directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r490646 [5/8] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/main/java/org/safehaus/triplesec/admin/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/ adm...
Date Thu, 28 Dec 2006 04:48:33 GMT
Modified: directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java Wed Dec 27 20:48:29 2006
@@ -20,19 +20,39 @@
 package org.safehaus.triplesec.guardian.ldap;
 
 
-import org.safehaus.triplesec.guardian.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.security.Permissions;
+import java.security.Permission;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+import java.lang.reflect.Constructor;
 
-import javax.naming.directory.*;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
 import javax.naming.event.EventDirContext;
 import javax.naming.event.NamespaceChangeListener;
 import javax.naming.event.NamingEvent;
 import javax.naming.event.NamingExceptionEvent;
 import javax.naming.event.ObjectChangeListener;
-import javax.naming.NamingException;
-import javax.naming.NamingEnumeration;
-import java.util.*;
+
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.ChangeType;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.Roles;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -41,1027 +61,843 @@
  * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
  * @version $Rev: 72 $
  */
-class LdapApplicationPolicy implements ApplicationPolicy
-{
-    private static final String[] PROF_ID = new String[] { "profileId" };
-    /** the logger interface for this class */
-    private static Logger log = LoggerFactory.getLogger( LdapApplicationPolicy.class );
-    /** the name of the application this store is associated with */
+class LdapApplicationPolicy implements ApplicationPolicy {
+    private static final String[] PROF_ID = new String[]{"profileId"};
+    /**
+     * the logger interface for this class
+     */
+    private static Logger log = LoggerFactory.getLogger(LdapApplicationPolicy.class);
+    /**
+     * the name of the application this store is associated with
+     */
     private final String applicationName;
-    /** the application base relative name to the context given: "appName=<applicationName\>,ou=applications" */
+    /**
+     * the application base relative name to the context given: "appName=<applicationName\>,ou=applications"
+     */
     private final String baseRdn;
-    /** a breif description of this application */
+    /**
+     * a breif description of this application
+     */
     private String description;
 
-    /** the {@link Permission}s defined for this store's application */
-    private Permissions permissions;
-    /** the {@link Role}s defined for this store's application */
+    /** the {@link StringPermission}s defined for this store's application */
+//    private Permissions permissions;
+    /**
+     * the {@link Role}s defined for this store's application
+     */
     private Roles roles;
-    /** the JNDI Context at the base under which ou=applications can be found */
+    /**
+     * the JNDI Context at the base under which ou=applications can be found
+     */
     private DirContext ctx;
     /** the profile for the admin user with all rights in all roles */
-    private Profile adminProfile;
+//    private Profile adminProfile;
 
 
     /**
      * Creates an instance of the LDAP ApplicationPolicyStore.
      *
-     * @param ctx the base context under which ou=applications and ou=users can be found
+     * @param ctx  the base context under which ou=applications and ou=users can be found
      * @param info additional information needed to
      * @throws GuardianException if failures are encountered while loading objects from the backing store
      */
-    public LdapApplicationPolicy( DirContext ctx, Properties info ) throws GuardianException
-    {
-        if ( ctx == null )
-        {
-            throw new NullPointerException( "ctx cannot be null" );
+    public LdapApplicationPolicy(DirContext ctx, Properties info) throws GuardianException {
+        if (ctx == null) {
+            throw new NullPointerException("ctx cannot be null");
         }
-            
+
         this.ctx = ctx;
-        
+
         // extract the applicationName from the applicationPrincipalDN
-        applicationName = getApplicationName( info.getProperty( "applicationPrincipalDN" ) );
+        applicationName = getApplicationName(info.getProperty("applicationPrincipalDN"));
 
         StringBuffer buf = new StringBuffer();
-        buf.append( "appName=" );
-        buf.append( applicationName );
-        buf.append( ",ou=applications" );
+        buf.append("appName=");
+        buf.append(applicationName);
+        buf.append(",ou=applications");
         baseRdn = buf.toString();
-        
+
         // load the set of permissions associated with this application
-        loadPermissions();
+//        loadPermissions();
 
         // load the set of roles associated with this application
         loadRoles();
-        
+
         // setup the administrator with all permissions and roles
-        adminProfile = new Profile( this, "admin", "admin", roles, permissions, 
-            new Permissions( applicationName, new Permission[0] ), false );
+//        adminProfile = new Profile( this, "admin", "admin", roles, null,
+//            new Permissions(), false );
 
-        try
-        {
-            Attributes appAttrs = this.ctx.getAttributes( baseRdn );
-            Attribute descriptionAttr = appAttrs.get( "description" );
+        try {
+            Attributes appAttrs = this.ctx.getAttributes(baseRdn);
+            Attribute descriptionAttr = appAttrs.get("description");
 
-            if ( descriptionAttr == null || descriptionAttr.size() == 0 )
-            {
+            if (descriptionAttr == null || descriptionAttr.size() == 0) {
                 description = null;
-            }
-            else
-            {
-                description = ( String ) descriptionAttr.get();
+            } else {
+                description = (String) descriptionAttr.get();
             }
         }
-        catch ( NamingException e )
-        {
-            log.error( "failed to read application entry: appName=" + applicationName + ",ou=applications" );
+        catch (NamingException e) {
+            log.error("failed to read application entry: appName=" + applicationName + ",ou=applications");
         }
-        
+
         initializeNotifications();
     }
 
-    
-    private boolean initializeNotifications()
-    {
+
+    private boolean initializeNotifications() {
         // attempt to get an event context and register for notifications
         SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        try
-        {
-            EventDirContext eventContext = ( EventDirContext ) ctx.lookup( "" );
-            eventContext.addNamingListener( baseRdn, "(objectClass=*)", controls, new JndiListener() );
+        controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+        try {
+            EventDirContext eventContext = (EventDirContext) ctx.lookup("");
+            eventContext.addNamingListener(baseRdn, "(objectClass=*)", controls, new JndiListener());
             return true;
         }
-        catch ( NamingException e )
-        {
-            log.error( "Failed to register listener for event context: " +
-                    "change notifications will not be recieved.", e );
+        catch (NamingException e) {
+            log.error("Failed to register listener for event context: " +
+                    "change notifications will not be received.", e);
             return false;
         }
     }
 
-    
-    private Role getRoleFromStore( String roleName ) throws NamingException
-    {
-        SearchControls ctrls = new SearchControls();
-        ctrls.setReturningAttributes( new String[] { "roleName", "grants" } );
-        ctrls.setSearchScope( SearchControls.OBJECT_SCOPE );
-
-        StringBuffer buf = new StringBuffer();
-        buf.append( "roleName=" );
-        buf.append( roleName );
-        buf.append( ",ou=roles," );
-        buf.append( baseRdn );
-        
-        try
-        {
-            NamingEnumeration list = ctx.search( buf.toString(), "(objectClass=policyRole)", ctrls );
-            if ( list.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) list.next();
-                Role role = getRole( result.getAttributes() );
-                log.debug( "fetching role '" + role.getName() + "' for application '" + applicationName + "'" );
-                return role;
-            }
-            
-            return null;
-        }
-        catch ( NamingException e )
-        {
-            String msg = "Failed on search to find roles for application " + applicationName;
-            log.error( msg, e );
-            throw new GuardianException( msg, e );
-        }
-    }
-    
-    
     /**
-     * 
      * @throws GuardianException
      */
-    private void loadRoles() throws GuardianException
-    {
-        Set roleSet = new HashSet();
+    private void loadRoles() throws GuardianException {
+        Set<Role> roleSet = new HashSet<Role>();
         SearchControls ctrls = new SearchControls();
-        ctrls.setReturningAttributes( new String[] { "roleName", "grants" } );
-        ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-
-        try
-        {
-            NamingEnumeration list = ctx.search( "ou=roles," + baseRdn,
-                    "(objectClass=policyRole)", ctrls );
-            while ( list.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) list.next();
-                Role role = getRole( result.getAttributes() );
-                roleSet.add( role );
-                log.debug( "loading role '" + role.getName() + "' for application '" + applicationName + "'" );
+        ctrls.setReturningAttributes(new String[]{"roleName"});
+        ctrls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+        ClassLoader loader = Thread.currentThread().getContextClassLoader();
+
+        try {
+            String rdn = "ou=roles," + baseRdn;
+            NamingEnumeration list = ctx.search(rdn,
+                    "(objectClass=policyRole)", ctrls);
+            while (list.hasMore()) {
+                SearchResult result = (SearchResult) list.next();
+                Role role = getRole(result.getAttributes(), rdn, loader);
+                roleSet.add(role);
+                log.debug("loading role '" + role.getName() + "' for application '" + applicationName + "'");
             }
         }
-        catch ( NamingException e )
-        {
+        catch (NamingException e) {
             String msg = "Failed on search to find roles for application " + applicationName;
-            log.error( msg, e );
-            throw new GuardianException( msg, e );
+            log.error(msg, e);
+            throw new GuardianException(msg, e);
         }
 
         Role[] roleArray = new Role[roleSet.size()];
-        roleArray = ( Role[] ) roleSet.toArray( roleArray );
-        this.roles = new Roles( applicationName, roleArray );
+        roleArray = roleSet.toArray(roleArray);
+        this.roles = new Roles(applicationName, roleArray);
     }
 
 
-    private void loadPermissions() throws GuardianException
-    {
-        Set permSet = new HashSet();
-        SearchControls ctrls = new SearchControls();
-        ctrls.setReturningAttributes( new String[] { "permName" } );
-        ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-
-        try
-        {
-            NamingEnumeration list = ctx.search( "ou=permissions," + baseRdn,
-                    "(objectClass=policyPermission)", ctrls );
-            while ( list.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) list.next();
-                String permName = ( String ) result.getAttributes().get( "permName" ).get();
-                Permission perm = getPermission( result.getAttributes() );
-                log.debug( "loading permission " + permName + " for application " + applicationName );
-                permSet.add( perm );
-            }
-        }
-        catch ( NamingException e )
-        {
-            String msg = "Failed on search to find permissions for application " + applicationName;
-            log.error( msg, e );
-            throw new GuardianException( msg, e );
-        }
-
-        Permission[] permArray = new Permission[permSet.size()];
-        permArray = ( Permission[] ) permSet.toArray( permArray );
-        this.permissions = new Permissions( applicationName, permArray );
-    }
-    
-    
-    private Permission getPermission( Attributes attrs ) throws NamingException
-    {
-        Permission perm;
-        String permName = ( String ) attrs.get( "permName" ).get();
-        Attribute description = attrs.get( "description" );
-        if ( description != null )
-        {
-            perm = new Permission( applicationName, permName, ( String ) description.get() );
-        }
-        else
-        {
-            perm = new Permission( applicationName, permName );
-        }
-        return perm;
-    }
-
-
-    public String getApplicationName()
-    {
+    public String getApplicationName() {
         return this.applicationName;
     }
 
 
-    public String getDescription()
-    {
+    public String getDescription() {
         return this.description;
     }
 
 
-    public Roles getRoles()
-    {
+    public Roles getRoles() {
         return this.roles;
     }
 
 
-    public Permissions getPermissions()
-    {
-        return permissions;
-    }
-
-    
-    private Role getRole( Attributes attrs ) throws NamingException
-    {
-        String roleName = ( String ) attrs.get( "roleName" ).get();
-        Set permSet = new HashSet();
-        Attribute attributes = attrs.get( "grants" );
-
-        if ( attributes != null )
-        {
-            NamingEnumeration grantsEnumeration = attrs.get( "grants" ).getAll();
-            while ( grantsEnumeration.hasMore() )
-            {
-                String permName = ( String ) grantsEnumeration.next();
-                permSet.add( permissions.get( permName ) );
-                log.debug( "granting permission '" + permName + "' to role '" + roleName
-                        + " in application '" + applicationName + "'" );
-            }
-        }
-        Permission[] permArray = new Permission[permSet.size()];
-        Permissions grants = new Permissions( applicationName, ( Permission[] ) permSet.toArray( permArray ) );
+    private Role getRole(Attributes attrs, String rdn, ClassLoader loader) throws NamingException {
+        String roleName = (String) attrs.get("roleName").get();
+
+        Permissions grants = new Permissions();
+        Permissions denials = new Permissions();
+
+        String roleRdn = "roleName=" + roleName + "," + rdn;
+
+        addToPermissions(roleRdn, loader, grants, denials);
 
-        Attribute description = attrs.get( "description" );
+        Attribute description = attrs.get("description");
         Role role;
-        if ( description == null || description.size() == 0 )
-        {
-            role = new Role( this, roleName, grants );
-        }
-        else
-        {
-            role = new Role( this, roleName, grants, ( String ) description.get() );
+        if (description == null || description.size() == 0) {
+            role = new Role(this, roleName, grants, denials);
+        } else {
+            role = new Role(this, roleName, grants, denials, (String) description.get());
         }
         return role;
     }
-    
 
-    private static boolean parseBoolean( String bool )
-    {
-        if ( bool.equals( "true" ) )
-        {
-            return true;
+    private void addToPermissions(String roleRdn, ClassLoader loader, Permissions grants, Permissions denials) throws NamingException {
+        SearchControls classCtrls = new SearchControls();
+        classCtrls.setReturningAttributes(new String[]{"permClassName"});
+        classCtrls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+
+        SearchControls grantCtrls = new SearchControls();
+        grantCtrls.setReturningAttributes(new String[]{"grant", "action"});
+        grantCtrls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+
+        SearchControls denyCtrls = new SearchControls();
+        denyCtrls.setReturningAttributes(new String[]{"deny", "action"});
+        denyCtrls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+
+        for (NamingEnumeration classes = ctx.search(roleRdn,
+                "(objectClass=permClass)", classCtrls); classes.hasMore();) {
+            SearchResult classResult = (SearchResult) classes.next();
+            Attributes classAttrs = classResult.getAttributes();
+            String className = (String) classAttrs.get("permClassName").get();
+            Class permissionClass;
+            try {
+                permissionClass = Class.forName(className, true, loader);
+            } catch (ClassNotFoundException e) {
+                throw new NamingException("Could not load permission class " + className + " in classloader " + loader);
+            }
+            Constructor<Permission> twoargs = null;
+            try {
+                twoargs = permissionClass.getConstructor(String.class, String.class);
+            } catch (NoSuchMethodException e) {
+                //ignore
+            }
+            Constructor<Permission> onearg = null;
+            try {
+                onearg = permissionClass.getConstructor(String.class);
+            } catch (NoSuchMethodException e) {
+                //ignore
+            }
+            String classRdn = "permClassName=" + className + "," + roleRdn;
+
+            addToPermissions(classRdn, "(objectClass=permGrant)", grantCtrls, className, grants, twoargs, onearg);
+            addToPermissions(classRdn, "(objectClass=denyGrant)", denyCtrls, className, denials, twoargs, onearg);
+
         }
-        
-        return false;
     }
 
-    
-    private Profile getProfile( Attributes attrs ) throws NamingException
-    {
-        Permissions grants;
-        Permissions denials;
+    private void addToPermissions(String classRdn, String grantDenyObjectClass, SearchControls grantCtrls, String className, Permissions grants, Constructor<Permission> twoargs, Constructor<Permission> onearg) throws NamingException {
+        for (NamingEnumeration grantList = ctx.search(classRdn,
+                grantDenyObjectClass, grantCtrls); grantList.hasMore();) {
+            SearchResult grantResult = (SearchResult) grantList.next();
+            Attributes grantAttrs = grantResult.getAttributes();
+            String name = (String) grantAttrs.get("grant").get();
+            Attribute actionAttr = grantAttrs.get("action");
+            if (actionAttr != null) {
+                if (twoargs == null) {
+                    throw new NamingException("No two-arg constructors on permission class " + className);
+                }
+                for (NamingEnumeration actionList = actionAttr.getAll(); actionList.hasMore(); ) {
+                    String action = (String) actionList.next();
+                    try {
+                        grants.add(twoargs.newInstance(name, action));
+                    } catch (Exception e) {
+                        throw (NamingException)new NamingException("could not create permission: class " + className + " name: " + name + " action: " + action).initCause(e);
+                    }
+                }
+            } else {
+                //try for a 1-arg permission constructor
+                if (onearg != null) {
+                    try {
+                        grants.add(onearg.newInstance(name));
+                    } catch (Exception e) {
+                        throw (NamingException)new NamingException("could not create permission: class " + className + " name: " + name).initCause(e);
+                    }
+                } else if (twoargs != null) {
+                    try {
+                        grants.add(twoargs.newInstance(name, null));
+                    } catch (Exception e) {
+                        throw (NamingException)new NamingException("could not create permission: class " + className + " name: " + name + " action: <null>").initCause(e);
+                    }
+                } else {
+                    throw new NamingException("No usable constructors on permission class " + className);
+                }
+            }
+        }
+    }
+
+
+    private static boolean parseBoolean(String bool) {
+        return bool.equals("true");
+
+    }
+
+
+    private Profile getProfile(Attributes attrs, String rdn) throws NamingException {
+        ClassLoader loader = Thread.currentThread().getContextClassLoader();
+        Permissions grants = new Permissions();
+        Permissions denials = new Permissions();
         Roles roles;
         String profileId;
         String userName;
         boolean disabled = false;
-        
-        Attribute profileIdAttr = attrs.get( "profileId" );
-        if ( profileIdAttr == null )
-        {
+
+        Attribute profileIdAttr = attrs.get("profileId");
+        if (profileIdAttr == null) {
             return null;
-        }
-        else 
-        {
-            profileId = ( String ) profileIdAttr.get();
+        } else {
+            profileId = (String) profileIdAttr.get();
         }
 
-        Attribute userAttr = attrs.get( "user" );
-        if ( userAttr == null )
-        {
+        Attribute userAttr = attrs.get("user");
+        if (userAttr == null) {
             return null;
-        }
-        else 
-        {
-            userName = ( String ) userAttr.get();
+        } else {
+            userName = (String) userAttr.get();
         }
 
-        Attribute disabledAttr = attrs.get( "safehausDisabled" );
-        if ( disabledAttr != null )
-        {
-            disabled = parseBoolean( ( ( String ) disabledAttr.get() ).toLowerCase() );
+        Attribute disabledAttr = attrs.get("safehausDisabled");
+        if (disabledAttr != null) {
+            disabled = parseBoolean(((String) disabledAttr.get()).toLowerCase());
         }
 
-        // -------------------------------------------------------------------------------
-        // process and assemble the profile's granted permissions
-        // -------------------------------------------------------------------------------
-
-        Attribute grantsAttribute = attrs.get( "grants" );
-        if ( grantsAttribute != null )
-        {
-            Set grantsSet = new HashSet();
-            NamingEnumeration grantsEnumeration = grantsAttribute.getAll();
-            while ( grantsEnumeration.hasMore() )
-            {
-                String grantedPermName = ( String ) grantsEnumeration.next();
-                grantsSet.add( this.permissions.get( grantedPermName ) );
-            }
-            Permission[] grantsArray = new Permission[grantsSet.size()];
-            grants = new Permissions( applicationName, ( Permission[] ) grantsSet.toArray( grantsArray ) );
-        }
-        else
-        {
-            grants = new Permissions( applicationName, new Permission[0] );
-        }
-
-        // -------------------------------------------------------------------------------
-        // process and assemble the profile's granted permissions
-        // -------------------------------------------------------------------------------
-
-        Attribute denialsAttribute = attrs.get( "denials" );
-        if ( denialsAttribute != null )
-        {
-            Set denialsSet = new HashSet();
-            NamingEnumeration denialsEnumeration = denialsAttribute.getAll();
-            while ( denialsEnumeration.hasMore() )
-            {
-                String deniedPermName = ( String ) denialsEnumeration.next();
-                denialsSet.add( this.permissions.get( deniedPermName ) );
-            }
-            Permission[] denialsArray = new Permission[denialsSet.size()];
-            denials = new Permissions( applicationName, ( Permission[] ) denialsSet.toArray( denialsArray ) );
-        }
-        else
-        {
-            denials = new Permissions( applicationName, new Permission[0] );
-        }
+        addToPermissions(rdn, loader, grants, denials);
 
         // -------------------------------------------------------------------------------
         // process and assemble the profile's assigned roles
         // -------------------------------------------------------------------------------
 
-        Attribute rolesAttribute = attrs.get( "roles" );
-        if ( rolesAttribute != null )
-        {
-            Set rolesSet = new HashSet();
+        Attribute rolesAttribute = attrs.get("roles");
+        if (rolesAttribute != null) {
+            Set<Role> rolesSet = new HashSet<Role>();
             NamingEnumeration rolesEnumeration = rolesAttribute.getAll();
-            while ( rolesEnumeration.hasMore() )
-            {
-                String assignedRoleName = ( String ) rolesEnumeration.next();
-                rolesSet.add( this.roles.get( assignedRoleName ) );
+            while (rolesEnumeration.hasMore()) {
+                String assignedRoleName = (String) rolesEnumeration.next();
+                rolesSet.add(this.roles.get(assignedRoleName));
             }
             Role[] rolesArray = new Role[rolesSet.size()];
-            roles = new Roles( applicationName, ( Role[] ) rolesSet.toArray( rolesArray ) );
-        }
-        else
-        {
-            roles = new Roles( applicationName, new Role[0] );
+            roles = new Roles(applicationName, rolesSet.toArray(rolesArray));
+        } else {
+            roles = new Roles(applicationName, new Role[0]);
         }
 
-        Attribute description = attrs.get( "description" );
+        Attribute description = attrs.get("description");
         Profile profile;
 
-        if ( description == null || description.size() == 0 )
-        {
-            profile = new Profile( this, profileId, userName, roles, grants, denials, disabled );
-        }
-        else
-        {
-            profile = new Profile( this, profileId, userName, roles, grants, 
-                denials, ( String ) description.get(), disabled );
+        if (description == null || description.size() == 0) {
+            profile = new Profile(this, profileId, userName, roles, grants, denials, disabled);
+        } else {
+            profile = new Profile(this, profileId, userName, roles, grants,
+                    denials, (String) description.get(), disabled);
         }
-        
+
         return profile;
     }
-    
 
-    public Profile getProfile( String profileId )
-    {
-        if ( ctx == null )
-        {
-            throw new IllegalStateException( "This ApplicationProfileStore has been closed." );
-        }
 
-        if ( profileId.equals( "admin" ) )
-        {
-            return adminProfile;
+    public Profile getProfile(String profileId) {
+        if (ctx == null) {
+            throw new IllegalStateException("This ApplicationProfileStore has been closed.");
         }
-        
+
+//        if ( profileId.equals( "admin" ) )
+//        {
+//            return adminProfile;
+//        }
+
         /*
-         * Searching via one level scope for a profile is better than base scope lookups because
-         * if the profile is not present search will not fail but return zero entries.  Base scope
-         * searches will raise an exception since the search base will be missing.  Plus profileId
-         * shall be indexed by default.
-         */
+        * Searching via one level scope for a profile is better than base scope lookups because
+        * if the profile is not present search will not fail but return zero entries.  Base scope
+        * searches will raise an exception since the search base will be missing.  Plus profileId
+        * shall be indexed by default.
+        */
         SearchControls ctrls = new SearchControls();
-        ctrls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        ctrls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
 
         NamingEnumeration list = null;
-        try
-        {
-            list = ctx.search( "ou=profiles," + baseRdn, "(profileId=" + profileId + ")", ctrls );
-            if ( list.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) list.next();
-                Profile profile = getProfile( result.getAttributes() );
-
-                if ( log.isDebugEnabled() )
-                {
-                    log.debug( "loaded profile '" + profileId + "' in application '" + applicationName + "'" );
+        try {
+            list = ctx.search("ou=profiles," + baseRdn, "(profileId=" + profileId + ")", ctrls);
+            if (list.hasMore()) {
+                SearchResult result = (SearchResult) list.next();
+                String rdn = "profileId=" + profileId + ",ou=profiles," + baseRdn;
+                Profile profile = getProfile(result.getAttributes(), rdn);
+
+                if (log.isDebugEnabled()) {
+                    log.debug("loaded profile '" + profileId + "' in application '" + applicationName + "'");
                 }
 
                 return profile;
-            }
-            else
-            {
-                if ( log.isInfoEnabled() )
-                {
-                    log.info( "Profile search for profileId '" + profileId + "' in application '"
-                            + applicationName + "' failed to return an entry." );
+            } else {
+                if (log.isInfoEnabled()) {
+                    log.info("Profile search for profileId '" + profileId + "' in application '"
+                            + applicationName + "' failed to return an entry.");
                 }
 
                 return null;
             }
         }
-        catch ( NamingException e )
-        {
+        catch (NamingException e) {
             String msg = "Failed on search to find profile for profileId '" + profileId + "' in '" + applicationName + "'";
-            log.error( msg, e );
-            throw new GuardianException( msg, e );
+            log.error(msg, e);
+            throw new GuardianException(msg, e);
         }
-        finally
-        {
-            if ( list != null )
-            {
-                try
-                {
+        finally {
+            if (list != null) {
+                try {
                     list.close();
                 }
-                catch ( NamingException e )
-                {
-                    log.error( "Failed to close NamingEnumeration after profile search." );
+                catch (NamingException e) {
+                    log.error("Failed to close NamingEnumeration after profile search.");
                 }
             }
         }
     }
 
 
-    public void close() throws GuardianException
-    {
-        if ( ctx == null )
-        {
+    public void close() throws GuardianException {
+        if (ctx == null) {
             return;
         }
-        
-        try
-        {
+
+        try {
             ctx.close();
             ctx = null;
         }
-        catch ( NamingException e )
-        {
-            log.error( "Encountered failure while trying to close JNDI context of store", e );
+        catch (NamingException e) {
+            log.error("Encountered failure while trying to close JNDI context of store", e);
         }
     }
 
 
-    static String getApplicationName( String principalDN )
-    {
-        String rdn = principalDN.split( "," )[0].trim();
-        String[] rdnPair = rdn.split( "=" );
+    static String getApplicationName(String principalDN) {
+        String rdn = principalDN.split(",")[0].trim();
+        String[] rdnPair = rdn.split("=");
 
-        if ( ! rdnPair[0].trim().equalsIgnoreCase( "appName" ) )
-        {
-            throw new IllegalArgumentException( "Application principal name '" + principalDN
-                    + "' is not an application DN" );
+        if (! rdnPair[0].trim().equalsIgnoreCase("appName")) {
+            throw new IllegalArgumentException("Application principal name '" + principalDN
+                    + "' is not an application DN");
         }
 
         return rdnPair[1].trim();
     }
 
-    
-    private List listeners = new ArrayList();
-    
 
-    public boolean removePolicyListener( PolicyChangeListener listener )
-    {
-        return listeners.remove( listener );
+    private List<PolicyChangeListener> listeners = new ArrayList<PolicyChangeListener>();
+
+
+    public boolean removePolicyListener(PolicyChangeListener listener) {
+        return listeners.remove(listener);
     }
 
 
-    public boolean addPolicyListener( PolicyChangeListener listener )
-    {
-        if ( listeners.contains( listener ) )
-        {
+    public boolean addPolicyListener(PolicyChangeListener listener) {
+        if (listeners.contains(listener)) {
             return false;
         }
-        
-        listeners.add( listener );
+
+        listeners.add(listener);
         return true;
     }
 
 
-    public Set getDependentProfileNames( Role role ) throws GuardianException
-    {
+    public Set<String> getDependentProfileNames(Role role) throws GuardianException {
         SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-        controls.setReturningAttributes( PROF_ID );
-        
+        controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+        controls.setReturningAttributes(PROF_ID);
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        Set profiles = new HashSet();
-        profiles.add( "admin" );
-        
+        Set<String> profiles = new HashSet<String>();
+        profiles.add("admin");
+
         StringBuffer filter = new StringBuffer();
-        filter.append( "(& (objectClass=policyProfile) (roles=" );
-        filter.append( role.getName() );
-        filter.append( ") )" );
-        
-        try
-        {
-            results = ctx.search( baseProfilesRdn, filter.toString(), controls );
-            while ( results.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) results.next();
-                
-                if ( result.getAttributes().get( "profileId" ) != null )
-                {
-                    profiles.add( result.getAttributes().get( "profileId" ).get() );
+        filter.append("(& (objectClass=policyProfile) (roles=");
+        filter.append(role.getName());
+        filter.append(") )");
+
+        try {
+            NamingEnumeration results = ctx.search(baseProfilesRdn, filter.toString(), controls);
+            while (results.hasMore()) {
+                SearchResult result = (SearchResult) results.next();
+
+                Attribute profileIdAttribute = result.getAttributes().get("profileId");
+                if (profileIdAttribute != null) {
+                    profiles.add((String) profileIdAttribute.get());
                 }
             }
         }
-        catch ( NamingException e )
-        {
-            throw new GuardianException( "Failed to lookup profiles dependent on role '" + 
-                role.getName() + "' while searching the directory" );
+        catch (NamingException e) {
+            throw new GuardianException("Failed to lookup profiles dependent on role '" +
+                    role.getName() + "' while searching the directory");
         }
-        
+
         return profiles;
     }
 
-    
-    public Set getDependentProfileNames( Permission permission ) throws GuardianException
-    {
+
+    public Set<String> getDependentProfileNames(StringPermission permission) throws GuardianException {
         SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-        controls.setReturningAttributes( PROF_ID );
-        
+        controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+        controls.setReturningAttributes(PROF_ID);
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        Set profiles = new HashSet();
-        profiles.add( "admin" );
-        
+        Set<String> profiles = new HashSet<String>();
+        profiles.add("admin");
+
         StringBuffer filter = new StringBuffer();
-        filter.append( "(& (objectClass=policyProfile) (| (grants=" );
-        filter.append( permission.getName() );
-        filter.append( ") (denials=" );
-        filter.append( permission.getName() );
-        filter.append( ") ) )" );
-        
-        try
-        {
-            results = ctx.search( baseProfilesRdn, filter.toString(), controls );
-            while ( results.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) results.next();
-                
-                if ( result.getAttributes().get( "profileId" ) != null )
-                {
-                    profiles.add( result.getAttributes().get( "profileId" ).get() );
+        filter.append("(& (objectClass=policyProfile) (| (grants=");
+        filter.append(permission.getName());
+        filter.append(") (denials=");
+        filter.append(permission.getName());
+        filter.append(") ) )");
+
+        try {
+            NamingEnumeration results = ctx.search(baseProfilesRdn, filter.toString(), controls);
+            while (results.hasMore()) {
+                SearchResult result = (SearchResult) results.next();
+
+                Attribute profileIdAttribute = result.getAttributes().get("profileId");
+                if (profileIdAttribute != null) {
+                    profiles.add((String) profileIdAttribute.get());
                 }
             }
         }
-        catch ( NamingException e )
-        {
-            throw new GuardianException( "Failed to lookup profiles dependent on permission '" + 
-                permission.getName() + "' while searching the directory" );
+        catch (NamingException e) {
+            throw new GuardianException("Failed to lookup profiles dependent on permission '" +
+                    permission.getName() + "' while searching the directory");
         }
-        
+
         return profiles;
     }
 
-    
-    private boolean hasObjectClass( Attribute oc, String value ) throws NamingException
-    {
-        if ( oc == null )
-        {
-            throw new NullPointerException( "expecting non-null object class (oc arg)" );
-        }
-        
-        if ( value == null )
-        {
-            throw new NullPointerException( "expecting non-null object class value (value arg)" );
+
+    private boolean hasObjectClass(Attribute oc, String value) throws NamingException {
+        if (oc == null) {
+            throw new NullPointerException("expecting non-null object class (oc arg)");
         }
-        
+
+        if (value == null) {
+            throw new NullPointerException("expecting non-null object class value (value arg)");
+        }
+
         NamingEnumeration all = oc.getAll();
-        while( all.hasMore() )
-        {
-            String candidate = ( String ) all.next();
-            if ( candidate.equalsIgnoreCase( value ) )
-            {
+        while (all.hasMore()) {
+            String candidate = (String) all.next();
+            if (candidate.equalsIgnoreCase(value)) {
                 return true;
             }
         }
-        
+
         return false;
     }
-    
+
 
     /**
      * An event transducer that converts JNDI notifications of change into
-     * Guardian policy change notifications.  
+     * Guardian policy change notifications.
      */
-    class JndiListener implements ObjectChangeListener, NamespaceChangeListener
-    {
-        private void logEvent( NamingEvent evt, Attributes entry )
-        {
-            if ( log.isDebugEnabled() )
-            {
+    class JndiListener implements ObjectChangeListener, NamespaceChangeListener {
+        private void logEvent(NamingEvent evt, Attributes entry) {
+            if (log.isDebugEnabled()) {
                 StringBuffer buf = new StringBuffer();
-                buf.append( "objectChanged(evt): " ).append( evt ).append( "\n" );
-                buf.append( "\ttype          = " ).append( evt.getType() ).append( "\n" );
-                buf.append( "\tchangeInfo    = " ).append( evt.getChangeInfo() ).append( "\n" );
-                buf.append( "\teventContext  = " ).append( evt.getEventContext() ).append( "\n" );
-                buf.append( "\tnewBinding    = " ).append( evt.getNewBinding() ).append( "\n" );
-                buf.append( "\toldBinding    = " ).append( evt.getOldBinding() ).append( "\n" );
-                buf.append( "\tsource        = " ).append( evt.getSource() ).append( "\n" );
-                if ( entry == null )
-                {
-                    buf.append( "\tentry     = " ).append( "null" ).append( "\n" );
-                }
-                else
-                {
-                    buf.append( "\tentry     = " ).append( entry ).append( "\n" );
-                }
-                log.debug( buf.toString() );
-                
-                if ( evt.getNewBinding() != null )
-                {
-                    log.debug( "Binding Class = " + evt.getNewBinding().getClass() );
+                buf.append("objectChanged(evt): ").append(evt).append("\n");
+                buf.append("\ttype          = ").append(evt.getType()).append("\n");
+                buf.append("\tchangeInfo    = ").append(evt.getChangeInfo()).append("\n");
+                buf.append("\teventContext  = ").append(evt.getEventContext()).append("\n");
+                buf.append("\tnewBinding    = ").append(evt.getNewBinding()).append("\n");
+                buf.append("\toldBinding    = ").append(evt.getOldBinding()).append("\n");
+                buf.append("\tsource        = ").append(evt.getSource()).append("\n");
+                if (entry == null) {
+                    buf.append("\tentry     = ").append("null").append("\n");
+                } else {
+                    buf.append("\tentry     = ").append(entry).append("\n");
+                }
+                log.debug(buf.toString());
+
+                if (evt.getNewBinding() != null) {
+                    log.debug("Binding Class = " + evt.getNewBinding().getClass());
                 }
             }
         }
 
-        public void objectChanged( NamingEvent evt )
-        {
-            SearchResult result = null;
+        public void objectChanged(NamingEvent evt) {
+            SearchResult result;
             Attributes entry = null;
-            Attribute oc = null;
-            
+            Attribute oc;
+
             /*
-             * Workaround until https://issues.apache.org/jira/browse/DIRSERVER-587 
-             * is fixed.  We simply lookup the object on the server rather than use
-             * the attributes delivered to us.
-             */
-            result = ( SearchResult ) evt.getNewBinding();
+            * Workaround until https://issues.apache.org/jira/browse/DIRSERVER-587
+            * is fixed.  We simply lookup the object on the server rather than use
+            * the attributes delivered to us.
+            */
+            result = (SearchResult) evt.getNewBinding();
             String name = result.getName();
-            
-            if ( name.indexOf( applicationName ) == -1 )
-            {
-                if ( log.isWarnEnabled() )
-                {
-                    log.warn( "Entry '" + name + "' ignored! " +
-                            "It is not specific to the application: " + applicationName );
+
+            if (name.indexOf(applicationName) == -1) {
+                if (log.isWarnEnabled()) {
+                    log.warn("Entry '" + name + "' ignored! " +
+                            "It is not specific to the application: " + applicationName);
                 }
                 return;
             }
-            
-            try
-            {
-                entry = ctx.getAttributes( name );
-            }
-            catch ( NamingException e1 )
-            {
-                log.error( "Cannot deliver policy change notification.  " +
-                        "Failed to lookup entry attributes for " + name, e1 );
-            }
-
-            logEvent( evt, entry );
-            oc = entry.get( "objectClass" );
-            
-            try
-            {
-                if ( hasObjectClass( oc, "policyApplication" ) )
-                {
-                    log.info( "Received notification that the policyApplication has changed." );
+
+            try {
+                entry = ctx.getAttributes(name);
+            }
+            catch (NamingException e1) {
+                log.error("Cannot deliver policy change notification.  " +
+                        "Failed to lookup entry attributes for " + name, e1);
+            }
+
+            logEvent(evt, entry);
+            oc = entry.get("objectClass");
+
+            try {
+                if (hasObjectClass(oc, "policyApplication")) {
+                    log.info("Received notification that the policyApplication has changed.");
                     return;
                 }
-                
-                if ( hasObjectClass( oc, "policyPermission" ) )
-                {
-                    String permName = ( String ) entry.get( "permName" ).get();
-                    if ( log.isDebugEnabled() )
-                    {
-                        log.debug( "Received notification that a policyPermission " + permName + " has changed." );
+//                if ( hasObjectClass( oc, "policyPermission" ) )
+//                {
+//                    String permName = ( String ) entry.get( "permName" ).get();
+//                    if ( log.isDebugEnabled() )
+//                    {
+//                        log.debug( "Received notification that a policyPermission " + permName + " has changed." );
+//                    }
+
+                /*
+                * 1. Need to update/replace the permission itelf in Permissions.
+                * 2. Need to update/replace all roles that now depend on this permission in Roles.
+                * 3. Let user application know that the permission has changed.
+                */
+//                    Permissions permissions = LdapApplicationPolicy.this.permissions;
+                //TODO ummm, what exactly does this do?  AFAICT string permissions are equivalent if they have the same name.
+//                    StringPermission newPermission = getPermission( entry );
+//                    StringPermission oldPermission = permissions.get( newPermission.getName() );
+//                    StringPermission oldPermission =  newPermission;
+//                    Roles dependentRoles = LdapApplicationPolicy.this.roles.getDependentRoles( oldPermission );
+//                    Permissions newPermissions = new Permissions( applicationName, new StringPermission[] { newPermission } );
+//                    Permissions oldPermissions = new Permissions( applicationName, new StringPermission[] { oldPermission } );
+//                    permissions = PermissionsUtil.difference(permissions, oldPermissions );
+//                    permissions = PermissionsUtil.union(permissions, newPermissions );
+//                    LdapApplicationPolicy.this.permissions = permissions;
+//
+//                    List oldRoleList = new ArrayList();
+//                    List newRoleList = new ArrayList();
+//                    for ( Iterator ii = dependentRoles.iterator(); ii.hasNext(); /* */ )
+//                    {
+//                        Role oldRole = ( Role ) ii.next();
+//                        oldRoleList.add( oldRole );
+//
+//                        Role newRole = getRoleFromStore( oldRole.getName() );
+//                        newRoleList.add( newRole );
+//                    }
+//                    Role[] oldRolesArray = new Role[oldRoleList.size()];
+//                    oldRolesArray = ( Role[] ) oldRoleList.toArray( oldRolesArray );
+//                    Roles oldRoles = new Roles( applicationName, oldRolesArray );
+//                    Roles roles = LdapApplicationPolicy.this.roles;
+//                    roles = roles.removeAll( oldRoles );
+//
+//                    Role[] newRolesArray = new Role[newRoleList.size()];
+//                    newRolesArray = ( Role[] ) newRoleList.toArray( newRolesArray );
+//                    Roles newRoles = new Roles( applicationName, newRolesArray );
+//                    roles = roles.addAll( newRoles );
+
+//                    LdapApplicationPolicy.this.roles = roles;
+
+//                    for ( int ii = 0; ii < listeners.size(); ii++ )
+//                    {
+//                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
+//                        listener.permissionChanged( LdapApplicationPolicy.this, newPermission,
+//                            ChangeType.MODIFY );
+//                    }
+//                }
+                else if (hasObjectClass(oc, "policyRole")) {
+                    String roleName = (String) entry.get("roleName").get();
+
+                    if (log.isDebugEnabled()) {
+                        log.debug("Received notification that a policyRole " + roleName + " has changed.");
                     }
-                    
+
                     /*
-                     * 1. Need to update/replace the permission itelf in Permissions.
-                     * 2. Need to update/replace all roles that now depend on this permission in Roles.
-                     * 3. Let user application know that the permission has changed.
-                     */
-                    Permissions permissions = LdapApplicationPolicy.this.permissions;
-                    Permission newPermission = getPermission( entry );
-                    Permission oldPermission = permissions.get( newPermission.getName() );
-                    Roles dependentRoles = LdapApplicationPolicy.this.roles.getDependentRoles( oldPermission );
-                    Permissions newPermissions = new Permissions( applicationName, new Permission[] { newPermission } );
-                    Permissions oldPermissions = new Permissions( applicationName, new Permission[] { oldPermission } );
-                    permissions = permissions.removeAll( oldPermissions );
-                    permissions = permissions.addAll( newPermissions );
-                    LdapApplicationPolicy.this.permissions = permissions;
-                    
-                    List oldRoleList = new ArrayList();
-                    List newRoleList = new ArrayList();
-                    for ( Iterator ii = dependentRoles.iterator(); ii.hasNext(); /* */ )
-                    {
-                        Role oldRole = ( Role ) ii.next();
-                        oldRoleList.add( oldRole );
-                        
-                        Role newRole = getRoleFromStore( oldRole.getName() );
-                        newRoleList.add( newRole );
-                    }
-                    Role[] oldRolesArray = new Role[oldRoleList.size()];
-                    oldRolesArray = ( Role[] ) oldRoleList.toArray( oldRolesArray );
-                    Roles oldRoles = new Roles( applicationName, oldRolesArray );
+                    * 1. Need to update/replace the role itelf in Roles.
+                    * 2. Let user application know that the Role has changed.
+                    */
+                    //context class loader might be odd here..... maybe we need to register more cl???
+                    Role newRole = getRole(entry, name, Thread.currentThread().getContextClassLoader());
                     Roles roles = LdapApplicationPolicy.this.roles;
-                    roles = roles.removeAll( oldRoles );
-                    
-                    Role[] newRolesArray = new Role[newRoleList.size()];
-                    newRolesArray = ( Role[] ) newRoleList.toArray( newRolesArray );
-                    Roles newRoles = new Roles( applicationName, newRolesArray );
-                    roles = roles.addAll( newRoles );
-                    
+                    Roles oldRoles = new Roles(applicationName, new Role[]{roles.get(roleName)});
+                    roles = roles.removeAll(oldRoles);
+                    Roles newRoles = new Roles(applicationName, new Role[]{newRole});
+                    roles = roles.addAll(newRoles);
                     LdapApplicationPolicy.this.roles = roles;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionChanged( LdapApplicationPolicy.this, newPermission, 
-                            ChangeType.MODIFY );
-                    }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
-                {
-                    String roleName = ( String ) entry.get( "roleName" ).get();
-                    
-                    if ( log.isDebugEnabled() )
-                    {
-                        log.debug( "Received notification that a policyRole " + roleName + " has changed." );
-                    }
-                    
-                    /*
-                     * 1. Need to update/replace the role itelf in Roles.
-                     * 2. Let user application know that the Role has changed.
-                     */
 
-                    Role newRole = getRole( entry );
-                    Roles roles = LdapApplicationPolicy.this.roles;
-                    Roles oldRoles = new Roles( applicationName, new Role[] { roles.get( roleName ) } );
-                    roles = roles.removeAll( oldRoles );
-                    Roles newRoles = new Roles( applicationName, new Role[] { newRole } );
-                    roles = roles.addAll( newRoles );
-                    LdapApplicationPolicy.this.roles = roles;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleChanged( LdapApplicationPolicy.this, newRole, ChangeType.MODIFY );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleChanged(LdapApplicationPolicy.this, newRole, ChangeType.MODIFY);
                     }
-                }
-                else if ( hasObjectClass( oc, "policyProfile" ) )
-                {
-                    String profileId = ( String ) entry.get( "profileId" ).get();
-                    
-                    if ( log.isDebugEnabled() )
-                    {
-                        log.debug( "Received notification that a policyProfile " + profileId + " has changed." );
+                } else if (hasObjectClass(oc, "policyProfile")) {
+                    String profileId = (String) entry.get("profileId").get();
+
+                    if (log.isDebugEnabled()) {
+                        log.debug("Received notification that a policyProfile " + profileId + " has changed.");
                     }
-                    
+
                     /*
-                     * 1. Let user application know that the Profile has changed.
-                     */
-                    
-                    Profile profile = getProfile( entry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.MODIFY );
+                    * 1. Let user application know that the Profile has changed.
+                    */
+
+                    Profile profile = getProfile(entry, name);
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.MODIFY);
                     }
-                }
-                else 
-                {
-                    if ( log.isInfoEnabled() )
-                    {
-                        log.info( "Insignificant object type changed: " + entry );
+                } else {
+                    if (log.isInfoEnabled()) {
+                        log.info("Insignificant object type changed: " + entry);
                     }
                 }
 
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+//                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
+//                    new Permissions(), false );
             }
-            catch ( NamingException e )
-            {
-                log.error( "failed to handle a notification", e );
+            catch (NamingException e) {
+                log.error("failed to handle a notification", e);
             }
         }
 
-        public void namingExceptionThrown( NamingExceptionEvent evt )
-        {
-            log.error( "Detected naming exception event in JNDI listener.", evt.getException() );
+        public void namingExceptionThrown(NamingExceptionEvent evt) {
+            log.error("Detected naming exception event in JNDI listener.", evt.getException());
             boolean enabled = initializeNotifications();
-            if ( enabled )
-            {
-                log.info( "Re-enabled notifications" );
-            }
-            else
-            {
-                log.error( "Could not re-enable notifications.  Notifications will no longer be recieved." );
+            if (enabled) {
+                log.info("Re-enabled notifications");
+            } else {
+                log.error("Could not re-enable notifications.  Notifications will no longer be recieved.");
             }
         }
 
 
-        public void objectAdded( NamingEvent evt )
-        {
-            SearchResult result = ( SearchResult ) evt.getNewBinding();
+        public void objectAdded(NamingEvent evt) {
+            SearchResult result = (SearchResult) evt.getNewBinding();
             Attributes entry = result.getAttributes();
-            Attribute oc = entry.get( "objectClass" );
+            Attribute oc = entry.get("objectClass");
             String name = result.getName();
-            logEvent( evt, entry );
-            
-            if ( name.indexOf( applicationName ) == -1 )
-            {
-                if ( log.isWarnEnabled() )
-                {
-                    log.warn( "Entry '" + name + "' ignored! " +
-                            "It is not specific to the application: " + applicationName );
+            logEvent(evt, entry);
+
+            if (name.indexOf(applicationName) == -1) {
+                if (log.isWarnEnabled()) {
+                    log.warn("Entry '" + name + "' ignored! " +
+                            "It is not specific to the application: " + applicationName);
                 }
                 return;
             }
-            
-            try
-            {
-                if ( hasObjectClass( oc, "policyPermission" ) )
-                {
-                    /*
-                     * 1. Need to add the permission to the permissions of the application
-                     * 2. Need to notify of the permission's addition to all listeners
-                     */
-                    Permission permission = getPermission( entry );
-                    Permissions permissions = LdapApplicationPolicy.this.permissions;
-                    permissions = permissions.addAll( new Permissions( applicationName, 
-                        new Permission[] { permission } ) );
-                    LdapApplicationPolicy.this.permissions = permissions;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionChanged( LdapApplicationPolicy.this, permission, ChangeType.ADD );
-                    }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
-                {
+
+            try {
+//                if ( hasObjectClass( oc, "policyPermission" ) )
+//                {
+                /*
+                * 1. Need to add the permission to the permissions of the application
+                * 2. Need to notify of the permission's addition to all listeners
+                */
+//                    StringPermission permission = getPermission( entry );
+//                    Permissions permissions = LdapApplicationPolicy.this.permissions;
+//                    permissions.add( permission  );
+//                    LdapApplicationPolicy.this.permissions = permissions;
+//
+//                    for (PolicyChangeListener listener : listeners) {
+//                        listener.permissionChanged(LdapApplicationPolicy.this, permission, ChangeType.ADD);
+//                    }
+//                }
+//                else
+                if (hasObjectClass(oc, "policyRole")) {
                     /*
                      * 1. Need to add the role to the roles of the application
                      * 2. Need to notify of the role's addition to all listeners
                      */
-                    Role role = getRole( entry );
-                    add( role );
+                    //TODO TCCL might be wrong.
+                    Role role = getRole(entry, name, Thread.currentThread().getContextClassLoader());
+                    add(role);
 
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleChanged( LdapApplicationPolicy.this, role, ChangeType.ADD );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.ADD);
                     }
-                }
-                else if ( hasObjectClass( oc, "policyProfile" ) )
-                {
+                } else if (hasObjectClass(oc, "policyProfile")) {
                     /*
                      * 1. Need to notify of the profile's addition to all listeners
                      */
-                    Profile profile = getProfile( entry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.ADD );
+                    Profile profile = getProfile(entry, name);
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.ADD);
                     }
-                }
-                else
-                {
-                    System.out.println( "Entry '" + name + "' ignored!" );
+                } else {
+                    System.out.println("Entry '" + name + "' ignored!");
                     return;
                 }
-                
+
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+//                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
+//                    new Permissions(), false );
             }
-            catch ( NamingException e )
-            {
-                log.error( "failed to handle an event", e );
+            catch (NamingException e) {
+                log.error("failed to handle an event", e);
             }
         }
 
 
-        public void objectRemoved( NamingEvent evt )
-        {
-            SearchResult result = ( SearchResult ) evt.getOldBinding();
+        public void objectRemoved(NamingEvent evt) {
+            SearchResult result = (SearchResult) evt.getOldBinding();
             Attributes entry = result.getAttributes();
-            Attribute oc = entry.get( "objectClass" );
+            Attribute oc = entry.get("objectClass");
             String name = result.getName();
-            logEvent( evt, entry );
-            
-            if ( name.indexOf( applicationName ) == -1 )
-            {
-                if ( log.isWarnEnabled() )
-                {
-                    System.out.println( "Entry '" + name + "' ignored! " +
-                            "It is not specific to the application: " + applicationName );
+            logEvent(evt, entry);
+
+            if (name.indexOf(applicationName) == -1) {
+                if (log.isWarnEnabled()) {
+                    System.out.println("Entry '" + name + "' ignored! " +
+                            "It is not specific to the application: " + applicationName);
                 }
                 return;
             }
-            
-            try
-            {
-                if ( hasObjectClass( oc, "policyPermission" ) )
-                {
-                    /*
-                     * 1. Need to remove the permission from the permissions of the application
-                     * 2. Need to notify of the permission's removal to all listeners
-                     */
-                    String profileId = ( String ) entry.get( "permName" ).get();
-                    Permissions permissions = LdapApplicationPolicy.this.permissions;
-                    Permission permission = permissions.get( profileId );
-                    permissions = permissions.removeAll( new Permissions( applicationName, 
-                        new Permission[] { permission } ) );
-                    LdapApplicationPolicy.this.permissions = permissions;
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionChanged( LdapApplicationPolicy.this, permission, ChangeType.DEL );
-                    }
-                }
-                else if ( hasObjectClass( oc, "policyRole" ) )
-                {
+
+            try {
+//                if ( hasObjectClass( oc, "policyPermission" ) )
+//                {
+                /*
+                * 1. Need to remove the permission from the permissions of the application
+                * 2. Need to notify of the permission's removal to all listeners
+                */
+//                    String profileId = ( String ) entry.get( "permName" ).get();
+//                    Permissions permissions = LdapApplicationPolicy.this.permissions;
+//                    StringPermission permission = new StringPermission(applicationName, profileId );
+//                    permissions = PermissionsUtil.remove(permissions, permission );
+//                    LdapApplicationPolicy.this.permissions = permissions;
+//
+//                    for (PolicyChangeListener listener : listeners) {
+//                        listener.permissionChanged(LdapApplicationPolicy.this, permission, ChangeType.DEL);
+//                    }
+//                }
+//                else
+                if (hasObjectClass(oc, "policyRole")) {
                     /*
                      * 1. Need to remove the role from the roles of the application
                      * 2. Need to notify of the role's removal to all listeners
                      */
-                    String roleName = ( String ) entry.get( "roleName" ).get();
-                    Role role = removeRole( roleName );
+                    String roleName = (String) entry.get("roleName").get();
+                    Role role = removeRole(roleName);
 
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleChanged( LdapApplicationPolicy.this, role, ChangeType.DEL );
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleChanged(LdapApplicationPolicy.this, role, ChangeType.DEL);
                     }
-                }
-                else if ( hasObjectClass( oc, "policyProfile" ) )
-                {
+                } else if (hasObjectClass(oc, "policyProfile")) {
                     /*
                      * 1. Need to notify of the profile's addition to all listeners
                      */
-                    Profile profile = getProfile( entry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileChanged( LdapApplicationPolicy.this, profile, ChangeType.DEL );
+                    Profile profile = getProfile(entry, name);
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileChanged(LdapApplicationPolicy.this, profile, ChangeType.DEL);
                     }
-                }
-                else
-                {
-                    System.out.println( "Entry '" + name + "' ignored!" );
+                } else {
+                    System.out.println("Entry '" + name + "' ignored!");
                     return;
                 }
 
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+//                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
+//                    new Permissions(), false );
             }
-            catch ( NamingException e )
-            {
-                log.error( "failed to process an event", e );
+            catch (NamingException e) {
+                log.error("failed to process an event", e);
             }
         }
 
 
-        public void objectRenamed( NamingEvent evt )
-        {
-            logEvent( evt, null );
+        public void objectRenamed(NamingEvent evt) {
+            logEvent(evt, null);
             /*
              * For permissions and roles we need to first remove the old object from 
              * the Permissions and Roles objects.  Then we need to add the new named
@@ -1070,206 +906,171 @@
              */
             String oldName = evt.getOldBinding().getName();
             String newName = evt.getNewBinding().getName();
-            Attributes newEntry = ( ( SearchResult ) evt.getNewBinding() ).getAttributes();
-            Attribute oc = newEntry.get( "objectClass" );
-            
-            if ( oldName.indexOf( applicationName ) == -1 )
-            {
-                if ( log.isWarnEnabled() )
-                {
-                    System.out.println( "Entry '" + oldName + "' ignored! " +
-                            "It is not specific to the application: " + applicationName );
+            Attributes newEntry = ((SearchResult) evt.getNewBinding()).getAttributes();
+            Attribute oc = newEntry.get("objectClass");
+
+            if (oldName.indexOf(applicationName) == -1) {
+                if (log.isWarnEnabled()) {
+                    System.out.println("Entry '" + oldName + "' ignored! " +
+                            "It is not specific to the application: " + applicationName);
                 }
                 return;
             }
-            
-            try
-            {
-                String oldProfileId = getRdn( oldName );
-                oldProfileId = getRdnValue( oldProfileId );
-                
-                if ( hasObjectClass( oc, "policyPermission" ) )
-                {
-                    removePermission( oldProfileId );
-                    Permission newPermission = getPermission( newEntry );
-                    add( newPermission );
-                    
-                    for ( int ii = 0; ii  < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.permissionRenamed( LdapApplicationPolicy.this, newPermission, oldProfileId );
-                    }
-                }            
-                else if ( hasObjectClass( oc, "policyRole" ) )
-                {
-                    removeRole( oldProfileId );
-                    Role newRole = getRole( newEntry );
-                    add( newRole );
-                    
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.roleRenamed( LdapApplicationPolicy.this, newRole, oldProfileId );
+
+            try {
+                String oldProfileId = getRdn(oldName);
+                oldProfileId = getRdnValue(oldProfileId);
+
+//                if ( hasObjectClass( oc, "policyPermission" ) )
+//                {
+//                    removePermission( oldProfileId );
+//                    StringPermission newPermission = getPermission( newEntry );
+//                    add( newPermission );
+//
+//                    for (PolicyChangeListener listener : listeners) {
+//                        listener.permissionRenamed(LdapApplicationPolicy.this, newPermission, oldProfileId);
+//                    }
+//                }
+//                else
+                if (hasObjectClass(oc, "policyRole")) {
+                    removeRole(oldProfileId);
+                    Role newRole = getRole(newEntry, newName, Thread.currentThread().getContextClassLoader());
+                    add(newRole);
+
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.roleRenamed(LdapApplicationPolicy.this, newRole, oldProfileId);
                     }
-                }
-                else if ( hasObjectClass( oc, "policyProfile" ) )
-                {
+                } else if (hasObjectClass(oc, "policyProfile")) {
                     /*
                      * 1. Need to notify of the profile's addition to all listeners
                      */
-                    Profile profile = getProfile( newEntry );
-                    for ( int ii = 0; ii < listeners.size(); ii++ )
-                    {
-                        PolicyChangeListener listener = ( PolicyChangeListener ) listeners.get( ii );
-                        listener.profileRenamed( LdapApplicationPolicy.this, profile, oldProfileId );
+                    Profile profile = getProfile(newEntry, newName);
+                    for (PolicyChangeListener listener : listeners) {
+                        listener.profileRenamed(LdapApplicationPolicy.this, profile, oldProfileId);
                     }
-                }
-                else
-                {
-                    System.out.println( "Rename of entry '" + oldName + "' to '" + newName + "' ignored!" );
+                } else {
+                    System.out.println("Rename of entry '" + oldName + "' to '" + newName + "' ignored!");
                     return;
                 }
 
                 // setup the administrator with all permissions and roles
-                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions, 
-                    new Permissions( applicationName, new Permission[0] ), false );
+//                adminProfile = new Profile( LdapApplicationPolicy.this, "admin", "admin", roles, permissions,
+//                    new Permissions(), false );
             }
-            catch ( NamingException e )
-            {
-                log.error( "failed to process an event", e );
+            catch (NamingException e) {
+                log.error("failed to process an event", e);
             }
         }
     }
-    
-    
+
+
     /**
      * Gets the value of a single name component of a distinguished name.
-     * 
+     *
      * @param rdn the name component to get the value from
-     * @return the value of the single name component 
+     * @return the value of the single name component
      */
-    public static String getRdnValue( String rdn )
-    {
-        int index = rdn.indexOf( '=' );
-        return rdn.substring( index + 1, rdn.length() );
+    public static String getRdnValue(String rdn) {
+        int index = rdn.indexOf('=');
+        return rdn.substring(index + 1, rdn.length());
     }
 
 
     /**
      * Quickly splits off the relative distinguished name component.
-     * 
+     *
      * @param name the distinguished name or a name fragment
-     * @return the rdn 
+     * @return the rdn
      */
-    private static String getRdn( String name )
-    {
-        if ( null == name )
-        {
+    private static String getRdn(String name) {
+        if (null == name) {
             return null;
         }
 
-        int commaIndex = -1;
-        if ( ( commaIndex = name.indexOf( ',' ) ) == -1 )
-        {
+        int commaIndex;
+        if ((commaIndex = name.indexOf(',')) == -1) {
             return name;
         }
 
-        return name.substring( 0, commaIndex );
+        return name.substring(0, commaIndex);
     }
 
 
-    private void add( Role role )
-    {
-        Roles addedRoles = new Roles( applicationName, new Role[] { role } );
-        this.roles = this.roles.addAll( addedRoles );
+    private void add(Role role) {
+        Roles addedRoles = new Roles(applicationName, new Role[]{role});
+        this.roles = this.roles.addAll(addedRoles);
     }
 
-    
-    private Role removeRole( String roleName )
-    {
-        Role role = this.roles.get( roleName );
-        Roles removedRoles = new Roles( applicationName, new Role[] { role } );
-        this.roles = this.roles.removeAll( removedRoles );
+
+    private Role removeRole(String roleName) {
+        Role role = this.roles.get(roleName);
+        Roles removedRoles = new Roles(applicationName, new Role[]{role});
+        this.roles = this.roles.removeAll(removedRoles);
         return role;
     }
-    
-    
-    private void add( Permission permission )
-    {
-        Permissions addedPermissions = new Permissions( applicationName, new Permission[] { permission } );
-        this.permissions = this.permissions.addAll( addedPermissions );
-    }
-
-    
-    private Permission removePermission( String permName )
-    {
-        Permission permission = this.permissions.get( permName );
-        Permissions removedPermissions = new Permissions( applicationName, new Permission[] { permission } );
-        this.permissions = this.permissions.removeAll( removedPermissions );
-        return permission;
-    }
+
+//    private void add( StringPermission permission )
+//    {
+//        this.permissions.add(permission );
+//    }
+
+//    private StringPermission removePermission( String permName )
+//    {
+//        StringPermission permission = new StringPermission(applicationName, permName );
+//        this.permissions = PermissionsUtil.remove(this.permissions, permission );
+//        return permission;
+//    }
 
 
-    public Set getUserProfileIds( String userName ) throws GuardianException
-    {
+    public Set<String> getUserProfileIds(String userName) throws GuardianException {
         SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-        controls.setReturningAttributes( PROF_ID );
-        
+        controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+        controls.setReturningAttributes(PROF_ID);
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        Set profiles = new HashSet();
-        
+        Set<String> profiles = new HashSet<String>();
+
         StringBuffer filter = new StringBuffer();
-        filter.append( "(& (objectClass=policyProfile) (user=" );
-        filter.append( userName );
-        filter.append( ") )" );
-        
-        try
-        {
-            results = ctx.search( baseProfilesRdn, filter.toString(), controls );
-            while ( results.hasMore() )
-            {
-                SearchResult result = ( SearchResult ) results.next();
-                
-                if ( result.getAttributes().get( "profileId" ) != null )
-                {
-                    profiles.add( result.getAttributes().get( "profileId" ).get() );
+        filter.append("(& (objectClass=policyProfile) (user=");
+        filter.append(userName);
+        filter.append(") )");
+
+        try {
+            NamingEnumeration results = ctx.search(baseProfilesRdn, filter.toString(), controls);
+            while (results.hasMore()) {
+                SearchResult result = (SearchResult) results.next();
+
+                if (result.getAttributes().get("profileId") != null) {
+                    profiles.add((String) result.getAttributes().get("profileId").get());
                 }
             }
         }
-        catch ( NamingException e )
-        {
-            throw new GuardianException( "Failed to lookup profiles for user '" + 
-                userName + "' while searching the directory" );
+        catch (NamingException e) {
+            throw new GuardianException("Failed to lookup profiles for user '" +
+                    userName + "' while searching the directory");
         }
-        
+
         return profiles;
     }
 
 
-    public Iterator getProfileIdIterator() throws GuardianException
-    {
+    public Iterator getProfileIdIterator() throws GuardianException {
         SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
-        controls.setReturningAttributes( PROF_ID );
-        
+        controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+        controls.setReturningAttributes(PROF_ID);
+
         String baseProfilesRdn = "ou=profiles," + this.baseRdn;
-        NamingEnumeration results = null;
-        try
-        {
-            results = ctx.search( baseProfilesRdn, "(objectClass=policyProfile)", controls );
-            return new ProfileIdIterator( results );
+        try {
+            NamingEnumeration results = ctx.search(baseProfilesRdn, "(objectClass=policyProfile)", controls);
+            return new ProfileIdIterator(results);
         }
-        catch ( NamingException e )
-        {
-            throw new GuardianException( "Failed to lookup profiles while searching the directory" );
+        catch (NamingException e) {
+            throw new GuardianException("Failed to lookup profiles while searching the directory");
         }
     }
 
-
-    public Profile getAdminProfile()
-    {
-        return adminProfile;
-    }
+//    public Profile getAdminProfile()
+//    {
+//        return adminProfile;
+//    }
 }

Modified: directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java?view=diff&rev=490646&r1=490645&r2=490646
==============================================================================
--- directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java (original)
+++ directory/trunks/triplesec/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java Wed Dec 27 20:48:29 2006
@@ -52,12 +52,8 @@
 
     public boolean accept( String url )
     {
-        if ( url.startsWith( "ldap://" ) )
-        {
-            return true;
-        }
+        return url.startsWith("ldap://");
 
-        return false;
     }
 
     public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
@@ -91,7 +87,7 @@
         env.put( Context.SECURITY_PRINCIPAL, info.get( "applicationPrincipalDN" ) );
         env.put( Context.SECURITY_CREDENTIALS, info.get( "applicationCredentials" ) );
 
-        InitialDirContext ictx = null;
+        InitialDirContext ictx;
         try
         {
             ictx = new InitialDirContext( env );



Mime
View raw message