Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 47FD1176D8 for ; Wed, 22 Oct 2014 17:48:17 +0000 (UTC) Received: (qmail 29924 invoked by uid 500); 22 Oct 2014 17:48:17 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 29803 invoked by uid 500); 22 Oct 2014 17:48:17 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 29663 invoked by uid 99); 22 Oct 2014 17:48:17 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Oct 2014 17:48:17 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id BF2C79B2D21; Wed, 22 Oct 2014 17:48:16 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: smckinney@apache.org To: commits@directory.apache.org Date: Wed, 22 Oct 2014 17:48:25 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [10/16] Remove the unboundid daos classes and lib, move the apache dao's into rbac package and make its classes and methods package private. http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/AcceleratorDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/AcceleratorDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/AcceleratorDAO.java deleted file mode 100644 index ecf529e..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/AcceleratorDAO.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - -import org.apache.directory.fortress.core.SecurityException; -import org.apache.directory.fortress.core.rbac.Permission; -import org.apache.directory.fortress.core.rbac.Session; -import org.apache.directory.fortress.core.rbac.User; -import org.apache.directory.fortress.core.rbac.UserRole; - -import java.util.List; - - -public interface AcceleratorDAO -{ - public Session createSession( User user ) throws SecurityException; - public void deleteSession( Session session ) throws SecurityException; - public List sessionRoles( Session session ) throws SecurityException; - public boolean checkAccess( Session session, Permission perm ) throws SecurityException; - public void dropActiveRole( Session session, UserRole userRole ) throws SecurityException; - public void addActiveRole( Session session, UserRole userRole ) throws SecurityException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/AdminRoleDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/AdminRoleDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/AdminRoleDAO.java deleted file mode 100644 index b332924..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/AdminRoleDAO.java +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.GlobalIds; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.AdminRole; -import org.apache.directory.fortress.core.rbac.AdminRoleP; -import org.apache.directory.fortress.core.rbac.Graphable; - - -/** - * The AdminRoleDAO is called by {@link AdminRoleP} and processes data via its entity {@link AdminRole}. - *

- * The Fortress AdminRoleDAO uses the following other Fortress structural and aux object classes: - *

1. ftRls Structural objectclass is used to store the AdminRole information like name, and temporal constraints

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.2.1 - *
  • NAME 'ftRls' - *
  • DESC 'Fortress Role Object Class' - *
  • SUP organizationalrole - *
  • STRUCTURAL - *
  • MUST ( ftId $ ftRoleName ) - *
  • MAY ( description $ ftCstr ) ) - *
  • ------------------------------------------ - *
- *

2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity

- * # This aux object class can be used to store custom attributes.
- * # The properties collections consist of name/value pairs and are not constrainted by Fortress.
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.2 - *
  • NAME 'ftProperties' - *
  • DESC 'Fortress Properties AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( ftProps ) ) - *
  • ------------------------------------------ - *
- *

3. ftPools Auxiliary object class store the ARBAC Perm and User OU assignments on AdminRole entity

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.3 - *
  • NAME 'ftPools' - *
  • DESC 'Fortress Pools AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( ftOSU $ ftOSP ) ) - *
  • ------------------------------------------ - *
- *

4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

- * This class is thread safe. - * - * @author Shawn McKinney - */ -public interface AdminRoleDAO -{ - /** - * Create a new AdminRole entity using supplied data. Required attribute is {@link AdminRole#name}. - * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container. - * - * @param entity record contains AdminRole data. Null attributes will be ignored. - * @return input record back to client. - * @throws org.apache.directory.fortress.core.CreateException in the event LDAP errors occur. - */ - AdminRole create( AdminRole entity ) throws CreateException; - - - /** - * Update existing AdminRole entity using supplied data. Required attribute is {@link AdminRole#name}. - * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container. - * - * @param entity record contains AdminRole data. Null attributes will be ignored. - * @return input record back to client. - * @throws UpdateException in the event LDAP errors occur. - */ - AdminRole update( AdminRole entity ) throws UpdateException; - - - /** - * - * @param entity - * @throws UpdateException - */ - void deleteParent( AdminRole entity ) throws UpdateException; - - - /** - * This method will add the supplied DN as a role occupant to the target record. - * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container. - * - * @param entity record contains {@link AdminRole#name}. Null attributes will be ignored. - * @param userDn contains the DN for userId who is being assigned. - * @return input record back to client. - * @throws UpdateException in the event LDAP errors occur. - */ - AdminRole assign( AdminRole entity, String userDn ) throws UpdateException; - - - /** - * This method will remove the supplied DN as a role occupant to the target record. - * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container. - * - * @param entity record contains {@link AdminRole#name}. Null attributes will be ignored. - * @param userDn contains the DN for userId who is being deassigned. - * @return input record back to client. - * @throws UpdateException in the event LDAP errors occur. - */ - AdminRole deassign( AdminRole entity, String userDn ) throws UpdateException; - - - /** - * This method will completely remove the AdminRole from the directory. It will use {@link AdminRole#name} as key. - * This operation is performed on the {@link GlobalIds#ADMIN_ROLE_ROOT} container. - * - * @param role record contains {@link AdminRole#name}. - * @throws RemoveException in the event LDAP errors occur. - */ - void remove( AdminRole role ) throws RemoveException; - - - /** - * This method will retrieve the AdminRole from {@link GlobalIds#ADMIN_ROLE_ROOT} container by name. - * - * @param adminRole maps to {@link AdminRole#name}. - * @return AdminRole back to client. - * @throws FinderException in the event LDAP errors occur. - */ - AdminRole getRole( AdminRole adminRole ) throws FinderException; - - - /** - * @param adminRole - * @return - * @throws FinderException - * - */ - List findRoles( AdminRole adminRole ) throws FinderException; - - - /** - * @param adminRole - * @param limit - * @return - * @throws FinderException - * - */ - List findRoles( AdminRole adminRole, int limit ) throws FinderException; - - - /** - * @param userDn - * @return - * @throws FinderException - */ - List findAssignedRoles( String userDn, String contextId ) throws FinderException; - - - /** - * - * @param contextId - * @return - * @throws FinderException - */ - List getAllDescendants( String contextId ) throws FinderException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/AuditDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/AuditDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/AuditDAO.java deleted file mode 100644 index 2b4ab29..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/AuditDAO.java +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; - -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.rbac.AuthZ; -import org.apache.directory.fortress.core.rbac.Bind; -import org.apache.directory.fortress.core.rbac.Mod; -import org.apache.directory.fortress.core.rbac.UserAudit; - - -/** - * This class performs data access for OpenLDAP synch repl log data - *

- *

1. Binds

- *

- * The auditBind Structural object class is used to store authentication events that can later be queried via ldap API.
- * # The Bind class includes the reqVersion attribute which contains the LDAP - * # protocol version specified in the Bind as well as the reqMethod attribute - * # which contains the Bind Method used in the Bind. This will be the string - * # SIMPLE for LDAP Simple Binds or SASL(mech) for SASL Binds. Note that unless - * # configured as a global overlay, only Simple Binds using DNs that reside in - * # the current database will be logged: - *

    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind' - *
  • DESC 'Bind operation' - *
  • SUP auditObject STRUCTURAL - *
  • MUST ( reqVersion $ reqMethod ) ) - *
  • ------------------------------------------ - *
- *

2. Authorizations

- * For the Search class the reqScope attribute contains the scope of the
- * original search request, using the values specified for the LDAP URL
- * format. I.e. base, one, sub, or subord. The reqDerefAliases attribute
- * is one of never, finding, searching, or always, denoting how aliases
- * will be processed during the search. The reqAttrsOnly attribute is a
- * Boolean value showing TRUE if only attribute names were requested, or
- * FALSE if attributes and their values were requested. The reqFilter
- * attribute carries the filter used in the search request. The reqAttr
- * attribute lists the requested attributes if specific attributes were
- * requested. The reqEntries attribute is the integer count of how many
- * entries were returned by this search request. The reqSizeLimit and
- * reqTimeLimit attributes indicate what limits were requested on the
- * search operation.
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.11 - *
  • NAME 'auditSearch' - *
  • DESC 'Search operation' - *
  • SUP auditReadObject STRUCTURAL - *
  • MUST ( reqScope $ reqDerefAliases $ reqAttrsOnly ) - *
  • MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ - *
  • reqTimeLimit ) ) - *
  • ------------------------------------------ - *
- *

- *

- *

3. Modifications

- * The auditModify Structural object class is used to store Fortress update and delete events that can later be queried via ldap API.
- * The deletions can be recorded in this manner and associated with Fortress context because deletions will perform a modification first - * if audit is enabled. - *

- * The Modify operation contains a description of modifications in the
- * reqMod attribute, which was already described above in the Add
- * operation. It may optionally contain the previous contents of any
- * modified attributes in the reqOld attribute, using the same format as
- * described above for the Delete operation. The reqOld attribute is only
- * populated if the entry being modified matches the configured logold
- * filter.
- *

    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.9 - *
  • NAME 'auditModify' - *
  • DESC 'Modify operation' - *
  • SUP auditWriteObject STRUCTURAL - *
  • MAY reqOld MUST reqMod ) - *
  • ------------------------------------------ - *
- *

- * Note this class used descriptions pulled from man pages on slapd access log. - *

- * This class is thread safe. - * - * @author Shawn McKinney - */ -public interface AuditDAO -{ - /** - * This method returns failed authentications where the userid is not present in the directory. This - * is possible because Fortress performs read on user before the bind. - * User: - * dn: reqStart=20101014235402.000000Z, cn=log - * reqStart: 20101014235402.000000Z - * reqEnd: 20101014235402.000001Z - * reqAuthzID: cn=Manager,dc=jts,dc=com - * reqDerefAliases: never - * reqSession: 84 - * reqAttrsOnly: FALSE - * reqSizeLimit: -1 - * objectClass: auditSearch - * reqResult: 32 - * reqAttr: ftId - * reqAttr: uid - * reqAttr: userpassword - * reqAttr: description - * reqAttr: ou - * reqAttr: cn - * reqAttr: sn - * reqAttr: ftRoleCstr - * reqAttr: ftCstr - * reqAttr: ftRoleAsgn - * reqAttr: pwdReset - * reqAttr: pwdAccountLockedTime - * reqAttr: ftProps - * reqEntries: 0 - * reqFilter: (|(objectClass=*)(?objectClass=ldapSubentry)) - * reqType: search - * reqDN: uid=foo,ou=People,dc=jts,dc=com /cal/cal2.jsp - * reqTimeLimit: -1 - * reqScope: base - * - * @param audit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List searchInvalidAuthNs( UserAudit audit ) throws FinderException; - - - /** - * @param audit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List searchAuthZs( UserAudit audit ) throws FinderException; - - - /** - * @param audit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List getAllAuthZs( UserAudit audit ) throws FinderException; - - - /** - * @param audit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List searchBinds( UserAudit audit ) throws FinderException; - - - /** - * @param audit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List searchUserMods( UserAudit audit ) throws FinderException; - - - /** - * @param audit - * @return - * @throws FinderException - */ - List searchAdminMods( UserAudit audit ) throws FinderException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/DAOType.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/DAOType.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/DAOType.java deleted file mode 100644 index cb98431..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/DAOType.java +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -public enum DAOType -{ - APACHE_LDAP_API, - UNBOUNDID_API; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/DaoFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/DaoFactory.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/DaoFactory.java deleted file mode 100644 index 7f9f535..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/DaoFactory.java +++ /dev/null @@ -1,272 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import org.apache.directory.fortress.core.GlobalIds; -import org.apache.directory.fortress.core.cfg.Config; - - -/** - * A factory that creates DAO for either the UnboundID or the Apache Ldap API lib - * @author elecharny - */ -public class DaoFactory -{ - - /** - * Create an instance of a AdminRoleDAO which depends of the used Backend - * - * @return The created instance - */ - public static AdminRoleDAO createAdminRoleDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.AdminRoleDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.AdminRoleDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a AuditDAO which depends of the used Backend - * - * @return The created instance - */ - public static AuditDAO createAuditDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.AuditDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.AuditDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a OrgUnitDAO which depends of the used Backend - * - * @return The created instance - */ - public static OrgUnitDAO createOrgUnitDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.OrgUnitDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.OrgUnitDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a PermDAO which depends of the used Backend - * - * @return The created instance - */ - public static PermDAO createPermDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.PermDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.PermDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a PolicyDAO which depends of the used Backend - * - * @return The created instance - */ - public static PolicyDAO createPolicyDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.PolicyDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.PolicyDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a RoleDAO which depends of the used Backend - * - * @return The created instance - */ - public static RoleDAO createRoleDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.RoleDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.RoleDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a SdDAO which depends of the used Backend - * - * @return The created instance - */ - public static SdDAO createSdDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.SdDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.SdDAO(); - - default: - return null; - } - } - - - /** - * Create an instance of a UserDAO which depends of the used Backend - * - * @return The created instance - */ - public static UserDAO createUserDAO() - { - String daoConnector = Config.getProperty( GlobalIds.DAO_CONNECTOR ); - - DAOType daoType = DAOType.UNBOUNDID_API; - - if ( ( daoConnector != null ) && ( daoConnector.equalsIgnoreCase( GlobalIds.APACHE_LDAP_API ) ) ) - { - daoType = DAOType.APACHE_LDAP_API; - } - - switch ( daoType ) - { - case UNBOUNDID_API: - return new org.apache.directory.fortress.core.rbac.dao.unboundid.UserDAO(); - - case APACHE_LDAP_API: - return new org.apache.directory.fortress.core.rbac.dao.apache.UserDAO(); - - default: - return null; - } - } -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/OrgUnitDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/OrgUnitDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/OrgUnitDAO.java deleted file mode 100644 index d7dba4d..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/OrgUnitDAO.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; -import java.util.Set; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.Graphable; -import org.apache.directory.fortress.core.rbac.OrgUnit; - - -/** - * This class provides dataaccess to the OrgUnit datasets in LDAP. - *

- * The OrgUnitDAO maintains the following structural and aux object classes: - *

1. organizationalUnit Structural Object Class is used to store basic attributes like ou and description

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 2.5.6.5 NAME 'organizationalUnit' - *
  • DESC 'RFC2256: an organizational unit' - *
  • SUP top STRUCTURAL - *
  • MUST ou - *
  • MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - *
  • x121Address $ registeredAddress $ destinationIndicator $ - *
  • preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - *
  • telephoneNumber $ internationaliSDNNumber $ - *
  • facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - *
  • postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) - *
  • ------------------------------------------ - *
- *

2. ftOrgUnit Structural objectclass is used to store the OrgUnit internal id

- *
    org.apache.directory.fortress.arbac. - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.2.6 - *
  • NAME 'ftOrgUnit' - *
  • DESC 'Fortress OrgUnit Class' - *
  • SUP organizationalunit - *
  • STRUCTURAL - *
  • MUST ( ftId ) ) - *
  • ------------------------------------------ - *
- *

3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

- * This class is thread safe. - * - * @author Emmanuel Lecharny - */ -public interface OrgUnitDAO -{ - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.CreateException - * - */ - OrgUnit create( OrgUnit entity ) throws CreateException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - OrgUnit update( OrgUnit entity ) throws UpdateException; - - - /** - * @param entity - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - void deleteParent( OrgUnit entity ) throws UpdateException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.RemoveException - * - */ - OrgUnit remove( OrgUnit entity ) throws RemoveException; - - - /** - * @param entity - * @return - * @throws FinderException - * - */ - OrgUnit findByKey( OrgUnit entity ) throws FinderException; - - - /** - * @param orgUnit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findOrgs( OrgUnit orgUnit ) throws FinderException; - - - /** - * - * @param orgUnit - * @return - * @throws FinderException - */ - Set getOrgs( OrgUnit orgUnit ) throws FinderException; - - - /** - * - * @param orgUnit - * @return - * @throws FinderException - */ - List getAllDescendants( OrgUnit orgUnit ) throws FinderException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/PermDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/PermDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/PermDAO.java deleted file mode 100644 index d526e8c..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/PermDAO.java +++ /dev/null @@ -1,317 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.OrgUnit; -import org.apache.directory.fortress.core.rbac.PermObj; -import org.apache.directory.fortress.core.rbac.Permission; -import org.apache.directory.fortress.core.rbac.Role; -import org.apache.directory.fortress.core.rbac.Session; -import org.apache.directory.fortress.core.rbac.User; - - -/** - * Permission data access class for LDAP. - *

- * This DAO class maintains the PermObj and Permission entities. - *

The Fortress PermObj Entity Class is a composite of 3 LDAP Schema object classes

- *

PermObj Base - ftObject STRUCTURAL Object Class is used to store object name, id and type variables on target entity.

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.2.2 - *
  • NAME 'ftObject' - *
  • DESC 'Fortress Permission Object Class' - *
  • SUP organizationalunit GlobalIds - *
  • STRUCTURAL - *
  • MUST ( - *
  • ftId $ ftObjNm ) - *
  • MAY ( ftType ) ) - *
  • ------------------------------------------ - *
- *

PermObj - ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.

- * This aux object class can be used to store custom attributes.
- * The properties collections consist of name/value pairs and are not constrainted by Fortress.
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.2 - *
  • NAME 'ftProperties' - *
  • DESC 'Fortress Properties AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( ftProps ) ) - *
  • ------------------------------------------ - *
- *

PermObj - ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

The Fortress Permission Entity Class is composite of 3 LDAP Schema object classes

- * The Permission entity extends a single OpenLDAP standard structural object class, 'organizationalRole' with - * one extension structural class, ftOperation, and two auxiliary object classes, ftProperties, ftMods. - * The following 4 LDAP object classes will be mapped into this entity: - *

Permission Base - 'ftOperation' STRUCTURAL Object Class is assigned roles and/or users which grants permissions which can be later checked

- * using either 'checkAccess' or 'sessionPermissions APIs both methods that reside in the 'AccessMgrImpl' class. - *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.2.3 - *
  • NAME 'ftOperation' - *
  • DESC 'Fortress Permission Operation Object Class' - *
  • SUP organizationalrole - *
  • STRUCTURAL - *
  • MUST ( ftId $ ftPermName $ - *
  • ftObjNm $ ftOpNm ) - *
  • MAY ( ftRoles $ ftUsers $ - *
  • ftObjId $ ftType) ) - *
  • ------------------------------------------ - *
- *

Permission Aux - ftProperties AUXILIARY Object Class is used to store optional client or otherwise custom name/value pairs on target entity.

- * This aux object class can be used to store custom attributes.
- * The properties collections consist of name/value pairs and are not constrainted by Fortress.
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.2 - *
  • NAME 'ftProperties' - *
  • DESC 'Fortress Properties AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( ftProps ) ) - *
  • ------------------------------------------ - *
- *

Permission Aux - ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- * This class is thread safe. - *

- * - * @author Emmanuel Lecharny - */ -public interface PermDAO -{ - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.CreateException - * - */ - PermObj createObject( PermObj entity ) throws CreateException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - PermObj updateObj( PermObj entity ) throws UpdateException; - - - /** - * @param entity - * @throws org.apache.directory.fortress.core.RemoveException - * - */ - void deleteObj( PermObj entity ) throws RemoveException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.CreateException - * - */ - Permission createOperation( Permission entity ) throws CreateException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - Permission updateOperation( Permission entity ) throws UpdateException; - - - /** - * @param entity - * @throws org.apache.directory.fortress.core.RemoveException - * - */ - void deleteOperation( Permission entity ) throws RemoveException; - - - /** - * @param pOp - * @param role - * @throws org.apache.directory.fortress.core.UpdateException - * - * @throws org.apache.directory.fortress.core.FinderException - * - */ - void grant( Permission pOp, Role role ) throws UpdateException; - - - /** - * @param pOp - * @param role - * @throws org.apache.directory.fortress.core.UpdateException - * - * @throws org.apache.directory.fortress.core.FinderException - * - */ - void revoke( Permission pOp, Role role ) throws UpdateException, FinderException; - - - /** - * @param pOp - * @param user - * @throws org.apache.directory.fortress.core.UpdateException - * - * @throws org.apache.directory.fortress.core.FinderException - * - */ - void grant( Permission pOp, User user ) throws UpdateException; - - - /** - * @param pOp - * @param user - * @throws org.apache.directory.fortress.core.UpdateException - * - * @throws org.apache.directory.fortress.core.FinderException - * - */ - void revoke( Permission pOp, User user ) throws UpdateException, FinderException; - - - /** - * @param permission - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - Permission getPerm( Permission permission ) throws FinderException; - - - /** - * @param permObj - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - PermObj getPerm( PermObj permObj ) throws FinderException; - - - /** - * This method performs fortress authorization using data passed in (session) and stored on ldap server (permission). It has been recently changed to use ldap compare operations in order to trigger slapd access log updates in directory. - * It performs ldap operations: read and (optionally) compare. The first is to pull back the permission to see if user has access or not. The second is to trigger audit - * record storage on ldap server but can be disabled. - * - * @param session contains {@link Session#getUserId()}, for rbac check {@link org.apache.directory.fortress.core.rbac.Session#getRoles()}, for arbac check: {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()}. - * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional. - * @return boolean containing result of check. - * @throws org.apache.directory.fortress.core.FinderException - * In the event system error occurs looking up data on ldap server. - */ - boolean checkPermission( Session session, Permission inPerm ) throws FinderException; - - - /** - * @param permission - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findPermissions( Permission permission ) throws FinderException; - - - /** - * @param permObj - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findPermissions( PermObj permObj ) throws FinderException; - - - /** - * @param ou - * @return - * @throws FinderException - */ - List findPermissions( OrgUnit ou, boolean limitSize ) throws FinderException; - - - /** - * @param role - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findPermissions( Role role ) throws FinderException; - - - /** - * @param user - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findPermissions( User user ) throws FinderException; - - - /** - * @param user - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findUserPermissions( User user ) throws FinderException; - - - /** - * @param session - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findPermissions( Session session, boolean isAdmin ) throws FinderException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/PolicyDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/PolicyDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/PolicyDAO.java deleted file mode 100644 index 666406b..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/PolicyDAO.java +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; -import java.util.Set; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.PwPolicy; - - -/** - * This DAO class maintains the OpenLDAP Password Policy entity which is a composite of the following structural and aux object classes: - *

1. organizationalRole Structural Object Class is used to store basic attributes like cn and description

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 2.5.6.14 NAME 'device' - *
  • DESC 'RFC2256: a device' - *
  • SUP top STRUCTURAL - *
  • MUST cn - *
  • MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) - *
  • ------------------------------------------ - *
- *

2. pwdPolicy AUXILIARY Object Class is used to store OpenLDAP Password Policies

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1 - *
  • NAME 'pwdPolicy' - *
  • SUP top - *
  • AUXILIARY - *
  • MUST ( pwdAttribute ) - *
  • MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ - *
  • pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ - *
  • pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ - *
  • pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) ) - *
  • - *
  • - *
  • ------------------------------------------ - *
- *

3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

- * This class is thread safe. - * - * @author Shawn McKinney - */ -public interface PolicyDAO -{ - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.CreateException - * - */ - PwPolicy create( PwPolicy entity ) throws CreateException; - - - /** - * @param entity - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - void update( PwPolicy entity ) throws UpdateException; - - - /** - * @param entity - * @throws org.apache.directory.fortress.core.RemoveException - */ - void remove( PwPolicy entity ) throws RemoveException; - - - /** - * @param policy - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - PwPolicy getPolicy( PwPolicy policy ) throws FinderException; - - - /** - * @param policy - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findPolicy( PwPolicy policy ) throws FinderException; - - - /** - * @return - * @throws FinderException - */ - Set getPolicies( String contextId ) throws FinderException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/RoleDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/RoleDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/RoleDAO.java deleted file mode 100644 index 2cd573d..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/RoleDAO.java +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.Graphable; -import org.apache.directory.fortress.core.rbac.Role; - - -/** - * This class perform data access for Fortress Role entity. - *

- * The Fortress Role entity is a composite of the following other Fortress structural and aux object classes: - *

1. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.2.1 - *
  • NAME 'ftRls' - *
  • DESC 'Fortress Role Object Class' - *
  • SUP organizationalrole - *
  • STRUCTURAL - *
  • MUST ( ftId $ ftRoleName ) - *
  • MAY ( description $ ftCstr ) ) - *
  • ------------------------------------------ - *
- *

2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity

- * # This aux object class can be used to store custom attributes.
- * # The properties collections consist of name/value pairs and are not constrainted by Fortress.
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.2 - *
  • NAME 'ftProperties' - *
  • DESC 'Fortress Properties AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( ftProps ) ) - *
  • ------------------------------------------ - *
- *

3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

- * This class is thread safe. - * - * @author Emmanuel Lecharny - */ -public interface RoleDAO -{ - /** - * @param entity - * @return - * @throws CreateException - */ - Role create( Role entity ) throws CreateException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - Role update( Role entity ) throws UpdateException; - - - /** - * - * @param entity - * @throws UpdateException - */ - void deleteParent( Role entity ) throws UpdateException; - - - /** - * @param entity - * @param userDn - * @return - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - Role assign( Role entity, String userDn ) throws UpdateException; - - - /** - * @param entity - * @param userDn - * @return - * @throws org.apache.directory.fortress.core.UpdateException - * - */ - Role deassign( Role entity, String userDn ) throws UpdateException; - - - /** - * @param role - * @throws RemoveException - */ - void remove( Role role ) throws RemoveException; - - - /** - * @param role - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - Role getRole( Role role ) throws FinderException; - - - /** - * @param role - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findRoles( Role role ) throws FinderException; - - - /** - * @param role - * @param limit - * @return - * @throws org.apache.directory.fortress.core.FinderException - * - */ - List findRoles( Role role, int limit ) throws FinderException; - - - /** - * - * @param userDn - * @param contextId - * @return - * @throws FinderException - */ - List findAssignedRoles( String userDn, String contextId ) throws FinderException; - - - /** - * - * @param contextId - * @return - * @throws FinderException - */ - List getAllDescendants( String contextId ) throws FinderException; -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/SdDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/SdDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/SdDAO.java deleted file mode 100644 index 53eb10f..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/SdDAO.java +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; -import java.util.Set; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.Role; -import org.apache.directory.fortress.core.rbac.SDSet; - - -/** - * This class performs persistence on the RBAC Static Separation of Duties and Dynamic Separation of Duties data sets. - *

- * The Fortress SDSet entity is a composite of the following other Fortress structural and aux object classes: - *

1. organizationalRole Structural Object Class is used to store basic attributes like cn and description

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 2.5.6.8 NAME 'organizationalRole' - *
  • DESC 'RFC2256: an organizational role' - *
  • SUP top STRUCTURAL - *
  • MUST cn - *
  • MAY ( x121Address $ registeredAddress $ destinationIndicator $ - *
  • preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - *
  • telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - *
  • seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ - *
  • postOfficeBox $ postalCode $ postalAddress $ - *
  • physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) - *
  • ------------------------------------------ - *
- *

2. The RBAC Separation of Duties

- *
    - *
  • ---Static Separation of Duties Set------- - *
  • objectclass ( 1.3.6.1.4.1.38088.2.4 - *
  • NAME 'ftSSDSet' - *
  • DESC 'Fortress Role Static Separation of Duty Set Object Class' - *
  • SUP organizationalrole - *
  • STRUCTURAL - *
  • MUST ( ftId $ ftSetName $ ftSetCardinality ) - *
  • MAY ( ftRoles $ description ) ) - *
  • ------------------------------------------ - *
- *

- * OR - *

Dynamic Separation of Duties Set

- *
    - *
  • - *
  • objectclass ( 1.3.6.1.4.1.38088.2.5 - *
  • NAME 'ftDSDSet' - *
  • DESC 'Fortress Role Dynamic Separation of Duty Set Object Class' - *
  • SUP organizationalrole - *
  • STRUCTURAL - *
  • MUST ( ftId $ ftSetName $ ftSetCardinality ) - *
  • MAY ( ftRoles $ description ) ) - *
  • ------------------------------------------ - *
- *

3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

- * This class is thread safe. - *

- * - * @author Shawn McKinney - */ -public interface SdDAO -{ - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.CreateException - */ - SDSet create( SDSet entity ) throws CreateException; - - - /** - * @param entity - * @return - * @throws org.apache.directory.fortress.core.UpdateException - */ - SDSet update( SDSet entity ) throws UpdateException; - - - /** - * @param entity - * @throws org.apache.directory.fortress.core.RemoveException - */ - SDSet remove( SDSet entity ) throws RemoveException; - - - /** - * @param sdSet - * @return - * @throws FinderException - */ - SDSet getSD( SDSet sdSet ) throws FinderException; - - - /** - * Given an SSD name and type, find matching object in the directory. - * @param sdset requires name and type. - * @return List of matching SDSets. - * @throws org.apache.directory.fortress.core.FinderException - */ - List search( SDSet sdset ) throws FinderException; - - - /** - * @param role - * @return - * @throws org.apache.directory.fortress.core.FinderException - */ - List search( Role role, SDSet.SDType type ) throws FinderException; - - - /** - * @param roles - * @param sdSet - * @return - * @throws org.apache.directory.fortress.core.FinderException - */ - Set search( Set roles, SDSet sdSet ) throws FinderException; -} http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/UserDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/UserDAO.java deleted file mode 100644 index abf4960..0000000 --- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/UserDAO.java +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac.dao; - - -import java.util.List; -import java.util.Set; - -import org.apache.directory.fortress.core.CreateException; -import org.apache.directory.fortress.core.FinderException; -import org.apache.directory.fortress.core.RemoveException; -import org.apache.directory.fortress.core.SecurityException; -import org.apache.directory.fortress.core.UpdateException; -import org.apache.directory.fortress.core.rbac.AdminRole; -import org.apache.directory.fortress.core.rbac.OrgUnit; -import org.apache.directory.fortress.core.rbac.Role; -import org.apache.directory.fortress.core.rbac.Session; -import org.apache.directory.fortress.core.rbac.User; -import org.apache.directory.fortress.core.rbac.UserAdminRole; -import org.apache.directory.fortress.core.rbac.UserRole; - - -/** - * Data access class for LDAP User entity. - *

- *

- * The Fortress User LDAP schema follows: - *

- *

1. InetOrgPerson Structural Object Class

- * # The inetOrgPerson represents people who are associated with an
- * # organization in some way. It is a structural class and is derived
- * # from the organizationalPerson which is defined in X.521 [X521].
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 2.16.840.1.113730.3.2.2 - *
  • NAME 'inetOrgPerson' - *
  • DESC 'RFC2798: Internet Organizational Person' - *
  • SUP organizationalPerson - *
  • STRUCTURAL - *
  • MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ - *
  • displayName $ employeeNumber $ employeeType $ givenName $ - *
  • homePhone $ homePostalAddress $ initials $ jpegPhoto $ - *
  • labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ - *
  • roomNumber $ secretary $ uid $ userCertificate $ - *
  • x500uniqueIdentifier $ preferredLanguage $ - *
  • userSMIMECertificate $ userPKCS12 ) ) - *
  • ------------------------------------------ - *
- *

2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity

- * # This aux object class can be used to store custom attributes.
- * # The properties collections consist of name/value pairs and are not constrainted by Fortress.
- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.2 - *
  • NAME 'ftProperties' - *
  • DESC 'Fortress Properties AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( ftProps ) ) - *
  • ------------------------------------------ - *
- *

- *

3. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity

- *
    - *
  • ------------------------------------------ - *
  • objectclass ( 1.3.6.1.4.1.38088.3.1 - *
  • NAME 'ftUserAttrs' - *
  • DESC 'Fortress User Attribute AUX Object Class' - *
  • AUXILIARY - *
  • MUST ( ftId ) - *
  • MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr - *
  • ------------------------------------------ - *
- *

4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

- *
    - *
  • objectclass ( 1.3.6.1.4.1.38088.3.4 - *
  • NAME 'ftMods' - *
  • DESC 'Fortress Modifiers AUX Object Class' - *
  • AUXILIARY - *
  • MAY ( - *
  • ftModifier $ - *
  • ftModCode $ - *
  • ftModId ) ) - *
  • ------------------------------------------ - *
- *

- * This class is thread safe. - * - * @author Emmanuel Lecharny - */ -public interface UserDAO -{ - List findUsers( OrgUnit ou, boolean limitSize ) throws FinderException; - - - List findUsers( User user ) throws FinderException; - - - List findUsers( User user, int limit ) throws FinderException; - - - String assign( UserRole uRole ) throws UpdateException, FinderException; - - - /** - * @param uRole - * @return - * @throws UpdateException - * - * @throws FinderException - * - */ - String assign( UserAdminRole uRole ) throws UpdateException, FinderException; - - - boolean changePassword( User entity, char[] newPassword ) throws SecurityException; - - - Session checkPassword( User user ) throws FinderException; - - - List getAuthorizedUsers( Role role ) throws FinderException; - - - User update( User entity ) throws UpdateException; - - - void lock( User user ) throws UpdateException; - - - void unlock( User user ) throws UpdateException; - - - User create( User entity ) throws CreateException; - - - /** - * @param uRole - * @return - * @throws UpdateException - * - * @throws FinderException - * - */ - String deassign( UserAdminRole uRole ) throws UpdateException, FinderException; - - - String deassign( UserRole uRole ) throws UpdateException, FinderException; - - - void resetUserPassword( User user ) throws UpdateException; - - - User updateProps( User entity, boolean replace ) throws UpdateException; - - - String remove( User user ) throws RemoveException; - - - String deletePwPolicy( User user ) throws UpdateException; - - - /** - * @param role - * @return - * @throws FinderException - */ - List getAssignedUsers( AdminRole role ) throws FinderException; - - - List getAssignedUsers( Role role ) throws FinderException; - - - List getRoles( User user ) throws FinderException; - - - User getUser( User user, boolean isRoles ) throws FinderException; - - - Set getAssignedUsers( Set roles, String contextId ) throws FinderException; - - - List getAuthorizedUsers( Role role, int limit ) throws FinderException; -} \ No newline at end of file