You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/22 17:44:39 UTC
[20/51] [partial] Rename packages from org.openldap.fortress to
org.apache.directory.fortress.core. Change default suffix to org.apache.
Switch default ldap api from unbound to apache ldap.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/rbac/SetAdapter.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/SetAdapter.java b/src/main/java/org/apache/directory/fortress/core/rbac/SetAdapter.java
new file mode 100755
index 0000000..f2e797f
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/SetAdapter.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.rbac;
+
+import javax.xml.bind.annotation.adapters.XmlAdapter;
+import java.util.ArrayList;
+import java.util.Set;
+import java.util.TreeSet;
+
+/**
+ * Created by IntelliJ IDEA.
+ * User: Shawn McKinney
+ * Date: 1/21/12
+ * Time: 7:59 PM
+ * To change this template use File | Settings | File Templates.
+ */
+public class SetAdapter extends XmlAdapter<ArrayList<String>, Set<String>>
+{
+ public Set<String> unmarshal(ArrayList<String> val) throws Exception
+ {
+ Set<String> members = null;
+ if(val != null)
+ {
+ members = new TreeSet<>();
+ for(String member : val)
+ {
+ members.add(member);
+ }
+ }
+ return members;
+ }
+
+ public ArrayList<String> marshal(Set<String> val) throws Exception
+ {
+ ArrayList<String> members = null;
+ if(val != null)
+ {
+ members = new ArrayList<>();
+ for(String member : val)
+ {
+ members.add(member);
+ }
+ }
+ return members;
+ }
+}
+
+
+/*
+ public char[] unmarshal(String val) throws Exception
+ {
+ return val.toCharArray();
+ }
+
+ public String marshal(char[] val) throws Exception
+ {
+ return val.toString();
+ }
+
+ */
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/rbac/User.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/User.java b/src/main/java/org/apache/directory/fortress/core/rbac/User.java
new file mode 100755
index 0000000..907063e
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/User.java
@@ -0,0 +1,1547 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.rbac;
+
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Properties;
+import java.util.UUID;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
+import javax.xml.bind.annotation.XmlType;
+
+import org.apache.directory.fortress.core.rbac.dao.apache.UserDAO;
+import org.apache.directory.fortress.core.util.time.Constraint;
+
+
+/**
+ * All entities ({@link User}, {@link org.apache.directory.fortress.core.rbac.Role}, {@link Permission},
+ * {@link PwPolicy} {@link SDSet} etc...) are used to carry data between three Fortress
+ * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
+ * (3) DAO layer where persistence with the OpenLDAP server occurs.
+ * <p/>
+ * <h4>Fortress Processing Layers</h4>
+ * <ol>
+ * <li>Manager layer: {@link AdminMgrImpl}, {@link AccessMgrImpl}, {@link ReviewMgrImpl},...</li>
+ * <li>Process layer: {@link UserP}, {@link RoleP}, {@link PermP},...</li>
+ * <li>DAO layer: {@link UserDAO}, {@link org.apache.directory.fortress.core.rbac.dao.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.dao.PermDAO},...</li>
+ * </ol>
+ * Fortress clients must first instantiate the data entity before invoking one of the Manager APIs. The caller must first
+ * provide enough information to uniquely identity target record for the particular ldap operation performed.<br />
+ * For example the User entity requires the {@link User#setUserId} attribute to be set before calling a Manager API.
+ * The unique key to locate a User entity in the Fortress DIT is simply the userId field.<br />
+ * Other ldap operations on User may require additional attributes to be set.
+ * <p/>
+ * <h4>User entity attribute usages include</h4>
+ * <ul>
+ * <li>{@link #setPassword(char[])} must be set before calling {@link AccessMgrImpl#authenticate} and {@link AccessMgrImpl#createSession(User, boolean)} (unless trusted).
+ * <li>{@link #setOu} is required before calling {@link AdminMgrImpl#addUser(User)} to add a new user to ldap.
+ * <li>{@link #setRoles} will be set for {@link AccessMgrImpl#createSession(User, boolean)} when selective RBAC Role activation is required.
+ * <li>{@link #setAdminRoles} will be set for {@link AccessMgrImpl#createSession(User, boolean)} when selective Administrative Role activation is required.
+ * <li>{@link #setPwPolicy} may be set for {@link AdminMgrImpl#updateUser(User)} to assign User to a policy {@link PwPolicy}.
+ * <li>{@link #password} is the only case sensitive attribute on this entity.
+ * </ul>
+ * <p/>
+ * Example to create new Fortress User:
+ * <pre>
+ * try
+ * {
+ * // Instantiate the AdminMgr first
+ * AdminMgr adminMgr = AdminMgrFactory.createInstance();
+ *
+ * User myUser = new User("myUserId", "myPassword".toCharArray(), myRoleName", "myOU");
+ * adminMgr.addUser(myUser);
+ * }
+ * catch (SecurityException ex)
+ * {
+ * // log or throw
+ * }</pre>
+ * The above code will persist to LDAP a User object that has a userId of "myUserId", a password of "myPassword", a role assignment to "myRoleName", and assigned to organzational unit named "myOU".
+ * This User can be used as a target for subsequent User-Role assignments, User-Permission grants, authentication, authorization and more.
+ *
+ * This entity aggregates one standard LDAP structural object class, {@code inetOrgPerson} see <a href="http://www.ietf.org/rfc/rfc2798.txt">RFC 2798</a>,
+ * along with three auxiliary object extensions supplied by Fortress: {@code ftUserAttrs}, {@code ftProperties}, {@code ftMods}.
+ * The combination of the standard and custom object classes form a single entry within the directory and is represented in this entity class.
+ *
+ * <h4>Fortress User Schema</h4>
+ *
+ * 1. InetOrgPerson Structural Object Class. <br />
+ * <code># The inetOrgPerson represents people who are associated with an</code><br />
+ * <code># organization in some way. It is a structural class and is derived</code><br />
+ * <code># from the organizationalPerson which is defined in X.521 [X521].</code><br />
+ * <pre>
+ * ------------------------------------------
+ * objectclass ( 2.16.840.1.113730.3.2.2
+ * NAME 'inetOrgPerson'
+ * DESC 'RFC2798: Internet Organizational Person'
+ * SUP organizationalPerson
+ * STRUCTURAL
+ * MAY (
+ * audio $ businessCategory $ carLicense $ departmentNumber $
+ * displayName $ employeeNumber $ employeeType $ givenName $
+ * homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ * labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $
+ * roomNumber $ secretary $ uid $ userCertificate $
+ * x500uniqueIdentifier $ preferredLanguage $
+ * userSMIMECertificate $ userPKCS12
+ * )
+ * )
+ * ------------------------------------------
+ * </pre>
+ *
+ * 2. organizationalPerson Structural Object Class.
+ * <pre>
+ * ------------------------------------------
+ * objectclass ( 2.5.6.7
+ * NAME 'organizationalPerson'
+ * DESC 'RFC2256: an organizational person'
+ * SUP person
+ * STRUCTURAL
+ * MAY (
+ * title $ x121Address $ registeredAddress $ destinationIndicator $
+ * preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ * telephoneNumber $ internationaliSDNNumber $
+ * facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ * postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l
+ * )
+ * )
+ * ------------------------------------------
+ * </pre>
+ *
+ * 3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.<br />
+ * <code># This aux object class can be used to store custom attributes.</code><br />
+ * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
+ * <pre>
+ * ------------------------------------------
+ * AC2: Fortress Properties Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.2
+ * NAME 'ftProperties'
+ * DESC 'Fortress Properties AUX Object Class'
+ * AUXILIARY
+ * MAY (
+ * ftProps
+ * )
+ * )
+ * ------------------------------------------
+ * </pre>
+ *
+ * 4. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress User Attributes Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.1
+ * NAME 'ftUserAttrs'
+ * DESC 'Fortress User Attribute AUX Object Class'
+ * AUXILIARY
+ * MUST (
+ * ftId
+ * )
+ * MAY (
+ * ftRC $
+ * ftRA $
+ * ftARC $
+ * ftARA $
+ * ftCstr $
+ * ftSystem
+ * )
+ * )
+ * ------------------------------------------
+ * </pre>
+ *
+ * 5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ * NAME 'ftMods'
+ * DESC 'Fortress Modifiers AUX Object Class'
+ * AUXILIARY
+ * MAY (
+ * ftModifier $
+ * ftModCode $
+ * ftModId
+ * )
+ * )
+ * ------------------------------------------
+ * </pre>
+ *
+ * @author Shawn McKinney
+ */
+
+@XmlRootElement(name = "fortUser")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "user", propOrder =
+ {
+ "userId",
+ "description",
+ "name",
+ "internalId",
+ "ou",
+ "pwPolicy",
+ "sn",
+ "cn",
+ "dn",
+ "displayName",
+ "employeeType",
+ "title",
+ "address",
+ "phones",
+ "mobiles",
+ "emails",
+ "props",
+ "locked",
+ "reset",
+ "system",
+ "beginTime",
+ "endTime",
+ "beginDate",
+ "endDate",
+ "beginLockDate",
+ "endLockDate",
+ "dayMask",
+ "timeout",
+ "roles",
+ "adminRoles",
+ "password",
+ "newPassword"
+/* "jpegPhoto"*/
+})
+public class User extends FortEntity implements Constraint, Serializable
+{
+ /**
+ * The serialVersionUID needed for Serializable classes
+ */
+ private static final long serialVersionUID = 1L;
+
+ private String userId;
+ @XmlElement(nillable = true)
+ private char[] password;
+ @XmlElement(nillable = true)
+ private char[] newPassword;
+ private String internalId;
+ @XmlElement(nillable = true)
+ private List<UserRole> roles;
+ @XmlElement(nillable = true)
+ private List<UserAdminRole> adminRoles;
+ private String pwPolicy;
+ private String cn;
+ private String sn;
+ private String dn;
+ private String ou;
+ private String displayName;
+ private String description;
+ private String beginTime;
+ private String endTime;
+ private String beginDate;
+ private String endDate;
+ private String beginLockDate;
+ private String endLockDate;
+ private String dayMask;
+ private String name;
+ private String employeeType;
+ private String title;
+ private int timeout;
+ private boolean reset;
+ private boolean locked;
+ private Boolean system;
+ @XmlElement(nillable = true)
+ private Props props = new Props();
+ @XmlElement(nillable = true)
+ private Address address;
+ @XmlElement(nillable = true)
+ private List<String> phones;
+ @XmlElement(nillable = true)
+ private List<String> mobiles;
+ @XmlElement(nillable = true)
+ private List<String> emails;
+ @XmlTransient
+ private byte[] jpegPhoto;
+
+
+ /**
+ * Default constructor not intended for external use and is typically used by internal Fortress classes.
+ * User entity constructed in this manner cannot be used by other until additional attributes (i.e. userId) are set.
+ */
+ public User()
+ {
+ }
+
+
+ /**
+ * Construct User given userId. Once loaded this entity can be passed to AccessMgr.createSession iff trusted == 'true'..
+ *
+ * @param userId String validated using simple length test and optional regular expression, i.e. safe text.
+ */
+ public User( String userId )
+ {
+ this.userId = userId;
+ }
+
+
+ /**
+ * Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.
+ *
+ * @param userId String validated using simple length test and optional regular expression, i.e. safe text.
+ * @param password validated using simple length test and OpenLDAP password policies.
+ */
+ public User( String userId, char[] password )
+ {
+ this.userId = userId;
+ this.password = password;
+ }
+
+
+ /**
+ * Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.
+ *
+ * @param userId String validated using simple length test and optional regular expression, i.e. safe text.
+ * @param password validated using simple length test and OpenLDAP password policies.
+ * @param roleName contains role that caller is requesting activation.
+ */
+ public User( String userId, char[] password, String roleName )
+ {
+ this.userId = userId;
+ this.password = password;
+ setRole( new UserRole( roleName ) );
+ }
+
+
+ /**
+ * Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.
+ *
+ * @param userId String validated using simple length test and optional regular expression, i.e. safe text.
+ * @param password validated using simple length test and OpenLDAP password policies.
+ * @param roleNames contains array of roleNames that caller is requesting activation.
+ */
+ public User( String userId, char[] password, String[] roleNames )
+ {
+ this.userId = userId;
+ this.password = password;
+
+ if ( roleNames != null )
+ {
+ for ( String name : roleNames )
+ {
+ setRole( new UserRole( name ) );
+ }
+ }
+ }
+
+
+ /**
+ * Construct User given userId and password. Once loaded this entity can be passed to AccessMgr.createSession.
+ *
+ * @param userId String validated using simple length test and optional regular expression, i.e. safe text.
+ * @param password validated using simple length test and OpenLDAP password policies.
+ * @param roleName contains role that caller is requesting activation (see {@link org.apache.directory.fortress.core.AccessMgr#createSession(User, boolean)}) or assignment (see {@link org.apache.directory.fortress.core.AdminMgr#addUser(User)}).
+ * @param ou org unit name that caller is requesting assigned to newly created User (see {@link org.apache.directory.fortress.core.AdminMgr#addUser(User)}).
+ */
+ public User( String userId, char[] password, String roleName, String ou )
+ {
+ this.userId = userId;
+ this.password = password;
+ setRole( new UserRole( roleName ) );
+ this.ou = ou;
+ }
+
+ /**
+ * Used to retrieve User's valid userId attribute. The Fortress userId maps to 'uid' for InetOrgPerson object class.
+ *
+ * @return String containing the userId.
+ */
+ @Override
+ public String toString()
+ {
+ return "User{" +
+ "userId='" + userId + '\'' +
+ ", internalId='" + internalId + '\'' +
+ ", roles=" + roles +
+ ", adminRoles=" + adminRoles +
+ ", pwPolicy='" + pwPolicy + '\'' +
+ ", cn='" + cn + '\'' +
+ ", sn='" + sn + '\'' +
+ ", dn='" + dn + '\'' +
+ ", ou='" + ou + '\'' +
+ ", description='" + description + '\'' +
+ ", beginTime='" + beginTime + '\'' +
+ ", endTime='" + endTime + '\'' +
+ ", beginDate='" + beginDate + '\'' +
+ ", endDate='" + endDate + '\'' +
+ ", beginLockDate='" + beginLockDate + '\'' +
+ ", endLockDate='" + endLockDate + '\'' +
+ ", dayMask='" + dayMask + '\'' +
+ ", name='" + name + '\'' +
+ ", employeeType='" + employeeType + '\'' +
+ ", title='" + title + '\'' +
+ ", timeout=" + timeout +
+ ", reset=" + reset +
+ ", locked=" + locked +
+ ", system=" + system +
+ ", props=" + props +
+ ", address=" + address +
+ ", phones=" + phones +
+ ", mobiles=" + mobiles +
+ ", emails=" + emails +
+ '}';
+ }
+
+ /**
+ * Required by Constraint Interface but not needed for user entity. Not intended for external use.
+ *
+ * @return String containing constraint data ready for ldap.
+ * @throws UnsupportedOperationException
+ */
+ public String getRawData()
+ {
+ throw new UnsupportedOperationException( "not allowed for user" );
+ }
+
+
+ /**
+ * This is used internally by Fortress for Constraint operations.
+ *
+ * @return String contains name attribute used internally for constraint checking.
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+
+ /**
+ * This is used internally by Fortress for Constraint operations. Values set here by external caller will be ignored.
+ *
+ * @param name contains attribute used internally for constraint checking.
+ */
+ public void setName( String name )
+ {
+ this.name = name;
+ }
+
+
+ /**
+ * Used to identify the employer to employee relationship. Typical values used will be "Contractor", "Employee", "Intern", "Temp",
+ * "External", and "Unknown" but any value may be used.
+ *
+ * @return attribute maps to 'employeeType' attribute in 'inetOrgPerson' object class.
+ */
+ public String getEmployeeType()
+ {
+ return employeeType;
+ }
+
+
+ /**
+ * Used to identify the employer to employee relationship. Typical values used will be "Contractor", "Employee", "Intern", "Temp",
+ * "External", and "Unknown" but any value may be used.
+ *
+ * @param employeeType maps to 'employeeType' attribute in 'inetOrgPerson' object class.
+ */
+ public void setEmployeeType( String employeeType )
+ {
+ this.employeeType = employeeType;
+ }
+
+
+ /**
+ * The honorific prefix(es) of the User, or "Title" in most Western languages (e.g. Ms. given the full name Ms.
+ * Barbara Jane Jensen, III.).
+ *
+ * @return maps to 'title' attribute in 'inetOrgPerson' objectclass.
+ */
+ public String getTitle()
+ {
+ return title;
+ }
+
+
+ /**
+ * The honorific prefix(es) of the User, or "Title" in most Western languages (e.g. Ms. given the full name Ms.
+ * Barbara Jane Jensen, III.).
+ *
+ * @param title maps to 'title' attribute in 'inetOrgPerson' objectclass.
+ */
+ public void setTitle( String title )
+ {
+ this.title = title;
+ }
+
+
+ /**
+ * Return the name of the OpenLDAP password policy that is set for this user. This attribute may be null.
+ * The attribute maps to 'pwdPolicySubentry' attribute from pwpolicy ldap object class.
+ *
+ * @return name maps to name of OpenLDAP policy in effect for User.
+ */
+ public String getPwPolicy()
+ {
+ return pwPolicy;
+ }
+
+
+ /**
+ * Sets the OpenLDAP password policy name to enable for User. This attribute is optional but if set, will be validated to ensure
+ * contains actual OpenLDAP password policy name.
+ *
+ * @param pwPolicy parameter must contain valid OpenLDAP policy name.
+ */
+ public void setPwPolicy( String pwPolicy )
+ {
+ this.pwPolicy = pwPolicy;
+ }
+
+
+ /**
+ * Return a list of User's RBAC Roles.
+ *
+ * @return List containing User's RBAC roles. This list may be empty if User not assigned RBAC.
+ */
+ public List<UserRole> getRoles()
+ {
+ // do not return a null List to caller:
+ if ( roles == null )
+ {
+ roles = new ArrayList<>();
+ }
+
+ return roles;
+ }
+
+
+ /**
+ * Add a list of RBAC Roles to this entity be considered for later processing:
+ * AccessMgr (user-role activation) or AdminMgr (user-role assignment).
+ *
+ * @param roles List of type UserRole that contains at minimum UserId and Role name.
+ */
+ public void setRoles( List<UserRole> roles )
+ {
+ this.roles = roles;
+ }
+
+
+ /**
+ * Add a single user-role object to the list of UserRoles for User.
+ *
+ * @param role UserRole contains {@link UserRole#name} to target for activation into {@link Session}.
+ */
+ public void setRole( UserRole role )
+ {
+ if ( roles == null )
+ {
+ roles = new ArrayList<>();
+ }
+
+ roles.add( role );
+ }
+
+
+ /**
+ * Add a single user-role object to the list of UserRoles for User.
+ *
+ * @param roleName contains role name to target for activation into {@link Session}.
+ */
+ public void setRole( String roleName )
+ {
+ if ( roles == null )
+ {
+ roles = new ArrayList<>();
+ }
+
+ roles.add( new UserRole( roleName ) );
+ }
+
+
+ /**
+ * Removes a user-role object from the list of UserRoles.
+ *
+ * @param role UserRole must contain userId and role name.
+ */
+ public void delRole( UserRole role )
+ {
+ if ( roles != null )
+ {
+ roles.remove( role );
+ }
+ }
+
+
+ /**
+ * Return a list of User's Admin Roles.
+ *
+ * @return List containing User's Admin roles. This list may be empty if User not assigned Administrative role.
+ */
+ public List<UserAdminRole> getAdminRoles()
+ {
+ // do not return a null List to caller:
+ if ( adminRoles == null )
+ {
+ adminRoles = new ArrayList<>();
+ }
+
+ return adminRoles;
+ }
+
+
+ /**
+ * Add a single user-adminRole object to the list of UserAdminRoles for User.
+ *
+ * @param roles UserAdminRole contains at least userId and admin role name (activation) and additional constraints (assignment)
+ */
+ public void setAdminRoles( List<UserAdminRole> roles )
+ {
+ this.adminRoles = roles;
+ }
+
+
+ /**
+ * Add a single user-adminRole object to the list of UserAdminRoles for User.
+ *
+ * @param role UserAdminRole contains at least userId and adminRole name (activation) and additional constraints (assignment)
+ */
+ public void setAdminRole( UserAdminRole role )
+ {
+ if ( adminRoles == null )
+ {
+ adminRoles = new ArrayList<>();
+ }
+
+ adminRoles.add( role );
+ }
+
+
+ /**
+ * Add a single user-adminRole object to the list of UserAdminRoles for User.
+ *
+ * @param roleName contrains adminRole name.
+ */
+ public void setAdminRole( String roleName )
+ {
+ if ( adminRoles == null )
+ {
+ adminRoles = new ArrayList<>();
+ }
+
+ adminRoles.add( new UserAdminRole( userId, roleName ) );
+ }
+
+
+ /**
+ * Removes a user-adminRole object from the list of UserAdminRoles.
+ *
+ * @param adminRole UserAdminRole must contain userId and adminRole name.
+ */
+ public void delAdminRole( UserAdminRole adminRole )
+ {
+ if ( adminRoles != null )
+ {
+ adminRoles.remove( adminRole );
+ }
+ }
+
+
+ /**
+ * Return the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
+ *
+ * @return attribute maps to 'uid' in 'inetOrgPerson' object class.
+ */
+ public String getUserId()
+ {
+ return userId;
+ }
+
+
+ /**
+ * Set the userId that is associated with User. UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
+ *
+ * @param userId maps to 'uid' attribute in 'inNetOrgPerson' object class.
+ */
+ public void setUserId( String userId )
+ {
+ this.userId = userId;
+ }
+
+
+ /**
+ * Return the internal userId that is associated with User. This attribute is generated automatically
+ * by Fortress when new User is added to directory and is not known or changeable by external client.
+ *
+ * @return attribute maps to 'ftId' in 'ftUserAttrs' object class.
+ */
+ public String getInternalId()
+ {
+ return internalId;
+ }
+
+
+ /**
+ * Set the internal userId that is associated with User. This method is used by DAO class and
+ * is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller.
+ * This method can be used by client for search purposes only.
+ *
+ * @param internalId maps to 'ftId' in 'ftUserAttrs' object class.
+ */
+ public void setInternalId( String internalId )
+ {
+ this.internalId = internalId;
+ }
+
+
+ /**
+ * Generate an internal userId that is associated with User. This method is used by DAO class and
+ * is not available to outside classes. The generated attribute maps to 'ftId' in 'ftUserAttrs' object class.
+ */
+ public void setInternalId()
+ {
+ UUID uuid = UUID.randomUUID();
+ internalId = uuid.toString();
+ }
+
+
+ /**
+ * Returns optional description that is associated with User. This attribute is validated but not constrained by Fortress.
+ *
+ * @return value that is mapped to 'description' in 'inetOrgPerson' object class.
+ */
+ public String getDescription()
+ {
+ return description;
+ }
+
+
+ /**
+ * Sets the optional description that is associated with User. This attribute is validated but not constrained by Fortress.
+ *
+ * @param description that is mapped to same name in 'inetOrgPerson' object class.
+ */
+ public void setDescription( String description )
+ {
+ this.description = description;
+ }
+
+
+ /**
+ * Return the optional password attribute for User. Note this will only return values that were set by client
+ * as the Fortress User DAO class does not return the value of stored password to caller.
+ *
+ * @return attribute containing User password.
+ */
+ public char[] getPassword()
+ {
+ return password;
+ }
+
+
+ /**
+ * Set the optional password attribute associated for a User. Note, this value is required before User will pass Fortress
+ * authentication in {@link AccessMgrImpl#createSession(User, boolean)}.
+ * Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.
+ *
+ * @param password maps to 'userPassword' attribute in 'inetOrgPerson' object class.
+ */
+ public void setPassword( char[] password )
+ {
+ this.password = password;
+ }
+
+
+ public char[] getNewPassword()
+ {
+ return newPassword;
+ }
+
+
+ public void setNewPassword( char[] newPassword )
+ {
+ this.newPassword = newPassword;
+ }
+
+
+ /**
+ * Returns common name associated with User. This attribute is validated but not constrained by Fortress.
+ * cn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
+ *
+ * @return value that is mapped to 'cn' in 'inetOrgPerson' object class.
+ */
+ public String getCn()
+ {
+ return cn;
+ }
+
+
+ /**
+ * Set the common name associated with User. This attribute is validated but not constrained by Fortress.
+ * cn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
+ *
+ * @param cn mapped to same name in 'inetOrgPerson' object class.
+ */
+ public void setCn( String cn )
+ {
+ this.cn = cn;
+ }
+
+
+ /**
+ * Returns surname associated with User. This attribute is validated but not constrained by Fortress.
+ * sn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
+ *
+ * @return value that is mapped to 'sn' in 'inetOrgPerson' object class.
+ */
+ public String getSn()
+ {
+ return sn;
+ }
+
+
+ /**
+ * Set the surname associated with User. This attribute is validated but not constrained by Fortress.
+ * sn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
+ *
+ * @param sn mapped to same name in 'inetOrgPerson' object class.
+ */
+ public void setSn( String sn )
+ {
+ this.sn = sn;
+ }
+
+
+ /**
+ * Returns distinguished name associated with User. This attribute is generated by DAO and is not allowed for outside classes to modify.
+ * This attribute is for internal user only and need not be processed by external clients.
+ *
+ * @return value that is mapped to 'dn' in 'inetOrgPerson' object class.
+ */
+ public String getDn()
+ {
+ return dn;
+ }
+
+
+ /**
+ * Set distinguished name associated with User. This attribute is used by DAO and is not allowed for outside classes.
+ * This attribute cannot be set by external callers.
+ *
+ * @param dn that is mapped to same name in 'inetOrgPerson' object class.
+ */
+ public void setDn( String dn )
+ {
+ this.dn = dn;
+ }
+
+
+ /**
+ * Returns orgUnit name for User. This attribute is validated and constrained by Fortress and must contain name of existing User OU.
+ * This attribute is required on {@link AdminMgrImpl#addUser(User)} but not on {@link ReviewMgrImpl#readUser(User)}.
+ *
+ * @return value that is mapped to 'ou' in 'inetOrgPerson' object class.
+ */
+ public String getOu()
+ {
+ return ou;
+ }
+
+
+ /**
+ * Set the orgUnit name associated with User. This attribute is validated and constrained by Fortress and must contain name of existing User OU.
+ * This attribute is required on {@link AdminMgrImpl#addUser(User)} but not on {@link ReviewMgrImpl#readUser(User)}.
+ *
+ * @param ou mapped to same name in 'inetOrgPerson' object class.
+ */
+ public void setOu( String ou )
+ {
+ this.ou = ou;
+ }
+
+
+ /**
+ * Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
+ *
+ * @return value that is mapped to 'displayName' in 'inetOrgPerson' object class.
+ */
+ public String getDisplayName()
+ {
+ return displayName;
+ }
+
+ /**
+ * Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
+ *
+ * @param displayName maps to attribute of same name in 'inetOrgPerson' object class.
+ */
+ public void setDisplayName( String displayName )
+ {
+ this.displayName = displayName;
+ }
+
+ /**
+ * temporal boolean flag is used by internal Fortress components.
+ *
+ * @return boolean indicating if temporal constraints are placed on user.
+ */
+ @Override
+ public boolean isTemporalSet()
+ {
+ //return (beginTime != null && endTime != null && beginDate != null && endDate != null && beginLockDate != null && endLockDate != null && dayMask != null);
+ return ( beginTime != null || endTime != null || beginDate != null || endDate != null || beginLockDate != null
+ || endLockDate != null || dayMask != null );
+ }
+
+
+ /**
+ * Contains the begin time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getBeginTime()
+ {
+ return beginTime;
+ }
+
+
+ /**
+ * Set the begin time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param beginTime maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setBeginTime( String beginTime )
+ {
+ this.beginTime = beginTime;
+ }
+
+
+ /**
+ * Contains the end time of day user is allowed to occupy system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getEndTime()
+ {
+ return endTime;
+ }
+
+
+ /**
+ * Set the end time of day user is allowed to signon to system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param endTime maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setEndTime( String endTime )
+ {
+ this.endTime = endTime;
+ }
+
+
+ /**
+ * Contains the begin date when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getBeginDate()
+ {
+ return beginDate;
+ }
+
+
+ /**
+ * Set the beginDate when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param beginDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setBeginDate( String beginDate )
+ {
+ this.beginDate = beginDate;
+ }
+
+
+ /**
+ * Contains the end date when user is allowed to signon to system. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getEndDate()
+ {
+ return endDate;
+ }
+
+
+ /**
+ * Set the end date when user is not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param endDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setEndDate( String endDate )
+ {
+ this.endDate = endDate;
+ }
+
+
+ /**
+ * Contains the begin lock date when user is temporarily not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getBeginLockDate()
+ {
+ return beginLockDate;
+ }
+
+
+ /**
+ * Set the begin lock date when user is temporarily not allowed to signon to system. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param beginLockDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setBeginLockDate( String beginLockDate )
+ {
+ this.beginLockDate = beginLockDate;
+ }
+
+
+ /**
+ * Contains the end lock date when user is allowed to signon to system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getEndLockDate()
+ {
+ return endLockDate;
+ }
+
+
+ /**
+ * Set the end lock date when user is allowed to signon to system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param endLockDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setEndLockDate( String endLockDate )
+ {
+ this.endLockDate = endLockDate;
+ }
+
+
+ /**
+ * Get the daymask that indicates what days of week user is allowed to signon to system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public String getDayMask()
+ {
+ return dayMask;
+ }
+
+
+ /**
+ * Set the daymask that specifies what days of week user is allowed to signon to system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param dayMask maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setDayMask( String dayMask )
+ {
+ this.dayMask = dayMask;
+ }
+
+
+ /**
+ * Return the integer timeout that contains total time (in seconds) that User's session may remain inactive.
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public Integer getTimeout()
+ {
+ return timeout;
+ }
+
+
+ /**
+ * Set the integer timeout that contains max time (in seconds) that User's session may remain inactive.
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param timeout maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+ */
+ @Override
+ public void setTimeout( Integer timeout )
+ {
+ this.timeout = timeout;
+ }
+
+
+ /**
+ * If set to true User's password has been reset by administrator.
+ * This attribute will be ignored if set by external callers.
+ *
+ * @return boolean value maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
+ */
+ public boolean isReset()
+ {
+ return reset;
+ }
+
+
+ /**
+ * If set to true User's password has been reset by administrator.
+ * This attribute will be ignored if set by external callers.
+ *
+ * @param reset contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
+ */
+ public void setReset( boolean reset )
+ {
+ this.reset = reset;
+ }
+
+
+ /**
+ * If set to true User's password has been locked by administrator or directory itself due to password policy violations.
+ * This attribute will be ignored if set by external callers.
+ *
+ * @return boolean value maps to 'pwdLockedTime' in OpenLDAP's pwpolicy object class.
+ */
+ public boolean isLocked()
+ {
+ return locked;
+ }
+
+
+ /**
+ * If set to true User's password has been locked by administrator or directory itself due to password policy violations.
+ * This attribute will be ignored if set by external callers.
+ *
+ * @param locked contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
+ */
+ public void setLocked( boolean locked )
+ {
+ this.locked = locked;
+ }
+
+
+ /**
+ * Gets the value of the Props property. This method is used by Fortress and En Masse and should not be called by external programs.
+ *
+ * @return
+ * possible object is
+ * {@link Props }
+ *
+ */
+ public Props getProps()
+ {
+ return props;
+ }
+
+
+ /**
+ * Sets the value of the Props property. This method is used by Fortress and En Masse and should not be called by external programs.
+ *
+ * @param value
+ * allowed object is
+ * {@link Props }
+ *
+ */
+ public void setProps( Props value )
+ {
+ this.props = value;
+ }
+
+
+ /**
+ * Add name/value pair to list of properties associated with User. These values are not constrained by Fortress.
+ * Properties are optional.
+ *
+ * @param key contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+ * @param value
+ */
+ public void addProperty( String key, String value )
+ {
+ Props.Entry entry = new Props.Entry();
+ entry.setKey( key );
+ entry.setValue( value );
+ props.getEntry().add( entry );
+ }
+
+
+ /**
+ * Get a name/value pair attribute from list of properties associated with User. These values are not constrained by Fortress.
+ * Properties are optional.
+ *
+ * @param key contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+ * @return value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
+ */
+ public String getProperty( String key )
+ {
+ List<Props.Entry> props = this.props.getEntry();
+ Props.Entry keyObj = new Props.Entry();
+ keyObj.setKey( key );
+
+ String value = null;
+ int indx = props.indexOf( keyObj );
+
+ if ( indx != -1 )
+ {
+ Props.Entry entry = props.get( props.indexOf( keyObj ) );
+ value = entry.getValue();
+ }
+
+ return value;
+ }
+
+
+ /**
+ * Add new collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress.
+ * Properties are optional.
+ *
+ * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+ */
+ public void addProperties( Properties props )
+ {
+ if ( props != null )
+ {
+ for ( Enumeration<?> e = props.propertyNames(); e.hasMoreElements(); )
+ {
+ // This LDAP attr is stored as a name-value pair separated by a ':'.
+ String key = ( String ) e.nextElement();
+ String val = props.getProperty( key );
+ addProperty( key, val );
+ }
+ }
+ }
+
+
+ /**
+ * Return the collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress.
+ * Properties are optional.
+ *
+ * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+ */
+ public Properties getProperties()
+ {
+ Properties properties = null;
+ List<Props.Entry> props = this.props.getEntry();
+
+ if ( props.size() > 0 )
+ {
+ properties = new Properties();
+
+ for ( Props.Entry entry : props )
+ {
+ String key = entry.getKey();
+ String val = entry.getValue();
+ properties.setProperty( key, val );
+ }
+ }
+
+ return properties;
+ }
+
+
+ /**
+ * Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:
+ *
+ * <ul>
+ * <li> ------------------------------------------
+ * <li> <code>postalAddress</code>
+ * <li> <code>st</code>
+ * <li> <code>postalCode</code>
+ * <li> <code>postOfficeBox</code>
+ * <li> ------------------------------------------
+ * </ul>
+ *
+ * @return {@link Address}
+ */
+ public Address getAddress()
+ {
+ if ( address == null )
+ {
+ address = new Address();
+ }
+
+ return address;
+ }
+
+
+ /**
+ * Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:
+ *
+ * <ul>
+ * <li> ------------------------------------------
+ * <li> <code>postalAddress</code>
+ * <li> <code>st</code>
+ * <li> <code>postalCode</code>
+ * <li> <code>postOfficeBox</code>
+ * <li> ------------------------------------------
+ * </ul>
+ *
+ * @param address
+ */
+ public void setAddress( Address address )
+ {
+ this.address = address;
+ }
+
+
+ /**
+ * Retrieve multi-occurring {@code telephoneNumber} associated with {@code organizationalPerson} object class.
+ *
+ * @return List of type String that contains zero or more phone numbers associated with the user.
+ */
+ public List<String> getPhones()
+ {
+ if ( phones == null )
+ {
+ phones = new ArrayList<>();
+ }
+
+ return phones;
+ }
+
+
+ /**
+ * Set multi-occurring {@code telephoneNumber} number to associated with {@code organizationalPerson} object class.
+ *
+ * @param phones contains an ArrayList of type String with zero or more phone numbers associated with the user.
+ */
+ public void setPhones( List<String> phones )
+ {
+ this.phones = phones;
+ }
+
+
+ /**
+ * Set phone number to stored in rfc822Mailbox format and associated with {@code inetOrgPerson} object class.
+ *
+ * @param phone contains String bound to {@code telephoneNumber} attribute on {@code organizationalPerson} object class.
+ */
+ public void setPhone( String phone )
+ {
+ if ( phones == null )
+ {
+ phones = new ArrayList<>();
+ }
+
+ phones.add( phone );
+ }
+
+
+ /**
+ * Retrieve multi-occurring {@code mobile} associated with {@code inetOrgPerson} object class.
+ *
+ * @return List of type String that contains zero or more mobile phone numbers associated with the user.
+ */
+ public List<String> getMobiles()
+ {
+ if ( mobiles == null )
+ {
+ mobiles = new ArrayList<>();
+ }
+
+ return mobiles;
+ }
+
+
+ /**
+ * Set multi-occurring {@code mobile} associated with {@code inetOrgPerson} object class.
+ *
+ * @param mobiles contains an ArrayList of type String with zero or more mobile phone numbers associated with the user.
+ */
+ public void setMobiles( List<String> mobiles )
+ {
+ this.mobiles = mobiles;
+ }
+
+
+ /**
+ * Set a single {@code mobile} associated with {@code inetOrgPerson} object class.
+ *
+ * @param mobile contains a String containing mobile phone numbers associated with the user.
+ */
+ public void setMobile( String mobile )
+ {
+ if ( mobiles == null )
+ {
+ mobiles = new ArrayList<>();
+ }
+
+ mobiles.add( mobile );
+ }
+
+
+ /**
+ * Retrieve multi-occurring email address stored in rfc822Mailbox format associated with {@code inetOrgPerson} object class.
+ *
+ * @return List of type String that contains zero or more email addresses associated with the user.
+ */
+ public List<String> getEmails()
+ {
+ if ( emails == null )
+ {
+ emails = new ArrayList<>();
+ }
+
+ return emails;
+ }
+
+
+ /**
+ * Set multi-occurring email address to stored in rfc822Mailbox format and associated with {@code inetOrgPerson} object class.
+ *
+ * @param emails contains an ArrayList of type String with zero or more email addresses associated with the user.
+ */
+ public void setEmails( List<String> emails )
+ {
+ this.emails = emails;
+ }
+
+
+ /**
+ * Set a single email address in rfc822Mailbox format to be assoicated with {@code inetOrgPerson} object class.
+ *
+ * @param email contains a String to be stored as email address on user.
+ */
+ public void setEmail( String email )
+ {
+ if ( emails == null )
+ {
+ emails = new ArrayList<>();
+ }
+
+ emails.add( email );
+ }
+
+
+ public Boolean isSystem()
+ {
+ return system;
+ }
+
+
+ public void setSystem( Boolean system )
+ {
+ this.system = system;
+ }
+
+
+ /**
+ * Get one image of a person using the JPEG File Interchange Format [JFIF].
+ * ( 0.9.2342.19200300.100.1.60
+ * NAME 'jpegPhoto'
+ * DESC 'a JPEG image'
+ * SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+ *
+ * return byte array containing the jpeg image.
+ */
+ public byte[] getJpegPhoto()
+ {
+ return jpegPhoto;
+ }
+
+
+ /**
+ * Set one image of a person using the JPEG File Interchange Format [JFIF].
+ * ( 0.9.2342.19200300.100.1.60
+ * NAME 'jpegPhoto'
+ * DESC 'a JPEG image'
+ * SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+ *
+ * @param jpegPhoto contains the jpeg image stored as byte array.
+ */
+ public void setJpegPhoto( byte[] jpegPhoto )
+ {
+ this.jpegPhoto = jpegPhoto;
+ }
+
+
+ /**
+ * Override hashcode so User compare operations work in case insensitive manner in collection classes.
+ *
+ * @return int
+ */
+ public int hashCode()
+ {
+ return userId.toUpperCase().hashCode();
+ }
+
+
+ /**
+ * Matches the userId from two User entities.
+ *
+ * @param thatObj contains a User entity.
+ * @return boolean indicating both objects contain matching userIds.
+ */
+ public boolean equals( Object thatObj )
+ {
+ if ( this == thatObj )
+ {
+ return true;
+ }
+
+ if ( userId == null )
+ {
+ return false;
+ }
+
+ if ( !( thatObj instanceof User ) )
+ {
+ return false;
+ }
+
+ User thatUser = ( User ) thatObj;
+
+ if ( thatUser.getUserId() == null )
+ {
+ return false;
+ }
+
+ return thatUser.getUserId().equalsIgnoreCase( userId );
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/rbac/UserAdminRole.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/UserAdminRole.java b/src/main/java/org/apache/directory/fortress/core/rbac/UserAdminRole.java
new file mode 100755
index 0000000..d6719e4
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/UserAdminRole.java
@@ -0,0 +1,613 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.rbac;
+
+
+import java.util.Set;
+import java.util.TreeSet;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+import org.apache.directory.fortress.core.util.time.CUtil;
+import org.apache.directory.fortress.core.util.time.Constraint;
+
+
+/**
+ * The UserAdminRole entity extends the UserRole and is used to store ARBAC User to AdminRole assignment along with temporal and
+ * ARBAC contraint values.
+ * The contents of the UserAdminRole entity will be stored on the User entity in the 'ftARA' (AdminRole name) and 'ftARC' (Temporal and ARBAC Constraints) attributes on the 'ftUserAttrs' object class.
+ * The UserAdminRole entity carries elements of {@link org.apache.directory.fortress.core.util.time.Constraint}. Any attributes of Constraint not set within this entity
+ * will use same attribute from the {@link org.apache.directory.fortress.core.rbac.AdminRole} entity. Thus the UserAdminRole can override Constraint attributes from it's corresponding AdminRole if required by caller.
+ * <p/>
+ * <h4>UserAdminRole Schema</h4>
+ * ftUserAttrs is used to store RBAC and ARBAC Role role assignments and other security attributes on User entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress User Attributes Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.1
+ * NAME 'ftUserAttrs'
+ * DESC 'Fortress User Attribute AUX Object Class'
+ * AUXILIARY
+ * MUST (
+ * ftId
+ * )
+ * MAY (
+ * ftRC $
+ * ftRA $
+ * ftARC $
+ * ftARA $
+ * ftCstr $
+ * ftSystem
+ * )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author Shawn McKinney
+ */
+/*
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "userAdminRole", propOrder = {
+ "beginInclusive",
+ "beginRange",
+ "endInclusive",
+ "endRange",
+ "osP",
+ "osU",
+ "roleRangeRaw"
+})
+*/
+@XmlRootElement(name = "fortUserAdminRole")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "userAdminRole", propOrder =
+ {
+ "osPs",
+ "osUs",
+ "beginInclusive",
+ "beginRange",
+ "endInclusive",
+ "endRange",
+ "parents"
+})
+public class UserAdminRole extends UserRole implements Administrator
+{
+ @XmlElement(nillable = true)
+ private Set<String> osPs;
+ @XmlElement(nillable = true)
+ private Set<String> osUs;
+ private String beginRange;
+ private String endRange;
+ private boolean beginInclusive;
+ private boolean endInclusive;
+ @XmlElement(nillable = true)
+ private Set<String> parents;
+
+ // Used for formatting raw data:
+ private static String P = "P";
+ private static String U = "U";
+ private static String R = "R";
+ private static String LEFT_PAREN = "(";
+ private static String RIGHT_PAREN = ")";
+ private static String LEFT_BRACKET = "[";
+ private static String RIGHT_BRACKET = "]";
+
+
+ /**
+ * Default constructor is used by internal Fortress classes.
+ */
+ public UserAdminRole()
+ {
+ }
+
+
+ /**
+ * Construct a UserRole entity given the required attributes 'userId' and 'role' name.
+ *
+ * @param userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
+ * @param name maps to the 'ftARA' attribute on the 'ftUserAttrs' object class.
+ */
+ public UserAdminRole( String userId, String name )
+ {
+ this.userId = userId;
+ this.name = name;
+ }
+
+
+ /**
+ * Construct an ARBAC Role with required attribute 'userId' and optional temporal constraint.
+ *
+ * @param userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
+ * @param con maps to 'ftARC' attribute in 'ftUserAttrs' object class.
+ */
+ public UserAdminRole( String userId, Constraint con )
+ {
+ this.userId = userId;
+ CUtil.copy( con, this );
+ }
+
+
+ /**
+ * This method loads UserAdminRole entity temporal and ARBAC constraint instance variables with data that was retrieved from the
+ * 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the temporal and ARBAC data into
+ * a compact String for efficient storage and retrieval and is not intended to be called by external programs.
+ *
+ * @param szRawData contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class
+ */
+ public void load( String szRawData, String contextId )
+ {
+ if ( ( szRawData != null ) && ( szRawData.length() > 0 ) )
+ {
+ String[] tokens = StringUtils.splitPreserveAllTokens( szRawData, GlobalIds.DELIMITER );
+ for ( int i = 0; i < tokens.length; i++ )
+ {
+ if ( VUtil.isNotNullOrEmpty( tokens[i] ) )
+ {
+ switch ( i )
+ {
+ case 0:
+ name = tokens[i];
+ parents = RoleUtil.getParents( name.toUpperCase(), contextId );
+ break;
+
+ case 1:
+ this.setTimeout( Integer.parseInt( tokens[i] ) );
+ break;
+
+ case 2:
+ this.setBeginTime( tokens[i] );
+ break;
+
+ case 3:
+ this.setEndTime( tokens[i] );
+ break;
+
+ case 4:
+ this.setBeginDate( tokens[i] );
+ break;
+
+ case 5:
+ this.setEndDate( tokens[i] );
+ break;
+
+ case 6:
+ this.setBeginLockDate( tokens[i] );
+ break;
+
+ case 7:
+ this.setEndLockDate( tokens[i] );
+ break;
+
+ case 8:
+ this.setDayMask( tokens[i] );
+ break;
+
+ default:
+ String szValue = tokens[i];
+ int indx = szValue.indexOf( P + GlobalIds.PROP_SEP );
+ if ( indx >= 0 )
+ {
+ String szOsP = szValue.substring( indx + 2 );
+ this.setOsP( szOsP );
+ }
+ indx = szValue.indexOf( U + GlobalIds.PROP_SEP );
+ if ( indx >= 0 )
+ {
+ String szOsU = szValue.substring( indx + 2 );
+ this.setOsU( szOsU );
+ }
+ indx = szValue.indexOf( R + GlobalIds.PROP_SEP );
+ if ( indx >= 0 )
+ {
+ String szRangeRaw = szValue.substring( indx + 2 );
+ this.setRoleRangeRaw( szRangeRaw );
+ }
+ break;
+ }
+ }
+ }
+ }
+ }
+
+
+ /**
+ * This method creates raw data format that represents UserAdminRole temporal and ARBAC constraints using instance variables inside entity.
+ * The raw data is eventually stored in the 'ftARC' attribute on the 'ftUserAttrs' object class.
+ * This is the raw format that Fortress uses to condense the temporal and ARBAC data into a compact String for efficient storage and retrieval
+ * and is not intended to be called by external programs.
+ *
+ * @return String contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class
+ */
+ @Override
+ public String getRawData()
+ {
+ String szRole;
+ StringBuilder sb = new StringBuilder();
+ sb.append( name );
+ sb.append( GlobalIds.DELIMITER );
+ sb.append( this.getTimeout() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getBeginTime() != null )
+ sb.append( this.getBeginTime() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getEndTime() != null )
+ sb.append( this.getEndTime() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getBeginDate() != null )
+ sb.append( this.getBeginDate() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getEndDate() != null )
+ sb.append( this.getEndDate() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getBeginLockDate() != null )
+ sb.append( this.getBeginLockDate() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getEndLockDate() != null )
+ sb.append( this.getEndLockDate() );
+ sb.append( GlobalIds.DELIMITER );
+ if ( this.getDayMask() != null )
+ sb.append( this.getDayMask() );
+ if ( this.getOsU() != null )
+ {
+ for ( String org : this.getOsU() )
+ {
+ sb.append( GlobalIds.DELIMITER );
+ sb.append( U );
+ sb.append( GlobalIds.PROP_SEP );
+ sb.append( org );
+ }
+ }
+ if ( this.getOsP() != null )
+ {
+ for ( String org : this.getOsP() )
+ {
+ sb.append( GlobalIds.DELIMITER );
+ sb.append( P );
+ sb.append( GlobalIds.PROP_SEP );
+ sb.append( org );
+ }
+ }
+ if ( VUtil.isNotNullOrEmpty( this.getRoleRangeRaw() ) )
+ {
+ sb.append( GlobalIds.DELIMITER );
+ sb.append( R );
+ sb.append( GlobalIds.PROP_SEP );
+ sb.append( this.getRoleRangeRaw() );
+ }
+
+ szRole = sb.toString();
+ return szRole;
+ }
+
+
+ /**
+ * This method loads UserAdminRole entity Role range ARBAC constraint instance variables with data that was retrieved from the
+ * 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the ARBAC data into
+ * a compact String for efficient storage and retrieval and is not intended to be called by external programs.
+ *
+ * @param szRaw contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class
+ */
+ @Override
+ public void setRoleRangeRaw( String szRaw )
+ {
+ if ( VUtil.isNotNullOrEmpty( szRaw ) )
+ {
+ int bindx = szRaw.indexOf( LEFT_PAREN );
+ if ( bindx > -1 )
+ {
+ this.setBeginInclusive( false );
+ }
+ else
+ {
+ bindx = szRaw.indexOf( LEFT_BRACKET );
+ this.setBeginInclusive( true );
+ }
+ int eindx = szRaw.indexOf( RIGHT_PAREN );
+ if ( eindx > -1 )
+ {
+ this.setEndInclusive( false );
+ }
+ else
+ {
+ eindx = szRaw.indexOf( RIGHT_BRACKET );
+ this.setEndInclusive( true );
+ }
+ int cindx = szRaw.indexOf( GlobalIds.PROP_SEP );
+ if ( cindx > -1 )
+ {
+ String szBeginRange = szRaw.substring( bindx + 1, cindx );
+ String szEndRange = szRaw.substring( cindx + 1, eindx );
+ this.setBeginRange( szBeginRange );
+ this.setEndRange( szEndRange );
+ }
+ }
+ }
+
+
+ /**
+ * This method retrieves UserAdminRole instance variables and formats into raw data for ARBAC constraint storage for the
+ * 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the ARBAC data into
+ * a compact String for efficient storage and retrieval and is not intended to be called by external programs.
+ *
+ * @return String contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class
+ */
+ @Override
+ public String getRoleRangeRaw()
+ {
+ String szRaw = "";
+ if ( this.beginRange != null )
+ {
+ if ( this.isBeginInclusive() )
+ szRaw += LEFT_BRACKET;
+ else
+ szRaw += LEFT_PAREN;
+ szRaw += this.getBeginRange();
+ szRaw += GlobalIds.PROP_SEP;
+ szRaw += this.getEndRange();
+ if ( this.isEndInclusive() )
+ szRaw += RIGHT_BRACKET;
+ else
+ szRaw += RIGHT_PAREN;
+ }
+ return szRaw;
+ }
+
+
+ /**
+ * Get a collection of optional Perm OU attributes that were stored on the AdminRole entity.
+ *
+ * @return List of type String containing Perm OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public Set<String> getOsP()
+ {
+ return osPs;
+ }
+
+
+ /**
+ * Set a collection of optional Perm OU attributes to be stored on the AdminRole entity.
+ *
+ * @param osPs is a List of type String containing Perm OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setOsP( Set<String> osPs )
+ {
+ this.osPs = osPs;
+ }
+
+
+ /**
+ * Set a Perm OU attribute to be stored on the AdminRole entity.
+ *
+ * @param osP is a Perm OU that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setOsP( String osP )
+ {
+ if ( this.osPs == null )
+ {
+ // create Set with case insensitive comparator:
+ osPs = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
+ }
+ osPs.add( osP );
+ }
+
+
+ /**
+ * Get a collection of optional User OU attributes that were stored on the AdminRole entity.
+ *
+ * @return List of type String containing User OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public Set<String> getOsU()
+ {
+ return osUs;
+ }
+
+
+ /**
+ * Set a collection of optional User OU attributes to be stored on the AdminRole entity.
+ *
+ * @param osUs is a List of type String containing User OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setOsU( Set<String> osUs )
+ {
+ this.osUs = osUs;
+ }
+
+
+ /**
+ * Set a User OU attribute to be stored on the AdminRole entity.
+ *
+ * @param osU is a User OU that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setOsU( String osU )
+ {
+ if ( this.osUs == null )
+ {
+ // create Set with case insensitive comparator:
+ osUs = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
+ }
+ osUs.add( osU );
+ }
+
+
+ /**
+ * Return the begin Role range attribute for AdminRole entity.
+ *
+ * @return String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public String getBeginRange()
+ {
+ return beginRange;
+ }
+
+
+ /**
+ * Set the begin Role range attribute for AdminRole entity.
+ *
+ * @param beginRange maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setBeginRange( String beginRange )
+ {
+ this.beginRange = beginRange;
+ }
+
+
+ /**
+ * Return the end Role range attribute for AdminRole entity.
+ *
+ * @return String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public String getEndRange()
+ {
+ return endRange;
+ }
+
+
+ /**
+ * Set the end Role range attribute for AdminRole entity.
+ *
+ * @param endRange maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setEndRange( String endRange )
+ {
+ this.endRange = endRange;
+ }
+
+
+ /**
+ * Set the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.
+ *
+ * @return String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public boolean isBeginInclusive()
+ {
+ return beginInclusive;
+ }
+
+
+ /**
+ * Get the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.
+ *
+ * @param beginInclusive maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setBeginInclusive( boolean beginInclusive )
+ {
+ this.beginInclusive = beginInclusive;
+ }
+
+
+ /**
+ * Set the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.
+ *
+ * @return String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public boolean isEndInclusive()
+ {
+ return endInclusive;
+ }
+
+
+ /**
+ * Get the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.
+ *
+ * @param endInclusive maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.
+ */
+ @Override
+ public void setEndInclusive( boolean endInclusive )
+ {
+ this.endInclusive = endInclusive;
+ }
+
+
+ /**
+ * Get the names of admin roles that are parents (direct ascendants) of this admin role.
+ * @return Set of parent admin role names assigned to this admin role.
+ */
+ @Override
+ public Set<String> getParents()
+ {
+ return parents;
+ }
+
+
+ /**
+ * Set the names of parent admin roles.
+ * @param parents Set of admin role names.
+ */
+ @Override
+ public void setParents( Set<String> parents )
+ {
+ this.parents = parents;
+ }
+
+
+ /**
+ * Matches the userId and admin role name from two UserAdminRole entities.
+ *
+ * @param thatObj contains a UserAdminRole entity.
+ * @return boolean indicating both objects contain matching userId and Admin Role names.
+ */
+ public boolean equals( Object thatObj )
+ {
+ if ( this == thatObj )
+ {
+ return true;
+ }
+
+ if ( this.getName() == null )
+ {
+ return false;
+ }
+
+ if ( !( thatObj instanceof UserAdminRole ) )
+ {
+ return false;
+ }
+
+ UserAdminRole thatRole = ( UserAdminRole ) thatObj;
+
+ if ( thatRole.getName() == null )
+ {
+ return false;
+ }
+
+ return ( ( thatRole.getName().equalsIgnoreCase( this.getName() ) ) && ( thatRole.getUserId()
+ .equalsIgnoreCase( this.getUserId() ) ) );
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/687ee1ad/src/main/java/org/apache/directory/fortress/core/rbac/UserAudit.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/UserAudit.java b/src/main/java/org/apache/directory/fortress/core/rbac/UserAudit.java
new file mode 100755
index 0000000..dc98611
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/UserAudit.java
@@ -0,0 +1,289 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.rbac;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+import org.apache.directory.fortress.core.rbac.dao.unboundid.AuditDAO;
+
+import java.util.Date;
+
+/**
+ * This entity is used to pass search criteria into the {@link org.apache.directory.fortress.core.AuditMgr} APIs, down through the
+ * {@link org.apache.directory.fortress.core.rbac.AuditP} process layer and finally into the {@link AuditDAO} data access layer. Once the data has been
+ * retrieved from the directory it will be passed back to the caller using one of audit output entities.
+ * <p/>
+ * All audit data is returned to user using one of the following:
+ * <ul>
+ * <li> Authorization events: {@link org.apache.directory.fortress.core.rbac.AuthZ}
+ * <li> Authentication events: {@link org.apache.directory.fortress.core.rbac.Bind}
+ * <li> Modification events: {@link org.apache.directory.fortress.core.rbac.Mod}
+ * </ul>
+ * <p/>
+ * <p/>
+ *
+ * @author Shawn McKinney
+ */
+@XmlRootElement(name = "fortUserAudit")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "userAudit", propOrder = {
+ "name",
+ "description",
+ "failedOnly",
+ "objName",
+ "objId",
+ "opName",
+ "userId",
+ "internalUserId",
+ "beginDate",
+ "endDate",
+ "dn",
+ "admin"
+})
+public class UserAudit extends FortEntity implements java.io.Serializable
+{
+ private String name;
+ private String description;
+ private boolean failedOnly;
+ private String objName;
+ private String objId;
+ private String opName;
+ private String userId;
+ private String internalUserId;
+ @XmlElement(nillable = true)
+ private Date beginDate;
+ @XmlElement(nillable = true)
+ private Date endDate;
+ private String dn;
+ private boolean admin = false;
+
+ /**
+ * Get the optional objName attribute which limits set by {@link Permission#objName}.
+ * For modification search, this attr maps to {@link AuditDAO#REQMOD}. For authorization search, it will map to {@link AuditDAO#REQDN}.
+ * The object name is derived from another class name which represents targets for Fortress authorizations. For example {@link AdminMgrImpl} or 'CustomerCheckOutPage'.
+ *
+ * @return the name of the object which maps to 'reqDn' for 'auditSearch' target, or 'reqMod' for 'auditMod' search.
+ */
+ public String getObjName()
+ {
+ return objName;
+ }
+
+ /**
+ * Set the optional objName attribute which limits set by {@link Permission#objName}.
+ * For modification search, this attr maps to {@link AuditDAO#REQMOD}. For authorization search, it will map to {@link AuditDAO#REQDN}.
+ * The object name is derived from another class name which represents targets for Fortress authorizations. For example {@link AdminMgrImpl} or 'CustomerCheckOutPage'.
+ *
+ * @param objName maps to 'reqDn' for 'auditSearch' target, or 'reqMod' for 'auditMod' search.
+ */
+ public void setObjName(String objName)
+ {
+ this.objName = objName;
+ }
+
+ /**
+ * The failedOnly flag will limit result set to include only authN or authZ events that have failed.
+ * <p/>
+ * <ul>
+ * <li>{@link AuditMgrImpl#searchInvalidUsers(UserAudit)} maps to ({@link AuditDAO#REQENTRIES} == 0)
+ * <li>{@link AuditMgrImpl#searchAuthZs(UserAudit)} maps to ({@link AuditDAO#REQENTRIES} == 0)
+ * <li>{@link AuditMgrImpl#searchBinds(UserAudit)} maps to ({@link AuditDAO#REQRESULT} >= 1)
+ * </ul>
+ *
+ * @return boolean if true will limit search to failed events.
+ */
+ public boolean isFailedOnly()
+ {
+ return failedOnly;
+ }
+
+ /**
+ * The failedOnly flag will limit result set to include only authN or authZ events that have failed.
+ * <p/>
+ * <ul>
+ * <li>{@link AuditMgrImpl#searchInvalidUsers(UserAudit)} maps to ({@link AuditDAO#REQENTRIES} == 0)
+ * <li>{@link AuditMgrImpl#searchAuthZs(UserAudit)} maps to ({@link AuditDAO#REQENTRIES} == 0)
+ * <li>{@link AuditMgrImpl#searchBinds(UserAudit)} maps to ({@link AuditDAO#REQRESULT} >= 1)
+ * </ul>
+ *
+ * @param failedOnly if boolean true search will limit to failed only.
+ */
+ public void setFailedOnly(boolean failedOnly)
+ {
+ this.failedOnly = failedOnly;
+ }
+
+ /**
+ * Get the optional opName attribute which limits {@link AuditMgrImpl#searchAdminMods(UserAudit)} by {@link AuditDAO#REQMOD}.
+ * The operation name is derived from a method name of a class which represents targets for Fortress authorizations. For example 'read', 'search' or 'add'.
+ *
+ * @return value that maps to 'reqMod' on 'auditMod' object class.
+ */
+ public String getOpName()
+ {
+ return opName;
+ }
+
+ /**
+ * Set the optional opName attribute which limits {@link AuditMgrImpl#searchAdminMods(UserAudit)} by {@link AuditDAO#REQMOD}.
+ * The operation name is derived from a method name of a class which represents targets for Fortress authorizations. For example 'read', 'search' or 'add'.
+ *
+ * @param opName attribute maps to 'reqMod' on 'auditMod' object class.
+ */
+ public void setOpName(String opName)
+ {
+ this.opName = opName;
+ }
+
+ /**
+ * Get the optional userId attribute which limits set by {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * For authentication searchs, this attr maps to {@link AuditDAO#REQDN}. For authorization search, it will map to {@link AuditDAO#REQUAUTHZID}.
+ * The userId for this search represents the end user.
+ *
+ * @return the userId which maps to 'reqDn' for authentications or 'reqAuthzID' for authorization events.
+ */
+ public String getUserId()
+ {
+ return userId;
+ }
+
+ /**
+ * Set the optional userId attribute which limits set by {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * For authentication searchs, this attr maps to {@link AuditDAO#REQDN}. For authorization search, it will map to {@link AuditDAO#REQUAUTHZID}.
+ * The userId for this search represents the end user.
+ *
+ * @param userId maps to 'reqDn' for authentications or 'reqAuthzID' for authorization events.
+ */
+ public void setUserId(String userId)
+ {
+ this.userId = userId;
+ }
+
+ /**
+ * Get the optional internalUserId attribute which limits set by {@link org.apache.directory.fortress.core.rbac.User#internalId}.
+ * For {@link AuditMgrImpl#searchUserSessions(UserAudit)} this attr maps to {@link AuditDAO#REQMOD}.
+ * The internalUserId for this search represents the end user but is stored as its internal id.
+ *
+ * @return the internalUserId which maps to 'reqMod' for 'auditModify' object class searches.
+ */
+ public String getInternalUserId()
+ {
+ return internalUserId;
+ }
+
+ /**
+ * Set the optional internalUserId attribute which limits set by {@link org.apache.directory.fortress.core.rbac.User#internalId}.
+ * For {@link AuditMgrImpl#searchUserSessions(UserAudit)} this attr maps to {@link AuditDAO#REQMOD}.
+ * The internalUserId for this search represents the end user but is stored as its internal id.
+ *
+ * @param internalUserId maps to 'reqMod' for 'auditModify' object class searches.
+ */
+ public void setInternalUserId(String internalUserId)
+ {
+ this.internalUserId = internalUserId;
+ }
+
+ /**
+ * Get the Date for search to begin. The earlier the date, the more records will be returned.
+ * This attribute is mapped to 'reqStart' on slapd audit records which provides the start
+ * time of the operation which is also the rDn for the node.
+ *
+ * @return attribute that maps to 'reqStart' in audit object classes.
+ */
+ public Date getBeginDate()
+ {
+ return beginDate;
+ }
+
+ /**
+ * Set the Date for search to begin. The earlier the date, the more records will be returned.
+ * This attribute is mapped to 'reqStart' on slapd audit records which provides the start
+ * time of the operation which is also the rDn for the node.
+ *
+ * @param beginDate attribute that maps to 'reqStart' in audit object classes.
+ */
+ public void setBeginDate(Date beginDate)
+ {
+ this.beginDate = beginDate;
+ }
+
+ /**
+ *
+ */
+ public Date getEndDate()
+ {
+ return endDate;
+ }
+
+ /**
+ *
+ * @param endDate
+ */
+ public void setEndDate(Date endDate)
+ {
+ this.endDate = endDate;
+ }
+
+ /**
+ * Get the optional dn attribute can be used to constraint {@link AuditMgrImpl#searchUserSessions(UserAudit)}.
+ * The dn for this search may represent any target entry in DIT that has been recently modified or deleted.
+ *
+ * @return the dn which maps to 'reqDn' for 'auditModify' object class searches.
+ */
+ public String getDn()
+ {
+ return dn;
+ }
+
+ /**
+ * Set the optional dn attribute can be used to constraint {@link AuditMgrImpl#searchUserSessions(UserAudit)}.
+ * The dn for this search may represent any target entry in DIT that has been recently modified or deleted.
+ *
+ * @param dn maps to 'reqDn' for 'auditModify' object class searches.
+ */
+ public void setDn(String dn)
+ {
+ this.dn = dn;
+ }
+
+ public String getObjId()
+ {
+ return objId;
+ }
+
+ public void setObjId(String objId)
+ {
+ this.objId = objId;
+ }
+
+ public boolean isAdmin()
+ {
+ return admin;
+ }
+
+ public void setAdmin(boolean admin)
+ {
+ this.admin = admin;
+ }
+}
\ No newline at end of file