directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [49/75] [abbrv] [partial] directory-fortress-core git commit: FC-109 - rename rbac package to impl
Date Tue, 09 Jun 2015 03:15:55 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/GroupMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GroupMgr.java b/src/main/java/org/apache/directory/fortress/core/GroupMgr.java
new file mode 100755
index 0000000..4ae3065
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/GroupMgr.java
@@ -0,0 +1,145 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+
+import org.apache.directory.fortress.core.model.Group;
+import org.apache.directory.fortress.core.model.User;
+
+import java.util.List;
+
+
+/**
+ * This interface prescribes CRUD methods used to manage groups stored within the ldap directory.
+ * <p/>
+ * This class is thread safe.
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface GroupMgr extends Manageable
+{
+    /**
+     * Create a new group node.,
+     *
+     * @param group contains {@link org.apache.directory.fortress.core.model.Group}.
+     * @return {@link org.apache.directory.fortress.core.model.Group} containing entity just added.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    Group add( Group group ) throws org.apache.directory.fortress.core.SecurityException;
+
+
+    /**
+     * Modify existing group node.  The name is required.  Does not update members or properties.
+     * Use {@link GroupMgr#add( Group group, String key, String value )}, {@link GroupMgr#delete( Group group, String key, String value )},
+     * {@link GroupMgr#assign( Group group, String member) }, or {@link GroupMgr#deassign( Group group, String member) } for multi-occurring attributes.
+     *
+     * @param group contains {@link Group}.
+     * @return {@link Group} containing entity just modified.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    Group update( Group group ) throws SecurityException;
+
+
+    /**
+     * Delete existing group node.  The name is required.
+     *
+     * @param group contains {@link Group}.
+     * @return {@link Group} containing entity just removed.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    Group delete( Group group ) throws SecurityException;
+
+
+    /**
+     * Add a property to an existing group node. Must have a name and at least one member.
+     *
+     * @param group contains {@link Group}.
+     * @param key contains the property key.
+     * @param value contains contains the property value.
+     * @return {@link Group} containing entity just modified.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    Group add( Group group, String key, String value ) throws SecurityException;
+
+
+    /**
+     * Delete existing group node.  The name is required.
+     *
+     * @param group contains {@link Group}.
+     * @param key contains the property key.
+     * @param value contains contains the property value.
+     * @return {@link Group} containing entity just modified.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    Group delete( Group group, String key, String value ) throws SecurityException;
+
+
+    /**
+     * Read an existing group node.  The name is required.
+     *
+     * @param group contains {@link Group} with name field set with an existing group name.
+     * @return {@link Group} containing entity found.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    Group read( Group group ) throws SecurityException;
+
+
+    /**
+     * Search using a full or partial group node.  The name is required.
+     *
+     * @param group contains {@link Group}.
+     * @return List of type {@link Group} containing entities found.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    List<Group> find( Group group ) throws SecurityException;
+
+
+    /**
+     * Search for groups by userId.  Member (maps to userId) and is required.
+     *
+     * @param user contains userId that maps to Group member attribute.
+     * @return {@link Group} containing entity just added.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
+     */
+    List<Group> find( User user ) throws SecurityException;
+
+
+    /**
+     * Assign a user to an existing group node.  The group name and member are required.
+     *
+     * @param group contains {@link Group}.
+     * @param member is the relative distinguished name (rdn) of an existing user in ldap.
+     * @return {@link Group} containing entity to assign.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event entry already present or other system error.
+     */
+    Group assign( Group group, String member ) throws SecurityException;
+
+
+    /**
+     * Deassign a member from an existing group node. The group name and member are required.
+     *
+     * @param group contains {@link Group}.
+     * @param member is the relative distinguished name (rdn) of an existing user in ldap.
+     * @return {@link Group} containing entity to deassign
+     * @throws org.apache.directory.fortress.core.SecurityException in the event entry already present or other system error.
+     */
+    Group deassign( Group group, String member ) throws SecurityException;
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/GroupMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GroupMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/GroupMgrFactory.java
new file mode 100755
index 0000000..130ee7a
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/GroupMgrFactory.java
@@ -0,0 +1,117 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core;
+
+import org.apache.directory.api.util.Strings;
+import org.apache.directory.fortress.core.impl.GroupMgrImpl;
+import org.apache.directory.fortress.core.util.Config;
+import org.apache.directory.fortress.core.util.ClassUtil;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.VUtil;
+
+/**
+ * Creates an instance of the ConfigMgr object.
+ * <p/>
+ * The default implementation class is specified as {@link org.apache.directory.fortress.core.impl.GroupMgrImpl} but can be overridden by
+ * adding the {@link org.apache.directory.fortress.core.GlobalIds#GROUP_IMPLEMENTATION} config property.
+ * <p/>
+
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public final class GroupMgrFactory
+{
+    private static String groupClassName = Config.getProperty( GlobalIds.GROUP_IMPLEMENTATION );
+    private static final String CLS_NM = GroupMgrFactory.class.getName();
+    private static final String CREATE_INSTANCE_METHOD = CLS_NM + ".createInstance";
+
+    /**
+     * Prevent instantiation.
+     */
+    private GroupMgrFactory()
+    {
+    }
+
+    /**
+     * Create and return a reference to {@link org.apache.directory.fortress.core.GroupMgr} object using HOME context.
+     *
+     * @return instance of {@link org.apache.directory.fortress.core.AdminMgr}.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event of failure during instantiation.
+     */
+    public static GroupMgr createInstance()
+        throws SecurityException
+    {
+        return createInstance( GlobalIds.HOME );
+    }
+
+    /**
+     * Create and return a reference to {@link GroupMgr} object.
+     *
+     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+     * @return instance of {@link GroupMgr}.
+     * @throws org.apache.directory.fortress.core.SecurityException in the event of failure during instantiation.
+     */
+    public static GroupMgr createInstance(String contextId)
+        throws SecurityException
+    {
+        VUtil.assertNotNull( contextId, GlobalErrIds.CONTEXT_NULL, CREATE_INSTANCE_METHOD );
+        
+        if ( Strings.isEmpty( groupClassName ) )
+        {
+            groupClassName = GroupMgrImpl.class.getName();
+        }
+
+        GroupMgr groupMgr = (GroupMgr) ClassUtil.createInstance(groupClassName);
+        groupMgr.setContextId(contextId);
+        
+        return groupMgr;
+    }
+
+
+    /**
+     * Create and return a reference to {@link GroupMgr} object using HOME context.
+     *
+     * @param adminSess contains a valid Fortress A/RBAC Session object.
+     * @return instance of {@link org.apache.directory.fortress.core.AdminMgr}.
+     * @throws SecurityException in the event of failure during instantiation.
+     */
+    public static GroupMgr createInstance(Session adminSess)
+        throws SecurityException
+    {
+        return createInstance( GlobalIds.HOME, adminSess );
+    }
+
+    /**
+     * Create and return a reference to {@link GroupMgr} object.
+     *
+     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+     * @param adminSess contains a valid Fortress A/RBAC Session object.
+     * @return instance of {@link org.apache.directory.fortress.core.AdminMgr}.
+     * @throws SecurityException in the event of failure during instantiation.
+     */
+    public static GroupMgr createInstance(String contextId, Session adminSess)
+        throws SecurityException
+    {
+        GroupMgr groupMgr = createInstance(contextId);
+        groupMgr.setAdmin(adminSess);
+        
+        return groupMgr;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
index dde1cb5..8fe75e2 100755
--- a/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
+++ b/src/main/java/org/apache/directory/fortress/core/PwPolicyMgrFactory.java
@@ -22,7 +22,7 @@ package org.apache.directory.fortress.core;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.fortress.core.util.Config;
 import org.apache.directory.fortress.core.util.ClassUtil;
-import org.apache.directory.fortress.core.rbac.PwPolicyMgrImpl;
+import org.apache.directory.fortress.core.impl.PwPolicyMgrImpl;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.rest.PwPolicyMgrRestImpl;
 import org.apache.directory.fortress.core.model.VUtil;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
index 478691f..48ea30b 100755
--- a/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgr.java
@@ -262,7 +262,7 @@ public interface ReviewMgr extends Manageable
      * This function returns the set of users assigned to a given role. The function is valid if and
      * only if the role is a member of the ROLES data set.
      * The max number of users returned is constrained by limit argument.
-     * This method is used by the Websphere realm component.  This method does NOT use hierarchical rbac.
+     * This method is used by the Websphere realm component.  This method does NOT use hierarchical impl.
      * <h4>required parameters</h4>
      * <ul>
      * <li>{@link Role#name} - contains the name to use for the Role targeted for search.</li>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
index 7c1ba02..436b68c 100755
--- a/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
+++ b/src/main/java/org/apache/directory/fortress/core/ReviewMgrFactory.java
@@ -22,7 +22,7 @@ package org.apache.directory.fortress.core;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.fortress.core.util.Config;
 import org.apache.directory.fortress.core.util.ClassUtil;
-import org.apache.directory.fortress.core.rbac.ReviewMgrImpl;
+import org.apache.directory.fortress.core.impl.ReviewMgrImpl;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.rest.ReviewMgrRestImpl;
 import org.apache.directory.fortress.core.model.VUtil;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ant/Addgroup.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/Addgroup.java b/src/main/java/org/apache/directory/fortress/core/ant/Addgroup.java
index 89adb97..af4e35e 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/Addgroup.java
+++ b/src/main/java/org/apache/directory/fortress/core/ant/Addgroup.java
@@ -26,7 +26,7 @@ import java.util.List;
 
 /**
  * The class is used by {@link FortressAntTask} to load {@link Group}s used to drive
- * {@link org.apache.directory.fortress.core.ldap.group.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
+ * {@link org.apache.directory.fortress.core.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
  * It is not intended to be callable by programs outside of the Ant load utility.  The class name itself maps to the
  * xml tag used by load utility.
  * <p>This class name, 'Addgroup', is used for the xml tag in the load script.</p>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ant/Addgroupmember.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/Addgroupmember.java b/src/main/java/org/apache/directory/fortress/core/ant/Addgroupmember.java
index eb2a934..fa915f4 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/Addgroupmember.java
+++ b/src/main/java/org/apache/directory/fortress/core/ant/Addgroupmember.java
@@ -26,7 +26,7 @@ import java.util.List;
 
 /**
  * The class is used by {@link FortressAntTask} to load {@link Group}s used to drive
- * {@link org.apache.directory.fortress.core.ldap.group.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
+ * {@link org.apache.directory.fortress.core.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
  * It is not intended to be callable by programs outside of the Ant load utility.  The class name itself maps to the
  * xml tag used by load utility.
  * <p>This class name, 'Addgroup', is used for the xml tag in the load script.</p>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ant/Addgroupproperty.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/Addgroupproperty.java b/src/main/java/org/apache/directory/fortress/core/ant/Addgroupproperty.java
index 3d8a313..f052c50 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/Addgroupproperty.java
+++ b/src/main/java/org/apache/directory/fortress/core/ant/Addgroupproperty.java
@@ -26,7 +26,7 @@ import java.util.List;
 
 /**
  * The class is used by {@link org.apache.directory.fortress.core.ant.FortressAntTask} to load {@link Group}s used to drive
- * {@link org.apache.directory.fortress.core.ldap.group.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
+ * {@link org.apache.directory.fortress.core.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
  * It is not intended to be callable by programs outside of the Ant load utility.  The class name itself maps to the
  * xml tag used by load utility.
  * <p>This class name, 'Addgroup', is used for the xml tag in the load script.</p>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ant/Delgroup.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/Delgroup.java b/src/main/java/org/apache/directory/fortress/core/ant/Delgroup.java
index 79f1d7f..03d4028 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/Delgroup.java
+++ b/src/main/java/org/apache/directory/fortress/core/ant/Delgroup.java
@@ -27,7 +27,7 @@ import java.util.List;
 
 /**
  * The class is used by {@link FortressAntTask} to load {@link Group}s used to drive
- * {@link org.apache.directory.fortress.core.ldap.group.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
+ * {@link org.apache.directory.fortress.core.GroupMgr#add(org.apache.directory.fortress.core.model.Group)}.
  * It is not intended to be callable by programs outside of the Ant load utility.  The class name itself maps to the xml tag used by load utility.
  * <p>This class name, 'Delgroup', is used for the xml tag in the load script.</p>
  * <pre>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java b/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
index 48c65db..6f34f6d 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
+++ b/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
@@ -34,8 +34,8 @@ import org.apache.tools.ant.input.InputHandler;
 import org.apache.tools.ant.input.InputRequest;
 import org.apache.directory.fortress.core.util.Config;
 import org.apache.directory.fortress.core.model.Group;
-import org.apache.directory.fortress.core.ldap.group.GroupMgr;
-import org.apache.directory.fortress.core.ldap.group.GroupMgrFactory;
+import org.apache.directory.fortress.core.GroupMgr;
+import org.apache.directory.fortress.core.GroupMgrFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -71,7 +71,6 @@ import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserAdminRole;
 import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.Testable;
-import org.apache.directory.fortress.core.model.VUtil;
 
 
 /**
@@ -860,7 +859,7 @@ public class FortressAntTask extends Task implements InputHandler
                 String testClassName = Config.getProperty( getTaskName() );
                 if ( !StringUtils.isNotEmpty( testClassName ) )
                 {
-                    testClassName = "org.apache.directory.fortress.core.rbac.FortressAntLoadTest";
+                    testClassName = "org.apache.directory.fortress.core.impl.FortressAntLoadTest";
                 }
                 // Use reflexion to avoid core dependency on test classes located under FORTRESS_HOME/src/main/test
                 Testable tester = ( Testable ) ClassUtil.createInstance( testClassName );

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigDAO.java b/src/main/java/org/apache/directory/fortress/core/cfg/ConfigDAO.java
deleted file mode 100755
index adb3dfd..0000000
--- a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigDAO.java
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.cfg;
-
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException;
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
-import org.apache.directory.fortress.core.CreateException;
-import org.apache.directory.fortress.core.util.Config;
-import org.apache.directory.fortress.core.util.ObjUtil;
-import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.FinderException;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.RemoveException;
-import org.apache.directory.fortress.core.UpdateException;
-import org.apache.directory.fortress.core.util.attr.AttrHelper;
-import org.apache.directory.fortress.core.model.VUtil;
-
-
-/**
- * This class provides data access for the standard ldap object device that has been extended to support name/value pairs.
- * Fortress uses this data structure to store its remote cfg parameters.
- * <p/>
- * The Fortress Config node is a combination of:
- * <p/>
- * 'device' Structural Object Class is used to store basic attributes like cn which will be used for config node name.
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass ( 2.5.6.14 NAME 'device'</code>
- * <li> <code>DESC 'RFC2256: a device''</code>
- * <li> <code>SUP top STRUCTURAL</code>
- * <li> <code>MUST cn</code>
- * <li> <code>MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <p/>
- * 'ftProperties' AUXILIARY Object Class is used to store name/value pairs on target node.<br />
- * <code>This aux object class can be used to store custom attributes.</code><br />
- * <code>The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.2</code>
- * <li> <code>NAME 'ftProperties'</code>
- * <li> <code>DESC 'Fortress Properties AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY ( ftProps ) ) </code>
- * <li>  ------------------------------------------
- * </ul>
- * <p/>
- * <p/>
- * This class is thread safe.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-final class ConfigDAO extends ApacheDsDataProvider
-
-{
-    private static final String CLS_NM = ConfigDAO.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    private static final String CONFIG_ROOT_PARAM = "config.root";
-    private static final String CONFIG_ROOT_DN = Config.getProperty( CONFIG_ROOT_PARAM );
-
-    private static final String CONFIG_OBJ_CLASS[] =
-        {
-            SchemaConstants.DEVICE_OC, GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME
-    };
-
-    private static final String[] CONFIG_ATRS =
-        {
-            SchemaConstants.CN_AT, GlobalIds.PROPS
-    };
-
-
-    /**
-     * Package private default constructor.
-     */
-    ConfigDAO()
-    {
-    }
-
-
-    /**
-     * @param name
-     * @param props
-     * @return
-     * @throws org.apache.directory.fortress.core.CreateException
-     */
-    Properties create( String name, Properties props )
-        throws CreateException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( name );
-        LOG.info( "create dn [{}]", dn );
-        try
-        {
-            Entry myEntry = new DefaultEntry( dn );
-            myEntry.add( SchemaConstants.OBJECT_CLASS_AT, CONFIG_OBJ_CLASS );
-            ld = getAdminConnection();
-            myEntry.add( SchemaConstants.CN_AT, name );
-            loadProperties( props, myEntry, GlobalIds.PROPS );
-            add( ld, myEntry );
-        }
-        catch ( LdapEntryAlreadyExistsException e )
-        {
-            String warning = "create config dn [" + dn + "] caught LdapEntryAlreadyExistsException="
-                + e.getMessage() + " msg=" + e.getMessage();
-            throw new CreateException( GlobalErrIds.FT_CONFIG_ALREADY_EXISTS, warning, e );
-        }
-        catch ( LdapException e )
-        {
-            String error;
-            error = "create config dn [" + dn + "] caught LDAPException=" + e.getMessage();
-            LOG.error( error, e );
-            throw new CreateException( GlobalErrIds.FT_CONFIG_CREATE_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-        return props;
-    }
-
-
-    /**
-     * @param name
-     * @param props
-     * @return
-     * @throws org.apache.directory.fortress.core.UpdateException
-     */
-    Properties update( String name, Properties props )
-        throws UpdateException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( name );
-        LOG.info( "update dn [{}]", dn );
-        try
-        {
-            List<Modification> mods = new ArrayList<Modification>();
-            if ( ObjUtil.isNotNullOrEmpty( props ) )
-            {
-                loadProperties( props, mods, GlobalIds.PROPS, true );
-            }
-            ld = getAdminConnection();
-            if ( mods.size() > 0 )
-            {
-                ld = getAdminConnection();
-                modify( ld, dn, mods );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "update dn [" + dn + "] caught LDAPException=" + e.getMessage();
-            throw new UpdateException( GlobalErrIds.FT_CONFIG_UPDATE_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-        return props;
-    }
-
-
-    /**
-     * @param name
-     * @throws org.apache.directory.fortress.core.RemoveException
-     */
-    void remove( String name )
-        throws RemoveException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( name );
-        LOG.info( "remove dn [{}]", dn );
-        try
-        {
-            ld = getAdminConnection();
-            delete( ld, dn );
-        }
-        catch ( LdapException e )
-        {
-            String error = "remove dn [" + dn + "] LDAPException=" + e.getMessage();
-            throw new RemoveException( GlobalErrIds.FT_CONFIG_DELETE_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-    }
-
-
-    /**
-     * @param name
-     * @param props
-     * @return
-     * @throws org.apache.directory.fortress.core.UpdateException
-     */
-    Properties remove( String name, Properties props )
-        throws UpdateException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( name );
-        LOG.info( "remove props dn [{}]", dn );
-        try
-        {
-            List<Modification> mods = new ArrayList<Modification>();
-            if ( ObjUtil.isNotNullOrEmpty( props ) )
-            {
-                removeProperties( props, mods, GlobalIds.PROPS );
-            }
-            if ( mods.size() > 0 )
-            {
-                ld = getAdminConnection();
-                modify( ld, dn, mods );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "remove props dn [" + dn + "] caught LDAPException=" + e.getMessage();
-            throw new UpdateException( GlobalErrIds.FT_CONFIG_DELETE_PROPS_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-        return props;
-    }
-
-
-    /**
-     * @param name
-     * @return
-     * @throws org.apache.directory.fortress.core.FinderException
-     */
-    Properties getConfig( String name )
-        throws FinderException
-    {
-        Properties props = null;
-        LdapConnection ld = null;
-        String dn = getDn( name );
-        LOG.info( "getConfig dn [{}]", dn );
-        try
-        {
-            ld = getAdminConnection();
-            Entry findEntry = read( ld, dn, CONFIG_ATRS );
-            props = AttrHelper.getProperties( getAttributes( findEntry, GlobalIds.PROPS ) );
-        }
-        catch ( LdapNoSuchObjectException e )
-        {
-            String warning = "getConfig COULD NOT FIND ENTRY for dn [" + dn + "]";
-            throw new FinderException( GlobalErrIds.USER_NOT_FOUND, warning, e );
-        }
-        catch ( LdapException e )
-        {
-            String error = "getConfig dn [" + dn + "] caught LdapException=" + e.getMessage();
-            throw new FinderException( GlobalErrIds.FT_CONFIG_READ_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-        return props;
-    }
-
-
-    /**
-     *
-     * @param name
-     * @return
-     */
-    private String getDn( String name )
-    {
-        return SchemaConstants.CN_AT + "=" + name + "," + CONFIG_ROOT_DN;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/cfg/ConfigMgrImpl.java
deleted file mode 100755
index 4492be5..0000000
--- a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigMgrImpl.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.cfg;
-
-import org.apache.directory.fortress.core.ConfigMgr;
-import org.apache.directory.fortress.core.SecurityException;
-
-import java.util.Properties;
-
-
-/**
- * This Manager impl supplies CRUD methods used to manage properties stored within the ldap directory.
- * The Fortress config nodes are used to remotely share Fortress client specific properties between processes.
- * Fortress places no limits on the number of unique configurations that can be present at one time in the directory.
- * The Fortress client will specify the preferred cfg node by name via a property named, {@link org.apache.directory.fortress.core.GlobalIds#CONFIG_REALM}.
- * Each process using Fortress client is free to share an existing node with other processes or create its own unique config
- * instance using the methods within this class.<BR>
- * <p/>
- * This class is thread safe.
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class ConfigMgrImpl implements ConfigMgr
-{
-    private static final ConfigP cfgP = new ConfigP();
-
-    /**
-     * Create a new cfg node with given name and properties.  The name is required.  If node already exists,
-     * a {@link org.apache.directory.fortress.core.SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_ALREADY_EXISTS} will be thrown.
-     *
-     * @param name    attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @param inProps contains {@link Properties} with list of name/value pairs to add to existing config node.
-     * @return {@link Properties} containing the collection of name/value pairs just added.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry already present or other system error.
-     */
-    @Override
-    public Properties add(String name, Properties inProps) throws SecurityException
-    {
-        return cfgP.add(name, inProps);
-    }
-
-
-    /**
-     * Update existing cfg node with additional properties, or, replace existing properties.  The name is required.  If node does not exist,
-     * a {@link org.apache.directory.fortress.core.SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name    attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @param inProps contains {@link Properties} with list of name/value pairs to add or update from existing config node.
-     * @return {@link Properties} containing the collection of name/value pairs to be added to existing node.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry not present or other system error.
-     */
-    @Override
-    public Properties update(String name, Properties inProps) throws SecurityException
-    {
-        return cfgP.update(name, inProps);
-    }
-
-    /**
-     * Removes named cfg node from the directory.  The name is required.  If node does not exist,
-     * a {@link org.apache.directory.fortress.core.SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name is required and maps to 'cn' attribute on 'device' object class of node targeted for operation.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event of system error.
-     */
-    @Override
-    public void delete(String name) throws SecurityException
-    {
-        cfgP.delete(name);
-    }
-
-    /**
-     * Delete properties from existing cfg node.  The name is required.  If node does not exist,
-     * a {@link org.apache.directory.fortress.core.SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry not present or other system error.
-     */
-    @Override
-    public void delete(String name, Properties inProps) throws SecurityException
-    {
-        cfgP.delete(name, inProps);
-    }
-
-    /**
-     * Read an existing cfg node with given name and return to caller.  The name is required.  If node doesn't exist,
-     * a {@link org.apache.directory.fortress.core.SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @return {@link Properties} containing the collection of name/value pairs just added. Maps to 'ftProps' attribute in 'ftProperties' object class.
-     * @throws SecurityException in the event entry doesn't exist or other system error.
-     */
-    @Override
-    public Properties read(String name) throws SecurityException
-    {
-        return cfgP.read(name);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigP.java b/src/main/java/org/apache/directory/fortress/core/cfg/ConfigP.java
deleted file mode 100755
index 3d03d99..0000000
--- a/src/main/java/org/apache/directory/fortress/core/cfg/ConfigP.java
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.cfg;
-
-
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.model.VUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * Process module for the configurations node used for remotely storing Fortress specific properties.
- * Fortress places no limits on the number of unique configurations that can be present.  The Fortress client will specify
- * the preferred cfg node by name via a property named, {@link org.apache.directory.fortress.core.GlobalIds#CONFIG_REALM}.  Each
- * process using Fortress client is free to share existing node with other processes or create its own unique config
- * instance using the methods within this class.<BR>
- * This class does perform simple data validations to ensure data reasonability and the required fields are present.<BR>
- * The {@link org.apache.directory.fortress.core.ant.FortressAntTask#addConfig()} method calls the {@link #add} from this class during initial base loads.
- * Removal {@link org.apache.directory.fortress.core.ant.FortressAntTask#deleteConfig()} is performed when removal of properties is the aim.<BR>
- * This class will accept {@link Properties}, and forward on to it's corresponding DAO class {@link ConfigDAO} for updating properties stored on behalf of Fortress.
- * <p>
- * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system
- * error internal to DAO object. This class will forward DAO exceptions ({@link org.apache.directory.fortress.core.FinderException},
- * {@link org.apache.directory.fortress.core.CreateException},{@link org.apache.directory.fortress.core.UpdateException},{@link org.apache.directory.fortress.core.RemoveException}),
- *  or {@link org.apache.directory.fortress.core.ValidationException} as {@link org.apache.directory.fortress.core.SecurityException}s with appropriate
- *  error id from {@link org.apache.directory.fortress.core.GlobalErrIds}.
- * <p>
- * This class performs simple data validation on properties to ensure length does not exceed 100 and contents are safe text.
- * <p/>
-
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-final class ConfigP
-{
-    private static final String CLS_NM = ConfigP.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-
-
-    /**
-     * Package private constructor
-     */
-    ConfigP()
-    {
-    }
-
-
-    /**
-     * Create a new cfg node with given name and properties.  The name is required.  If node already exists,
-     * a {@link org.apache.directory.fortress.core.SecurityException} with error {@link GlobalErrIds#FT_CONFIG_ALREADY_EXISTS} will be thrown.
-     *
-     * @param name    attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @param inProps contains {@link Properties} with list of name/value pairs to remove from existing config node.
-     * @return {@link Properties} containing the collection of name/value pairs just added.
-     * @throws SecurityException in the event entry already present or other system error.
-     */
-    Properties add( String name, Properties inProps )
-        throws SecurityException
-    {
-        validate( name, inProps );
-        ConfigDAO cfgDao = new ConfigDAO();
-        return cfgDao.create( name, inProps );
-    }
-
-
-    /**
-     * Update existing cfg node with additional properties, or, replace existing properties.  The name is required.  If node does not exist,
-     * a {@link SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name    attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @param inProps contains {@link Properties} with list of name/value pairs to add or udpate from existing config node.
-     * @return {@link Properties} containing the collection of name/value pairs to be added to existing node.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry not present or other system error.
-     */
-    Properties update( String name, Properties inProps )
-        throws SecurityException
-    {
-        validate( name, inProps );
-        ConfigDAO cfgDao = new ConfigDAO();
-        return cfgDao.update( name, inProps );
-    }
-
-
-    /**
-     * Delete existing cfg node which will remove all properties associated with that node.
-     * The name is required.  If node does not exist, a {@link SecurityException} with error
-     * {@link GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     * <p/>
-     * <font size="2" color="red">
-     * This method is destructive and will remove the cfg node completely from directory.<BR>
-     * Care should be taken during execution to ensure target name is correct and permanent removal of all parameters located
-     * there is intended.  There is no 'undo' for this operation.
-     * </font>
-     * <p/>
-     * @param name attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @return {@link Properties} containing the collection of name/value pairs to be added to existing node.
-     * @throws SecurityException in the event entry not present or other system error.
-     */
-    void delete( String name )
-        throws SecurityException
-    {
-        if ( !StringUtils.isNotEmpty( name ) )
-        {
-            String error = "delete detected null config realm name";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.FT_CONFIG_NAME_NULL, error );
-        }
-        ConfigDAO cfgDao = new ConfigDAO();
-        cfgDao.remove( name );
-    }
-
-
-    /**
-     * Delete existing cfg node with additional properties, or, replace existing properties.  The name is required.  If node does not exist,
-     * a {@link SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry not present or other system error.
-     */
-    void delete( String name, Properties inProps )
-        throws SecurityException
-    {
-        validate( name, inProps );
-        ConfigDAO cfgDao = new ConfigDAO();
-        cfgDao.remove( name, inProps );
-    }
-
-
-    /**
-     * Read an existing cfg node with given name and return to caller.  The name is required.  If node doesn't exist,
-     * a {@link SecurityException} with error {@link org.apache.directory.fortress.core.GlobalErrIds#FT_CONFIG_NOT_FOUND} will be thrown.
-     *
-     * @param name attribute is required and maps to 'cn' attribute in 'device' object class.
-     * @return {@link Properties} containing the collection of name/value pairs just added. Maps to 'ftProps' attribute in 'ftProperties' object class.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry doesn't exist or other system error.
-     */
-    Properties read( String name )
-        throws SecurityException
-    {
-        Properties outProps;
-        ConfigDAO cfgDao = new ConfigDAO();
-        outProps = cfgDao.getConfig( name );
-        return outProps;
-    }
-
-
-    /**
-     * Method will perform simple validations to ensure the integrity of the {@link Properties} entity targeted for insertion
-     * or deletion in directory.
-     *
-     * @param name contains the name of the cfg node.
-     * @param entity contains the name/value properties targeted for operation.
-     * @throws org.apache.directory.fortress.core.ValidationException thrown in the event the validations fail.
-     */
-    private void validate( String name, Properties entity )
-        throws ValidationException
-    {
-        if ( !StringUtils.isNotEmpty( name ) )
-        {
-            String error = "validate detected null config realm name";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.FT_CONFIG_NAME_NULL, error );
-        }
-        if ( name.length() > GlobalIds.OU_LEN )
-        {
-            String error = "validate name [" + name + "] invalid length [" + name.length() + "]";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.FT_CONFIG_NAME_INVLD, error );
-        }
-        if ( entity == null || entity.size() == 0 )
-        {
-            String error = "validate name [" + name + "] config props null";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.FT_CONFIG_PROPS_NULL, error );
-        }
-        VUtil.properties( entity );
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/cfg/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cfg/package.html b/src/main/java/org/apache/directory/fortress/core/cfg/package.html
deleted file mode 100755
index cbe5b06..0000000
--- a/src/main/java/org/apache/directory/fortress/core/cfg/package.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
--->
-<html>
-   <head>
-      <title>Package Documentation for org.apache.directory.fortress.config</title>
-   </head>
-   <body>
-      <p>
-         This package has CRUD APIs for storing config data on the ldap server.
-      </p>
-      <p>
-         The <b>org.apache.directory.fortress.config</b> can store its data both in a flat file or within the LDAP directory itself.
-          fortress.properties is the location of the bootstrap property file.  The bootstrap properties can then point to a remote LDAP configuration node, called a 'realm', and referenced with this property:
-          <b>config.realm</b>.  An empty or null value for the config.realm property means the properties will all be stored locally in the file specified within oamConfig.xml.
-          The package also contains entities and apis that are used to perform CRUD on remote configuration parameters.
-          See the corresponding javadoc contained with this package for more info.
-      </p>
-   </body>
-</html>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/cli/CommandLineInterpreter.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cli/CommandLineInterpreter.java b/src/main/java/org/apache/directory/fortress/core/cli/CommandLineInterpreter.java
index b8e3e50..079d42b 100755
--- a/src/main/java/org/apache/directory/fortress/core/cli/CommandLineInterpreter.java
+++ b/src/main/java/org/apache/directory/fortress/core/cli/CommandLineInterpreter.java
@@ -35,8 +35,8 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.directory.fortress.core.*;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.model.Group;
-import org.apache.directory.fortress.core.ldap.group.GroupMgr;
-import org.apache.directory.fortress.core.ldap.group.GroupMgrFactory;
+import org.apache.directory.fortress.core.GroupMgr;
+import org.apache.directory.fortress.core.GroupMgrFactory;
 import org.apache.directory.fortress.core.model.Address;
 import org.apache.directory.fortress.core.model.PermObj;
 import org.apache.directory.fortress.core.model.Permission;
@@ -51,7 +51,6 @@ import org.apache.directory.fortress.core.model.AdminRole;
 import org.apache.directory.fortress.core.model.OrgUnit;
 import org.apache.directory.fortress.core.model.UserAdminRole;
 import org.apache.directory.fortress.core.model.Relationship;
-import org.apache.directory.fortress.core.model.VUtil;
 import org.apache.directory.fortress.core.util.time.Constraint;
 
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/impl/AccelMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AccelMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AccelMgrImpl.java
new file mode 100644
index 0000000..8d88eaa
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AccelMgrImpl.java
@@ -0,0 +1,285 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.impl;
+
+
+import java.util.List;
+
+import org.apache.directory.fortress.core.AccelMgr;
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
+import org.apache.directory.fortress.core.model.VUtil;
+
+
+/**
+ * Implementation class that performs runtime access control operations on data objects of type Fortress entities
+ * This class performs runtime access control operations on objects that are provisioned RBAC entities
+ * that reside in LDAP directory.  These APIs map directly to similar named APIs specified by ANSI and NIST
+ * RBAC system functions.
+ * Many of the java doc function descriptions found below were taken directly from ANSI INCITS 359-2004.
+ * The RBAC Functional specification describes administrative operations for the creation
+ * and maintenance of RBAC element sets and relations; administrative review functions for
+ * performing administrative queries; and system functions for creating and managing
+ * RBAC attributes on user sessions and making access control decisions.
+ * <p/>
+ * <hr>
+ * <h4>RBAC0 - Core</h4>
+ * Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions.  API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
+ * <p/>
+ * <img src="../doc-files/RbacCore.png">
+ * <hr>
+ * <h4>RBAC1 - General Hierarchical Roles</h4>
+ * Simplifies role engineering tasks using inheritance of one or more parent roles.
+ * <p/>
+ * <img src="../doc-files/RbacHier.png">
+ * <hr>
+ * <h4>RBAC2 - Static Separation of Duty (SSD) Relations</h4>
+ * Enforce mutual membership exclusions across role assignments.  Facilitate dual control policies by restricting which roles may be assigned to users in combination.  SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
+ * <p/>
+ * <img src="../doc-files/RbacSSD.png">
+ * <hr>
+ * <h4>RBAC3 - Dynamic Separation of Duty (DSD) Relations</h4>
+ * Control allowed role combinations to be activated within an RBAC session.  DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
+ * <p/>
+ * <img src="../doc-files/RbacDSD.png">
+ * <hr>
+ * <p/>
+ * This class is NOT thread safe if parent instance variables ({@link #contextId} or {@link #adminSess}) are set.
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class AccelMgrImpl extends Manageable implements AccelMgr
+{
+    private static final String CLS_NM = AccessMgrImpl.class.getName();
+    private static final AcceleratorDAO aDao = new org.apache.directory.fortress.core.impl.AcceleratorDAO();
+
+
+    /**
+     * package private constructor ensures outside classes must use factory: {@link org.apache.directory.fortress.core.AccelMgrFactory}
+     */
+    public AccelMgrImpl()
+    {
+    }
+
+
+    /**
+     * Perform user authentication {@link org.apache.directory.fortress.core.model.User#password} and role activations.<br />
+     * This method must be called once per user prior to calling other methods within this class.
+     * The successful result is {@link org.apache.directory.fortress.core.model.Session} that contains target user's RBAC {@link org.apache.directory.fortress.core.model.User#roles} and Admin role {@link org.apache.directory.fortress.core.model.User#adminRoles}.<br />
+     * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.model.User#pwPolicy}..<br />
+     * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.model.FortEntity}.
+     * <h4> This API will...</h4>
+     * <ul>
+     * <li> authenticate user password if trusted == false.
+     * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">password policy evaluation</a>.
+     * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.model.User#isLocked()}, regardless of trusted flag being set as parm on API.
+     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link org.apache.directory.fortress.core.model.User}, {@link org.apache.directory.fortress.core.model.UserRole} and {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
+     * <li> process selective role activations into User RBAC Session {@link org.apache.directory.fortress.core.model.User#roles}.
+     * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.impl.DSDChecker#validate(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.model.User#roles}.
+     * <li> process selective administrative role activations {@link org.apache.directory.fortress.core.model.User#adminRoles}.
+     * <li> return a {@link org.apache.directory.fortress.core.model.Session} that contains a reference to an object stored on the RBAC server..
+     * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
+     * <li> throw a {@link SecurityException} for system failures.
+     * <li> throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
+     * <li> throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
+     * <li> throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
+     * </ul>
+     * <h4>
+     * The function is valid if and only if:
+     * </h4>
+     * <ul>
+     * <li> the user is a member of the USERS data set
+     * <li> the password is supplied (unless trusted).
+     * <li> the (optional) active role set is a subset of the roles authorized for that user.
+     * </ul>
+     * <h4>
+     * The following attributes may be set when calling this method
+     * </h4>
+     * <ul>
+     * <li> {@link org.apache.directory.fortress.core.model.User#userId} - required
+     * <li> {@link org.apache.directory.fortress.core.model.User#password}
+     * <li> {@link org.apache.directory.fortress.core.model.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session.  Default is all authorized RBAC roles will be activated into this Session.
+     * <li> {@link org.apache.directory.fortress.core.model.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation.  Default is all authorized ARBAC roles will be activated into this Session.
+     * <li> {@link org.apache.directory.fortress.core.model.User#props} collection of name value pairs collected on behalf of User during signon.  For example hostname:myservername or ip:192.168.1.99
+     * </ul>
+     * <h4>
+     * Notes:
+     * </h4>
+     * <ul>
+     * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
+     * <li> role activations will proceed in same order as supplied to User entity setter, see {@link org.apache.directory.fortress.core.model.User#setRole(String)}.
+     * </ul>
+     * </p>
+     *
+     * @param user Contains {@link org.apache.directory.fortress.core.model.User#userId}, {@link org.apache.directory.fortress.core.model.User#password} (optional if {@code isTrusted} is 'true'), optional {@link org.apache.directory.fortress.core.model.User#roles}, optional {@link org.apache.directory.fortress.core.model.User#adminRoles}
+     * @param isTrusted if true password is not required.
+     * @return Session object will contain authentication result code {@link org.apache.directory.fortress.core.model.Session#errorId},
+     * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
+     */
+    @Override
+    public Session createSession( User user, boolean isTrusted )
+        throws SecurityException
+    {
+        String methodName = "createSession";
+        assertContext( CLS_NM, methodName, user, GlobalErrIds.USER_NULL );
+        return aDao.createSession( user );
+    }
+
+
+    /**
+     * This function requests the RBAC server to delete the session from cache.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession method.
+     * @throws SecurityException in the event runtime error occurs with system.
+     */
+    @Override
+    public void deleteSession( Session session )
+        throws SecurityException
+    {
+        String methodName = "deleteSession";
+        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        aDao.deleteSession( session );
+    }
+
+
+    /**
+     * This function returns the active roles associated with a session. The function is valid if
+     * and only if the session is a valid Fortress session.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession method.
+     * @return List<UserRole> containing all roles active in user's session.  This will NOT contain inherited roles.
+     * @throws SecurityException is thrown if session invalid or system. error.
+     */
+    public List<UserRole> sessionRoles(Session session)
+        throws SecurityException
+    {
+        String methodName = "sessionRoles";
+        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        return aDao.sessionRoles( session );
+    }
+
+
+    /**
+     * Perform user impl authorization.  This function returns a Boolean value meaning whether the subject of a given session is
+     * allowed or not to perform a given operation on a given object. The function is valid if and
+     * only if the session is a valid Fortress session, the object is a member of the OBJS data set,
+     * and the operation is a member of the OPS data set. The session's subject has the permission
+     * to perform the operation on that object if and only if that permission is assigned to (at least)
+     * one of the session's active roles. This implementation will verify the roles or userId correspond
+     * to the subject's active roles are registered in the object's access control list.
+     *
+     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, of permission User is trying to access.
+     * @param session This object must be instantiated by calling {@link AccessMgrImpl#createSession} method before passing into the method.  No variables need to be set by client after returned from createSession.
+     * @return True if user has access, false otherwise.
+     * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
+     */
+    @Override
+    public boolean checkAccess( Session session, Permission perm )
+        throws SecurityException
+    {
+        String methodName = "checkAccess";
+        assertContext( CLS_NM, methodName, perm, GlobalErrIds.PERM_NULL );
+        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        VUtil.assertNotNullOrEmpty( perm.getOpName(), GlobalErrIds.PERM_OPERATION_NULL, getFullMethodName( CLS_NM,
+            methodName ) );
+        VUtil.assertNotNullOrEmpty( perm.getObjName(), GlobalErrIds.PERM_OBJECT_NULL, getFullMethodName( CLS_NM,
+            methodName ) );
+        return aDao.checkAccess( session, perm );
+    }
+
+
+    /**
+     * This function returns the permissions of the session, i.e., the permissions assigned
+     * to its authorized roles. The function is valid if and only if the session is a valid Fortress session.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession method.
+     * @return List<Permission> containing permissions (op, obj) active for user's session.
+     * @throws SecurityException in the event runtime error occurs with system.
+     */
+    @Override
+    public List<Permission> sessionPermissions( Session session )
+        throws SecurityException
+    {
+        throw new java.lang.UnsupportedOperationException();
+    }
+
+
+    /**
+     * This function adds a role as an active role of a session whose owner is a given user.
+     * <p>
+     * The function is valid if and only if:
+     * <ul>
+     * <li> the user is a member of the USERS data set
+     * <li> the role is a member of the ROLES data set
+     * <li> the role inclusion does not violate Dynamic Separation of Duty Relationships
+     * <li> the session is a valid Fortress session
+     * <li> the user is authorized to that role
+     * <li> the session is owned by that user.
+     * </ul>
+     * </p>
+     *
+     * @param session object contains the user's returned RBAC session from the createSession method.
+     * @param role object contains the role name, {@link UserRole#name}, to be activated into session.
+     * @throws SecurityException is thrown if user is not allowed to activate or runtime error occurs with system.
+     */
+    @Override
+    public void addActiveRole( Session session, UserRole role )
+        throws SecurityException
+    {
+        String methodName = "addActiveRole";
+        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        assertContext( CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL );
+        VUtil.assertNotNullOrEmpty( role.getUserId(), GlobalErrIds.USER_ID_NULL,
+            getFullMethodName( CLS_NM, methodName ) );
+        VUtil.assertNotNullOrEmpty( role.getName(), GlobalErrIds.ROLE_NM_NULL, getFullMethodName( CLS_NM,
+            methodName ) );
+        aDao.addActiveRole( session, role );
+    }
+
+
+    /**
+     * This function deletes a role from the active role set of a session owned by a given user.
+     * The function is valid if and only if the user is a member of the USERS data set, the
+     * session object contains a valid Fortress session, the session is owned by the user,
+     * and the role is an active role of that session.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession method.
+     * @param role object contains the role name, {@link UserRole#name}, to be deactivated.
+     * @throws SecurityException is thrown if user is not allowed to deactivate or runtime error occurs with system.
+     */
+    @Override
+    public void dropActiveRole( Session session, UserRole role )
+        throws SecurityException
+    {
+        String methodName = "dropActiveRole";
+        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        assertContext( CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL );
+        VUtil.assertNotNullOrEmpty( role.getUserId(), GlobalErrIds.USER_ID_NULL,
+            getFullMethodName( CLS_NM, methodName ) );
+        VUtil.assertNotNullOrEmpty( role.getName(), GlobalErrIds.ROLE_NM_NULL, getFullMethodName( CLS_NM,
+            methodName ) );
+        aDao.dropActiveRole( session, role );
+    }
+}
\ No newline at end of file


Mime
View raw message