You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/11/11 21:38:43 UTC
[04/11] directory-fortress-enmasse git commit: change package
structure and names, pom improvements, license
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/openldap/enmasse/FortressServiceImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/enmasse/FortressServiceImpl.java b/src/main/java/org/openldap/enmasse/FortressServiceImpl.java
deleted file mode 100644
index 21c47f9..0000000
--- a/src/main/java/org/openldap/enmasse/FortressServiceImpl.java
+++ /dev/null
@@ -1,4370 +0,0 @@
-/*
- * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2014 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-package org.openldap.enmasse;
-
-import javax.annotation.security.RolesAllowed;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-
-import org.openldap.fortress.rest.FortRequest;
-import org.openldap.fortress.rest.FortResponse;
-import org.openldap.fortress.rest.HttpIds;
-import org.springframework.stereotype.Service;
-
-/**
- * Implementation for EnMasse Service methods forwards to delegate. This class is thread safe.
- *
- * @author Shawn McKinney
- */
-@Service("fortressService")
-public class FortressServiceImpl implements FortressService
-{
- // Instantiate the implementation classes where the actual work is done:
- private final ReviewMgrImpl reviewMgrImpl = new ReviewMgrImpl();
- private final AdminMgrImpl adminMgrImpl = new AdminMgrImpl();
- private final PswdPolicyMgrImpl pswdPolicyMgrImpl = new PswdPolicyMgrImpl();
- private final DelegatedAccessMgrImpl delegatedAccessMgrImpl = new DelegatedAccessMgrImpl();
- private final DelegatedReviewMgrImpl delegatedReviewMgrImpl = new DelegatedReviewMgrImpl();
- private final DelegatedAdminMgrImpl delegatedAdminMgrImpl = new DelegatedAdminMgrImpl();
- private final AccessMgrImpl accessMgrImpl = new AccessMgrImpl();
- private final AuditMgrImpl auditMgrImpl = new AuditMgrImpl();
- private final ConfigMgrImpl configMgrImpl = new ConfigMgrImpl();
-
- // These are the allowed roles for the EnMasse services:
- private static final String ENMASSE_SUPER_USER = "EnmasseSuperUser";
- private static final String ACCESS_MGR_USER = "AccessMgrUser";
- private static final String ADMIN_MGR_USER = "AdminMgrUser";
- private static final String REVIEW_MGR_USER = "ReviewMgrUser";
- private static final String DELEGATED_ACCESS_MGR_USER = "DelegatedAccessMgrUser";
- private static final String DELEGATED_ADMIN_MGR_USER = "DelegatedAdminMgrUser";
- private static final String DELEGATED_REVIEW_MGR_USER = "DelegatedReviewMgrUser";
- private static final String PASSWORD_MGR_USER = "PasswordMgrUser";
- private static final String AUDIT_MGR_USER = "AuditMgrUser";
- private static final String CONFIG_MGR_USER = "ConfigMgrUser";
-
- /**
- * ************************************************************************************************************************************
- * BEGIN ADMINMGR
- * **************************************************************************************************************************************
- */
-
- /**
- * This command creates a new RBAC user. The command is valid only if the new user is
- * not already a member of the USERS data set. The USER data set is updated. The new user
- * does not own any session at the time of its creation.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>{@link org.openldap.fortress.rbac.User#password} - used to authenticate the User</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains the name of an already existing User OU node</li>
- * </ul>
- * <h5>User optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
- * <li>{@link org.openldap.fortress.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#description} - maps to INetOrgPerson description attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
- * <li>{@link org.openldap.fortress.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
- * <li>{@link org.openldap.fortress.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
- * <li>{@link org.openldap.fortress.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addUser(FortRequest request)
- {
- return adminMgrImpl.addUser(request);
- }
-
- /**
- * This command deletes an existing user from the RBAC database. The command is valid
- * if and only if the user to be deleted is a member of the USERS data set. The USERS and
- * UA data sets and the assigned_users function are updated.
- * This method performs a "hard" delete. It completely removes all data associated with this user from the directory.
- * User entity must exist in directory prior to making this call else exception will be thrown.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteUser(FortRequest request)
- {
- return adminMgrImpl.deleteUser(request);
- }
-
- /**
- * This command deletes an existing user from the RBAC database. The command is valid
- * if and only if the user to be deleted is a member of the USERS data set. The USERS and
- * UA data sets and the assigned_users function are updated.
- * Method performs a "soft" delete. It performs the following:
- * - sets the user status to "deleted"
- * - deassigns all roles from the user
- * - locks the user's password in LDAP
- * - revokes all perms that have been granted to user entity.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_DISABLE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse disableUser(FortRequest request)
- {
- return adminMgrImpl.disableUser(request);
- }
-
- /**
- * This method performs an update on User entity in directory. Prior to making this call the entity must exist in
- * directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * <h5>User optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#password} - used to authenticate the User</li>
- * <li>{@link org.openldap.fortress.rbac.User#ou} - contains the name of an already existing User OU node</li>
- * <li>{@link org.openldap.fortress.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
- * <li>{@link org.openldap.fortress.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#description} - maps to INetOrgPerson description attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
- * <li>{@link org.openldap.fortress.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
- * <li>{@link org.openldap.fortress.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
- * <li>{@link org.openldap.fortress.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
- * <li>{@link org.openldap.fortress.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
- * <li>{@link org.openldap.fortress.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateUser(FortRequest request)
- {
- return adminMgrImpl.updateUser(request);
- }
-
- /**
- * Method will change user's password. This method will evaluate user's password policies.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>{@link org.openldap.fortress.rbac.User#password} - contains the User's old password</li>
- * <li>newPassword - contains the User's new password</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_CHGPW + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse changePassword(FortRequest request)
- {
- return adminMgrImpl.changePassword(request);
- }
-
- /**
- * Method will lock user's password which will prevent the user from authenticating with directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_LOCK + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse lockUserAccount(FortRequest request)
- {
- return adminMgrImpl.lockUserAccount(request);
- }
-
- /**
- * Method will unlock user's password which will enable user to authenticate with directory.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_UNLOCK + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse unlockUserAccount(FortRequest request)
- {
- return adminMgrImpl.unlockUserAccount(request);
- }
-
- /**
- * Method will reset user's password which will require user to change password before successful authentication with directory.
- * This method will not evaluate password policies on the new user password as it must be changed before use.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} object</li>
- * <h5>User required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - maps to INetOrgPerson uid</li>
- * <li>newPassword - contains the User's new password</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_RESET + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse resetPassword(FortRequest request)
- {
- return adminMgrImpl.resetPassword(request);
- }
-
- /**
- * This command creates a new role. The command is valid if and only if the new role is not
- * already a member of the ROLES data set. The ROLES data set is updated.
- * Initially, no user or permission is assigned to the new role.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be created.</li>
- * </ul>
- * </ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addRole(FortRequest request)
- {
- return adminMgrImpl.addRole(request);
- }
-
- /**
- * This command deletes an existing role from the RBAC database. The command is valid
- * if and only if the role to be deleted is a member of the ROLES data set. This command will
- * also deassign role from all users.
- * <p/>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
- * </ul>
- * <ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteRole(FortRequest request)
- {
- return adminMgrImpl.deleteRole(request);
- }
-
- /**
- * Method will update a Role entity in the directory. The role must exist in role container prior to this call. *
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} object</li>
- * <h4>Role required parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
- * </ul>
- * <h4>Role optional parameters</h4>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateRole(FortRequest request)
- {
- return adminMgrImpl.updateRole(request);
- }
-
- /**
- * This command assigns a user to a role.
- * <p>
- * <ul>
- * <li> The command is valid if and only if:
- * <li> The user is a member of the USERS data set
- * <li> The role is a member of the ROLES data set
- * <li> The user is not already assigned to the role
- * <li> The SSD constraints are satisfied after assignment.
- * </ul>
- * </p>
- * <p>
- * Successful completion of this op, the following occurs:
- * </p>
- * <ul>
- * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
- * <li> Role entity (resides in role container) has userId added as role occupant.
- * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
- * <ul>
- * <li> timeout - number in seconds of session inactivity time allowed.
- * <li> beginDate - YYYYMMDD - determines date when role may be activated.
- * <li> endDate - YYMMDD - indicates latest date role may be activated.
- * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
- * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
- * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
- * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
- * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
- * </ul>
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.UserRole} object</li>
- * <h5>UserRole required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>UserRole optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ASGN + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse assignUser(FortRequest request)
- {
- return adminMgrImpl.assignUser(request);
- }
-
- /**
- * This command deletes the assignment of the User from the Role entities. The command is
- * valid if and only if the user is a member of the USERS data set, the role is a member of
- * the ROLES data set, and the user is assigned to the role.
- * Any sessions that currently have this role activated will not be effected.
- * Successful completion includes:
- * User entity in USER data set has role assignment removed.
- * Role entity in ROLE data set has userId removed as role occupant.
- * (optional) Temporal constraints will be removed from user aux object if set prior to call.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.UserRole} object</li>
- * <h5>UserRole required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
- * <li>{@link org.openldap.fortress.rbac.UserRole#userId} - contains the userId for existing User</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DEASGN + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deassignUser(FortRequest request)
- {
- return adminMgrImpl.deassignUser(request);
- }
-
- /**
- * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
- * The perm operation entity may have {@link org.openldap.fortress.rbac.Role} or {@link org.openldap.fortress.rbac.User} associations. The target {@link org.openldap.fortress.rbac.Permission} must not exist prior to calling.
- * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission add</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being added</li>
- * </ul>
- * <h5>Permission optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#type} - any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.PERM_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addPermission(FortRequest request)
- {
- return adminMgrImpl.addPermission(request);
- }
-
- /**
- * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
- * The perm operation entity may also contain {@link org.openldap.fortress.rbac.Role} or {@link org.openldap.fortress.rbac.User} associations to add or remove using this function.
- * The perm operation must exist before making this call. Only non-null attributes will be updated.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission update</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
- * </ul>
- * <h5>Permission optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#type} - any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.PERM_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updatePermission(FortRequest request)
- {
- return adminMgrImpl.updatePermission(request);
- }
-
- /**
- * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
- * The perm operation must exist before making this call.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} object</li>
- * <h5>Permission required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission removal</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.PERM_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deletePermission(FortRequest request)
- {
- return adminMgrImpl.deletePermission(request);
- }
-
- /**
- * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
- * A {@link org.openldap.fortress.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being added</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
- * </ul>
- * <h5>PermObj optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#description} - any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#type} - contains any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.OBJ_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addPermObj(FortRequest request)
- {
- return adminMgrImpl.addPermObj(request);
- }
-
- /**
- * This method will update permission object in perms container in directory. The perm object must exist before making this call.
- * A {@link org.openldap.fortress.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.openldap.fortress.rbac.PermObj}*->{@link org.openldap.fortress.rbac.Permission}).
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being updated</li>
- * </ul>
- * <h5>PermObj optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#description} - any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#type} - contains any safe text</li>
- * <li>{@link org.openldap.fortress.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.OBJ_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updatePermObj(FortRequest request)
- {
- return adminMgrImpl.updatePermObj(request);
- }
-
- /**
- * This method will remove permission object to perms container in directory. This method will also remove
- * in associated permission objects that are attached to this object.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>PermObj required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of new object being removed</li>
- * </ul>
- * </ul>
- * <h5>optional parameters</h5>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.OBJ_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deletePermObj(FortRequest request)
- {
- return adminMgrImpl.deletePermObj(request);
- }
-
- /**
- * This command grants a role the permission to perform an operation on an object to a role.
- * The command is implemented by granting permission by setting the access control list of
- * the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * and the role is a member of the ROLES data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#roleNm} - contains the role name</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_GRANT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse grant(FortRequest request)
- {
- return adminMgrImpl.grant(request, this);
- }
-
- /**
- * This command revokes the permission to perform an operation on an object from the set
- * of permissions assigned to a role. The command is implemented by setting the access control
- * list of the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * the role is a member of the ROLES data set, and the permission is assigned to that role.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#roleNm} - contains the role name</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_REVOKE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse revoke(FortRequest request)
- {
- return adminMgrImpl.revoke(request, this);
- }
-
- /**
- * This command grants a user the permission to perform an operation on an object to a role.
- * The command is implemented by granting permission by setting the access control list of
- * the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * and the user is a member of the USERS data set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_GRANT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse grantUser(FortRequest request)
- {
- return adminMgrImpl.grantUser(request, this);
- }
-
- /**
- * This command revokes the permission to perform an operation on an object from the set
- * of permissions assigned to a user. The command is implemented by setting the access control
- * list of the object involved.
- * The command is valid if and only if the pair (operation, object) represents a permission,
- * the user is a member of the USERS data set, and the permission is assigned to that user.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermGrant} entity</li>
- * <h5>PermGrant required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objName} - contains the object name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#opName} - contains the operation name</li>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#userId} - contains the userId for existing User</li>
- * </ul>
- * <h5>PermGrant optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermGrant#objId} - contains the object id</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.USER_REVOKE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse revokeUser(FortRequest request)
- {
- return adminMgrImpl.revokeUser(request, this);
- }
-
- /**
- * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
- * the existing role parentRole.
- * <p>
- * The command is valid if and only if:
- * <ul>
- * <li> The childRole is not a member of the ROLES data set.
- * <li> The parentRole is a member of the ROLES data set.
- * </ul>
- * </p>
- * <p> This method:
- * <ul>
- * <li> Adds new role.
- * <li> Assigns role relationship between new childRole and pre-existing parentRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
- * </ul>
- * <h5>optional parameters {@link org.openldap.fortress.rbac.RoleRelationship#child}</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DESC + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addDescendant(FortRequest request)
- {
- return adminMgrImpl.addDescendant(request);
- }
-
- /**
- * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
- * the existing role childRole.
- * <p>
- * The command is valid if and only if:
- * <ul>
- * <li> The parentRole is not a member of the ROLES data set.
- * <li> The childRole is a member of the ROLES data set.
- * </ul>
- * </p>
- * <p> This method:
- * <ul>
- * <li> Adds new role.
- * <li> Assigns role relationship between new parentRole and pre-existing childRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>childRole - {@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
- * <li>parentRole - {@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
- * </ul>
- * <h5>optional parameters {@link org.openldap.fortress.rbac.RoleRelationship#parent}</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ASC + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addAscendant(FortRequest request)
- {
- return adminMgrImpl.addAscendant(request);
- }
-
- /**
- * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
- * roles parentRole, childRole.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The parentRole and childRole are members of the ROLES data set.
- * <li> The parentRole is not an immediate ascendant of childRole.
- * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_ADDINHERIT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addInheritance(FortRequest request)
- {
- return adminMgrImpl.addInheritance(request);
- }
-
- /**
- * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The roles parentRole and childRole are members of the ROLES data set.
- * <li> The parentRole is an immediate ascendant of childRole.
- * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
- * relation resulted after deleting the relationship parentRole <<-- childRole.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.RoleRelationship} entity</li>
- * <h5>RoleRelationship required parameters</h5>
- * <ul>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
- * <li>{@code org.openldap.fortress.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}
- */
- @POST
- @Path("/" + HttpIds.ROLE_DELINHERIT + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteInheritance(FortRequest request)
- {
- return adminMgrImpl.deleteInheritance(request);
- }
-
- /**
- * This command creates a named SSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the SSD set is not already in use.
- * <li> All the roles in the SSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- * <li> The SSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse createSsdSet(FortRequest request)
- {
- return adminMgrImpl.createSsdSet(request);
- }
-
- /**
- * This command updates existing SSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the SSD set exists in directory.
- * <li> All the roles in the SSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- * <li> The SSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateSsdSet(FortRequest request)
- {
- return adminMgrImpl.updateSsdSet(request);
- }
-
-
- /**
- * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
- * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_ADD_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addSsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.addSsdRoleMember(request);
- }
-
- /**
- * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The role to be removed is a member of the SSD role set.
- * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
- * </ul>
- * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_DEL_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteSsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.deleteSsdRoleMember(request);
- }
-
- /**
- * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteSsdSet(FortRequest request)
- {
- return adminMgrImpl.deleteSsdSet(request);
- }
-
- /**
- * This command sets the cardinality associated with a given SSD role set.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The SSD role set exists.
- * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
- * <li> The SSD constraint is satisfied after setting the new cardinality.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.SSD_CARD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse setSsdSetCardinality(FortRequest request)
- {
- return adminMgrImpl.setSsdSetCardinality(request);
- }
-
- /**
- * This command creates a named DSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the DSD set is not already in use.
- * <li> All the roles in the DSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
- * <li> The DSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_ADD + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse createDsdSet(FortRequest request)
- {
- return adminMgrImpl.createDsdSet(request);
- }
-
- /**
- * This command updates existing DSD set of roles and sets the cardinality n of its subsets
- * that cannot have common users.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li>The name of the DSD set exists in directory.
- * <li> All the roles in the DSD set are members of the ROLES data set.
- * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
- * <li> The DSD constraint for the new role set is satisfied.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
- * </ul>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#description} - contains any safe text</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse updateDsdSet(FortRequest request)
- {
- return adminMgrImpl.updateDsdSet(request);
- }
-
- /**
- * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
- * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_ADD_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse addDsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.addDsdRoleMember(request);
- }
-
- /**
- * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The role to be removed is a member of the DSD role set.
- * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
- * </ul>
- * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_DEL_MEMBER + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteDsdRoleMember(FortRequest request)
- {
- return adminMgrImpl.deleteDsdRoleMember(request);
- }
-
- /**
- * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_DELETE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse deleteDsdSet(FortRequest request)
- {
- return adminMgrImpl.deleteDsdSet(request);
- }
-
- /**
- * This command sets the cardinality associated with a given DSD role set.
- * <p/>
- * The command is valid if and only if:
- * <ul>
- * <li> The DSD role set exists.
- * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
- * <li> The DSD constraint is satisfied after setting the new cardinality.
- * </ul>
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.SDSet} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.SDSet} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
- * <li>{@link org.openldap.fortress.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.SDSet}
- */
- @POST
- @Path("/" + HttpIds.DSD_CARD_UPDATE + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, ADMIN_MGR_USER})
- @Override
- public FortResponse setDsdSetCardinality(FortRequest request)
- {
- return adminMgrImpl.setDsdSetCardinality(request);
- }
-
- /**
- * ************************************************************************************************************************************
- * BEGIN REVIEWMGR
- * **************************************************************************************************************************************
- */
-
- /**
- * This method returns a matching permission entity to caller.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains the name of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.Permission}
- */
- @POST
- @Path("/" + HttpIds.PERM_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readPermission(FortRequest request)
- {
- return reviewMgrImpl.readPermission(request);
- }
-
- /**
- * Method reads permission object from perm container in directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.PermObj} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains the name of existing object being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.PermObj}
- */
- @POST
- @Path("/" + HttpIds.OBJ_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readPermObj(FortRequest request)
- {
- return reviewMgrImpl.readPermObj(request);
- }
-
- /**
- * Method returns a list of type Permission that match the perm object search string.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Permission} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Permission} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Permission#objectName} - contains one or more characters of existing object being targeted</li>
- * <li>{@link org.openldap.fortress.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Permission}
- */
- @POST
- @Path("/" + HttpIds.PERM_SEARCH + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse findPermissions(FortRequest request)
- {
- return reviewMgrImpl.findPermissions(request);
- }
-
- /**
- * Method returns a list of type Permission that match the perm object search string.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.PermObj} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.PermObj} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.PermObj#objectName} - contains one or more characters of existing object being targeted</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.PermObj}
- */
- @POST
- @Path("/" + HttpIds.OBJ_SEARCH + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse findPermObjs(FortRequest request)
- {
- return reviewMgrImpl.findPermObjs(request);
- }
-
- /**
- * Method reads Role entity from the role container in directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.Role} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.Role} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.Role#name} - contains the name to use for the Role to read.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.Role}
- */
- @POST
- @Path("/" + HttpIds.ROLE_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readRole(FortRequest request)
- {
- return reviewMgrImpl.readRole(request);
- }
-
- /**
- * Method will return a list of type Role matching all or part of {@link org.openldap.fortress.rbac.Role#name}.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#value} - contains all or some of the chars corresponding to role entities stored in directory.</li>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.openldap.fortress.rbac.Role}
- */
- @POST
- @Path("/" + HttpIds.ROLE_SEARCH + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse findRoles(FortRequest request)
- {
- return reviewMgrImpl.findRoles(request);
- }
-
- /**
- * Method returns matching User entity that is contained within the people container in the directory.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} required parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains the userId associated with the User object targeted for read.</li>
- * </ul>
- * </ul>
- * <h4>optional parameters</h4>
- * <ul>
- * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
- * </ul>
- *
- * @param request contains a reference to {@code FortRequest}
- * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.openldap.fortress.rbac.User}
- */
- @POST
- @Path("/" + HttpIds.USER_READ + "/")
- @RolesAllowed({ENMASSE_SUPER_USER, REVIEW_MGR_USER})
- @Override
- public FortResponse readUser(FortRequest request)
- {
- return reviewMgrImpl.readUserM(request);
- }
-
- /**
- * Return a list of type User of all users in the people container that match all or part of the {@link org.openldap.fortress.rbac.User#userId} or {@link org.openldap.fortress.rbac.User#ou} fields passed in User entity.
- * <h4>required parameters</h4>
- * <ul>
- * <li>{@link FortRequest#entity} - contains a reference to {@link org.openldap.fortress.rbac.User} entity</li>
- * <h5>{@link org.openldap.fortress.rbac.User} optional parameters</h5>
- * <ul>
- * <li>{@link org.openldap.fortress.rbac.User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li
<TRUNCATED>