directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [08/11] directory-fortress-enmasse git commit: change package structure and names, pom improvements, license
Date Tue, 11 Nov 2014 20:38:47 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
new file mode 100644
index 0000000..336e921
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
@@ -0,0 +1,4375 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+import org.apache.directory.fortress.core.rest.HttpIds;
+import org.springframework.stereotype.Service;
+
+/**
+ * Implementation for EnMasse Service methods forwards to delegate.  This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
+@Service("fortressService")
+public class FortressServiceImpl implements FortressService
+{
+    // Instantiate the implementation classes where the actual work is done:
+    private final ReviewMgrImpl reviewMgrImpl = new ReviewMgrImpl();
+    private final AdminMgrImpl adminMgrImpl = new AdminMgrImpl();
+    private final PswdPolicyMgrImpl pswdPolicyMgrImpl = new PswdPolicyMgrImpl();
+    private final DelegatedAccessMgrImpl delegatedAccessMgrImpl = new DelegatedAccessMgrImpl();
+    private final DelegatedReviewMgrImpl delegatedReviewMgrImpl = new DelegatedReviewMgrImpl();
+    private final DelegatedAdminMgrImpl delegatedAdminMgrImpl = new DelegatedAdminMgrImpl();
+    private final AccessMgrImpl accessMgrImpl = new AccessMgrImpl();
+    private final AuditMgrImpl auditMgrImpl = new AuditMgrImpl();
+    private final ConfigMgrImpl configMgrImpl = new ConfigMgrImpl();
+
+    // These are the allowed roles for the Fortress Rest services:
+    private static final String SUPER_USER = "fortress-rest-super-user";
+    private static final String ACCESS_MGR_USER = "fortress-rest-access-user";
+    private static final String ADMIN_MGR_USER = "fortress-rest-admin-user";
+    private static final String REVIEW_MGR_USER = "fortress-rest-review-user";
+    private static final String DELEGATED_ACCESS_MGR_USER = "fortress-rest-delaccess-user";
+    private static final String DELEGATED_ADMIN_MGR_USER = "fortress-rest-deladmin-user";
+    private static final String DELEGATED_REVIEW_MGR_USER = "fortress-rest-delreview-user";
+    private static final String PASSWORD_MGR_USER = "fortress-rest-pwmgr-user";
+    private static final String AUDIT_MGR_USER = "fortress-rest-audit-user";
+    private static final String CONFIG_MGR_USER = "fortress-rest-config-user";
+
+    /**
+     * ************************************************************************************************************************************
+     * BEGIN ADMINMGR
+     * **************************************************************************************************************************************
+     */
+
+    /**
+     * This command creates a new RBAC user. The command is valid only if the new user is
+     * not already a member of the USERS data set. The USER data set is updated. The new user
+     * does not own any session at the time of its creation.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+     * </ul>
+     * <h5>User optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber  attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_ADD + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addUser(FortRequest request)
+    {
+        return adminMgrImpl.addUser(request);
+    }
+
+    /**
+     * This command deletes an existing user from the RBAC database. The command is valid
+     * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+     * UA data sets and the assigned_users function are updated.
+     * This method performs a "hard" delete.  It completely removes all data associated with this user from the directory.
+     * User entity must exist in directory prior to making this call else exception will be thrown.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_DELETE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteUser(FortRequest request)
+    {
+        return adminMgrImpl.deleteUser(request);
+    }
+
+    /**
+     * This command deletes an existing user from the RBAC database. The command is valid
+     * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+     * UA data sets and the assigned_users function are updated.
+     * Method performs a "soft" delete.  It performs the following:
+     * - sets the user status to "deleted"
+     * - deassigns all roles from the user
+     * - locks the user's password in LDAP
+     * - revokes all perms that have been granted to user entity.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_DISABLE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse disableUser(FortRequest request)
+    {
+        return adminMgrImpl.disableUser(request);
+    }
+
+    /**
+     * This method performs an update on User entity in directory.  Prior to making this call the entity must exist in
+     * directory.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * <h5>User optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber  attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse updateUser(FortRequest request)
+    {
+        return adminMgrImpl.updateUser(request);
+    }
+
+    /**
+     * Method will change user's password.  This method will evaluate user's password policies.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - contains the User's old password</li>
+     * <li>newPassword - contains the User's new password</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_CHGPW + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse changePassword(FortRequest request)
+    {
+        return adminMgrImpl.changePassword(request);
+    }
+
+    /**
+     * Method will lock user's password which will prevent the user from authenticating with directory.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_LOCK + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse lockUserAccount(FortRequest request)
+    {
+        return adminMgrImpl.lockUserAccount(request);
+    }
+
+    /**
+     * Method will unlock user's password which will enable user to authenticate with directory.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_UNLOCK + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse unlockUserAccount(FortRequest request)
+    {
+        return adminMgrImpl.unlockUserAccount(request);
+    }
+
+    /**
+     * Method will reset user's password which will require user to change password before successful authentication with directory.
+     * This method will not evaluate password policies on the new user password as it must be changed before use.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>newPassword - contains the User's new password</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_RESET + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse resetPassword(FortRequest request)
+    {
+        return adminMgrImpl.resetPassword(request);
+    }
+
+    /**
+     * This command creates a new role. The command is valid if and only if the new role is not
+     * already a member of the ROLES data set. The ROLES data set is updated.
+     * Initially, no user or permission is assigned to the new role.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+     * <h4>Role required parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be created.</li>
+     * </ul>
+     * </ul>
+     * <h4>Role optional parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_ADD + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addRole(FortRequest request)
+    {
+        return adminMgrImpl.addRole(request);
+    }
+
+    /**
+     * This command deletes an existing role from the RBAC database. The command is valid
+     * if and only if the role to be deleted is a member of the ROLES data set.  This command will
+     * also deassign role from all users.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+     * <h4>Role required parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
+     * </ul>
+     * <ul>
+     * <h4>Role optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_DELETE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteRole(FortRequest request)
+    {
+        return adminMgrImpl.deleteRole(request);
+    }
+
+    /**
+     * Method will update a Role entity in the directory.  The role must exist in role container prior to this call.     *
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+     * <h4>Role required parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
+     * </ul>
+     * <h4>Role optional parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse updateRole(FortRequest request)
+    {
+        return adminMgrImpl.updateRole(request);
+    }
+
+    /**
+     * This command assigns a user to a role.
+     * <p>
+     * <ul>
+     * <li> The command is valid if and only if:
+     * <li> The user is a member of the USERS data set
+     * <li> The role is a member of the ROLES data set
+     * <li> The user is not already assigned to the role
+     * <li> The SSD constraints are satisfied after assignment.
+     * </ul>
+     * </p>
+     * <p>
+     * Successful completion of this op, the following occurs:
+     * </p>
+     * <ul>
+     * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
+     * <li> Role entity (resides in role container) has userId added as role occupant.
+     * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
+     * <ul>
+     * <li> timeout - number in seconds of session inactivity time allowed.
+     * <li> beginDate - YYYYMMDD - determines date when role may be activated.
+     * <li> endDate - YYMMDD - indicates latest date role may be activated.
+     * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
+     * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
+     * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
+     * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
+     * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
+     * </ul>
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+     * <h5>UserRole required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+     * </ul>
+     * <h5>UserRole optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_ASGN + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse assignUser(FortRequest request)
+    {
+        return adminMgrImpl.assignUser(request);
+    }
+
+    /**
+     * This command deletes the assignment of the User from the Role entities. The command is
+     * valid if and only if the user is a member of the USERS data set, the role is a member of
+     * the ROLES data set, and the user is assigned to the role.
+     * Any sessions that currently have this role activated will not be effected.
+     * Successful completion includes:
+     * User entity in USER data set has role assignment removed.
+     * Role entity in ROLE data set has userId removed as role occupant.
+     * (optional) Temporal constraints will be removed from user aux object if set prior to call.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+     * <h5>UserRole required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_DEASGN + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deassignUser(FortRequest request)
+    {
+        return adminMgrImpl.deassignUser(request);
+    }
+
+    /**
+     * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+     * The perm operation entity may have {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations.  The target {@link org.apache.directory.fortress.core.rbac.Permission} must not exist prior to calling.
+     * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+     * <h5>Permission required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission add</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being added</li>
+     * </ul>
+     * <h5>Permission optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.PERM_ADD + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addPermission(FortRequest request)
+    {
+        return adminMgrImpl.addPermission(request);
+    }
+
+    /**
+     * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+     * The perm operation entity may also contain {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations to add or remove using this function.
+     * The perm operation must exist before making this call.  Only non-null attributes will be updated.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+     * <h5>Permission required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission update</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
+     * </ul>
+     * <h5>Permission optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.PERM_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse updatePermission(FortRequest request)
+    {
+        return adminMgrImpl.updatePermission(request);
+    }
+
+    /**
+     * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
+     * The perm operation must exist before making this call.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+     * <h5>Permission required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission removal</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.PERM_DELETE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deletePermission(FortRequest request)
+    {
+        return adminMgrImpl.deletePermission(request);
+    }
+
+    /**
+     * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
+     * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>PermObj required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being added</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+     * </ul>
+     * <h5>PermObj optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.OBJ_ADD + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addPermObj(FortRequest request)
+    {
+        return adminMgrImpl.addPermObj(request);
+    }
+
+    /**
+     * This method will update permission object in perms container in directory.  The perm object must exist before making this call.
+     * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>PermObj required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being updated</li>
+     * </ul>
+     * <h5>PermObj optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.OBJ_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse updatePermObj(FortRequest request)
+    {
+        return adminMgrImpl.updatePermObj(request);
+    }
+
+    /**
+     * This method will remove permission object to perms container in directory.  This method will also remove
+     * in associated permission objects that are attached to this object.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>PermObj required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being removed</li>
+     * </ul>
+     * </ul>
+     * <h5>optional parameters</h5>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.OBJ_DELETE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deletePermObj(FortRequest request)
+    {
+        return adminMgrImpl.deletePermObj(request);
+    }
+
+    /**
+     * This command grants a role the permission to perform an operation on an object to a role.
+     * The command is implemented by granting permission by setting the access control list of
+     * the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * and the role is a member of the ROLES data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_GRANT + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse grant(FortRequest request)
+    {
+        return adminMgrImpl.grant(request, this);
+    }
+
+    /**
+     * This command revokes the permission to perform an operation on an object from the set
+     * of permissions assigned to a role. The command is implemented by setting the access control
+     * list of the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * the role is a member of the ROLES data set, and the permission is assigned to that role.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_REVOKE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse revoke(FortRequest request)
+    {
+        return adminMgrImpl.revoke(request, this);
+    }
+
+    /**
+     * This command grants a user the permission to perform an operation on an object to a role.
+     * The command is implemented by granting permission by setting the access control list of
+     * the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * and the user is a member of the USERS data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_GRANT + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse grantUser(FortRequest request)
+    {
+        return adminMgrImpl.grantUser(request, this);
+    }
+
+    /**
+     * This command revokes the permission to perform an operation on an object from the set
+     * of permissions assigned to a user. The command is implemented by setting the access control
+     * list of the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * the user is a member of the USERS data set, and the permission is assigned to that user.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.USER_REVOKE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse revokeUser(FortRequest request)
+    {
+        return adminMgrImpl.revokeUser(request, this);
+    }
+
+    /**
+     * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
+     * the existing role parentRole.
+     * <p>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The childRole is not a member of the ROLES data set.
+     * <li> The parentRole is a member of the ROLES data set.
+     * </ul>
+     * </p>
+     * <p> This method:
+     * <ul>
+     * <li> Adds new role.
+     * <li> Assigns role relationship between new childRole and pre-existing parentRole.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
+     * </ul>
+     * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#child}</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_DESC + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addDescendant(FortRequest request)
+    {
+        return adminMgrImpl.addDescendant(request);
+    }
+
+    /**
+     * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
+     * the existing role childRole.
+     * <p>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The parentRole is not a member of the ROLES data set.
+     * <li> The childRole is a member of the ROLES data set.
+     * </ul>
+     * </p>
+     * <p> This method:
+     * <ul>
+     * <li> Adds new role.
+     * <li> Assigns role relationship between new parentRole and pre-existing childRole.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>childRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
+     * <li>parentRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
+     * </ul>
+     * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#parent}</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_ASC + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addAscendant(FortRequest request)
+    {
+        return adminMgrImpl.addAscendant(request);
+    }
+
+    /**
+     * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
+     * roles parentRole, childRole.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The parentRole and childRole are members of the ROLES data set.
+     * <li> The parentRole is not an immediate ascendant of childRole.
+     * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_ADDINHERIT + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addInheritance(FortRequest request)
+    {
+        return adminMgrImpl.addInheritance(request);
+    }
+
+    /**
+     * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The roles parentRole and childRole are members of the ROLES data set.
+     * <li> The parentRole is an immediate ascendant of childRole.
+     * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
+     * relation resulted after deleting the relationship parentRole <<-- childRole.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    @POST
+    @Path("/" + HttpIds.ROLE_DELINHERIT + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteInheritance(FortRequest request)
+    {
+        return adminMgrImpl.deleteInheritance(request);
+    }
+
+    /**
+     * This command creates a named SSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the SSD set is not already in use.
+     * <li> All the roles in the SSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+     * <li> The SSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.SSD_ADD + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse createSsdSet(FortRequest request)
+    {
+        return adminMgrImpl.createSsdSet(request);
+    }
+
+    /**
+     * This command updates existing SSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the SSD set exists in directory.
+     * <li> All the roles in the SSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+     * <li> The SSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.SSD_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse updateSsdSet(FortRequest request)
+    {
+        return adminMgrImpl.updateSsdSet(request);
+    }
+
+
+    /**
+     * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The SSD role set exists.
+     * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
+     * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.SSD_ADD_MEMBER + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addSsdRoleMember(FortRequest request)
+    {
+        return adminMgrImpl.addSsdRoleMember(request);
+    }
+
+    /**
+     * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The SSD role set exists.
+     * <li> The role to be removed is a member of the SSD role set.
+     * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
+     * </ul>
+     * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.SSD_DEL_MEMBER + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteSsdRoleMember(FortRequest request)
+    {
+        return adminMgrImpl.deleteSsdRoleMember(request);
+    }
+
+    /**
+     * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.SSD_DELETE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteSsdSet(FortRequest request)
+    {
+        return adminMgrImpl.deleteSsdSet(request);
+    }
+
+    /**
+     * This command sets the cardinality associated with a given SSD role set.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The SSD role set exists.
+     * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
+     * <li> The SSD constraint is satisfied after setting the new cardinality.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.SSD_CARD_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse setSsdSetCardinality(FortRequest request)
+    {
+        return adminMgrImpl.setSsdSetCardinality(request);
+    }
+
+    /**
+     * This command creates a named DSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the DSD set is not already in use.
+     * <li> All the roles in the DSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+     * <li> The DSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.DSD_ADD + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse createDsdSet(FortRequest request)
+    {
+        return adminMgrImpl.createDsdSet(request);
+    }
+
+    /**
+     * This command updates existing DSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the DSD set exists in directory.
+     * <li> All the roles in the DSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+     * <li> The DSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.DSD_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse updateDsdSet(FortRequest request)
+    {
+        return adminMgrImpl.updateDsdSet(request);
+    }
+
+    /**
+     * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The DSD role set exists.
+     * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
+     * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.DSD_ADD_MEMBER + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse addDsdRoleMember(FortRequest request)
+    {
+        return adminMgrImpl.addDsdRoleMember(request);
+    }
+
+    /**
+     * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The DSD role set exists.
+     * <li> The role to be removed is a member of the DSD role set.
+     * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
+     * </ul>
+     * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.DSD_DEL_MEMBER + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteDsdRoleMember(FortRequest request)
+    {
+        return adminMgrImpl.deleteDsdRoleMember(request);
+    }
+
+    /**
+     * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.DSD_DELETE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse deleteDsdSet(FortRequest request)
+    {
+        return adminMgrImpl.deleteDsdSet(request);
+    }
+
+    /**
+     * This command sets the cardinality associated with a given DSD role set.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The DSD role set exists.
+     * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
+     * <li> The DSD constraint is satisfied after setting the new cardinality.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    @POST
+    @Path("/" + HttpIds.DSD_CARD_UPDATE + "/")
+    @RolesAllowed({SUPER_USER, ADMIN_MGR_USER})
+    @Override
+    public FortResponse setDsdSetCardinality(FortRequest request)
+    {
+        return adminMgrImpl.setDsdSetCardinality(request);
+    }
+
+    /**
+     * ************************************************************************************************************************************
+     * BEGIN REVIEWMGR
+     * **************************************************************************************************************************************
+     */
+
+    /**
+     * This method returns a matching permission entity to caller.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission}
+     */
+    @POST
+    @Path("/" + HttpIds.PERM_READ + "/")
+    @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+    @Override
+    public FortResponse readPermission(FortRequest request)
+    {
+        return reviewMgrImpl.readPermission(request);
+    }
+
+    /**
+     * Method reads permission object from perm container in directory.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of existing object being targeted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj}
+     */
+    @POST
+    @Path("/" + HttpIds.OBJ_READ + "/")
+    @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+    @Override
+    public FortResponse readPermObj(FortRequest request)
+    {
+        return reviewMgrImpl.readPermObj(request);
+    }
+
+    /**
+     * Method returns a list of type Permission that match the perm object search string.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains one or more characters of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Permission}
+     */
+    @POST
+    @Path("/" + HttpIds.PERM_SEARCH + "/")
+    @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+    @Override
+    public FortResponse findPermissions(FortRequest request)
+    {
+        return reviewMgrImpl.findPermissions(request);
+    }
+
+    /**
+     * Method returns a list of type Permission that match the perm object search string.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains one or more characters of existing object being targeted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.PermObj}
+     */
+    @POST
+    @Path("/" + HttpIds.OBJ_SEARCH + "/")
+    @RolesAllowed({SUPER_USER, REVIEW_MGR_USER})
+    @Override
+    public FortResponse findPermObjs(FortRequest request)
+    {
+        return reviewMgrImpl.findPermObjs(request);
+    }
+
+    /**
+     * Method reads Role entity from the role container in directory.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required p

<TRUNCATED>

Mime
View raw message