directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r490646 [1/8] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/main/java/org/safehaus/triplesec/admin/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/ adm...
Date Thu, 28 Dec 2006 04:48:33 GMT
Author: djencks
Date: Wed Dec 27 20:48:29 2006
New Revision: 490646

URL: http://svn.apache.org/viewvc?view=rev&rev=490646
Log:
Commit my local jacc changes preparatory to moving them to sandbox

Added:
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java   (with props)
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java   (with props)
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java   (with props)
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java
      - copied, changed from r489699, directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java   (with props)
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionClassDao.java
      - copied, changed from r489699, directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionDao.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PermissionsUtil.java   (with props)
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/StringPermission.java
    directory/trunks/triplesec/itest-data/
      - copied from r489699, directory/trunks/triplesec/store/
    directory/trunks/triplesec/itest-data/pom.xml
      - copied, changed from r490645, directory/trunks/triplesec/store/pom.xml
    directory/trunks/triplesec/itest-data/src/
      - copied from r490645, directory/trunks/triplesec/store/src/
    directory/trunks/triplesec/itest-data/src/main/resources/
      - copied from r489699, directory/trunks/triplesec/store/src/test/resources/
    directory/trunks/triplesec/itest-data/src/main/resources/log4j.properties
      - copied unchanged from r490645, directory/trunks/triplesec/store/src/test/resources/log4j.properties
    directory/trunks/triplesec/itest-data/src/main/resources/server.ldif
Removed:
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Permission.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionModifier.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionDao.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permission.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Permissions.java
    directory/trunks/triplesec/guardian-ldap/src/test/resources/server.ldif
    directory/trunks/triplesec/itest-data/src/main/java/
    directory/trunks/triplesec/itest-data/src/main/resources/interceptor.ldif
    directory/trunks/triplesec/itest-data/src/main/resources/safehaus.ldif
    directory/trunks/triplesec/itest-data/src/main/schema/
    directory/trunks/triplesec/itest-data/src/test/
    directory/trunks/triplesec/store/src/test/resources/
Modified:
    directory/trunks/triplesec/admin-api/pom.xml
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapProfileDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
    directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUserDao.java
    directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/EntryModifierTest.java
    directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
    directory/trunks/triplesec/admin-api/src/test/resources/server.xml
    directory/trunks/triplesec/configuration-io/src/test/java/org/safehaus/triplesec/configuration/WebappConfigurationTest.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicy.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeAdapter.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/PolicyChangeListener.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Profile.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Role.java
    directory/trunks/triplesec/guardian-api/src/main/java/org/safehaus/triplesec/guardian/Roles.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/AbstractEntityTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/PermissionsTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ProfileTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RoleTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/RolesTest.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicy.java
    directory/trunks/triplesec/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockApplicationPolicyTest.java
    directory/trunks/triplesec/guardian-ldap/pom.xml
    directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
    directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java
    directory/trunks/triplesec/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
    directory/trunks/triplesec/guardian-ldap/src/test/resources/server.xml
    directory/trunks/triplesec/guardian-ldif/pom.xml
    directory/trunks/triplesec/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicy.java
    directory/trunks/triplesec/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
    directory/trunks/triplesec/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdifApplicationPolicyTest.java
    directory/trunks/triplesec/guardian-ldif/src/test/resources/server.ldif
    directory/trunks/triplesec/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
    directory/trunks/triplesec/integration/src/test/resources/server.xml
    directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
    directory/trunks/triplesec/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java
    directory/trunks/triplesec/main/src/main/java/org/safehaus/triplesec/Service.java
    directory/trunks/triplesec/pom.xml
    directory/trunks/triplesec/store/pom.xml
    directory/trunks/triplesec/store/src/main/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptor.java
    directory/trunks/triplesec/store/src/main/schema/safehaus.schema
    directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/ApplicationACIManagerITest.java
    directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/AdminFrame.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeCellRenderer.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/LeftTreeNavigation.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewApplicationPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewPermissionPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewProfilePanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/NewRolePanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/PermissionDependentsPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/PermissionPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ProfilePanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ProfilePermissionsPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ProfileRolesPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/RoleGrantsPanel.java
    directory/trunks/triplesec/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/RolePanel.java
    directory/trunks/triplesec/swing-demo/src/main/java/org/safehaus/triplesec/guardian/demo/DemoFrame.java
    directory/trunks/triplesec/tools/src/main/java/org/safehaus/triplesec/tools/Tools.java
    directory/trunks/triplesec/webapp-config/src/test/java/org/safehaus/triplesec/configui/util/TriplesecConfigBuilderTest.java
    directory/trunks/triplesec/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java

Modified: directory/trunks/triplesec/admin-api/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/pom.xml?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/pom.xml (original)
+++ directory/trunks/triplesec/admin-api/pom.xml Wed Dec 27 20:48:29 2006
@@ -45,6 +45,13 @@
       <artifactId>triplesec-integration</artifactId>
       <version>${pom.version}</version>
     </dependency>
+
+      <dependency>
+          <groupId>${pom.groupId}</groupId>
+          <artifactId>triplesec-itest-data</artifactId>
+          <version>${pom.version}</version>
+          <scope>test</scope>
+      </dependency>
   </dependencies>
 
   <build>
@@ -119,6 +126,35 @@
       <activation>
         <property><name>integration</name></property>
       </activation>
+        <build>
+        <plugins>
+            <plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>dependency-maven-plugin</artifactId>
+            <executions>
+                <execution>
+                    <id>unpack-itest-data</id>
+                    <phase>compile</phase>
+                    <goals>
+                        <goal>unpack</goal>
+                    </goals>
+                    <configuration>
+                        <artifactItems>
+                            <artifactItem>
+                                <groupId>${pom.groupId}</groupId>
+                                <artifactId>triplesec-itest-data</artifactId>
+                                <version>${pom.version}</version>
+                            </artifactItem>
+                        </artifactItems>
+                        <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+                    </configuration>
+                </execution>
+
+            </executions>
+        </plugin>
+
+        </plugins>
+        </build>
     </profile>
   </profiles>
 

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Application.java Wed Dec 27 20:48:29 2006
@@ -24,7 +24,6 @@
 import java.util.Iterator;
 
 import org.safehaus.triplesec.admin.dao.ApplicationDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
 import org.safehaus.triplesec.admin.dao.ProfileDao;
 import org.safehaus.triplesec.admin.dao.RoleDao;
 
@@ -33,30 +32,28 @@
 {
     private final RoleDao roleDao;
     private final ProfileDao profileDao;
-    private final PermissionDao permissionDao;
     private final String name;
     private final String description;
     private final String password;
     private final ApplicationDao dao;
     
     
-    public Application( String creatorsName, Date creationTimestamp, ApplicationDao dao, String name, 
-        String description, String password, PermissionDao permissionDao, RoleDao roleDao, ProfileDao profileDao )
+    public Application(String creatorsName, Date creationTimestamp, ApplicationDao dao, String name,
+            String description, String password, RoleDao roleDao, ProfileDao profileDao)
     {
         this( creatorsName, creationTimestamp, null, null, dao, name, description, password,
-            permissionDao, roleDao, profileDao );
+                roleDao, profileDao );
     }
     
     
-    public Application( String creatorsName, Date creationTimestamp, String modifiersName, Date modifyTimestamp, 
-        ApplicationDao dao, String name, String description, String userPassword, PermissionDao permissionDao, 
-        RoleDao roleDao, ProfileDao profileDao )
+    public Application(String creatorsName, Date creationTimestamp, String modifiersName, Date modifyTimestamp,
+            ApplicationDao dao, String name, String description, String userPassword,
+            RoleDao roleDao, ProfileDao profileDao)
     {
         super( creatorsName, creationTimestamp, modifiersName, modifyTimestamp );
         this.name = name;
         this.dao = dao;
         this.description = description;
-        this.permissionDao = permissionDao;
         this.profileDao = profileDao;
         this.roleDao = roleDao;
         this.password = userPassword;
@@ -68,12 +65,6 @@
     // -----------------------------------------------------------------------
     
     
-    PermissionDao getPermissionDao()
-    {
-        return permissionDao;
-    }
-    
-    
     RoleDao getRoleDao()
     {
         return roleDao;
@@ -114,12 +105,6 @@
     // -----------------------------------------------------------------------
     
     
-    public Permission getPermission( String permName ) throws DataAccessException
-    {
-        return permissionDao.load( name, permName );
-    }
-    
-    
     public Role getRole( String roleName ) throws DataAccessException
     {
         return roleDao.load( name, roleName );
@@ -135,12 +120,6 @@
     // -----------------------------------------------------------------------
     // ReadOnly Iterator methods
     // -----------------------------------------------------------------------
-    
-    
-    public Iterator permissionIterator() throws DataAccessException
-    {
-        return new ReadOnlyIterator( permissionDao.permissionIterator( name ) );
-    }
     
     
     public Iterator roleIterator() throws DataAccessException

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ApplicationModifier.java Wed Dec 27 20:48:29 2006
@@ -27,7 +27,6 @@
 import javax.naming.directory.ModificationItem;
 
 import org.safehaus.triplesec.admin.dao.ApplicationDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
 import org.safehaus.triplesec.admin.dao.ProfileDao;
 import org.safehaus.triplesec.admin.dao.RoleDao;
 
@@ -37,7 +36,6 @@
     private final String name;
     private final SingleValuedField description;
     private final SingleValuedField password;
-    private final PermissionDao permissionDao;
     private final RoleDao roleDao;
     private final ProfileDao profileDao;
     private final ApplicationDao dao;
@@ -51,13 +49,12 @@
     // -----------------------------------------------------------------------
     
     
-    ApplicationModifier( ApplicationDao dao, String name, PermissionDao permissionDao, 
-        RoleDao roleDao, ProfileDao profileDao )
+    ApplicationModifier(ApplicationDao dao, String name,
+            RoleDao roleDao, ProfileDao profileDao)
     {
         this.name = name;
         this.dao = dao;
         this.archetype = null;
-        this.permissionDao = permissionDao;
         this.roleDao = roleDao;
         this.profileDao = profileDao;
         this.password = new SingleValuedField( PASSWORD_ID, null );
@@ -70,7 +67,6 @@
         this.name = archetype.getName();
         this.dao = dao;
         this.archetype = archetype;
-        this.permissionDao = archetype.getPermissionDao();
         this.roleDao = archetype.getRoleDao();
         this.profileDao = archetype.getProfileDao();
         this.password = new SingleValuedField( PASSWORD_ID, archetype.getPassword() );
@@ -104,18 +100,7 @@
         return this;
     }
     
-    
-    public PermissionModifier newPermission( String permName ) 
-    {
-        if ( persisted )
-        {
-            throw new IllegalStateException( "This modifier has persisted changes and is no longer valid." );
-        }
-        return new PermissionModifier( permissionDao, name, permName );
-    }
-    
-    
-    public RoleModifier newRole( String roleName ) 
+    public RoleModifier newRole( String roleName )
     {
         if ( persisted )
         {
@@ -138,12 +123,6 @@
     // -----------------------------------------------------------------------
     // Mutable Iterator access methods
     // -----------------------------------------------------------------------
-    
-    
-    public Iterator permissionIterator() throws DataAccessException
-    {
-        return permissionDao.permissionIterator( name );
-    }
     
     
     public Iterator roleIterator() throws DataAccessException

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Constants.java Wed Dec 27 20:48:29 2006
@@ -26,8 +26,11 @@
 public interface Constants
 {
     String POLICY_PROFILE_OC = "policyProfile";
-    String POLICY_PERMISSION_OC = "policyPermission";
+//    String POLICY_PERMISSION_OC = "policyPermission";
     String POLICY_ROLE_OC = "policyRole";
+    String PERM_CLASS_OC = "permClass";
+    String PERM_GRANT_OC = "permGrant";
+    String PERM_DENY_OC = "permDeny";
     String SAFEHAUS_PROFILE_OC = "safehausProfile";
     String GROUP_OF_UNIQUE_NAMES_OC = "groupOfUniqueNames";
     String UID_OBJECT_OC = "uidObject";
@@ -76,8 +79,12 @@
     String MOVING_FACTOR_ID = "safehausFactor";
     String UNIQUE_MEMBER_ID = "uniqueMember";
     String REF_ID = "ref";
-    String GRANTS_ID = "grants";
-    String DENIALS_ID = "denials";
+    String PERM_CLASS_NAME_ID = "permClassName";
+    String GRANT_ID = "grant";
+    String DENY_ID = "deny";
+    String ACTION_ID = "action";
+//    String GRANTS_ID = "grants";
+//    String DENIALS_ID = "denials";
     String ROLES_ID = "roles";
     String USER_ID = "user";
     String DOMAIN_COMPONENT_ID = "dc";
@@ -85,7 +92,7 @@
     String MODIFY_TIMESTAMP_ID = "modifyTimestamp";
     String MODIFIERS_NAME_ID = "modifiersName";
     String APP_NAME_ID = "appName";
-    String PERM_NAME_ID = "permName";
+//    String PERM_NAME_ID = "permName";
     String ROLE_NAME_ID = "roleName";
     String PROFILEID_ID = "profileId";
     String SAFEHAUS_ID = "safehausUid";

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/MultiValuedField.java Wed Dec 27 20:48:29 2006
@@ -22,7 +22,6 @@
 
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.Set;
 
 import javax.naming.directory.BasicAttribute;
@@ -30,26 +29,26 @@
 import javax.naming.directory.ModificationItem;
 
 
-public class MultiValuedField
+public class MultiValuedField<T>
 {
     private final String id;
-    private final Set initial;
-    private Set added;
-    private Set deleted;
-    private Set current;
+    private final Set<T> initial;
+    private Set<T> added;
+    private Set<T> deleted;
+    private Set<T> current;
 
     
-    public MultiValuedField( String id, Set initial )
+    public MultiValuedField( String id, Set<T> initial )
     {
         this.id = id;
-        this.initial = Collections.unmodifiableSet( new HashSet( initial ) );
-        this.current = new HashSet( initial );
-        this.deleted = new HashSet();
-        this.added = new HashSet();
+        this.initial = Collections.unmodifiableSet( new HashSet<T>( initial ) );
+        this.current = new HashSet<T>( initial );
+        this.deleted = new HashSet<T>();
+        this.added = new HashSet<T>();
     }
 
 
-    public boolean addValue( String value )
+    public boolean addValue( T value )
     {
         // if we have the value then exit and return false
         if ( current.contains( value ) )
@@ -72,7 +71,7 @@
     }
 
 
-    public boolean removeValue( String value )
+    public boolean removeValue( T value )
     {
         // if we don't have the value then return false
         if ( ! current.contains( value ) )
@@ -101,13 +100,13 @@
     }
     
     
-    public Set getInitialValues()
+    public Set<T> getInitialValues()
     {
         return initial;
     }
     
     
-    public Set getCurrentValues()
+    public Set<T> getCurrentValues()
     {
         return Collections.unmodifiableSet( current );
     }
@@ -123,25 +122,22 @@
         BasicAttribute attr = new BasicAttribute( id );
         if ( added.size() == 0 && deleted.size() > 0 )
         {
-            for ( Iterator ii = deleted.iterator(); ii.hasNext(); /**/ )
-            {
-                attr.add( ii.next() );
+            for (T aDeleted : deleted) {
+                attr.add(aDeleted);
             }
             return new ModificationItem( DirContext.REMOVE_ATTRIBUTE, attr );
         }
         
         if ( added.size() > 0 && deleted.size() == 0 )
         {
-            for ( Iterator ii = added.iterator(); ii.hasNext(); /**/ )
-            {
-                attr.add( ii.next() );
+            for (T anAdded : added) {
+                attr.add(anAdded);
             }
             return new ModificationItem( DirContext.ADD_ATTRIBUTE, attr );
         }
-        
-        for ( Iterator ii = current.iterator(); ii.hasNext(); /**/ )
-        {
-            attr.add( ii.next() );
+
+        for (T aCurrent : current) {
+            attr.add(aCurrent);
         }
         return new ModificationItem( DirContext.REPLACE_ATTRIBUTE, attr );
     }

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin;
+
+import java.util.Set;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Date;
+
+import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PermissionActions extends AdministeredEntity implements Constants {
+
+    private final String permissionName;
+    private final Set<String> actions;
+
+    public PermissionActions( String creatorsName, Date createTimestamp, String modifiersName,
+        Date modifyTimestamp, PermissionActionsDao dao, String permissionName, Set<String> actions) {
+        super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
+        this.permissionName = permissionName;
+        this.actions = new HashSet<String>(actions);
+    }
+
+    public String getPermissionName() {
+        return permissionName;
+    }
+
+    public Set<String> getActions() {
+        return Collections.unmodifiableSet(actions);
+    }
+
+}

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionActions.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin;
+
+import java.util.Set;
+import java.util.Date;
+
+import org.safehaus.triplesec.admin.dao.PermissionClassDao;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PermissionClass extends AdministeredEntity {
+
+    private final String permissionClassName;
+    private final Set<PermissionActions> grants;
+    private final Set<PermissionActions> denials;
+    private final PermissionClassDao dao;
+
+    public PermissionClass( String creatorsName, Date createTimestamp, String modifiersName,
+        Date modifyTimestamp, PermissionClassDao dao, String permissionClassName, Set<PermissionActions> grants, Set<PermissionActions> denials) {
+        super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
+        this.dao = dao;
+        this.permissionClassName = permissionClassName;
+        this.grants = grants;
+        this.denials = denials;
+    }
+
+    public String getPermissionClassName() {
+        return permissionClassName;
+    }
+
+    public Set<PermissionActions> getGrants() {
+        return grants;
+    }
+
+    public Set<PermissionActions> getDenials() {
+        return denials;
+    }
+}

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/PermissionClass.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Profile.java Wed Dec 27 20:48:29 2006
@@ -31,9 +31,8 @@
 public class Profile extends AdministeredEntity
 {
     private final ProfileDao dao;
-    private final Set grants;
-    private final Set denials;
-    private final Set roles;
+    private final Set<PermissionClass> permissionClasses;
+    private final Set<String> roles;
     private final String id;
     private final String user;
     private final String description;
@@ -42,43 +41,37 @@
     
     
     public Profile( String creatorsName, Date createTimestamp, ProfileDao dao, String applicationName, 
-        String id, String user, String description, Set grants, Set denials, Set roles )
+        String id, String user, String description, Set<PermissionClass> permissionClasses, Set<String> roles )
     {
         this( creatorsName, createTimestamp, null, null, dao, applicationName, id, 
-            user, description, grants, denials, roles, false );
+            user, description, permissionClasses, roles, false );
     }
     
     
     public Profile( String creatorsName, Date createTimestamp, String modifiersName, Date modifyTimestamp, 
         ProfileDao dao, String applicationName, String id, String user, String description, 
-        Set grants, Set denials, Set roles, boolean disabled )
+        Set<PermissionClass> permissionClasses, Set<String> roles, boolean disabled )
     {
         super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
         this.dao = dao;
         this.applicationName = applicationName;
         this.id = id;
         this.user = user;
-        this.grants = new HashSet( grants );
-        this.denials = new HashSet( denials );
-        this.roles = new HashSet( roles );
+        this.permissionClasses = new HashSet<PermissionClass>( permissionClasses );
+        this.roles = new HashSet<String>( roles );
         this.description = description;
         this.disabled = disabled;
     }
     
     
-    public Set getGrants()
+    public Set<PermissionClass> getPermissionClasses()
     {
-        return Collections.unmodifiableSet( grants );
+        return Collections.unmodifiableSet( permissionClasses );
     }
 
 
-    public Set getDenials()
-    {
-        return Collections.unmodifiableSet( denials );
-    }
-
 
-    public Set getRoles()
+    public Set<String> getRoles()
     {
         return Collections.unmodifiableSet( roles );
     }

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/ProfileModifier.java Wed Dec 27 20:48:29 2006
@@ -39,9 +39,8 @@
     private final SingleValuedField description;
     private final SingleValuedField user;
     private final SingleValuedField disabled;
-    private final MultiValuedField grants;
-    private final MultiValuedField denials;
-    private final MultiValuedField roles;
+    private final MultiValuedField<PermissionClass> permissionClasses;
+    private final MultiValuedField<String> roles;
     
     private boolean persisted = false;
     
@@ -54,9 +53,8 @@
         this.id = id;
         this.description = new SingleValuedField( DESCRIPTION_ID, null );
         this.user = new SingleValuedField( USER_ID, user );
-        this.grants = new MultiValuedField( GRANTS_ID, Collections.EMPTY_SET );
-        this.denials = new MultiValuedField( DENIALS_ID, Collections.EMPTY_SET );
-        this.roles = new MultiValuedField( ROLES_ID, Collections.EMPTY_SET );
+        this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, Collections.EMPTY_SET );
+        this.roles = new MultiValuedField<String>( ROLES_ID, Collections.EMPTY_SET );
         this.disabled = new SingleValuedField( SAFEHAUS_DISABLED_ID, "FALSE" );
     }
     
@@ -70,9 +68,8 @@
         this.description = new SingleValuedField( DESCRIPTION_ID, archetype.getDescription() );
         this.disabled = new SingleValuedField( SAFEHAUS_DISABLED_ID, String.valueOf( archetype.isDisabled() ) );
         this.user = new SingleValuedField( USER_ID, archetype.getUser() );
-        this.grants = new MultiValuedField( GRANTS_ID, archetype.getGrants() );
-        this.denials = new MultiValuedField( DENIALS_ID, archetype.getDenials() );
-        this.roles = new MultiValuedField( ROLES_ID, archetype.getRoles() );
+        this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, archetype.getPermissionClasses() );
+        this.roles = new MultiValuedField<String>( ROLES_ID, archetype.getRoles() );
     }
     
     
@@ -109,70 +106,36 @@
     }
 
     
-    public ProfileModifier addGrant( String grant )
+    public ProfileModifier addPermissionClass( PermissionClass permissionClass )
     {
         if ( persisted )
         {
             throw new IllegalStateException( INVALID_MSG );
         }
 
-        if ( grant == null )
+        if ( permissionClass == null )
         {
             return this;
         }
 
-        grants.addValue( grant );
+        permissionClasses.addValue( permissionClass );
         return this;
     }
     
     
-    public ProfileModifier removeGrant( String grant )
+    public ProfileModifier removePermissionClass( PermissionClass permissionClass )
     {
         if ( persisted )
         {
             throw new IllegalStateException( INVALID_MSG );
         }
 
-        if ( grant == null )
+        if ( permissionClass == null )
         {
             return this;
         }
 
-        grants.removeValue( grant );
-        return this;
-    }
-    
-    
-    public ProfileModifier addDenial( String denial )
-    {
-        if ( persisted )
-        {
-            throw new IllegalStateException( INVALID_MSG );
-        }
-
-        if ( denial == null )
-        {
-            return this;
-        }
-
-        denials.addValue( denial );
-        return this;
-    }
-    
-    
-    public ProfileModifier removeDenial( String denial )
-    {
-        if ( persisted )
-        {
-            throw new IllegalStateException( INVALID_MSG );
-        }
-
-        if ( denial == null )
-        {
-            return this;
-        }
-
-        denials.removeValue( denial );
+        permissionClasses.removeValue( permissionClass );
         return this;
     }
     
@@ -210,7 +173,7 @@
         return this;
     }
     
-    
+    //TODO changes to permissionClasses not tracked here!
     private ModificationItem[] getModificationItems()
     {
         if ( ! isUpdateNeeded() )
@@ -219,14 +182,6 @@
         }
         
         List mods = new ArrayList();
-        if ( grants.isUpdateNeeded() )
-        {
-            mods.add( grants.getModificationItem() );
-        }
-        if ( denials.isUpdateNeeded() )
-        {
-            mods.add( denials.getModificationItem() );
-        }
         if ( roles.isUpdateNeeded() )
         {
             mods.add( roles.getModificationItem() );
@@ -262,7 +217,7 @@
     
     public boolean isUpdateNeeded()
     {
-        return disabled.isUpdateNeeded() || grants.isUpdateNeeded() || denials.isUpdateNeeded() || 
+        return disabled.isUpdateNeeded() || permissionClasses.isUpdateNeeded() ||
             roles.isUpdateNeeded() || description.isUpdateNeeded() || user.isUpdateNeeded();
     }
 
@@ -280,7 +235,7 @@
             throw new IllegalStateException( INVALID_MSG );
         }
         Profile profile = dao.add( applicationName, id, user.getCurrentValue(), description.getCurrentValue(), 
-            grants.getCurrentValues(), denials.getCurrentValues(), roles.getCurrentValues() );
+            permissionClasses.getCurrentValues(), roles.getCurrentValues() );
         persisted = true;
         return profile;
     }
@@ -313,7 +268,7 @@
         }
         Profile profile = dao.modify( archetype.getCreatorsName(), archetype.getCreateTimestamp(), 
             applicationName, id, user.getCurrentValue(), description.getCurrentValue(), 
-            grants.getCurrentValues(), denials.getCurrentValues(), roles.getCurrentValues(), 
+            permissionClasses.getCurrentValues(), roles.getCurrentValues(),
             parseBoolean( disabled.getCurrentValue().toLowerCase() ), getModificationItems() );
         persisted = true;
         return profile;

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/Role.java Wed Dec 27 20:48:29 2006
@@ -33,32 +33,32 @@
     private final RoleDao dao;
     private final String applicationName;
     private final String name;
-    private final Set grants;
+    private final Set<PermissionClass> permissionClasses;
     private final String description;
 
     
     public Role( String creatorsName, Date createTimestamp, RoleDao dao, String applicationName, 
-        String name, String description, Set grants )
+        String name, String description, Set<PermissionClass> permissionClasses )
     {
-        this( creatorsName, createTimestamp, null, null, dao, applicationName, name, description, grants );
+        this( creatorsName, createTimestamp, null, null, dao, applicationName, name, description, permissionClasses );
     }
     
     
     public Role( String creatorsName, Date createTimestamp, String modifiersName, Date modifyTimestamp, 
-        RoleDao dao, String applicationName, String name, String description, Set grants )
+        RoleDao dao, String applicationName, String name, String description, Set<PermissionClass> permissionClasses )
     {
         super( creatorsName, createTimestamp, modifiersName, modifyTimestamp );
         this.dao = dao;
         this.applicationName = applicationName;
         this.name = name;
         this.description = description;
-        this.grants = new HashSet( grants );
+        this.permissionClasses = new HashSet<PermissionClass>( permissionClasses );
     }
 
 
-    public Set getGrants()
+    public Set<PermissionClass> getPermissionClasses()
     {
-        return Collections.unmodifiableSet( grants );
+        return Collections.unmodifiableSet( permissionClasses );
     }
 
 

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/RoleModifier.java Wed Dec 27 20:48:29 2006
@@ -37,7 +37,7 @@
     private final String name;
     private final String applicationName;
     private SingleValuedField description;
-    private MultiValuedField grants;
+    private MultiValuedField<PermissionClass> permissionClasses;
     private boolean persisted = false;
     
     
@@ -48,7 +48,7 @@
         this.applicationName = applicationName;
         this.name = name;
         this.description = new SingleValuedField( DESCRIPTION_ID, null );
-        this.grants = new MultiValuedField( GRANTS_ID, Collections.EMPTY_SET );
+        this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, Collections.EMPTY_SET );
     }
     
     
@@ -59,7 +59,7 @@
         this.applicationName = archetype.getApplicationName();
         this.name = archetype.getName();
         this.description = new SingleValuedField( DESCRIPTION_ID, archetype.getDescription() );
-        this.grants = new MultiValuedField( GRANTS_ID, archetype.getGrants() );
+        this.permissionClasses = new MultiValuedField<PermissionClass>( PERM_CLASS_NAME_ID, archetype.getPermissionClasses() );
     }
     
     
@@ -70,26 +70,26 @@
     }
 
     
-    public RoleModifier addGrant( String grant )
+    public RoleModifier addPermissionClass( PermissionClass permissionClass )
     {
-        if ( grant == null )
+        if ( permissionClass == null )
         {
             return this;
         }
 
-        grants.addValue( grant );
+        permissionClasses.addValue( permissionClass );
         return this;
     }
     
     
-    public RoleModifier removeGrant( String grant )
+    public RoleModifier removePermissionClass( PermissionClass permissionClass )
     {
-        if ( grant == null )
+        if ( permissionClass == null )
         {
             return this;
         }
 
-        grants.removeValue( grant );
+        permissionClasses.removeValue( permissionClass );
         return this;
     }
     
@@ -108,9 +108,9 @@
         }
         
         List mods = new ArrayList();
-        if ( grants.isUpdateNeeded() )
+        if ( permissionClasses.isUpdateNeeded() )
         {
-            mods.add( grants.getModificationItem() );
+            mods.add( permissionClasses.getModificationItem() );
         }
         if ( description.isUpdateNeeded() )
         {
@@ -135,7 +135,7 @@
     
     public boolean isUpdateNeeded()
     {
-        return grants.isUpdateNeeded() || description.isUpdateNeeded();
+        return permissionClasses.isUpdateNeeded() || description.isUpdateNeeded();
     }
     
     
@@ -151,7 +151,7 @@
         {
             throw new IllegalStateException( INVALID_MSG );
         }
-        Role role = dao.add( applicationName, name, description.getCurrentValue(), grants.getCurrentValues() );
+        Role role = dao.add( applicationName, name, description.getCurrentValue(), permissionClasses.getCurrentValues() );
         persisted = true;
         return role;
     }
@@ -183,7 +183,7 @@
             throw new IllegalStateException( INVALID_MSG );
         }
         Role role = dao.modify( archetype.getCreatorsName(), archetype.getCreateTimestamp(), applicationName, 
-            name, description.getCurrentValue(), grants.getCurrentValues(), getModificationItems() );
+            name, description.getCurrentValue(), permissionClasses.getCurrentValues(), getModificationItems() );
         persisted = true;
         return role;
     }

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/TriplesecAdmin.java Wed Dec 27 20:48:29 2006
@@ -31,7 +31,7 @@
 import org.safehaus.triplesec.admin.dao.GroupDao;
 import org.safehaus.triplesec.admin.dao.HauskeysUserDao;
 import org.safehaus.triplesec.admin.dao.LocalUserDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
+import org.safehaus.triplesec.admin.dao.PermissionClassDao;
 import org.safehaus.triplesec.admin.dao.ProfileDao;
 import org.safehaus.triplesec.admin.dao.RoleDao;
 import org.safehaus.triplesec.admin.dao.UserDao;
@@ -43,7 +43,7 @@
     private ApplicationDao applicationDao;
     private RoleDao roleDao;
     private ProfileDao profileDao;
-    private PermissionDao permissionDao;
+    private PermissionClassDao permissionClassDao;
     private GroupDao groupDao;
     private ExternalUserDao externalUserDao;
     private LocalUserDao localUserDao;
@@ -55,7 +55,7 @@
     {
         factory = DaoFactory.createInstance( props );
         applicationDao = factory.getApplicationDao();
-        permissionDao = factory.getPermissionDao();
+        permissionClassDao = factory.getPermissionClassDao();
         roleDao = factory.getRoleDao();
         profileDao = factory.getProfileDao();
         groupDao = factory.getGroupDao();
@@ -114,8 +114,8 @@
     
     public ApplicationModifier newApplication( String name )
     {
-        return new ApplicationModifier( applicationDao, name, 
-            permissionDao, roleDao, profileDao );
+        return new ApplicationModifier( applicationDao, name,
+                roleDao, profileDao );
     }
     
     

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/DaoFactory.java Wed Dec 27 20:48:29 2006
@@ -140,8 +140,10 @@
     }
     
     
-    public abstract PermissionDao getPermissionDao() throws DataAccessException;
+    public abstract PermissionClassDao getPermissionClassDao() throws DataAccessException;
     
+    public abstract PermissionActionsDao getPermissionActionsDao() throws DataAccessException;
+
     public abstract ApplicationDao getApplicationDao() throws DataAccessException;
 
     public abstract RoleDao getRoleDao() throws DataAccessException;

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin.dao;
+
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Date;
+
+import javax.naming.directory.ModificationItem;
+
+import org.safehaus.triplesec.admin.PermissionActions;
+import org.safehaus.triplesec.admin.DataAccessException;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface PermissionActionsDao {
+    Iterator<PermissionActions> permissionActionsIterator( String contextDn, boolean isGrant ) throws DataAccessException;
+
+    PermissionActions load( String contextDn, boolean isGrant, String permName ) throws DataAccessException;
+
+    PermissionActions add( String contextDn, boolean isGrant, String permName, Set<String> actions )
+        throws DataAccessException;
+
+    PermissionActions rename( String contextDn, boolean isGrant, String newPermissionName, PermissionActions permissionActions ) throws DataAccessException;
+
+    PermissionActions modify( String creatorsName, Date createTimestamp, String contextDn, boolean isGrant, String permissionName,
+        Set<String> actions, ModificationItem[] mods )
+        throws DataAccessException;
+
+    void delete( String contextDn, boolean isGrant,  String permissionName ) throws DataAccessException;
+}

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionActionsDao.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Copied: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java (from r489699, directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java)
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java?view=diff&rev=490646&p1=directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java&r1=489699&p2=directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/PermissionClassDao.java Wed Dec 27 20:48:29 2006
@@ -22,37 +22,35 @@
 
 import java.util.Date;
 import java.util.Iterator;
-
-import javax.naming.directory.ModificationItem;
+import java.util.Set;
 
 import org.safehaus.triplesec.admin.DataAccessException;
-import org.safehaus.triplesec.admin.Permission;
+import org.safehaus.triplesec.admin.PermissionActions;
+import org.safehaus.triplesec.admin.PermissionClass;
 
 
-public interface PermissionDao
+public interface PermissionClassDao
 {
-    public abstract Permission add( String applicationName, String name, String description ) 
+    PermissionClass add( String contextDn, String permClassName, Set<PermissionActions> grants, Set<PermissionActions> denials )
         throws DataAccessException;
 
-    public abstract void delete( String applicationName, String name ) 
+    void delete( String contextDn, String permClassName )
         throws DataAccessException;
 
-    public abstract Permission modify( String creatorsName, Date createTimestamp, String applicationName, 
-        String name, String description, ModificationItem[] mods )
+    PermissionClass modify( String creatorsName, Date createTimestamp, String contextDn,
+        String permClassName )
         throws DataAccessException;
 
-    public abstract Permission rename( String newName, Permission permission )
+    PermissionClass rename(  String contextDn, String newPermClassName, PermissionClass permClass )
         throws DataAccessException;
 
-    public abstract Permission load( String applicationName, String name ) 
+    PermissionClass load( String applicationName, String name )
         throws DataAccessException;
 
-    public abstract boolean has( String applicationName, String name ) 
+    boolean has( String applicationName, String name )
         throws DataAccessException;
 
-    public abstract Iterator permissionNameIterator( String applicationName ) 
-        throws DataAccessException;
-    
-    public abstract Iterator permissionIterator( String applicationName ) 
+    Iterator permissionClassNameIterator( String applicationName )
         throws DataAccessException;
+
 }

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ProfileDao.java Wed Dec 27 20:48:29 2006
@@ -28,26 +28,27 @@
 
 import org.safehaus.triplesec.admin.DataAccessException;
 import org.safehaus.triplesec.admin.Profile;
+import org.safehaus.triplesec.admin.PermissionClass;
 
 
 public interface ProfileDao
 {
-    Iterator profileIterator( String applicationName ) 
+    Iterator profileIterator( String applicationName )
         throws DataAccessException;
 
-    Iterator profileIterator( String applicationName, String user ) 
+    Iterator profileIterator( String applicationName, String user )
         throws DataAccessException;
 
-    Profile load( String applicationName, String id ) 
+    Profile load( String applicationName, String id )
         throws DataAccessException;
 
-    Profile add( String applicationName, String id, String user, String description, 
-        Set grants, Set denials, Set roles ) throws DataAccessException;
+    Profile add( String applicationName, String id, String user, String description,
+        Set<PermissionClass> permissionClasses, Set<String> roles ) throws DataAccessException;
 
     Profile rename( String newId, Profile archetype ) throws DataAccessException;
 
-    Profile modify( String creatorsName, Date createTimestamp, String applicationName, String id, 
-        String user, String description, Set grants, Set denials, Set roles, boolean disabled, ModificationItem[] mods ) 
+    Profile modify( String creatorsName, Date createTimestamp, String applicationName, String id,
+        String user, String description, Set<PermissionClass> permissionClasses, Set<String> roles, boolean disabled, ModificationItem[] mods )
         throws DataAccessException;
 
     void delete( String name, String id ) throws DataAccessException;

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/RoleDao.java Wed Dec 27 20:48:29 2006
@@ -28,25 +28,26 @@
 
 import org.safehaus.triplesec.admin.DataAccessException;
 import org.safehaus.triplesec.admin.Role;
+import org.safehaus.triplesec.admin.PermissionClass;
 
 
 public interface RoleDao
 {
-    Iterator roleIterator( String applicationName ) 
+    Iterator roleIterator( String applicationName )
         throws DataAccessException;
 
-    Role load( String applicationName, String name ) 
+    Role load( String applicationName, String name )
         throws DataAccessException;
 
-    Role add( String applicationName, String name, String currentValue, Set currentValues ) 
+    Role add( String applicationName, String name, String currentValue, Set<PermissionClass> permissionClasses )
         throws DataAccessException;
 
-    Role rename( String newName, Role archetype ) 
+    Role rename( String newName, Role archetype )
         throws DataAccessException;
 
-    Role modify( String creatorsName, Date createTimestamp, String applicationName, String name, 
-        String description, Set grants, ModificationItem[] mods )  throws DataAccessException;
+    Role modify( String creatorsName, Date createTimestamp, String applicationName, String name,
+        String description, Set<PermissionClass> permissionClasses, ModificationItem[] mods )  throws DataAccessException;
 
-    void delete( String applicationName, String name ) 
+    void delete( String applicationName, String name )
         throws DataAccessException;
 }

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapApplicationDao.java Wed Dec 27 20:48:29 2006
@@ -28,7 +28,6 @@
 import org.safehaus.triplesec.admin.EntryAlreadyExistsException;
 import org.safehaus.triplesec.admin.NoSuchEntryException;
 import org.safehaus.triplesec.admin.dao.ApplicationDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
 import org.safehaus.triplesec.admin.dao.ProfileDao;
 import org.safehaus.triplesec.admin.dao.RoleDao;
 import org.slf4j.Logger;
@@ -56,20 +55,18 @@
     private static final String[] ATTRIBUTES = new String[] { 
         DESCRIPTION_ID, APP_NAME_ID, PASSWORD_ID, CREATORS_NAME_ID , MODIFIERS_NAME_ID, 
         CREATE_TIMESTAMP_ID, MODIFY_TIMESTAMP_ID };
-    private static final Logger log = LoggerFactory.getLogger( LdapPermissionDao.class );
+    private static final Logger log = LoggerFactory.getLogger( LdapPermissionClassDao.class );
     private final String principalName;
     private final DirContext ctx;
     private final String baseUrl;
-    private final PermissionDao permissionDao;
     private final RoleDao roleDao;
     private final ProfileDao profileDao;
     
     
-    public LdapApplicationDao( DirContext ctx, PermissionDao permissionDao, 
+    public LdapApplicationDao( DirContext ctx,
         RoleDao roleDao, ProfileDao profileDao ) throws DataAccessException
     {
         this.ctx = ctx;
-        this.permissionDao = permissionDao;
         this.roleDao = roleDao;
         this.profileDao = profileDao;
 
@@ -130,7 +127,7 @@
             appCtx.createSubcontext( "ou=Profiles", attrs );
             return new Application( principalName, new Date( System.currentTimeMillis() ), 
                 this, appName, description, userPassword, 
-                permissionDao, roleDao, profileDao );
+                roleDao, profileDao );
         }
         catch ( NameAlreadyBoundException e )
         {
@@ -181,14 +178,14 @@
 
     public Application load( String appName ) throws DataAccessException
     {
-        String description = null;
-        String userPassword = null;
-        String creatorsName = null;
-        Date createTimestamp = null;
-        String modifiersName = null;
-        Date modifyTimestamp = null;
+        String description;
+        String userPassword;
+        String creatorsName;
+        Date createTimestamp;
+        String modifiersName;
+        Date modifyTimestamp;
         String rdn = getRelativeDn( appName );
-        Attributes attrs = null;
+        Attributes attrs;
         
         try
         {
@@ -214,14 +211,14 @@
         }
         
         return new Application( creatorsName, createTimestamp, modifiersName, modifyTimestamp, 
-            this, appName, description, userPassword, permissionDao, roleDao, profileDao );
+            this, appName, description, userPassword, roleDao, profileDao );
     }
 
 
     public boolean has( String appName ) throws DataAccessException
     {
         String rdn = getRelativeDn( appName );
-        Attributes attrs = null;
+        Attributes attrs;
         
         try
         {
@@ -339,7 +336,7 @@
         
         return new Application( app.getCreatorsName(), app.getCreateTimestamp(), app.getModifiersName(), 
             app.getModifyTimestamp(), this, newName, app.getDescription(), app.getPassword(),
-            permissionDao, roleDao, profileDao );
+                roleDao, profileDao );
     }
     
     
@@ -347,7 +344,7 @@
     {
         StringBuffer buf = new StringBuffer();
         buf.append( "appName=" ).append( appName );
-        buf.append( ",ou=Applications" );
+        buf.append( ",ou=applications" );
         return buf.toString();
     }
 
@@ -379,8 +376,8 @@
         }
         
         return new Application( creatorsName, createTimestamp, modifiersName, modifyTimestamp, 
-            this, appName, description, userPassword, 
-            permissionDao, roleDao, profileDao );
+            this, appName, description, userPassword,
+                roleDao, profileDao );
     }
 
 

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapDaoFactory.java Wed Dec 27 20:48:29 2006
@@ -33,10 +33,11 @@
 import org.safehaus.triplesec.admin.dao.GroupDao;
 import org.safehaus.triplesec.admin.dao.HauskeysUserDao;
 import org.safehaus.triplesec.admin.dao.LocalUserDao;
-import org.safehaus.triplesec.admin.dao.PermissionDao;
+import org.safehaus.triplesec.admin.dao.PermissionClassDao;
 import org.safehaus.triplesec.admin.dao.ProfileDao;
 import org.safehaus.triplesec.admin.dao.RoleDao;
 import org.safehaus.triplesec.admin.dao.UserDao;
+import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -62,27 +63,31 @@
     }
     
     
-    public PermissionDao getPermissionDao() throws DataAccessException
+    public PermissionClassDao getPermissionClassDao() throws DataAccessException
     {
-        return new LdapPermissionDao( ctx );
+        return new LdapPermissionClassDao( ctx, getPermissionActionsDao() );
     }
-    
-    
+
+    public PermissionActionsDao getPermissionActionsDao() throws DataAccessException {
+        return new LdapPermissionActionsDao(ctx);
+    }
+
+
     public ApplicationDao getApplicationDao() throws DataAccessException
     {
-        return new LdapApplicationDao( ctx, getPermissionDao(), getRoleDao(), getProfileDao() );
+        return new LdapApplicationDao( ctx, getRoleDao(), getProfileDao() );
     }
 
     
     public RoleDao getRoleDao() throws DataAccessException
     {
-        return new LdapRoleDao( ctx ); 
+        return new LdapRoleDao( ctx, getPermissionClassDao() );
     }
 
     
     public ProfileDao getProfileDao() throws DataAccessException
     {
-        return new LdapProfileDao( ctx ); 
+        return new LdapProfileDao( ctx, getPermissionClassDao() );
     }
 
 

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapExternalUserDao.java Wed Dec 27 20:48:29 2006
@@ -119,7 +119,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Rename failed. Permission denied.";
+            String msg = "Rename failed. StringPermission denied.";
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }
@@ -159,7 +159,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Modify failed. Permission denied to " + rdn + " under " + baseUrl;
+            String msg = "Modify failed. StringPermission denied to " + rdn + " under " + baseUrl;
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }
@@ -192,7 +192,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Delete failed. Permission denied to delete " + rdn + " under " + baseUrl;
+            String msg = "Delete failed. StringPermission denied to delete " + rdn + " under " + baseUrl;
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapHauskeysUserDao.java Wed Dec 27 20:48:29 2006
@@ -302,7 +302,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Rename failed. Permission denied.";
+            String msg = "Rename failed. StringPermission denied.";
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }
@@ -402,7 +402,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Modify failed. Permission denied to " + rdn + " under " + baseUrl;
+            String msg = "Modify failed. StringPermission denied to " + rdn + " under " + baseUrl;
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }
@@ -438,7 +438,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Delete failed. Permission denied to delete " + rdn + " under " + baseUrl;
+            String msg = "Delete failed. StringPermission denied to delete " + rdn + " under " + baseUrl;
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }

Modified: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java (original)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapLocalUserDao.java Wed Dec 27 20:48:29 2006
@@ -205,7 +205,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Rename failed. Permission denied.";
+            String msg = "Rename failed. StringPermission denied.";
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }
@@ -298,7 +298,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Modify failed. Permission denied to " + rdn + " under " + baseUrl;
+            String msg = "Modify failed. StringPermission denied to " + rdn + " under " + baseUrl;
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }
@@ -333,7 +333,7 @@
         }
         catch ( NoPermissionException e )
         {
-            String msg = "Delete failed. Permission denied to delete " + rdn + " under " + baseUrl;
+            String msg = "Delete failed. StringPermission denied to delete " + rdn + " under " + baseUrl;
             log.error( msg, e );
             throw new PermissionDeniedException( msg );
         }

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java?view=auto&rev=490646
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapPermissionActionsDao.java Wed Dec 27 20:48:29 2006
@@ -0,0 +1,365 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.admin.dao.ldap;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NameAlreadyBoundException;
+import javax.naming.NameNotFoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SchemaViolationException;
+import javax.naming.directory.SearchControls;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.safehaus.triplesec.admin.Constants;
+import org.safehaus.triplesec.admin.ConstraintViolationException;
+import org.safehaus.triplesec.admin.DataAccessException;
+import org.safehaus.triplesec.admin.EntryAlreadyExistsException;
+import org.safehaus.triplesec.admin.NoSuchEntryException;
+import org.safehaus.triplesec.admin.PermissionActions;
+import org.safehaus.triplesec.admin.dao.PermissionActionsDao;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LdapPermissionActionsDao implements LdapDao, Constants, PermissionActionsDao {
+    private static final Logger log = LoggerFactory.getLogger( LdapPermissionActionsDao.class );
+    private static final String[] ATTRIBUTES = new String[] {
+        GRANT_ID, DENY_ID, ACTION_ID, CREATORS_NAME_ID, CREATE_TIMESTAMP_ID,
+        MODIFIERS_NAME_ID, MODIFY_TIMESTAMP_ID
+    };
+    private final DirContext ctx;
+    private final String baseUrl;
+    private final String principalName;
+
+
+    public LdapPermissionActionsDao( DirContext ctx ) throws DataAccessException
+    {
+        this.ctx = ctx;
+
+        String name = null;
+        String principal = null;
+        try
+        {
+            name = ctx.getNameInNamespace();
+            String principalDn = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
+            if ( principalDn.equalsIgnoreCase( "uid=admin,ou=system" ) )
+            {
+                principal = "admin";
+            }
+            else
+            {
+                principal = ( String ) new LdapDN( principalDn ).getRdn().getValue();
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to get name in namespace for base context.";
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new DataAccessException( msg );
+
+        }
+        finally
+        {
+            baseUrl = name;
+            principalName = principal;
+        }
+    }
+
+
+    public Iterator<PermissionActions> permissionActionsIterator( String contextDn, boolean isGrant ) throws DataAccessException
+    {
+        SearchControls controls = new SearchControls();
+        controls.setReturningAttributes( LdapPermissionActionsDao.ATTRIBUTES );
+        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        String query = isGrant? "(& (grant=*) (objectClass=permGrant) )": "(& (deny=*) (objectClass=permDeny) )";
+        try
+        {
+            return new JndiIterator( this, ctx.search( contextDn,
+                query, controls ), contextDn );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to search " + contextDn + " under " + baseUrl;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+
+    public PermissionActions load( String contextDn, boolean isGrant, String permName ) throws DataAccessException
+    {
+        Set<String> actions = new HashSet<String>();
+        String rdn = getRelativeDn( contextDn, isGrant, permName );
+        Attributes attrs;
+
+        String creatorsName;
+        String modifiersName;
+        Date createTimestamp;
+        Date modifyTimestamp;
+
+        try
+        {
+            attrs = ctx.getAttributes( rdn, LdapPermissionActionsDao.ATTRIBUTES );
+            creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+            modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+            createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+            modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+
+            if ( attrs.get( ACTION_ID ) != null )
+            {
+                for ( NamingEnumeration ii = attrs.get( GRANT_ID ).getAll(); ii.hasMore(); /**/ )
+                {
+                    actions.add( (String)ii.next() );
+                }
+            }
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Could not find " + rdn + " under " + baseUrl;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to lookup " + rdn + " under " + baseUrl;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+
+        return new PermissionActions( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this, permName, Collections.unmodifiableSet(actions) );
+    }
+
+
+    public PermissionActions add( String contextDn, boolean isGrant, String permName, Set<String> actions )
+        throws DataAccessException
+    {
+        BasicAttributes attrs = new BasicAttributes( OBJECT_CLASS_ID, isGrant? PERM_GRANT_OC: PERM_DENY_OC, true );
+        attrs.put( isGrant? GRANT_ID: DENY_ID, permName );
+        if ( ! actions.isEmpty() )
+        {
+            BasicAttribute attr = new BasicAttribute( ACTION_ID );
+            for (String action : actions) {
+                attr.add(action);
+            }
+            attrs.put( attr );
+        }
+
+        String rdn = getRelativeDn( contextDn, isGrant, permName );
+        try
+        {
+            ctx.createSubcontext( rdn, attrs );
+            return new PermissionActions( principalName, new Date( System.currentTimeMillis() ), null, null,
+                    this, permName, Collections.unmodifiableSet(actions) );
+        }
+        catch ( NameAlreadyBoundException e )
+        {
+            LdapPermissionActionsDao.log.error( "Cannot create role " + rdn, e );
+            EntryAlreadyExistsException eaee = new EntryAlreadyExistsException();
+            eaee.initCause( e );
+            throw eaee;
+        }
+        catch ( NamingException e )
+        {
+            LdapPermissionActionsDao.log.error( "Unexpected failure", e );
+            throw new DataAccessException( e.getMessage() );
+        }
+    }
+
+
+    public PermissionActions rename( String contextDn, boolean isGrant, String newPermissionName, PermissionActions permissionActions ) throws DataAccessException
+    {
+        String oldRdn = getRelativeDn( contextDn, isGrant, permissionActions.getPermissionName() );
+        String newRdn = getRelativeDn( contextDn, isGrant, newPermissionName );
+
+        try
+        {
+            ctx.rename( oldRdn, newRdn );
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Rename failed. Could not find " + oldRdn + " under " + baseUrl;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NameAlreadyBoundException e )
+        {
+            String msg = "Rename failed. Another permissionActions already exists at " + newRdn + " under " + baseUrl;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new EntryAlreadyExistsException( msg );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " is required by other entities";
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " could not be renamed to " + newRdn;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+
+        return new PermissionActions( permissionActions.getCreatorsName(), permissionActions.getCreateTimestamp(), principalName,
+            new Date( System.currentTimeMillis() ), this, newPermissionName,
+            permissionActions.getActions() );
+    }
+
+
+    public PermissionActions modify( String creatorsName, Date createTimestamp, String contextDn, boolean isGrant, String permissionName,
+        Set<String> actions, ModificationItem[] mods )
+        throws DataAccessException
+    {
+            String rdn = getRelativeDn( contextDn, isGrant, permissionName );
+
+            try
+            {
+                ctx.modifyAttributes( rdn, mods );
+            }
+            catch ( SchemaViolationException e )
+            {
+                String msg = "Could not modify " + rdn + " under " + baseUrl;
+                msg += " The modification violates constraints.";
+                LdapPermissionActionsDao.log.error( msg, e );
+                throw new ConstraintViolationException( msg );
+            }
+            catch ( NameNotFoundException e )
+            {
+                String msg = "Entry " + rdn + " under " + baseUrl + " does not exist";
+                LdapPermissionActionsDao.log.error( msg, e );
+                throw new NoSuchEntryException( msg );
+            }
+            catch ( NamingException e )
+            {
+                String msg = "Could not modify " + rdn + " under " + baseUrl;
+                LdapPermissionActionsDao.log.error( msg, e );
+                throw new NoSuchEntryException( msg );
+            }
+
+            return new PermissionActions( creatorsName, createTimestamp, principalName, new Date( System.currentTimeMillis() ),
+                this, permissionName, actions );
+    }
+
+
+    public void delete( String contextDn, boolean isGrant,  String permissionName ) throws DataAccessException
+    {
+        String rdn = getRelativeDn( contextDn, isGrant, permissionName );
+
+        try
+        {
+            ctx.destroySubcontext( rdn );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Could not delete " + rdn + " under " + baseUrl;
+            msg += ".  Other entities depend on " + permissionName;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Could not delete " + rdn + " under " + baseUrl;
+            LdapPermissionActionsDao.log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+
+    // -----------------------------------------------------------------------
+    // Private utility methods
+    // -----------------------------------------------------------------------
+
+
+    private String getRelativeDn( String contextDn, boolean isGrant, String permName )
+    {
+        StringBuffer buf = new StringBuffer();
+        buf.append(isGrant? GRANT_ID: DENY_ID).append( "=" ).append( permName );
+        buf.append( "," ).append( contextDn );
+        return buf.toString();
+    }
+
+    // -----------------------------------------------------------------------
+    // LdapDao method implementations
+    // -----------------------------------------------------------------------
+
+
+    public Object getEntryObject( Object extra, Attributes attrs )
+    {
+        String permissionName = null;
+        Set<String> actions = new HashSet<String>();
+
+        String creatorsName = null;
+        String modifiersName = null;
+        Date createTimestamp = null;
+        Date modifyTimestamp = null;
+
+        try
+        {
+            permissionName = ( String ) attrs.get( GRANT_ID ).get();
+            if (permissionName == null) {
+                permissionName = (String) attrs.get(DENY_ID).get();
+            }
+            creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+            modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+            createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+            modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+            if ( attrs.get( ACTION_ID ) != null )
+            {
+                for ( NamingEnumeration ii = attrs.get( ACTION_ID ).getAll(); ii.hasMore(); /**/ )
+                {
+                    actions.add( (String) ii.next() );
+                }
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to produce object for attributes: " + attrs;
+            LdapPermissionActionsDao.log.error( msg, e );
+        }
+
+        return new PermissionActions( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this,
+            permissionName, Collections.unmodifiableSet( actions ) );
+    }
+
+
+    public void deleteEntry( String rdn )
+    {
+        try
+        {
+            ctx.destroySubcontext( rdn );
+        }
+        catch ( NamingException e )
+        {
+            LdapPermissionActionsDao.log.error( "Failed to delete " + rdn + " under " + baseUrl, e );
+        }
+    }
+}



Mime
View raw message