Return-Path:
X-Original-To: apmail-directory-commits-archive@www.apache.org
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id E15DB17280
for ;
Tue, 11 Nov 2014 20:16:25 +0000 (UTC)
Received: (qmail 74935 invoked by uid 500); 11 Nov 2014 20:16:25 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 74852 invoked by uid 500); 11 Nov 2014 20:16:25 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 74656 invoked by uid 99); 11 Nov 2014 20:16:25 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
(140.211.11.114)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Nov 2014 20:16:25 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
id 73090A0DFBB; Tue, 11 Nov 2014 20:16:25 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: smckinney@apache.org
To: commits@directory.apache.org
Date: Tue, 11 Nov 2014 20:16:28 -0000
Message-Id: <18babf535227447bbb285102ec94637a@git.apache.org>
In-Reply-To: <61050accc8274bebbbab2bcf7895b573@git.apache.org>
References: <61050accc8274bebbbab2bcf7895b573@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [4/5] directory-fortress-realm git commit: change package structure,
names, license, and pom improvements
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java
new file mode 100644
index 0000000..2f3790a
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java
@@ -0,0 +1,575 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.realm;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.security.Principal;
+import java.util.Set;
+
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.ReviewMgr;
+import org.apache.directory.fortress.core.ReviewMgrFactory;
+import org.apache.directory.fortress.core.AccessMgr;
+import org.apache.directory.fortress.core.AccessMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.rbac.User;
+import org.apache.directory.fortress.core.rbac.Role;
+import org.apache.directory.fortress.core.rbac.Session;
+import org.apache.directory.fortress.realm.tomcat.TcPrincipal;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+import org.apache.directory.fortress.core.util.time.CUtil;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+
+/**
+ * This class is for components that use Websphere and Tomcat Container SPI's to provide
+ * Java EE Security capabilities. These APIs may be called by external programs as needed though the recommended
+ * practice is to use Fortress Core APIs like {@link org.apache.directory.fortress.core.AccessMgr} and {@link org.apache.directory.fortress.core.ReviewMgr}.
+ *
+ * @author Shawn McKinney
+ */
+public class J2eePolicyMgrImpl implements J2eePolicyMgr
+{
+ private static final String CLS_NM = J2eePolicyMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger( CLS_NM );
+ private static AccessMgr accessMgr;
+ private static ReviewMgr reviewMgr;
+ private static final String SESSION = "session";
+ private static int CONTEXT_SERIALIZATION_FAILED = 102;
+
+ static
+ {
+ try
+ {
+ accessMgr = AccessMgrFactory.createInstance( GlobalIds.HOME );
+ reviewMgr = ReviewMgrFactory.createInstance( GlobalIds.HOME );
+ log.info( J2eePolicyMgrImpl.class.getName() + " - Initialized successfully" );
+ }
+ catch ( SecurityException se )
+ {
+ String error = CLS_NM + " caught SecurityException=" + se;
+ log.fatal( error );
+ }
+ }
+
+
+ /**
+ * Perform user authentication and evaluate password policies.
+ *
+ * @param userId Contains the userid of the user signing on.
+ * @param password Contains the user's password.
+ * @return boolean true if succeeds, false otherwise.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ @Override
+ public boolean authenticate( String userId, char[] password ) throws SecurityException
+ {
+ boolean result = false;
+ Session session = accessMgr.authenticate( userId, password );
+ if ( session != null )
+ {
+ result = true;
+ if ( log.isEnabledFor( Level.DEBUG ) )
+ {
+ log.debug( CLS_NM + ".authenticate userId [" + userId + "] successful" );
+ }
+ }
+ else
+ {
+ if ( log.isEnabledFor( Level.DEBUG ) )
+ {
+ log.debug( CLS_NM + ".authenticate userId [" + userId + "] failed" );
+ }
+ }
+
+ return result;
+ }
+
+
+ /**
+ * Perform user authentication {@link org.apache.directory.fortress.core.rbac.User#password} and role activations.
+ * This method must be called once per user prior to calling other methods within this class.
+ * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link
+ * User#roles} and Admin role {@link User#adminRoles}.
+ * In addition to checking user password validity it will apply configured password policy checks {@link org.openldap
+ * .fortress.rbac.User#pwPolicy}..
+ * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+ *
This API will...
+ *
+ *
authenticate user password if trusted == false.
+ *
fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()},
+ * regardless of trusted flag being set as parm on API.
+ *
evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link org.apache.directory.fortress.core.rbac.User},
+ * {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link org.apache.directory.fortress.core.rbac.UserAdminRole} entities.
+ *
process selective role activations into User RBAC Session {@link User#roles}.
+ *
check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session,
+ * org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core
+ * .rbac.User#roles}.
+ *
process selective administrative role activations {@link User#adminRoles}.
+ *
return a {@link org.apache.directory.fortress.core.rbac.Session} containing {@link org.apache.directory.fortress.core.rbac.Session#getUser()},
+ * {@link org.apache.directory.fortress.core.rbac.Session#getRoles()} and {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()} if
+ * everything checks out good.
+ *
throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+ *
throw a {@link SecurityException} for system failures.
+ *
throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+ *
throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+ *
throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+ *
+ *
+ * The function is valid if and only if:
+ *
+ *
+ *
the user is a member of the USERS data set
+ *
the password is supplied (unless trusted).
+ *
the (optional) active role set is a subset of the roles authorized for that user.
+ *
+ *
+ * The following attributes may be set when calling this method
+ *
{@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and
+ * targeted for activation within this session. Default is all authorized RBAC roles will be activated into this
+ * Session.
+ *
{@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and
+ * targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
+ *
{@link User#props} collection of name value pairs collected on behalf of User during signon. For example
+ * hostname:myservername or ip:192.168.1.99
+ *
+ *
+ * Notes:
+ *
+ *
+ *
roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+ *
role activations will proceed in same order as supplied to User entity setter,
+ * see {@link org.apache.directory.fortress.core.rbac.User#setRole(String)}.
+ *
+ *
+ *
+ * @param userId maps to {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * @param password maps to {@link org.apache.directory.fortress.core.rbac.User#password}.
+ * @return TcPrincipal which contains the User's RBAC Session data formatted into a java.security.Principal that
+ * is used by Tomcat runtime.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ @Override
+ public TcPrincipal createSession( String userId, char[] password ) throws SecurityException
+ {
+ User user = new User( userId, password );
+ return createSession( user );
+ }
+
+
+ /**
+ * Perform user authentication {@link User#password} and role activations.
+ * This method must be called once per user prior to calling other methods within this class.
+ * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link User#roles} and Admin role {@link User#adminRoles}.
+ * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.rbac.User#pwPolicy}..
+ * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+ *
This API will...
+ *
+ *
authenticate user password if trusted == false.
+ *
fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()}, regardless of trusted flag being set as parm on API.
+ *
evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link org.apache.directory.fortress.core.rbac.UserAdminRole} entities.
+ *
process selective role activations into User RBAC Session {@link User#roles}.
+ *
check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.rbac.User#roles}.
+ *
process selective administrative role activations {@link User#adminRoles}.
+ *
return a {@link org.apache.directory.fortress.core.rbac.Session} containing {@link org.apache.directory.fortress.core.rbac.Session#getUser()}, {@link org.apache.directory.fortress.core.rbac.Session#getRoles()} and {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()} if everything checks out good.
+ *
throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+ *
throw a {@link SecurityException} for system failures.
+ *
throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+ *
throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+ *
throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+ *
+ *
+ * The function is valid if and only if:
+ *
+ *
+ *
the user is a member of the USERS data set
+ *
the password is supplied (unless trusted).
+ *
the (optional) active role set is a subset of the roles authorized for that user.
+ *
+ *
+ * The following attributes may be set when calling this method
+ *
{@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session. Default is all authorized RBAC roles will be activated into this Session.
+ *
{@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
+ *
{@link User#props} collection of name value pairs collected on behalf of User during signon. For example hostname:myservername or ip:192.168.1.99
+ *
+ *
+ * Notes:
+ *
+ *
+ *
roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+ *
role activations will proceed in same order as supplied to User entity setter, see {@link User#setRole(String)}.
+ *
+ *
+ *
+ * @param userId maps to {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * @param password maps to {@link org.apache.directory.fortress.core.rbac.User#password}.
+ * @param roles constains list of role names to activate.
+ * @return TcPrincipal which contains the User's RBAC Session data formatted into a java.security.Principal that is used by Tomcat runtime.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ public TcPrincipal createSession(String userId, char[] password, List roles)
+ throws SecurityException
+ {
+ User user = new User( userId, password );
+ // Load the passed in role list into list of User requested roles:
+ if(VUtil.isNotNullOrEmpty( roles ))
+ {
+ for(String role : roles)
+ {
+ user.setRole( role );
+ }
+ }
+ return createSession( user );
+ }
+
+
+ /**
+ * Utility function to call Fortress createSession, build the principal on behalf of caller.
+ *
+ * @param user
+ * @return
+ * @throws SecurityException
+ */
+ private TcPrincipal createSession( User user ) throws SecurityException
+ {
+ Session session = accessMgr.createSession( user, false );
+ if ( log.isEnabledFor( Level.DEBUG ) )
+ {
+ log.debug( CLS_NM + ".createSession userId [" + user.getUserId() + "] successful" );
+ }
+ HashMap context = new HashMap();
+ context.put( SESSION, session );
+
+ // now serialize the principal:
+ String ser = serialize( session );
+
+ // Store the serialized principal inside the context hashmap
+ // which allows overriden toString to return it later, from within an application thread.
+ // This facilitates assertion of rbac session from the tomcat realm into the web application session.
+ context.put( TcPrincipal.SERIALIZED, ser );
+ return new TcPrincipal( user.getUserId(), context );
+ }
+
+ /**
+ * Perform user authentication {@link org.apache.directory.fortress.core.rbac.User#password} and role activations.
+ * This method must be called once per user prior to calling other methods within this class.
+ * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link
+ * User#roles} and Admin role {@link User#adminRoles}.
+ * In addition to checking user password validity it will apply configured password policy checks {@link org.openldap
+ * .fortress.rbac.User#pwPolicy}..
+ * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+ *
This API will...
+ *
+ *
authenticate user password if trusted == false.
+ *
fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()},
+ * regardless of trusted flag being set as parm on API.
+ *
evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link org.apache.directory.fortress.core.rbac.User},
+ * {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link org.apache.directory.fortress.core.rbac.UserAdminRole} entities.
+ *
process selective role activations into User RBAC Session {@link User#roles}.
+ *
check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session,
+ * org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core
+ * .rbac.User#roles}.
+ *
process selective administrative role activations {@link User#adminRoles}.
+ *
return a {@link org.apache.directory.fortress.core.rbac.Session} containing {@link org.apache.directory.fortress.core.rbac.Session#getUser()},
+ * {@link org.apache.directory.fortress.core.rbac.Session#getRoles()} and {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()} if
+ * everything checks out good.
+ *
throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+ *
throw a {@link SecurityException} for system failures.
+ *
throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+ *
throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+ *
throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+ *
+ *
+ * The function is valid if and only if:
+ *
+ *
+ *
the user is a member of the USERS data set
+ *
the password is supplied (unless trusted).
+ *
the (optional) active role set is a subset of the roles authorized for that user.
+ *
+ *
+ * The following attributes may be set when calling this method
+ *
{@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and
+ * targeted for activation within this session. Default is all authorized RBAC roles will be activated into this
+ * Session.
+ *
{@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and
+ * targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
+ *
{@link org.apache.directory.fortress.core.rbac.User#props} collection of name value pairs collected on behalf of User during
+ * signon. For example hostname:myservername or ip:192.168.1.99
+ *
+ *
+ * Notes:
+ *
+ *
+ *
roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+ *
role activations will proceed in same order as supplied to User entity setter,
+ * see {@link org.apache.directory.fortress.core.rbac.User#setRole(String)}.
+ *
+ *
+ *
+ * @param user Contains {@link org.apache.directory.fortress.core.rbac.User#userId}, {@link org.apache.directory.fortress.core.rbac.User#password}
+ * (optional if {@code isTrusted} is 'true'), optional {@link org.apache.directory.fortress.core.rbac.User#roles},
+ * optional {@link org.apache.directory.fortress.core.rbac.User#adminRoles}
+ * @param isTrusted if true password is not required.
+ * @return Session object will contain authentication result code {@link org.apache.directory.fortress.core.rbac.Session#errorId},
+ * RBAC role activations {@link org.apache.directory.fortress.core.rbac.Session#getRoles()}, Admin Role activations {@link org.openldap
+ * .fortress.rbac.Session#getAdminRoles()},OpenLDAP pw policy codes {@link org.apache.directory.fortress.core.rbac
+ * .Session#warningId}, {@link org.apache.directory.fortress.core.rbac.Session#expirationSeconds},
+ * {@link org.apache.directory.fortress.core.rbac.Session#graceLogins} and more.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure, security policy violation or DAO error.
+ */
+ @Override
+ public Session createSession( User user, boolean isTrusted ) throws SecurityException
+ {
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( CLS_NM + ".createSession userId [" + user.getUserId() + "] " );
+ }
+ return accessMgr.createSession( user, isTrusted );
+ }
+
+
+ /**
+ * Determine if given Role is contained within User's Tomcat Principal object. This method does not need to hit
+ * the ldap server as the User's activated Roles are loaded into {@link org.apache.directory.fortress.realm.tomcat
+ * .TcPrincipal#setContext(java.util.HashMap)}
+ *
+ * @param principal Contains User's Tomcat RBAC Session data that includes activated Roles.
+ * @param roleName Maps to {@link org.apache.directory.fortress.core.rbac.Role#name}.
+ * @return True if Role is found in TcPrincipal, false otherwise.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * data validation failure or system error..
+ */
+ @Override
+ public boolean hasRole( Principal principal, String roleName ) throws SecurityException
+ {
+ String fullMethodName = CLS_NM + ".hasRole";
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( fullMethodName + " userId [" + principal.getName() + "] role [" + roleName + "]" );
+ }
+
+ // Fail closed
+ boolean result = false;
+
+ // Principal must contain a HashMap that contains a Fortress session object.
+ HashMap context = ( ( TcPrincipal ) principal ).getContext();
+ VUtil.assertNotNull( context, GlobalErrIds.SESS_CTXT_NULL, fullMethodName );
+
+ // This Map must contain a Fortress Session:
+ Session session = context.get( SESSION );
+ VUtil.assertNotNull( session, GlobalErrIds.USER_SESS_NULL, fullMethodName );
+
+ Set authZRoles = accessMgr.authorizedRoles( session );
+ if ( authZRoles != null && authZRoles.size() > 0 )
+ {
+ // Does the set of authorized roles contain a name matched to the one passed in?
+ if ( authZRoles.contains( roleName ) )
+ {
+ // Yes, we have a match.
+ if ( log.isEnabledFor( Level.DEBUG ) )
+ {
+ log.debug( fullMethodName + " userId [" + principal.getName() + "] role [" + roleName + "] " +
+ "successful" );
+ }
+ result = true;
+ }
+ else
+ {
+ if ( log.isEnabledFor( Level.DEBUG ) )
+ {
+ // User is not authorized in their Session..
+ log.debug( fullMethodName + " userId [" + principal.getName() + "] is not authorized role [" +
+ roleName + "]" );
+ }
+ }
+ }
+ else
+ {
+ // User does not have any authorized Roles in their Session..
+ log.info( fullMethodName + " userId [" + principal.getName() + "], role [" + roleName + "], has no authorized roles" );
+ }
+ return result;
+ }
+
+
+ /**
+ * Method reads Role entity from the role container in directory.
+ *
+ * @param roleName maps to {@link org.apache.directory.fortress.core.rbac.Role#name}, to be read.
+ * @return Role entity that corresponds with role name.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * will be thrown if role not found or system error occurs.
+ */
+ @Override
+ public Role readRole( String roleName ) throws SecurityException
+ {
+ return reviewMgr.readRole( new Role( roleName ) );
+ }
+
+
+ /**
+ * Search for Roles assigned to given User.
+ *
+ * @param searchString Maps to {@link org.apache.directory.fortress.core.rbac.User#userId}.
+ * @param limit controls the size of ldap result set returned.
+ * @return List of type String containing the {@link org.apache.directory.fortress.core.rbac.Role#name} of all assigned Roles.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation failure or DAO error.
+ */
+ @Override
+ public List searchRoles( String searchString, int limit ) throws SecurityException
+ {
+ return reviewMgr.findRoles( searchString, limit );
+ }
+
+
+ /**
+ * Method returns matching User entity that is contained within the people container in the directory.
+ *
+ * @param userId maps to {@link org.apache.directory.fortress.core.rbac.User#userId} that matches record in the directory. userId
+ * is globally unique in
+ * people container.
+ * @return entity containing matching user data.
+ * @throws SecurityException if record not found or system error occurs.
+ */
+ @Override
+ public User readUser( String userId ) throws SecurityException
+ {
+ return reviewMgr.readUser( new User( userId ) );
+ }
+
+
+ /**
+ * Return a list of type String of all users in the people container that match the userId field passed in User
+ * entity.
+ * This method is used by the Websphere sentry component. The max number of returned users may be set by the
+ * integer limit arg.
+ *
+ * @param searchString contains all or some leading chars that correspond to users stored in the directory.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing matching userIds.
+ * @throws SecurityException in the event of system error.
+ */
+ @Override
+ public List searchUsers( String searchString, int limit ) throws SecurityException
+ {
+ return reviewMgr.findUsers( new User( searchString ), limit );
+ }
+
+
+ /**
+ * This function returns the set of users assigned to a given role. The function is valid if and
+ * only if the role is a member of the ROLES data set.
+ * The max number of users returned is constrained by limit argument.
+ * This method is used by the Websphere sentry component. This method does NOT use hierarchical rbac.
+ *
+ * @param roleName maps to {@link org.apache.directory.fortress.core.rbac.Role#name} of Role entity assigned to user.
+ * @param limit integer value sets the max returned records.
+ * @return List of type String containing userIds assigned to a particular role.
+ * @throws org.apache.directory.fortress.core.SecurityException
+ * in the event of data validation or system error.
+ */
+ @Override
+ public List assignedUsers( String roleName, int limit ) throws SecurityException
+ {
+ return reviewMgr.assignedUsers( new Role( roleName ), limit );
+ }
+
+
+ /**
+ * This function returns the set of roles authorized for a given user. The function is valid if
+ * and only if the user is a member of the USERS data set.
+ *
+ * @param userId maps to {@link org.apache.directory.fortress.core.rbac.User#userId} matching User entity stored in the directory.
+ * @return Set of type String containing the roles assigned and roles inherited.
+ * @throws SecurityException If user not found or system error occurs.
+ */
+ @Override
+ public List authorizedRoles( String userId ) throws SecurityException
+ {
+ List list = null;
+ // This will check temporal constraints on User and Roles.
+ Session session = createSession( new User( userId ), true );
+ // Get the Set of authorized Roles.
+ Set authZRoleSet = accessMgr.authorizedRoles( session );
+ // If User has authorized roles.
+ if ( authZRoleSet != null && authZRoleSet.size() > 0 )
+ {
+ // Convert the Set into a List before returning:
+ list = new ArrayList( authZRoleSet );
+ }
+ return list;
+ }
+
+ /**
+ * Utility to write any object into a Base64 string. Used by this class to serialize {@link TcPrincipal} object to be returned by its toString method..
+ */
+ private String serialize( Object obj ) throws SecurityException
+ {
+ String szRetVal = null;
+ if( obj != null )
+ {
+ try
+ {
+ ByteArrayOutputStream bo = new ByteArrayOutputStream();
+ ObjectOutputStream so = new ObjectOutputStream( bo );
+ so.writeObject( obj );
+ so.flush();
+ // This encoding induces a bijection between byte[] and String (unlike UTF-8)
+ szRetVal = bo.toString( "ISO-8859-1" );
+ }
+ catch ( IOException ioe )
+ {
+ String error = "serialize caught IOException: " + ioe;
+ throw new SecurityException(CONTEXT_SERIALIZATION_FAILED, error);
+ }
+ }
+ return szRetVal;
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/package.html
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/package.html b/impl/src/main/java/org/apache/directory/fortress/realm/package.html
new file mode 100644
index 0000000..d3ee7a1
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/package.html
@@ -0,0 +1,27 @@
+
+
+
+ Package Documentation for Fortress Sentry
+
+
+
+ This package is the Java Sentry component. The Fortress Java Sentry provides APIs that are used by
+ Java EE applications to perform authentication, authorization and audit within runtime
+ application server environments. The APIs are not called directly by outside client programs rather they
+ are called by the application servers during runtime policy enforcement.
+
+
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java
new file mode 100644
index 0000000..dccf5c0
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java
@@ -0,0 +1,238 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.realm.tomcat;
+
+import org.apache.directory.fortress.realm.util.CpUtil;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.realm.RealmBase;
+
+import java.net.URL;
+import java.security.Principal;
+import java.net.URLClassLoader;
+import java.util.logging.Logger;
+
+import org.apache.directory.fortress.realm.util.ChildFirstUrlClassLoader;
+
+/**
+ * This class extends the Tomcat 7 and beyond RealmBase class and provides Java EE security services within the Tomcat container.
+ * This class is a "proxy" for the {@link org.apache.directory.fortress.realm.tomcat.TcAccessMgrImpl} class which isolates dependencies from the Tomcat
+ * runtime environment by loading the implementation on a URLClassLoader.
+ *
+ * @author Shawn McKinney
+ */
+public class TC7AccessMgrFascade extends RealmBase
+{
+ private static final String CLS_NM = TC7AccessMgrFascade.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+ private static final String REALM_IMPL = "org.apache.directory.fortress.realm.tomcat.TcAccessMgrImpl";
+ private static final String REALM_CLASSPATH = "REALM_CLASSPATH";
+ private static final String JBOSS_AGENT = "jboss";
+ private static String container = "Catalina7";
+ private static String defaultRoles;
+ private String realmClasspath;
+ private TcAccessMgr realm = new TcAccessMgrImpl();
+
+ /**
+ * Gets the info attribute of the TcAccessMgrProxy object
+ *
+ * @return The info value
+ */
+ @Override
+ public String getInfo()
+ {
+ return info;
+ }
+
+
+ /**
+ * Perform user authentication and evaluate password policies.
+ *
+ * @param userId Contains the userid of the user signing on.
+ * @param password Contains the user's password.
+ * @return Principal whic * This method will load the Fortress Tomcat implementation on a URL classloader. Methods on the implementation are
+ * wrapped by methods on this class and are accessed via the {@code realm} instance variable of this class.
+ */
+ @Override
+ public Principal authenticate(String userId, String password)
+ {
+ if(realm == null)
+ {
+ throw new RuntimeException(CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration");
+ }
+ return realm.authenticate(userId, password.toCharArray());
+ }
+
+
+ /**
+ * Determine if given Role is contained within User's Tomcat Principal object. This method does not need to hit
+ * the ldap server as the User's activated Roles are loaded into {@link org.apache.directory.fortress.realm.tomcat.TcPrincipal#setContext(java.util.HashMap)}
+ *
+ * @param principal Contains User's Tomcat RBAC Session data that includes activated Roles.
+ * @param role Maps to {@code org.apache.directory.fortress.core.rbac.Role#name}.
+ * @return True if Role is found in TcPrincipal, false otherwise.
+ */
+ @Override
+ public boolean hasRole(Wrapper wrapper, Principal principal, String role)
+ {
+ if(realm == null)
+ {
+ throw new RuntimeException(CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration");
+ }
+ return realm.hasRole(principal, role);
+ }
+
+ /**
+ * Gets the name attribute of the TcAccessMgrProxy object
+ *
+ * @return The name value
+ */
+ @Override
+ protected String getName()
+ {
+ return (CLS_NM);
+ }
+
+
+ /**
+ * Gets the password attribute of the TcAccessMgrProxy object
+ *
+ * @param username Description of the Parameter
+ * @return The password value
+ */
+ @Override
+ protected String getPassword(String username)
+ {
+ return (null);
+ }
+
+
+ /**
+ * Gets the principal attribute of the TcAccessMgrProxy object
+ *
+ * @param username Description of the Parameter
+ * @return The principal value
+ */
+ @Override
+ protected Principal getPrincipal(String username)
+ {
+ return (null);
+ }
+
+
+ /**
+ * Prepare for the beginning of active use of the public methods of this
+ * component and implement the requirements of
+ * {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
+ *
+ * @throws LifecycleException if this component detects a fatal error
+ * that prevents this component from being used
+ */
+ @Override
+ protected void startInternal() throws LifecycleException
+ {
+ super.startInternal();
+ }
+
+ /**
+ * Gracefully terminate the active use of the public methods of this
+ * component and implement the requirements of
+ * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}.
+ *
+ * @throws LifecycleException if this component detects a fatal error
+ * that needs to be reported
+ */
+ @Override
+ protected void stopInternal() throws LifecycleException
+ {
+
+ // Perform normal superclass finalization
+ super.stopInternal();
+
+ // Release reference to our sentry impl
+ realm = null;
+
+ }
+
+ /**
+ * Gets the containerType attribute of the TcAccessMgrProxy object
+ *
+ * @return The containerType value
+ */
+ public String getContainerType()
+ {
+ return container;
+ }
+
+ /**
+ * Sets the containerType attribute of the TcAccessMgrProxy object
+ *
+ * @param container The new containerType value
+ */
+ public void setContainerType(String container)
+ {
+ log.info(CLS_NM + ".setContainerType <" + container + ">");
+ this.container = container;
+ }
+
+ /**
+ * Gets the realmClasspath attribute of the TcAccessMgrProxy object
+ *
+ * @return The realmClasspath value
+ */
+ public String getRealmClasspath()
+ {
+ log.info(CLS_NM + ".getRealmClasspath <" + realmClasspath + ">");
+ return realmClasspath;
+ }
+
+ /**
+ * Sets the realmClasspath attribute of the TcAccessMgrProxy object
+ *
+ * @param rCpth The new realmClasspath value
+ */
+ public void setRealmClasspath(String rCpth)
+ {
+ log.info(CLS_NM + ".setRealmClasspath <" + rCpth + ">");
+ this.realmClasspath = rCpth;
+ }
+
+ /**
+ * Gets the defaultRoles attribute of the TcAccessMgrProxy object. When set, it will be passed into all subsequent calls to Fortress createSession.
+ *
+ * @return String containing comma delimited list of role names.
+ */
+ public static String getDefaultRoles()
+ {
+ log.info(CLS_NM + ".getDefaultRoles <" + defaultRoles + ">");
+ return defaultRoles;
+ }
+
+ /**
+ * Sets the defaultRoles attribute of the TcAccessMgrProxy object. When set, it will be passed into all subsequent calls to Fortress createSession.
+ *
+ * @param defaultRoles containing comma delimited list of role names.
+ */
+ public static void setDefaultRoles( String defaultRoles )
+ {
+ log.info(CLS_NM + ".setDefaultRoles <" + defaultRoles + ">");
+ TC7AccessMgrFascade.defaultRoles = defaultRoles;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java
new file mode 100644
index 0000000..c0628ec
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.realm.tomcat;
+
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+import org.apache.directory.fortress.realm.J2eePolicyMgr;
+import org.apache.directory.fortress.realm.J2eePolicyMgrFactory;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * This class runs on a URL classloader and provides Fortress runtime security services for the Tomcat container.
+ *
+ * @author Shawn McKinney
+ */
+public class TcAccessMgrImpl implements TcAccessMgr
+{
+ private static final String CLS_NM = TcAccessMgrImpl.class.getName();
+ private static final Logger log = Logger.getLogger(CLS_NM);
+ private static int count = 0;
+ private J2eePolicyMgr j2eeMgr;
+ // If this field gets set, use for all subsequent calls to authenticate:
+ private List defaultRoles;
+
+ /**
+ * Constructor for the TcAccessMgrImpl object
+ */
+ public TcAccessMgrImpl()
+ {
+ try
+ {
+ j2eeMgr = J2eePolicyMgrFactory.createInstance();
+ log.info(CLS_NM + " constructor <" + count++ + ">");
+ }
+ catch (SecurityException se)
+ {
+ String error = CLS_NM + " constructor caught SecurityException=" + se;
+ log.fatal(error);
+ se.printStackTrace();
+ throw new java.lang.RuntimeException(error, se);
+ }
+ }
+
+ /**
+ * Perform user authentication and evaluate password policies.
+ *
+ * @param userId Contains the userid of the user signing on.
+ * @param password Contains the user's password.
+ * @return Principal which contains the Fortress RBAC session data.
+ */
+ public Principal authenticate(String userId, char[] password)
+ {
+ TcPrincipal prin = null;
+ try
+ {
+ // If a 'default.roles' property set in config, user them
+ if( VUtil.isNotNullOrEmpty( defaultRoles ))
+ {
+ prin = j2eeMgr.createSession( userId, password, defaultRoles );
+ if (log.isEnabledFor(Level.DEBUG))
+ {
+ log.debug(CLS_NM + ".authenticate userId [" + userId + "], with default roles [" + defaultRoles + "], successful");
+ }
+ }
+ else
+ {
+ prin = j2eeMgr.createSession(userId, password);
+ if (log.isEnabledFor(Level.DEBUG))
+ {
+ log.debug(CLS_NM + ".authenticate userId [" + userId + "] successful");
+ }
+ }
+ }
+ catch (SecurityException se)
+ {
+ String warning = CLS_NM + ".authenticate userId <" + userId + "> caught SecurityException=" + se;
+ log.warn(warning);
+ }
+ return prin;
+ }
+
+ /**
+ * Determine if given Role is contained within User's Tomcat Principal object. This method does not need to hit
+ * the ldap server as the User's activated Roles are loaded into {@link TcPrincipal#setContext(java.util.HashMap)}
+ *
+ * @param principal Contains User's Tomcat RBAC Session data that includes activated Roles.
+ * @param roleName Maps to {@code org.apache.directory.fortress.core.rbac.Role#name}.
+ * @return True if Role is found in TcPrincipal, false otherwise.
+ */
+ public boolean hasRole(Principal principal, String roleName)
+ {
+ boolean result = false;
+ String userId = principal.getName();
+ try
+ {
+ if (j2eeMgr.hasRole(principal, roleName))
+ {
+ if (log.isEnabledFor(Level.DEBUG))
+ {
+ log.debug(CLS_NM + ".hasRole userId <" + principal.getName() + "> role <" + roleName + "> successful");
+ }
+ result = true;
+ }
+ else
+ {
+ if (log.isEnabledFor(Level.DEBUG))
+ {
+ log.debug(CLS_NM + ".hasRole userId <" + principal.getName() + "> role <" + roleName + "> failed");
+ }
+ }
+ }
+ catch (SecurityException se)
+ {
+ String warning = CLS_NM + ".hasRole userId <" + userId + "> role <" + roleName + "> caught SecurityException=" + se;
+ log.warn(warning);
+ }
+ return result;
+ }
+
+ /**
+ * When the 'defaultRoles' parameter is set on realm proxy config (e.g. in server.xml or context.xml) it will be used to pass into
+ * createSession calls into Fortress. This will scope the roles to be considered for activation to this particular set.
+ *
+ * @param szDefaultRoles contains a String containing comma delimited roles names.
+ */
+ public void setDefaultRoles(String szDefaultRoles)
+ {
+ if( VUtil.isNotNullOrEmpty( szDefaultRoles ))
+ {
+ defaultRoles = Arrays.asList(szDefaultRoles.split("\\s*,\\s*"));
+ log.info( "DEFAULT ROLES: " + defaultRoles );
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java
----------------------------------------------------------------------
diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java
new file mode 100644
index 0000000..0c430c1
--- /dev/null
+++ b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.realm.tomcat;
+
+import org.apache.directory.fortress.core.rbac.Session;
+
+import java.util.HashMap;
+
+/**
+ * Contains the Fortress RBAC session that has been created on behalf of an end user who has
+ * signed onto Tomcat system. The session contains the User's active roles and other security attributes.
+ *
+ * @author Shawn McKinney
+ */
+public class TcPrincipal implements java.security.Principal, java.io.Serializable
+{
+ public static final String SERIALIZED = "SERIALIZED";
+ private HashMap context;
+ private String name;
+
+
+ /**
+ * Constructor for the TcPrincipal object. Accepts a HashMap which
+ * contains the Fortress session.
+ *
+ * @param name contains the userId of User who signed onto Tomcat.
+ * @param context Instantiated HashMap that contains the User's Fortress session data.
+ */
+ public TcPrincipal( String name, HashMap context )
+ {
+ if ( context == null || name == null )
+ {
+ throw new NullPointerException( TcPrincipal.class.getName() + " Null Map passed to constructor" );
+ }
+ this.context = context;
+ this.name = name;
+ }
+
+
+ /**
+ * Return the HashMap to the caller. This HashMap contains the User's Fortress session data.
+ *
+ * @return HashMap reference to security session data.
+ */
+ public final HashMap getContext()
+ {
+ return context;
+ }
+
+
+ /**
+ * Return the userId of the end User who has signed onto Tomcat and is represented by this principal object.
+ *
+ * @return Contains the end userId.
+ */
+ public final String getName()
+ {
+ return name;
+ }
+
+
+ /**
+ * Set a new HashMap reference into this Principal object.
+ *
+ * @param context HashMap reference to security session data.
+ */
+ public final void setContext( HashMap context )
+ {
+ this.context = context;
+ }
+
+
+ /**
+ * This method returns a string containing the serialized instance of this object.
+ *
+ * @return Return this object in serialized format.
+ */
+ public final String toString()
+ {
+ String ser = null;
+ HashMap context = getContext();
+ if ( context != null )
+ {
+ ser = (String)context.get( SERIALIZED );
+ }
+ return ser;
+ }
+
+ /**
+ * Determine if the caller supplied a reference to a security Principal that is equal to the current value.
+ *
+ * @param o Contains reference to the Principal.
+ * @return true if the userId on both Principal objects is equal, false otherwise.
+ */
+ public final boolean equals( Object o )
+ {
+ if ( o == null )
+ {
+ return false;
+ }
+ if ( this == o )
+ {
+ return true;
+ }
+ if ( !( o instanceof TcPrincipal ) )
+ {
+ return false;
+ }
+ TcPrincipal that = ( TcPrincipal ) o;
+
+ if ( this.getName().equals( that.getName() ) )
+ {
+ return true;
+ }
+ return false;
+ }
+
+
+ /**
+ * Compute the hashcode for the current userId asserted into this Principal object.
+ *
+ * @return Description of the Return Value
+ */
+ public final int hashCode()
+ {
+ return name.hashCode();
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index bc145e9..fba7e48 100644
--- a/ivy.xml
+++ b/ivy.xml
@@ -1,21 +1,26 @@
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
-
+
-
+
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 4dad5df..bcd9df3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,49 +1,405 @@
+
-
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+4.0.0
- org.openldap
- sentry
- jar
- Fortress Sentry
- 1.0-RC39
- Sentry is an ANSI RBAC INCITS 359 compliant policy enforcement engine.
- http://www.openldap.org/fortress/
+ org.apache.directory
+ fortress-realm
+ pom
+ Apache Fortress Realm
+ Fortress Realm is an ANSI RBAC INCITS 359 compliant policy enforcement engine.
+ http://directory.apache.org/foress/
+ 1.0-RC40
+
+
+ apache-directory-fortress-realm
+ scpexe://people.apache.org/www/directory.apache.org/api/gen-docs/${project.version}/
+
+
+
+ 1.0.2
+ 0.1
+ 0.1
+ 1.7.5
+ 1.7.5
+ 4.11
+
+
+ 1.0-RC40
+
+
+ 1.0.0
+
+
- OpenLDAP Public License
- http://www.OpenLDAP.org/license.html
- repo
+ Apache License 2.0
+ http://www.apache.org/licenses/LICENSE-2.0
- http://www.openldap.org/software/repo/openldap-fortress-realm.git
- git://git.openldap.org/openldap-fortress-realm.git
+ scm:git:http://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
+ scm:git:https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
+ HEAD
+
+
+ jira
+ https://issues.apache.org/jira/browse/DIRREALM
+
+
+
+ org.sonatype.oss
+ oss-parent
+ 7
+
+
+
+
+ Apache Directory -- Fortress List
+ fortress@directory.apache.org
+ http://mail-archives.apache.org/mod_mbox/directory-fortress/
+
+
+
+ elecharny
+ Emmanuel Lecharny
+ elecharny@@apache.org
+
+ Developer
+
+ Apache Software Foundation
+ +1
+
+ smckinneyShawn McKinney
- smckinney@symas.com
+ smckinney@apache.org
+ -6
+
+
+ impl
+ proxy
+
+
+
+
+ ${project.artifactId}-${version}
+
+
+
+
+ org.apache.maven.plugins
+ maven-release-plugin
+
+ @{project.version}
+
+
+
+
+
+
+
+
+ maven-assembly-plugin
+ 2.4
+
+
+ make-assembly
+ package
+
+ single
+
+
+
+ src/main/assembly/distsrc.xml
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+
+
+ attach-sources
+ verify
+
+ jar-no-fork
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-site-plugin
+
+
+
+ org.apache.maven.wagon
+ wagon-ssh
+ 2.1
+
+
+
+ org.apache.maven.wagon
+ wagon-ssh-external
+ 2.1
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-jxr-plugin
+
+ true
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-report-plugin
+
+ true
+
+
+
+
+ org.apache.maven.plugins
+ maven-project-info-reports-plugin
+
+
+
+ org.codehaus.mojo
+ taglist-maven-plugin
+
+
+ TODO
+ @todo
+ @deprecated
+ FIXME
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+
+ 512m
+ 1g
+ true
+
+
+ todo
+
+ a
+ To do:
+
+
+
+
+
+
+
+ aggregate
+ test-aggregate
+
+
+
+
+
+
+ org.codehaus.mojo
+ versions-maven-plugin
+
+
+
+ dependency-updates-report
+ plugin-updates-report
+ property-updates-report
+
+
+
+
+
+
+ org.apache.rat
+ apache-rat-plugin
+
+
+ false
+
+
+ **/target/**/*
+ **/cobertura.ser
+
+ **/.classpath
+ **/.project
+ **/.settings/**/*
+
+ **/*.iml
+ **/*.ipr
+ **/*.iws
+
+ **/MANIFEST.MF
+
+ distribution/src/main/release/licenses/*
+ src/main/release/licenses/*
+
+ **/dependency-reduced-pom.xml
+
+ **/src/main/resources/schema/**/*.ldif
+ **/src/main/resources/schema-all.ldif
+ **/src/main/resources/schema/**/*.ldif
+ **/src/main/resources/schema-all.ldif
+
+ ldap/src/main/java/org/apache/directory/api/asn1/der/*.java
+ src/main/java/org/apache/directory/api/asn1/der/*.java
+
+
+
+
+
+ org.codehaus.mojo
+ javancss-maven-plugin
+
+
+
+ org.codehaus.mojo
+ jdepend-maven-plugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+ org.apache.directory
+ fortress-core
+ ${fortress-core.version}
+
+
+
+ org.apache.tomcat
+ tomcat-catalina
+ 7.0.22
+
+
+
+
+
+
+
+ findbugs
+ annotations
+ provided
+ 1.0.0
+
+
+
+
+ org.slf4j
+ slf4j-api
+ ${slf4j.api.version}
+
+
+
+
+ org.slf4j
+ slf4j-log4j12
+ test
+ ${slf4j.log4j12.version}
+
+
- org.openldap
- fortress
- 1.0-RC39
+ junit
+ junit
+ test
+ 4.11
-
\ No newline at end of file
+
+
+
+ release-sign-artifacts
+
+ false
+
+ performRelease
+ true
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 1.4
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+
+
+
+
+
+
+
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/proxy/pom.xml
----------------------------------------------------------------------
diff --git a/proxy/pom.xml b/proxy/pom.xml
new file mode 100644
index 0000000..876e755
--- /dev/null
+++ b/proxy/pom.xml
@@ -0,0 +1,78 @@
+
+
+
+ 4.0.0
+
+ org.apache.directory
+ fortress-realm
+ 1.0-RC40
+
+
+ fortress-realm-proxy
+ Apache Fortress Realm Proxy
+ jar
+
+
+ Proxy classes for the Fortress Realm Component.
+
+
+
+
+ org.apache.directory.junit
+ junit-addons
+ test
+ 0.1
+
+
+
+ org.apache.directory.api
+ api-all
+ 1.0.0-M24
+
+
+
+ org.apache.tomcat
+ tomcat-catalina
+ 7.0.22
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+ 3.1
+
+
+ 1.7
+
+
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 2.5
+
+
+
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/cdfe5ba7/proxy/src/main/java/fortress-javadoc.css
----------------------------------------------------------------------
diff --git a/proxy/src/main/java/fortress-javadoc.css b/proxy/src/main/java/fortress-javadoc.css
new file mode 100644
index 0000000..44ace3f
--- /dev/null
+++ b/proxy/src/main/java/fortress-javadoc.css
@@ -0,0 +1,32 @@
+BODY { color: #000000;
+ background-color: #FFFFFF;
+ font-family: sans-serif }
+
+A:link { color: #0101DF;
+ text-decoration: underline }
+
+A:visited { color: #610B38;
+ text-decoration: underline }
+
+A:hover { color: #0B3B0B;
+ text-decoration: underline }
+
+PRE { background-color: #99CC66;
+ margin: 15px 30px;
+ padding: 10px 10px;
+ border: 1px solid #000000 }
+
+# the following will add space between list items:
+#LI { margin: 10px 0px }
+
+TH { background-color: #FFFFFF; color: #003300;
+ font-size: 125%;
+ font-weight: bold }
+
+
+# Classes defined specifically for Javadoc
+.TableHeadingColor { background-color: #D8D8D8 }
+
+.NavBarCell1 { background-color: #99CC66 }
+
+.FrameItemFont { font-size: 90% }