You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/22 17:45:04 UTC
[45/51] [partial] Rename packages from org.openldap.fortress to
org.apache.directory.fortress.core. Change default suffix to org.apache.
Switch default ldap api from unbound to apache ldap.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/ObjectFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ObjectFactory.java b/src/main/java/org/apache/directory/fortress/core/ObjectFactory.java
new file mode 100755
index 0000000..6502f27
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/ObjectFactory.java
@@ -0,0 +1,476 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+import org.apache.directory.fortress.core.ldap.group.Group;
+import org.apache.directory.fortress.core.rbac.*;
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.annotation.XmlElementDecl;
+import javax.xml.bind.annotation.XmlRegistry;
+import javax.xml.namespace.QName;
+
+
+/**
+ *
+ * This class contains factory methods for each Java content interface and Java element interface
+ * generated in the org.apache.directory.fortress packages.
+ * <p>An ObjectFactory allows you to programatically
+ * construct new instances of the Java representation
+ * for XML content. The Java representation of XML
+ * content can consist of schema derived interfaces
+ * and classes representing the binding of schema
+ * type definitions, element declarations and model
+ * groups. Factory methods for each of these are
+ * provided in this class.
+ * @author Shawn McKinney
+ *
+ */
+@XmlRegistry
+public class ObjectFactory
+{
+ private final static QName _FortUser_QNAME = new QName("", "fortUser");
+ private final static QName _FortSession_QNAME = new QName("", "fortSession");
+ private final static QName _FortRole_QNAME = new QName("", "fortRole");
+ private final static QName _FortGrant_QNAME = new QName("", "fortGrant");
+ private final static QName _FortOrgUnit_QNAME = new QName("", "fortOrgUnit");
+ private final static QName _FortEntity_QNAME = new QName("", "fortEntity");
+ private final static QName _FortAdminRole_QNAME = new QName("", "fortAdminRole");
+ private final static QName _FortUserRole_QNAME = new QName("", "fortUserRole");
+ private final static QName _FortObject_QNAME = new QName("", "fortObject");
+ private final static QName _FortPermission_QNAME = new QName("", "fortPermission");
+ private final static QName _FortRoleRelationship_QNAME = new QName("", "fortRoleRelationship");
+ private final static QName _FortSet_QNAME = new QName("", "fortSet");
+ private final static QName _FortPolicy_QNAME = new QName("", "fortPolicy");
+ private final static QName _FortUserAdminRole_QNAME = new QName("", "fortUserAdminRole");
+ private final static QName _FortAdminRoleRelationship_QNAME = new QName("", "fortAdminRoleRelationship");
+ private final static QName _FortOrgUnitRelationship_QNAME = new QName("", "fortOrgUnitRelationship");
+ private final static QName _FortBind_QNAME = new QName("", "fortBind");
+ private final static QName _FortUserAudit_QNAME = new QName("", "fortUserAudit");
+ private final static QName _FortAuthZ_QNAME = new QName("", "fortAuthZ");
+ private final static QName _FortMod_QNAME = new QName("", "fortMod");
+ private final static QName _FortRolePerm_QNAME = new QName("", "fortRolePerm");
+ private final static QName _FortResponse_QNAME = new QName("", "fortResponse");
+ private final static QName FortRequest_QNAME = new QName("", "fortRequest");
+ private final static QName FortAddress_QNAME = new QName("", "fortAddress");
+ private final static QName _FortProps_QNAME = new QName("", "fortProps");
+ private final static QName _FortWarning_QNAME = new QName("", "fortWarning");
+ private final static QName _FortGroup_QNAME = new QName("", "fortGroup");
+
+
+ @XmlElementDecl(namespace = "", name = "fortEntity")
+ public JAXBElement<FortEntity> createFortEntity(FortEntity value)
+ {
+ return new JAXBElement<>(_FortEntity_QNAME, FortEntity.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortResponse")
+ public JAXBElement<FortResponse> createFortResponse(FortResponse value)
+ {
+ return new JAXBElement<>(_FortResponse_QNAME, FortResponse.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortRequest")
+ public JAXBElement<FortRequest> createFortRequest(FortRequest value)
+ {
+ return new JAXBElement<>(FortRequest_QNAME, FortRequest.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.SDSet }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortSet")
+ public JAXBElement<SDSet> createFortSet(SDSet value)
+ {
+ return new JAXBElement<>(_FortSet_QNAME, SDSet.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.PwPolicy }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortPolicy")
+ public JAXBElement<PwPolicy> createFortPolicy(PwPolicy value)
+ {
+ return new JAXBElement<>(_FortPolicy_QNAME, PwPolicy.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.Session }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortSession")
+ public JAXBElement<Session> createFortSession(Session value)
+ {
+ return new JAXBElement<>(_FortSession_QNAME, Session.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.User }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortUser")
+ public JAXBElement<User> createFortUser(User value)
+ {
+ return new JAXBElement<>(_FortUser_QNAME, User.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.UserRole }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortUserRole")
+ public JAXBElement<UserRole> createFortUserRole(UserRole value)
+ {
+ return new JAXBElement<>(_FortUserRole_QNAME, UserRole.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortOrgUnit")
+ public JAXBElement<OrgUnit> createFortOrgUnit(OrgUnit value)
+ {
+ return new JAXBElement<>(_FortOrgUnit_QNAME, OrgUnit.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.Role }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortRole")
+ public JAXBElement<Role> createFortRole(Role value)
+ {
+ return new JAXBElement<>(_FortRole_QNAME, Role.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.Role }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortGrant")
+ public JAXBElement<PermGrant> createFortGrant(PermGrant value)
+ {
+ return new JAXBElement<>(_FortGrant_QNAME, PermGrant.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.OrgUnitRelationship}{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortAdminRoleRelationship")
+ public JAXBElement<AdminRoleRelationship> createFortAdminRoleRelationship(AdminRoleRelationship value)
+ {
+ return new JAXBElement<>(_FortAdminRoleRelationship_QNAME, AdminRoleRelationship.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.OrgUnitRelationship}{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortOrgUnitRelationship")
+ public JAXBElement<OrgUnitRelationship> createFortOrgUnitRelationship(OrgUnitRelationship value)
+ {
+ return new JAXBElement<>(_FortOrgUnitRelationship_QNAME, OrgUnitRelationship.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.RoleRelationship}{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortRoleRelationship")
+ public JAXBElement<RoleRelationship> createFortRoleRelationship(RoleRelationship value)
+ {
+ return new JAXBElement<>(_FortRoleRelationship_QNAME, RoleRelationship.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.Role }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortAdminRole")
+ public JAXBElement<AdminRole> createFortAdminRole(AdminRole value)
+ {
+ return new JAXBElement<>(_FortAdminRole_QNAME, AdminRole.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.UserAdminRole }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortUserAdminRole")
+ public JAXBElement<UserAdminRole> createFortUserRole(UserAdminRole value)
+ {
+ return new JAXBElement<>(_FortUserAdminRole_QNAME, UserAdminRole.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.PermObj }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortObject")
+ public JAXBElement<PermObj> createFortObject(PermObj value)
+ {
+ return new JAXBElement<>(_FortObject_QNAME, PermObj.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.rbac.Permission }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortPermission")
+ public JAXBElement<Permission> createFortPermission(Permission value)
+ {
+ return new JAXBElement<>(_FortPermission_QNAME, Permission.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortBind")
+ public JAXBElement<Bind> createFortEntity(Bind value)
+ {
+ return new JAXBElement<>(_FortBind_QNAME, Bind.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortUserAudit")
+ public JAXBElement<UserAudit> createFortUserAudit(UserAudit value)
+ {
+ return new JAXBElement<>(_FortUserAudit_QNAME, UserAudit.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortAuthZ")
+ public JAXBElement<AuthZ> createFortAuthZ(AuthZ value)
+ {
+ return new JAXBElement<>(_FortAuthZ_QNAME, AuthZ.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortMod")
+ public JAXBElement<Mod> createFortMod(Mod value)
+ {
+ return new JAXBElement<>(_FortMod_QNAME, Mod.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortRolePerm")
+ public JAXBElement<RolePerm> createFortRolePerm(RolePerm value)
+ {
+ return new JAXBElement<>(_FortRolePerm_QNAME, RolePerm.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortAddress")
+ public JAXBElement<Address> createFortAddress(Address value)
+ {
+ return new JAXBElement<>(FortAddress_QNAME, Address.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortProps")
+ public JAXBElement<Props> createFortProps(Props value)
+ {
+ return new JAXBElement<>(_FortProps_QNAME, Props.class, null, value);
+ }
+
+ @XmlElementDecl(namespace = "", name = "fortWarning")
+ public JAXBElement<Warning> createFortWarning(Warning value)
+ {
+ return new JAXBElement<Warning>(_FortWarning_QNAME, Warning.class, null, value);
+ }
+
+ /**
+ * Create an instance of {@link JAXBElement }{@code <}{@link org.apache.directory.fortress.core.ldap.group.Group }{@code >}}
+ */
+ @XmlElementDecl(namespace = "", name = "fortGroup")
+ public JAXBElement<Group> createFortGroup(Group value)
+ {
+ return new JAXBElement<>(_FortGroup_QNAME, Group.class, null, value);
+ }
+
+ /**
+ * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.apache.directory.fortress.model2
+ */
+ public ObjectFactory()
+ {
+ }
+
+ /**
+ * Create an instance of {@link User }
+ */
+ public User createUser()
+ {
+ return new User();
+ }
+
+ /**
+ * Create an instance of {@link org.apache.directory.fortress.core.rbac.PwPolicy }
+ */
+ public PwPolicy createPswdPolicy()
+ {
+ return new PwPolicy();
+ }
+
+ /**
+ * Create an instance of {@link Session }
+ */
+ public Session createSession()
+ {
+ return new Session();
+ }
+
+ /**
+ * Create an instance of {@link SDSet }
+ */
+ public SDSet createSDset()
+ {
+ return new SDSet();
+ }
+
+ /**
+ * Create an instance of {@link Role }
+ */
+ public Role createRole()
+ {
+ return new Role();
+ }
+
+ /**
+ * Create an instance of {@link Group }
+ */
+ public Group createGroup()
+ {
+ return new Group();
+ }
+
+ /**
+ * Create an instance of {@link PermGrant }
+ */
+ public PermGrant createPermGrant()
+ {
+ return new PermGrant();
+ }
+
+ /**
+ * Create an instance of {@link RoleRelationship }
+ */
+ public RoleRelationship createRoleRelationship()
+ {
+ return new RoleRelationship();
+ }
+
+ /**
+ * Create an instance of {@link AdminRoleRelationship }
+ */
+ public AdminRoleRelationship createAdminRoleRelationship()
+ {
+ return new AdminRoleRelationship();
+ }
+
+ /**
+ * Create an instance of {@link OrgUnitRelationship }
+ */
+ public OrgUnitRelationship createOrgUnitRelationship()
+ {
+ return new OrgUnitRelationship();
+ }
+
+ /**
+ * Create an instance of {@link PermObj }
+ */
+ public PermObj createPermObj()
+ {
+ return new PermObj();
+ }
+
+ /**
+ * Create an instance of {@link Permission }
+ */
+ public Permission createPermission()
+ {
+ return new Permission();
+ }
+
+ /**
+ * Create an instance of {@link Role }
+ */
+ public AdminRole createAdminRole()
+ {
+ return new AdminRole();
+ }
+
+ /**
+ * Create an instance of {@link UserRole }
+ */
+ public UserRole createUserRole()
+ {
+ return new UserRole();
+ }
+
+ /**
+ * Create an instance of {@link OrgUnit }
+ */
+ public OrgUnit createOrgUnit()
+ {
+ return new OrgUnit();
+ }
+
+ /**
+ * Create an instance of {@link UserAdminRole }
+ */
+ public UserAdminRole createUserAdminRole()
+ {
+ return new UserAdminRole();
+ }
+
+ public UserAudit createUserAudit()
+ {
+ return new UserAudit();
+ }
+
+ public Bind createBind()
+ {
+ return new Bind();
+ }
+
+ public AuthZ createAuthZ()
+ {
+ return new AuthZ();
+ }
+
+ public Mod createMod()
+ {
+ return new Mod();
+ }
+
+ public RolePerm createRolePerm()
+ {
+ return new RolePerm();
+ }
+
+ public FortResponse createFortResponse()
+ {
+ return new FortResponse();
+ }
+
+ public FortRequest createFortRequest()
+ {
+ return new FortRequest();
+ }
+
+ public Address createAddress()
+ {
+ return new Address();
+ }
+
+ public Props createProps()
+ {
+ return new Props();
+ }
+
+ public Warning createWarning(int id, String msg, Warning.Type type)
+ {
+ return new Warning(id, msg, type);
+ }
+
+ public Warning createWarning(int id, String msg, Warning.Type type, String name)
+ {
+ return new Warning(id, msg, type, name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/PasswordException.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/PasswordException.java b/src/main/java/org/apache/directory/fortress/core/PasswordException.java
new file mode 100755
index 0000000..4f7c44f
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/PasswordException.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+
+/**
+ * This exception extends {@link SecurityException} and is thrown when password check fails.
+ * See the {@link GlobalErrIds} javadoc for list of error ids.
+ *
+ * @author Shawn McKinney
+ */
+public class PasswordException extends SecurityException
+{
+ /**
+ * Create an exception with an error code that maps to {@link GlobalErrIds} and message text.
+ *
+ * @param errorId see {@link GlobalErrIds} for list of valid error codes that can be set. Valid values between 0 & 100_000.
+ * @param msg contains textual information including method of origin and description of the root cause.
+ */
+ public PasswordException(int errorId, String msg)
+ {
+ super(errorId, msg);
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/PwPolicyMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/PwPolicyMgr.java b/src/main/java/org/apache/directory/fortress/core/PwPolicyMgr.java
new file mode 100755
index 0000000..fb7d51d
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/PwPolicyMgr.java
@@ -0,0 +1,305 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+import org.apache.directory.fortress.core.rbac.PwPolicy;
+
+import java.util.List;
+
+
+/**
+ * This class is used to perform administrative and review functions on the PWPOLICIES and USERS data sets.
+ * <p/>
+ * <h4>Password Policies</h4>
+ * <a href="http://www.openldap.org/">OpenLDAP</a> supports the IETF draft <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policies LDAP directories</a></li>. Policies may be applied at the user, group or global level.
+ * <p/>
+ * <img src="./doc-files/PasswordPolicy.png">
+ * <p/>
+ * Password enforcement options include:
+ * <ol>
+ * <li>A configurable limit on failed authentication attempts.</li>
+ * <li>A counter to track the number of failed authentication attempts.</li>
+ * <li>A time frame in which the limit of consecutive failed authentication attempts must happen before action is taken.</li>
+ * <li>The action to be taken when the limit is reached. The action will either be nothing, or the account will be locked.</li>
+ * <li>An amount of time the account is locked (if it is to be locked) This can be indefinite.</li>
+ * <li>Password expiration.</li>
+ * <li>Expiration warning</li>
+ * <li>Grace authentications</li>
+ * <li>Password history</li>
+ * <li>Password minimum age</li>
+ * <li>Password minimum length</li>
+ * <li>Password Change after Reset</li>
+ * <li>Safe Modification of Password</li>
+ * </ol>
+ * <p/>
+ * This interface's implementer will NOT be thread safe if parent instance variables ({@link Manageable#setContextId(String)} or {@link Manageable#setAdmin(org.apache.directory.fortress.core.rbac.Session)}) are set.
+ *
+ * @author Shawn McKinney
+ */
+public interface PwPolicyMgr extends Manageable
+{
+ /**
+ * This method will add a new policy entry to the POLICIES data set. This command is valid
+ * if and only if the policy entry is not already present in the POLICIES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being added.</li>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#minAge} - This attribute holds the number of seconds that must elapse between
+ * modifications to the password. If this attribute is not present, 0
+ * seconds is assumed.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#maxAge} - This attribute holds the number of seconds after which a modified
+ * password will expire. If this attribute is not present, or if the value is 0 the password
+ * does not expire. If not 0, the value must be greater than or equal
+ * to the value of the pwdMinAge.
+ * </li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#inHistory} - This attribute specifies the maximum number of used passwords stored
+ * in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used
+ * passwords are not stored in the pwdHistory attribute and thus may be reused.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#minLength} - When quality checking is enabled, this attribute holds the minimum
+ * number of characters that must be used in a password. If this
+ * attribute is not present, no minimum password length will be
+ * enforced. If the server is unable to check the length (due to a
+ * hashed password or otherwise), the server will, depending on the
+ * value of the pwdCheckQuality attribute, either accept the password
+ * without checking it ('0' or '1') or refuse it ('2').</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#expireWarning} - This attribute specifies the maximum number of seconds before a
+ * password is due to expire that expiration warning messages will be
+ * returned to an authenticating user. If this attribute is not present, or if the value is 0 no warnings
+ * will be returned. If not 0, the value must be smaller than the value
+ * of the pwdMaxAge attribute.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#graceLoginLimit} - This attribute specifies the number of times an expired password can
+ * be used to authenticate. If this attribute is not present or if the
+ * value is 0, authentication will fail. </li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#lockout} - This attribute indicates, when its value is "TRUE", that the password
+ * may not be used to authenticate after a specified number of
+ * consecutive failed bind attempts. The maximum number of consecutive
+ * failed bind attempts is specified in pwdMaxFailure. If this attribute is not present, or if the
+ * value is "FALSE", the password may be used to authenticate when the number of failed bind
+ * attempts has been reached.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#lockoutDuration} - This attribute holds the number of seconds that the password cannot
+ * be used to authenticate due to too many failed bind attempts. If
+ * this attribute is not present, or if the value is 0 the password
+ * cannot be used to authenticate until reset by a password
+ * administrator.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#maxFailure} - This attribute specifies the number of consecutive failed bind
+ * attempts after which the password may not be used to authenticate.
+ * If this attribute is not present, or if the value is 0, this policy
+ * is not checked, and the value of pwdLockout will be ignored.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#failureCountInterval} - This attribute holds the number of seconds after which the password
+ * failures are purged from the failure counter, even though no
+ * successful authentication occurred. If this attribute is not present, or if its value is 0, the failure
+ * counter is only reset by a successful authentication.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#mustChange} - This attribute specifies with a value of "TRUE" that users must
+ * change their passwords when they first bind to the directory after a
+ * password is set or reset by a password administrator. If this
+ * attribute is not present, or if the value is "FALSE", users are not
+ * required to change their password upon binding after the password
+ * administrator sets or resets the password. This attribute is not set
+ * due to any actions specified by this document, it is typically set by
+ * a password administrator after resetting a user's password.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#allowUserChange} - This attribute indicates whether users can change their own
+ * passwords, although the change operation is still subject to access
+ * control. If this attribute is not present, a value of "TRUE" is
+ * assumed. This attribute is intended to be used in the absence of an access control mechanism.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#safeModify} - This attribute specifies whether or not the existing password must be
+ * sent along with the new password when being changed. If this
+ * attribute is not present, a "FALSE" value is assumed.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#checkQuality} - This attribute indicates how the password quality will be verified
+ * while being modified or added. If this attribute is not present, or
+ * if the value is '0', quality checking will not be enforced. A value
+ * of '1' indicates that the server will check the quality, and if the
+ * server is unable to check it (due to a hashed password or other
+ * reasons) it will be accepted. A value of '2' indicates that the
+ * server will check the quality, and if the server is unable to verify
+ * it, it will return an error refusing the password. </li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#attribute} - This holds the name of the attribute to which the password policy is
+ * applied. For example, the password policy may be applied to the
+ * userPassword attribute </li>
+ * </ul>
+ *
+ * @param policy Object must contain {@link org.apache.directory.fortress.core.rbac.PwPolicy#name} and optionally other attributes.
+ * @throws SecurityException In the event of data validation or system error.
+ */
+ public void add(PwPolicy policy)
+ throws SecurityException;
+
+
+ /**
+ * This method will update an exiting policy entry to the POLICIES data set. This command is valid
+ * if and only if the policy entry is already present in the POLICIES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being updated.</li>
+ * </ul>
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#minAge} - This attribute holds the number of seconds that must elapse between
+ * modifications to the password. If this attribute is not present, 0
+ * seconds is assumed.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#maxAge} - This attribute holds the number of seconds after which a modified
+ * password will expire. If this attribute is not present, or if the value is 0 the password
+ * does not expire. If not 0, the value must be greater than or equal
+ * to the value of the pwdMinAge.
+ * </li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#inHistory} - This attribute specifies the maximum number of used passwords stored
+ * in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used
+ * passwords are not stored in the pwdHistory attribute and thus may be reused.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#minLength} - When quality checking is enabled, this attribute holds the minimum
+ * number of characters that must be used in a password. If this
+ * attribute is not present, no minimum password length will be
+ * enforced. If the server is unable to check the length (due to a
+ * hashed password or otherwise), the server will, depending on the
+ * value of the pwdCheckQuality attribute, either accept the password
+ * without checking it ('0' or '1') or refuse it ('2').</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#expireWarning} - This attribute specifies the maximum number of seconds before a
+ * password is due to expire that expiration warning messages will be
+ * returned to an authenticating user. If this attribute is not present, or if the value is 0 no warnings
+ * will be returned. If not 0, the value must be smaller than the value
+ * of the pwdMaxAge attribute.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#graceLoginLimit} - This attribute specifies the number of times an expired password can
+ * be used to authenticate. If this attribute is not present or if the
+ * value is 0, authentication will fail. </li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#lockout} - This attribute indicates, when its value is "TRUE", that the password
+ * may not be used to authenticate after a specified number of
+ * consecutive failed bind attempts. The maximum number of consecutive
+ * failed bind attempts is specified in pwdMaxFailure. If this attribute is not present, or if the
+ * value is "FALSE", the password may be used to authenticate when the number of failed bind
+ * attempts has been reached.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#lockoutDuration} - This attribute holds the number of seconds that the password cannot
+ * be used to authenticate due to too many failed bind attempts. If
+ * this attribute is not present, or if the value is 0 the password
+ * cannot be used to authenticate until reset by a password
+ * administrator.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#maxFailure} - This attribute specifies the number of consecutive failed bind
+ * attempts after which the password may not be used to authenticate.
+ * If this attribute is not present, or if the value is 0, this policy
+ * is not checked, and the value of pwdLockout will be ignored.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#failureCountInterval} - This attribute holds the number of seconds after which the password
+ * failures are purged from the failure counter, even though no
+ * successful authentication occurred. If this attribute is not present, or if its value is 0, the failure
+ * counter is only reset by a successful authentication.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#mustChange} - This attribute specifies with a value of "TRUE" that users must
+ * change their passwords when they first bind to the directory after a
+ * password is set or reset by a password administrator. If this
+ * attribute is not present, or if the value is "FALSE", users are not
+ * required to change their password upon binding after the password
+ * administrator sets or resets the password. This attribute is not set
+ * due to any actions specified by this document, it is typically set by
+ * a password administrator after resetting a user's password.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#allowUserChange} - This attribute indicates whether users can change their own
+ * passwords, although the change operation is still subject to access
+ * control. If this attribute is not present, a value of "TRUE" is
+ * assumed. This attribute is intended to be used in the absence of an access control mechanism.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#safeModify} - This attribute specifies whether or not the existing password must be
+ * sent along with the new password when being changed. If this
+ * attribute is not present, a "FALSE" value is assumed.</li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#checkQuality} - This attribute indicates how the password quality will be verified
+ * while being modified or added. If this attribute is not present, or
+ * if the value is '0', quality checking will not be enforced. A value
+ * of '1' indicates that the server will check the quality, and if the
+ * server is unable to check it (due to a hashed password or other
+ * reasons) it will be accepted. A value of '2' indicates that the
+ * server will check the quality, and if the server is unable to verify
+ * it, it will return an error refusing the password. </li>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#attribute} - This holds the name of the attribute to which the password policy is
+ * applied. For example, the password policy may be applied to the
+ * userPassword attribute </li>
+ * </ul>
+ *
+ * @param policy Object must contain {@link org.apache.directory.fortress.core.rbac.PwPolicy#name} and optionally all non-null attributes will be updated. null attributes will be ignored.
+ * @throws SecurityException In the event policy not found , data validation or system error.
+ */
+ public void update(PwPolicy policy)
+ throws SecurityException;
+
+
+ /**
+ * This method will delete exiting policy entry from the POLICIES data set. This command is valid
+ * if and only if the policy entry is already present in the POLICIES data set. Existing users that
+ * are assigned this policy will be removed from association.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being removed.</li>
+ * </ul>
+ *
+ * @param policy Object must contain {@link org.apache.directory.fortress.core.rbac.PwPolicy#name} of the policy entity to remove.
+ * @throws SecurityException In the event policy entity not found or system error.
+ */
+ public void delete(PwPolicy policy)
+ throws SecurityException;
+
+
+ /**
+ * This method will return the password policy entity to the caller. This command is valid
+ * if and only if the policy entry is present in the POLICIES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being read.</li>
+ * </ul>
+ *
+ * @param name String contains the {@link org.apache.directory.fortress.core.rbac.PwPolicy#name} of the policy entity to read.
+ * @return PswdPolicy entity returns fully populated with attributes.
+ * @throws SecurityException In the event policy entry not found, data validation or system error.
+ */
+ public PwPolicy read(String name)
+ throws SecurityException;
+
+
+ /**
+ * This method will return a list of all password policy entities that match a particular search string.
+ * This command will return an empty list of no matching entries are found.
+ *
+ * @param searchVal String contains the leading chars of a policy entity. This search is not case sensitive.
+ * @return List<PswdPolicy> contains all matching password policy entities. If no records found this will be empty.
+ * @throws SecurityException In the event of data validation or system error.
+ */
+ public List<PwPolicy> search(String searchVal)
+ throws SecurityException;
+
+
+ /**
+ * This method will associate a user entity with a password policy entity. This function is valid
+ * if and only if the user is a member of the USERS data set and the policyName refers to a
+ * policy that is a member of the PWPOLICIES data set.
+ *
+ * @param userId Contains {@link org.apache.directory.fortress.core.rbac.User#userId} of a User entity in USERS data set.
+ * @param policyName String contains the {@link org.apache.directory.fortress.core.rbac.PwPolicy#name} of a pw policy entity contained within the PWPOLICIES data set.
+ * @throws SecurityException thrown in the event either user or policy not valid or system error.
+ */
+ public void updateUserPolicy(String userId, String policyName)
+ throws SecurityException;
+
+
+ /**
+ * This method will remove the pw policy assignment from a user entity. This function is valid
+ * if and only if the user is a member of the USERS data set and the policy attribute is assigned.
+ * Removal of pw policy assignment will revert the user's policy to use the global default for OpenLDAP
+ * instance that contains user.
+ *
+ * @param userId Contains {@link org.apache.directory.fortress.core.rbac.User#userId} of a User entity in USERS data set.
+ * @throws SecurityException Thrown in the event either user not valid or system error.
+ */
+ public void deletePasswordPolicy(String userId)
+ throws SecurityException;
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
new file mode 100755
index 0000000..d432df1
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+import org.apache.directory.fortress.core.cfg.Config;
+import org.apache.directory.fortress.core.rbac.ClassUtil;
+import org.apache.directory.fortress.core.rbac.PwPolicyMgrImpl;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.directory.fortress.core.rest.PwPolicyMgrRestImpl;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+
+/**
+ * Creates an instance of the PwPolicyMgr object.
+ * <p/>
+ * The default implementation class is specified as {@link PwPolicyMgrImpl} but can be overridden by
+ * adding the {@link GlobalIds#PSWD_POLICY_IMPLEMENTATION} config property.
+ * <p/>
+ *
+ * @author Shawn McKinney
+ */
+public class PwPolicyMgrFactory
+{
+ private static String policyClassName = Config.getProperty(GlobalIds.PSWD_POLICY_IMPLEMENTATION);
+ private static final String CLS_NM = PwPolicyMgrFactory.class.getName();
+
+ /**
+ * Create and return a reference to {@link PwPolicyMgr} object using HOME context.
+ *
+ * @return instance of {@link PwPolicyMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static PwPolicyMgr createInstance()
+ throws SecurityException
+ {
+ return createInstance( GlobalIds.HOME );
+ }
+
+ /**
+ * Create and return a reference to {@link PwPolicyMgr} object.
+ *
+ * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+ * @return instance of {@link PwPolicyMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static PwPolicyMgr createInstance(String contextId)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(contextId, GlobalErrIds.CONTEXT_NULL, CLS_NM + ".createInstance");
+ if (!VUtil.isNotNullOrEmpty(policyClassName))
+ {
+ if(GlobalIds.IS_REST)
+ {
+ policyClassName = PwPolicyMgrRestImpl.class.getName();
+ }
+ else
+ {
+ policyClassName = PwPolicyMgrImpl.class.getName();
+ }
+ }
+
+ PwPolicyMgr policyMgr = (PwPolicyMgr) ClassUtil.createInstance(policyClassName);
+ policyMgr.setContextId(contextId);
+ return policyMgr;
+ }
+
+ /**
+ * Create and return a reference to {@link PwPolicyMgr} object using HOME context.
+ *
+ * @param adminSess contains a valid Fortress A/RBAC Session object.
+ * @return instance of {@link PwPolicyMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static PwPolicyMgr createInstance(Session adminSess)
+ throws SecurityException
+ {
+ return createInstance( GlobalIds.HOME, adminSess );
+ }
+
+ /**
+ * Create and return a reference to {@link PwPolicyMgr} object.
+ *
+ * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+ * @param adminSess contains a valid Fortress A/RBAC Session object.
+ * @return instance of {@link PwPolicyMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static PwPolicyMgr createInstance(String contextId, Session adminSess)
+ throws SecurityException
+ {
+ PwPolicyMgr policyMgr = createInstance(contextId);
+ policyMgr.setAdmin(adminSess);
+ return policyMgr;
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/RemoveException.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/RemoveException.java b/src/main/java/org/apache/directory/fortress/core/RemoveException.java
new file mode 100755
index 0000000..c16ca4f
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/RemoveException.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+/**
+ * This exception extends {@link SecurityException} and is thrown when DAO cannot delete entity.
+ * See the {@link GlobalErrIds} javadoc for list of error ids.
+ *
+ * @author Shawn McKinney
+ */
+public class RemoveException extends SecurityException
+{
+ /**
+ * Create an exception with an error code that maps to {@link GlobalErrIds} and message text.
+ *
+ * @param errorId see {@link GlobalErrIds} for list of valid error codes that can be set. Valid values between 0 & 100_000.
+ * @param msg contains textual information including method of origin and description of the root cause.
+ */
+ public RemoveException(int errorId, String msg)
+ {
+ super(errorId, msg);
+ }
+
+ /**
+ * Create exception with error id, message and related exception.
+ * @param errorId see {@link GlobalErrIds} for list of valid error codes that can be set. Valid values between 0 & 100_000.
+ * @param msg contains textual information including method of origin and description of the root cause.
+ * @param previousException contains reference to related exception which usually is system related, i.e. ldap.
+ */
+ public RemoveException(int errorId, String msg, Exception previousException)
+ {
+ super(errorId, msg, previousException);
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/RestException.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/RestException.java b/src/main/java/org/apache/directory/fortress/core/RestException.java
new file mode 100644
index 0000000..e6b3a69
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/RestException.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+
+/**
+ * This exception extends {@link SecurityException} and is thrown when Fortress cannot call En Masse to perform a particular operation via RESTful interface.
+ * See the {@link GlobalErrIds} javadoc for list of error ids.
+ *
+ * @author Shawn McKinney
+ */
+public class RestException extends SecurityException
+{
+
+ /**
+ * Create an exception with an error code that maps to {@link GlobalErrIds} and message text.
+ * @param errorId see {@link GlobalErrIds} for list of valid error codes that can be set. Valid values between 0 & 100_000.
+ * @param msg contains textual information including method of origin and description of the root cause.
+ */
+ public RestException(int errorId, String msg)
+ {
+ super(errorId, msg);
+ }
+
+ /**
+ * Create exception with error id, message and related exception.
+ * @param errorId see {@link GlobalErrIds} for list of valid error codes that can be set. Valid values between 0 & 100_000.
+ * @param msg contains textual information including method of origin and description of the root cause.
+ * @param previousException contains reference to related exception which usually is system related, i.e. ldap.
+ */
+ public RestException(int errorId, String msg, Exception previousException)
+ {
+ super(errorId, msg, previousException);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
new file mode 100755
index 0000000..90917c7
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
@@ -0,0 +1,612 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+import org.apache.directory.fortress.core.rbac.OrgUnit;
+import org.apache.directory.fortress.core.rbac.Permission;
+import org.apache.directory.fortress.core.rbac.PermObj;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.rbac.SDSet;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.UserRole;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * This interface prescribes the administrative review functions on already provisioned Fortress RBAC entities
+ * that reside in LDAP directory. These APIs map directly to similar named APIs specified by ANSI and NIST RBAC models.
+ * Many of the java doc function descriptions found below were taken directly from ANSI INCITS 359-2004.
+ * The RBAC Functional specification describes administrative operations for the creation
+ * and maintenance of RBAC element sets and relations; administrative review functions for
+ * performing administrative queries; and system functions for creating and managing
+ * RBAC attributes on user sessions and making access control decisions.
+ * <p/>
+ * <hr>
+ * <h4>RBAC0 - Core</h4>
+ * Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions. API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
+ * <p/>
+ * <img src="./doc-files/RbacCore.png">
+ * <hr>
+ * <h4>RBAC1 - General Hierarchical Roles</h4>
+ * Simplifies role engineering tasks using inheritance of one or more parent roles.
+ * <p/>
+ * <img src="./doc-files/RbacHier.png">
+ * <hr>
+ * <h4>RBAC2 - Static Separation of Duty (SSD) Relations</h4>
+ * Enforce mutual membership exclusions across role assignments. Facilitate dual control policies by restricting which roles may be assigned to users in combination. SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
+ * <p/>
+ * <img src="./doc-files/RbacSSD.png">
+ * <hr>
+ * <h4>RBAC3 - Dynamic Separation of Duty (DSD) Relations</h4>
+ * Control allowed role combinations to be activated within an RBAC session. DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
+ * <p/>
+ * <img src="./doc-files/RbacDSD.png">
+ * <hr>
+ * <p/>
+ * This interface's implementer will NOT be thread safe if parent instance variables ({@link Manageable#setContextId(String)} or {@link Manageable#setAdmin(org.apache.directory.fortress.core.rbac.Session)}) are set.
+ *
+ * @author Shawn McKinney
+ */
+public interface ReviewMgr extends Manageable
+{
+
+ /**
+ * This method returns a matching permission entity to caller.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param permission must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return Permission entity that is loaded with data.
+ * @throws SecurityException
+ * if permission not found or system error occurs.
+ */
+ public Permission readPermission(Permission permission)
+ throws SecurityException;
+
+ /**
+ * Method reads permission object from perm container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link PermObj#objName} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param permObj entity contains the {@link PermObj#objName} of target record.
+ * @return PermObj loaded with perm object data.
+ * @throws SecurityException is thrown if object not found or system error.
+ */
+ public PermObj readPermObj(PermObj permObj)
+ throws SecurityException;
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains one or more characters of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains one or more characters of existing permission operation</li>
+ * </ul>
+ *
+ * @param permission contains object and operation name search strings. Each contains 1 or more leading chars that correspond to object or op name.
+ * @return List of type Permission. Fortress permissions are object->operation mappings. The permissions may contain
+ * assigned user, role or group entities as well.
+ * @throws SecurityException
+ * thrown in the event of system error.
+ */
+ public List<Permission> findPermissions(Permission permission)
+ throws SecurityException;
+
+
+ /**
+ * Method returns a list of type PermObj that match the perm object search string.
+ * <h4>optional parameters</h4>
+ * <ul>
+ * <li>{@link PermObj#objName} - contains one or more characters of existing object being targeted</li>
+ * </ul>
+ *
+ * @param permObj contains object name search string. The search val contains 1 or more leading chars that correspond to object name.
+ * @return List of type PermObj. Fortress permissions are object->operation mappings.
+ * @throws SecurityException thrown in the event of system error.
+ */
+ public List<PermObj> findPermObjs(PermObj permObj)
+ throws SecurityException;
+
+
+ /**
+ * Method returns a list of type Permission that match the perm object search string.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link OrgUnit#name} - contains one or more characters of org unit associated with existing object being targeted</li>
+ * </ul>
+ *
+ * @param ou contains org unit name {@link org.apache.directory.fortress.core.rbac.OrgUnit#name}. The search val contains the full name of matching ou in OS-P data set.
+ * @return List of type PermObj. Fortress permissions are object->operation mappings.
+ * @throws SecurityException
+ * thrown in the event of system error.
+ */
+ public List<PermObj> findPermObjs(OrgUnit ou)
+ throws SecurityException;
+
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role to read.</li>
+ * </ul>
+ *
+ * @param role contains role name, {@link Role#name}, to be read.
+ * @return Role entity that corresponds with role name.
+ * @throws SecurityException
+ * will be thrown if role not found or system error occurs.
+ */
+ public Role readRole(Role role)
+ throws SecurityException;
+
+
+ /**
+ * Method will return a list of type Role matching all or part of Role name, {@link Role#name}.
+ *
+ * @param searchVal contains all or some of the chars corresponding to role entities stored in directory.
+ * @return List of type Role containing role entities that match the search criteria.
+ * @throws SecurityException in the event of system error.
+ */
+ public List<Role> findRoles(String searchVal)
+ throws SecurityException;
+
+
+ /**
+ * Method returns a list of roles of type String. This method can be limited by integer value that indicates max
+ * number of records that may be contained in the result set. This number can further limit global default but can
+ * not increase the max. This method is called by the Websphere Realm impl.
+ *
+ * @param searchVal contains all or some leading chars that correspond to roles stored in the role container in the directory.
+ * @param limit integer value specifies the max records that may be returned in the result set.
+ * @return List of type String containing matching Role names.
+ * @throws SecurityException
+ * in the event of system error.
+ */
+ public List<String> findRoles(String searchVal, int limit)
+ throws SecurityException;
+
+
+ /**
+ * Method returns matching User entity that is contained within the people container in the directory.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for read.</li>
+ * </ul>
+ *
+ * @param user entity contains a value {@link User#userId} that matches record in the directory. userId is globally unique in
+ * people container.
+ * @return entity containing matching user data.
+ * @throws SecurityException if record not found or system error occurs.
+ */
+ public User readUser(User user)
+ throws SecurityException;
+
+
+ /**
+ * Return a list of type User of all users in the people container that match all or part of the {@link User#userId} field passed in User entity.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
+ * </ul>
+ *
+ * @param user contains all or some leading chars that match userIds stored in the directory.
+ * @return List of type User.
+ * @throws SecurityException In the event of system error.
+ */
+ public List<User> findUsers(User user)
+ throws SecurityException;
+
+
+ /**
+ * Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link OrgUnit#name} - contains one or more characters of org unit associated with existing object(s) being targeted</li>
+ * </ul>
+ *
+ * @param ou contains name of User OU, {@link OrgUnit#name} that match ou attribute associated with User entity in the directory.
+ * @return List of type User.
+ * @throws SecurityException
+ * In the event of system error.
+ */
+ public List<User> findUsers(OrgUnit ou)
+ throws SecurityException;
+
+
+ /**
+ * Return a list of type String of all users in the people container that match the userId field passed in User entity.
+ * This method is used by the Websphere realm component. The max number of returned users may be set by the integer limit arg.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for read.</li>
+ * <li>limit - max number of objects to return.</li>
+ * </ul>
+ *
+ * @param user contains all or some leading chars that correspond to users stored in the directory.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing matching userIds.
+ * @throws SecurityException in the event of system error.
+ */
+ public List<String> findUsers(User user, int limit)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of users assigned to a given role. The function is valid if and
+ * only if the role is a member of the ROLES data set.
+ * The max number of users returned is constrained by limit argument.
+ * This method is used by the Websphere realm component. This method does NOT use hierarchical rbac.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * <li>limit - max number of objects to return.</li>
+ * </ul>
+ *
+ * @param role Contains {@link Role#name} of Role entity assigned to user.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing userIds assigned to a particular role.
+ * @throws SecurityException
+ * in the event of data validation or system error.
+ */
+ public List<String> assignedUsers(Role role, int limit)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of roles assigned to a given user. The function is valid if and
+ * only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ *
+ * @param user contains {@link User#userId} matching User entity targeted in the directory.
+ * @return List of type UserRole containing the Roles assigned to User.
+ * @throws SecurityException
+ * If user not found or system error occurs.
+ */
+ public List<UserRole> assignedRoles(User user)
+ throws SecurityException;
+
+ /**
+ * This method returns the data set of all users who are assigned the given role. This searches the User data set for
+ * Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role contains the role name, {@link Role#name} used to search the User data set.
+ * @return List of type User containing the users assigned data.
+ * @throws SecurityException
+ * If system error occurs.
+ */
+ public List<User> assignedUsers(Role role)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of roles assigned to a given user. The function is valid if and
+ * only if the user is a member of the USERS data set.
+ *
+ * @param userId matches userId stored in the directory.
+ * @return List of type String containing the role names of all roles assigned to user.
+ * @throws SecurityException
+ * If user not found or system error occurs.
+ */
+ public List<String> assignedRoles(String userId)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that
+ * inherits the given role. The function is valid if and only if the given role is a member of the ROLES data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role Contains role name, {@link Role#name} of Role entity assigned to User.
+ * @return List of type User containing all user's that having matching role assignment.
+ * @throws SecurityException
+ * In the event the role is not present in directory or system error occurs.
+ */
+ public List<User> authorizedUsers(Role role)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of roles authorized for a given user. The function is valid if
+ * and only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ *
+ * @param user contains the {@link User#userId} matching User entity stored in the directory.
+ * @return Set of type String containing the roles assigned and roles inherited.
+ * @throws SecurityException If user not found or system error occurs.
+ */
+ public Set<String> authorizedRoles(User user)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of all permissions (op, obj), granted to or inherited by a
+ * given role. The function is valid if and only if the role is a member of the ROLES data
+ * set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role contains role name, {@link Role#name} of Role entity Permission is granted to.
+ * @return List of type Permission that contains all perms granted to a role.
+ * @throws SecurityException
+ * In the event system error occurs.
+ */
+ public List<Permission> rolePermissions(Role role)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the set of permissions a given user gets through his/her authorized
+ * roles. The function is valid if and only if the user is a member of the USERS data set.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link User#userId} - contains the userId associated with the User object targeted for search.</li>
+ * </ul>
+ *
+ * @param user contains the {@link User#userId} of User targeted for search.
+ * @return List of type Permission containing matching permission entities.
+ * @throws SecurityException
+ * in the event of validation or system error.
+ */
+ public List<Permission> userPermissions(User user)
+ throws SecurityException;
+
+
+ /**
+ * Return a list of type String of all roles that have granted a particular permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return List of type string containing the Role names that have the matching perm granted.
+ * @throws SecurityException in the event permission not found or system error occurs.
+ */
+ public List<String> permissionRoles(Permission perm)
+ throws SecurityException;
+
+
+ /**
+ * Return all role names that have been authorized for a given permission. This will process role hierarchies to determine set of all Roles who have access to a given permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return Set of type String containing all roles names that have been granted a particular permission.
+ * @throws SecurityException
+ * in the event of validation or system error.
+ */
+ public Set<String> authorizedPermissionRoles(Permission perm)
+ throws SecurityException;
+
+
+ /**
+ * Return all userIds that have been granted (directly) a particular permission. This will not consider assigned or authorized Roles.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return List of type String containing all userIds that have been granted a particular permission.
+ * @throws SecurityException
+ * in the event of validation or system error.
+ */
+ public List<String> permissionUsers(Permission perm)
+ throws SecurityException;
+
+
+ /**
+ * Return all userIds that have been authorized for a given permission. This will process role hierarchies to determine set of all Users who have access to a given permission.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+ * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
+ * </ul>
+ *
+ * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+ * @return Set of type String containing all userIds that have been granted a particular permission.
+ * @throws SecurityException
+ * in the event of validation or system error.
+ */
+ public Set<String> authorizedPermissionUsers(Permission perm)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the list of all SSD role sets that have a particular Role as member or Role's
+ * parent as a member. If the Role parameter is left blank, function will return all SSD role sets.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role Will contain the role name, {@link Role#name}, for targeted SSD set or null to return all
+ * @return List containing all matching SSD's.
+ * @throws SecurityException
+ * in the event of data or system error.
+ */
+ public List<SDSet> ssdRoleSets(Role role)
+ throws SecurityException;
+
+ /**
+ * This function returns the SSD data set that matches a particular set name.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param set Will contain the name for existing SSD data set, {@link SDSet#name}.
+ * @return SDSet containing all attributes from matching SSD name.
+ * @throws SecurityException
+ * in the event of data or system error.
+ */
+ public SDSet ssdRoleSet(SDSet set)
+ throws SecurityException;
+
+ /**
+ * This function returns the list of SSDs that match a given ssd name value.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param ssd contains the name for the SSD set targeted, {@link SDSet#name}.
+ * @return List containing all SSDSets that match a given SSDSet name.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public List<SDSet> ssdSets(SDSet ssd)
+ throws SecurityException;
+
+ /**
+ * This function returns the set of roles of a SSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param ssd contains the name for the SSD set targeted, {@link SDSet#name}.
+ * @return Set containing all Roles that are members of SSD data set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public Set<String> ssdRoleSetRoles(SDSet ssd)
+ throws SecurityException;
+
+ /**
+ * This function returns the cardinality associated with a SSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param ssd contains the name of the SSD set targeted, {@link SDSet#name}.
+ * @return int value containing cardinality of SSD set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public int ssdRoleSetCardinality(SDSet ssd)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the list of all dSD role sets that have a particular Role as member or Role's
+ * parent as a member. If the Role parameter is left blank, function will return all dSD role sets.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>
+ * </ul>
+ *
+ * @param role Will contain the role name, {@link Role#name}, for targeted dSD set or null to return all
+ * @return List containing all matching dSD's.
+ * @throws SecurityException
+ * in the event of data or system error.
+ */
+ public List<SDSet> dsdRoleSets(Role role)
+ throws SecurityException;
+
+ /**
+ * This function returns the DSD data set that matches a particular set name.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param set Will contain the name for existing DSD data set, {@link SDSet#name}.
+ * @return SDSet containing all attributes from matching DSD name.
+ * @throws SecurityException
+ * in the event of data or system error.
+ */
+ public SDSet dsdRoleSet(SDSet set)
+ throws SecurityException;
+
+
+ /**
+ * This function returns the list of DSDs that match a given dsd name value.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param dsd contains the name for the DSD set targeted, {@link SDSet#name}.
+ * @return List containing all DSDSets that match a given DSDSet name.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public List<SDSet> dsdSets(SDSet dsd)
+ throws SecurityException;
+
+ /**
+ * This function returns the set of roles of a DSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param dsd contains the name for the DSD set targeted, {@link SDSet#name}.
+ * @return Set containing all Roles that are members of DSD data set.
+ * @throws SecurityException
+ * in the event of data or system error.
+ */
+ public Set<String> dsdRoleSetRoles(SDSet dsd)
+ throws SecurityException;
+
+ /**
+ * This function returns the cardinality associated with a DSD role set. The function is valid if and only if the
+ * role set exists.
+ * <h4>required parameters</h4>
+ * <ul>
+ * <li>{@link SDSet#name} - contains the name of existing object being targeted</li>
+ * </ul>
+ *
+ * @param dsd contains the name of the DSD set targeted, {@link SDSet#name}.
+ * @return int value containing cardinality of DSD set.
+ * @throws SecurityException in the event of data or system error.
+ */
+ public int dsdRoleSetCardinality(SDSet dsd)
+ throws SecurityException;
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
new file mode 100755
index 0000000..95baef6
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+import org.apache.directory.fortress.core.cfg.Config;
+import org.apache.directory.fortress.core.rbac.ClassUtil;
+import org.apache.directory.fortress.core.rbac.ReviewMgrImpl;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.directory.fortress.core.rest.ReviewMgrRestImpl;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+
+/**
+ * Creates an instance of the ReviewMgr object.
+ * <p/>
+ * The default implementation class is specified as {@link ReviewMgrImpl} but can be overridden by
+ * adding the {@link GlobalIds#REVIEW_IMPLEMENTATION} config property.
+ * <p/>
+ *
+ * @author Shawn McKinney
+ */
+public class ReviewMgrFactory
+{
+ private static String reviewClassName = Config.getProperty(GlobalIds.REVIEW_IMPLEMENTATION);
+ private static final String CLS_NM = ReviewMgrFactory.class.getName();
+
+ /**
+ * Create and return a reference to {@link ReviewMgr} object using HOME context.
+ *
+ * @return instance of {@link ReviewMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static ReviewMgr createInstance()
+ throws SecurityException
+ {
+ return createInstance( GlobalIds.HOME );
+ }
+
+ /**
+ * Create and return a reference to {@link ReviewMgr} object.
+ *
+ * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+ * @return instance of {@link ReviewMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static ReviewMgr createInstance(String contextId)
+ throws SecurityException
+ {
+ VUtil.assertNotNull(contextId, GlobalErrIds.CONTEXT_NULL, CLS_NM + ".createInstance");
+ if (!VUtil.isNotNullOrEmpty(reviewClassName))
+ {
+ if(GlobalIds.IS_REST)
+ {
+ reviewClassName = ReviewMgrRestImpl.class.getName();
+ }
+ else
+ {
+ reviewClassName = ReviewMgrImpl.class.getName();
+ }
+ }
+
+ ReviewMgr reviewMgr = ( ReviewMgr ) ClassUtil.createInstance(reviewClassName);
+ reviewMgr.setContextId(contextId);
+ return reviewMgr;
+ }
+
+ /**
+ * Create and return a reference to {@link ReviewMgr} object using HOME context.
+ *
+ * @param adminSess contains a valid Fortress A/RBAC Session object.
+ * @return instance of {@link ReviewMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static ReviewMgr createInstance(Session adminSess)
+ throws SecurityException
+ {
+ return createInstance( GlobalIds.HOME, adminSess );
+ }
+
+ /**
+ * Create and return a reference to {@link ReviewMgr} object.
+ *
+ * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+ * @param adminSess contains a valid Fortress A/RBAC Session object.
+ * @return instance of {@link ReviewMgr}.
+ * @throws SecurityException in the event of failure during instantiation.
+ */
+ public static ReviewMgr createInstance(String contextId, Session adminSess)
+ throws SecurityException
+ {
+ ReviewMgr reviewMgr = createInstance(contextId);
+ reviewMgr.setAdmin(adminSess);
+ return reviewMgr;
+ }
+}
+