
+ *
+ * @author Shawn McKinney
+ */
+public interface J2eePolicyMgr
+{
+ /**
+ * Perform user authentication and evaluate password policies.
+ *
+ * @param userId Contains the userid of the user signing on.
+ * @param password Contains the user's password.
+ * @return boolean true if succeeds, false otherwise.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ public boolean authenticate(String userId, char[] password)
+ throws SecurityException;
+
+
+ /**
+ * Perform user authentication {@link User#password} and role activations.<br />
+ * This method must be called once per user prior to calling other methods within this class.
+ * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link User#roles} and Admin role {@link User#adminRoles}.<br />
+ * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.rbac.User#pwPolicy}..<br />
+ * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+ * <h4> This API will...</h4>
+ * <ul>
+ * <li> authenticate user password if trusted == false.
+ * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">password policy evaluation</a>.
+ * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()}, regardless of trusted flag being set as parm on API.
+ * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link org.apache.directory.fortress.core.rbac.UserAdminRole} entities.
+ * <li> process selective role activations into User RBAC Session {@link User#roles}.
+ * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.rbac.User#roles}.
+ * <li> process selective administrative role activations {@link User#adminRoles}.
+ * <li> return a {@link org.apache.directory.fortress.core.rbac.Session} containing {@link org.apache.directory.fortress.core.rbac.Session#getUser()}, {@link org.apache.directory.fortress.core.rbac.Session#getRoles()} and {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()} if everything checks out good.
+ * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+ * <li> throw a {@link SecurityException} for system failures.
+ * <li> throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+ * <li> throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+ * <li> throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+ * </ul>
+ * <h4>
+ * The function is valid if and only if:
+ * </h4>
+ * <ul>
+ * <li> the user is a member of the USERS data set
+ * <li> the password is supplied (unless trusted).
+ * <li> the (optional) active role set is a subset of the roles authorized for that user.
+ * </ul>
+ * <h4>
+ * The following attributes may be set when calling this method
+ * </h4>
+ * <ul>
+ * <li> {@link User#userId} - required
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#password}
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session. Default is all authorized RBAC roles will be activated into this Session.
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
+ * <li> {@link User#props} collection of name value pairs collected on behalf of User during signon. For example hostname:myservername or ip:192.168.1.99
+ * </ul>
+ * <h4>
+ * Notes:
+ * </h4>
+ * <ul>
+ * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+ * <li> role activations will proceed in same order as supplied to User entity setter, see {@link User#setRole(String)}.
+ * </ul>
+ * </p>
+ *
+ * @param userId maps to {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * @param password maps to {@link org.apache.directory.fortress.core.rbac.User#password}.
+ * @return TcPrincipal which contains the User's RBAC Session data formatted into a java.security.Principal that is used by Tomcat runtime.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ public TcPrincipal createSession(String userId, char[] password)
+ throws SecurityException;
+
+
+ /**
+ * Perform user authentication {@link User#password} and role activations.<br />
+ * This method must be called once per user prior to calling other methods within this class.
+ * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link User#roles} and Admin role {@link User#adminRoles}.<br />
+ * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.rbac.User#pwPolicy}..<br />
+ * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+ * <h4> This API will...</h4>
+ * <ul>
+ * <li> authenticate user password if trusted == false.
+ * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">password policy evaluation</a>.
+ * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()}, regardless of trusted flag being set as parm on API.
+ * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link org.apache.directory.fortress.core.rbac.UserAdminRole} entities.
+ * <li> process selective role activations into User RBAC Session {@link User#roles}.
+ * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.rbac.User#roles}.
+ * <li> process selective administrative role activations {@link User#adminRoles}.
+ * <li> return a {@link org.apache.directory.fortress.core.rbac.Session} containing {@link org.apache.directory.fortress.core.rbac.Session#getUser()}, {@link org.apache.directory.fortress.core.rbac.Session#getRoles()} and {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()} if everything checks out good.
+ * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+ * <li> throw a {@link SecurityException} for system failures.
+ * <li> throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+ * <li> throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+ * <li> throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+ * </ul>
+ * <h4>
+ * The function is valid if and only if:
+ * </h4>
+ * <ul>
+ * <li> the user is a member of the USERS data set
+ * <li> the password is supplied (unless trusted).
+ * <li> the (optional) active role set is a subset of the roles authorized for that user.
+ * </ul>
+ * <h4>
+ * The following attributes may be set when calling this method
+ * </h4>
+ * <ul>
+ * <li> {@link User#userId} - required
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#password}
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session. Default is all authorized RBAC roles will be activated into this Session.
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
+ * <li> {@link User#props} collection of name value pairs collected on behalf of User during signon. For example hostname:myservername or ip:192.168.1.99
+ * </ul>
+ * <h4>
+ * Notes:
+ * </h4>
+ * <ul>
+ * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+ * <li> role activations will proceed in same order as supplied to User entity setter, see {@link User#setRole(String)}.
+ * </ul>
+ * </p>
+ *
+ * @param userId maps to {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * @param password maps to {@link org.apache.directory.fortress.core.rbac.User#password}.
+ * @param roles constains list of role names to activate.
+ * @return TcPrincipal which contains the User's RBAC Session data formatted into a java.security.Principal that is used by Tomcat runtime.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ public TcPrincipal createSession(String userId, char[] password, List<String> roles)
+ throws SecurityException;
+
+
+ /**
+ * Perform user authentication {@link User#password} and role activations.<br />
+ * This method must be called once per user prior to calling other methods within this class.
+ * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link User#roles} and Admin role {@link User#adminRoles}.<br />
+ * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.rbac.User#pwPolicy}..<br />
+ * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+ * <h4> This API will...</h4>
+ * <ul>
+ * <li> authenticate user password if trusted == false.
+ * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">password policy evaluation</a>.
+ * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()}, regardless of trusted flag being set as parm on API.
+ * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link org.apache.directory.fortress.core.rbac.UserAdminRole} entities.
+ * <li> process selective role activations into User RBAC Session {@link User#roles}.
+ * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.rbac.User#roles}.
+ * <li> process selective administrative role activations {@link User#adminRoles}.
+ * <li> return a {@link org.apache.directory.fortress.core.rbac.Session} containing {@link org.apache.directory.fortress.core.rbac.Session#getUser()}, {@link org.apache.directory.fortress.core.rbac.Session#getRoles()} and {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()} if everything checks out good.
+ * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+ * <li> throw a {@link SecurityException} for system failures.
+ * <li> throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+ * <li> throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+ * <li> throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+ * </ul>
+ * <h4>
+ * The function is valid if and only if:
+ * </h4>
+ * <ul>
+ * <li> the user is a member of the USERS data set
+ * <li> the password is supplied (unless trusted).
+ * <li> the (optional) active role set is a subset of the roles authorized for that user.
+ * </ul>
+ * <h4>
+ * The following attributes may be set when calling this method
+ * </h4>
+ * <ul>
+ * <li> {@link User#userId} - required
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#password}
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session. Default is all authorized RBAC roles will be activated into this Session.
+ * <li> {@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
+ * <li> {@link User#props} collection of name value pairs collected on behalf of User during signon. For example hostname:myservername or ip:192.168.1.99
+ * </ul>
+ * <h4>
+ * Notes:
+ * </h4>
+ * <ul>
+ * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+ * <li> role activations will proceed in same order as supplied to User entity setter, see {@link User#setRole(String)}.
+ * </ul>
+ * </p>
+ *
+ * @param user Contains {@link User#userId}, {@link org.apache.directory.fortress.core.rbac.User#password} (optional if {@code isTrusted} is 'true'), optional {@link User#roles}, optional {@link org.apache.directory.fortress.core.rbac.User#adminRoles}
+ * @param isTrusted if true password is not required.
+ * @return Session object will contain authentication result code {@link org.apache.directory.fortress.core.rbac.Session#errorId}, RBAC role activations {@link org.apache.directory.fortress.core.rbac.Session#getRoles()}, Admin Role activations {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()},OpenLDAP pw policy codes {@link org.apache.directory.fortress.core.rbac.Session#warningId}, {@link org.apache.directory.fortress.core.rbac.Session#expirationSeconds}, {@link org.apache.directory.fortress.core.rbac.Session#graceLogins} and more.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ public Session createSession(User user, boolean isTrusted)
+ throws SecurityException;
+
+
+ /**
+ * Determine if given Role is contained within User's Tomcat Principal object. This method does not need to hit
+ * the ldap server as the User's activated Roles are loaded into {@link org.apache.directory.fortress.realm.tomcat.TcPrincipal#setContext(java.util.HashMap)}
+ *
+ * @param principal Contains User's Tomcat RBAC Session data that includes activated Roles.
+ * @param roleName Maps to {@link org.apache.directory.fortress.core.rbac.Role#name}.
+ * @return True if Role is found in TcPrincipal, false otherwise.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * data validation failure or system error..
+ */
+ public boolean hasRole(Principal principal, String roleName)
+ throws SecurityException;
+
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ *
+ * @param roleName maps to {@link Role#name}, to be read.
+ * @return Role entity that corresponds with role name.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * will be thrown if role not found or system error occurs.
+ */
+ public Role readRole(String roleName)
+ throws SecurityException;
+
+
+ /**
+ * Search for Roles assigned to given User.
+ *
+ * @param userId Maps to {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * @param limit controls the size of ldap result set returned.
+ * @return List of type String containing the {@link org.apache.directory.fortress.core.rbac.Role#name} of all assigned Roles.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure or DAO error.
+ */
+ public List<String> searchRoles(String userId, int limit)
+ throws SecurityException;
+
+
+ /**
+ * Method returns matching User entity that is contained within the people container in the directory.
+ *
+ * @param userId maps to {@link User#userId} that matches record in the directory. userId is globally unique in
+ * people container.
+ * @return entity containing matching user data.
+ * @throws SecurityException if record not found or system error occurs.
+ */
+ public User readUser(String userId)
+ throws SecurityException;
+
+
+ /**
+ * Return a list of type String of all users in the people container that match the userId field passed in User entity.
+ * This method is used by the Websphere sentry component. The max number of returned users may be set by the integer limit arg.
+ *
+ * @param userId contains all or some leading chars that correspond to users stored in the directory.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing matching userIds.
+ * @throws SecurityException in the event of system error.
+ */
+ public List<String> searchUsers(String userId, int limit)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of users assigned to a given role. The function is valid if and
+ * only if the role is a member of the ROLES data set.
+ * The max number of users returned is constrained by limit argument.
+ * This method is used by the Websphere sentry component. This method does NOT use hierarchical rbac.
+ *
+ * @param roleName maps to {@link Role#name} of Role entity assigned to user.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing userIds assigned to a particular role.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation or system error.
+ */
+ public List<String> assignedUsers(String roleName, int limit)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of roles authorized for a given user. The function is valid if
+ * and only if the user is a member of the USERS data set.
+ *
+ * @param userId maps to {@link User#userId} matching User entity stored in the directory.
+ * @return Set of type String containing the roles assigned and roles inherited.
+ * @throws SecurityException If user not found or system error occurs.
+ */
+ public List<String> authorizedRoles(String userId)
+ throws SecurityException;
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java
new file mode 100644
index 0000000..03801fc
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.realm;
+
+import org.apache.directory.fortress.core.cfg.Config;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+
+/**
+ * Creates an instance of the J2eePolicyMgr object.
+ * <p/>
+ * The default implementation class is specified as {@link #J2EE_POLICYMGR_DEFAULT_CLASS} but can be overridden by
+ * adding the {@link #J2EE_POLICYMGR_IMPLEMENTATION} config property.
+ * <p/>
+ *
+ * @author Shawn McKinney
+ */
+public class J2eePolicyMgrFactory
+{
+ /**
+ * When this optional tag, {@code realmImplementation}, is placed in Fortress properties, its class name will be the default {@code org.apache.directory.fortress.core.security.RealmMgr} instance used.
+ */
+ private static final String J2EE_POLICYMGR_IMPLEMENTATION = "realmImplementation";
+ private static final String J2EE_POLICYMGR_DEFAULT_CLASS = J2eePolicyMgrImpl.class.getName();
+ private static final String CLS_NM = J2eePolicyMgrFactory.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+ private static String j2eeClassName = Config.getProperty(J2EE_POLICYMGR_IMPLEMENTATION);
+
+ /**
+ * Create and return a reference to {@link J2eePolicyMgr} object.
+ *
+ * @return instance of {@link J2eePolicyMgr}.
+ * @throws org.apache.directory.fortress.core.SecurityException in the event of failure during instantiation.
+ */
+ public static J2eePolicyMgr createInstance()
+ throws SecurityException
+ {
+ J2eePolicyMgr realmMgr;
+ try
+ {
+ if (j2eeClassName == null || j2eeClassName.compareTo("") == 0)
+ {
+ j2eeClassName = J2EE_POLICYMGR_DEFAULT_CLASS;
+ if (log.isEnabledFor(Level.DEBUG))
+ {
+ log.debug(CLS_NM + ".createInstance <" + J2EE_POLICYMGR_IMPLEMENTATION + "> not found.");
+ log.debug(CLS_NM + ".createInstance use default <" + J2EE_POLICYMGR_DEFAULT_CLASS + ">");
+ }
+ }
+ realmMgr = (J2eePolicyMgr) Class.forName(j2eeClassName).newInstance();
+ }
+ catch (java.lang.ClassNotFoundException e)
+ {
+ String error = CLS_NM + ".createInstance caught java.lang.ClassNotFoundException=" + e;
+ throw new SecurityException(GlobalErrIds.FT_MGR_CLASS_NOT_FOUND, error, e);
+ }
+ catch (java.lang.InstantiationException e)
+ {
+ String error = CLS_NM + ".createInstance caught java.lang.InstantiationException=" + e;
+ throw new SecurityException(GlobalErrIds.FT_MGR_INST_EXCEPTION, error, e);
+ }
+ catch (java.lang.IllegalAccessException e)
+ {
+ String error = CLS_NM + ".createInstance caught java.lang.IllegalAccessException=" + e;
+ log.fatal(error);
+ throw new SecurityException(GlobalErrIds.FT_MGR_ILLEGAL_ACCESS, error, e);
+ }
+ return realmMgr;
+ }
+}
\ No newline at end of file