directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [13/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:18 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/Role.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Role.java b/src/main/java/org/apache/directory/fortress/core/model/Role.java
new file mode 100755
index 0000000..fba3152
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/Role.java
@@ -0,0 +1,829 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlTransient;
+import javax.xml.bind.annotation.XmlType;
+
+import org.apache.directory.fortress.core.rbac.Graphable;
+import org.apache.directory.fortress.core.util.time.CUtil;
+import org.apache.directory.fortress.core.util.time.Constraint;
+
+
+/**
+ * All entities ({@link User}, {@link Role}, {@link org.apache.directory.fortress.core.model.Permission},
+ * {@link org.apache.directory.fortress.core.model.PwPolicy} {@link SDSet} etc...) are used to carry data between three Fortress
+ * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
+ * (3) DAO layer where persistence with the OpenLDAP server occurs.
+ * <h4>Fortress Processing Layers</h4>
+ * <ol>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
+ * </ol>
+ * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
+ * provide enough information to uniquely identity the entity target within ldap.<br />
+ * For example, this entity requires {@link #setName} attribute set before passing into {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl} APIs.
+ * Create methods sometimes require more attributes (than Read) due to constraints enforced between entities although only {@link Role#setName} is required for {@link Role}.
+ * <p/>
+ * <h4>Role entity attribute usages include</h4>
+ * <ul>
+ * <li>{@link #setName} attribute must be set before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addRole(Role)}, {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#updateRole(Role)} or  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#deleteRole(Role)}
+ * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} may be set <b>before</b> calling method {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addRole(Role)}.
+ * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} will be <b>returned</b> to caller on methods like {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#readRole(Role)} or {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#findRoles(String)} iff persisted to entity prior to call.
+ * </ul>
+ * <p/>
+ * This entity is used to store the RBAC Role assignments that comprise the many-to-many relationships between {@link User}s and {@link org.apache.directory.fortress.core.model.Permission}s.
+ * <br />The unique key to locate a Role entity (which is subsequently assigned both to Users and Permissions) is 'Role.name'.<br />
+ * <p/>
+ * There is a many-to-many relationship between User's, RBAC Roles and Permissions.
+ * <h3>{@link User}*<->*{@link Role}*<->*{@link org.apache.directory.fortress.core.model.Permission}</h3>
+ * <p/>
+ * <img src="../doc-files/RbacCore.png">
+ * <p/>
+ * Example to create new RBAC Role:
+ * <pre>
+ * try
+ * {
+ *  // Instantiate the AdminMgr first
+ *  AdminMgr adminMgr = AdminMgrFactory.createInstance();
+ *
+ *  Role myRole = new Role("MyRoleName");
+ *  myRole.setDescription("This is a test role");
+ *  adminMgr.addRole(myRole);
+ * }
+ * catch (SecurityException ex)
+ * {
+ *  // log or throw
+ * }</pre>
+ * The above code will persist to LDAP a Role object that can be used as a target for User-Role assignments and Role-Permission grants.
+ * <p/>
+ * <h4>Role Schema</h4>
+ * The Fortress Role entity is a composite of the following other Fortress structural and aux object classes:
+ * <p/>
+ * 1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
+ * <pre>
+ * ------------------------------------------
+ * objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ *  DESC 'RFC2256: an organizational role'
+ *  SUP top STRUCTURAL
+ *  MUST cn
+ *  MAY (
+ *      x121Address $ registeredAddress $ destinationIndicator $
+ *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ *      telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ *      seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ *      postOfficeBox $ postalCode $ postalAddress $
+ *      physicalDeliveryOfficeName $ ou $ st $ l $ description
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 2. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Roles Structural Object Class
+ * objectclass    ( 1.3.6.1.4.1.38088.2.1
+ *  NAME 'ftRls'
+ *  DESC 'Fortress Role Structural Object Class'
+ *  SUP organizationalrole
+ *  STRUCTURAL
+ *  MUST (
+ *      ftId $
+ *      ftRoleName
+ *  )
+ *  MAY (
+ *      description $
+ *      ftCstr $
+ *      ftParents
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.<br />
+ * <code># This aux object class can be used to store custom attributes.</code><br />
+ * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
+ * <pre>
+ * ------------------------------------------
+ * AC2: Fortress Properties Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.2
+ *  NAME 'ftProperties'
+ *  DESC 'Fortress Properties AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftProps
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ *  NAME 'ftMods'
+ *  DESC 'Fortress Modifiers AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftModifier $
+ *      ftModCode $
+ *      ftModId
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortRole")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "role", propOrder =
+    {
+        "name",
+        "id",
+        "description",
+        "parents",
+        "children",
+        "beginDate",
+        "beginLockDate",
+        "beginTime",
+        "dayMask",
+        "endDate",
+        "endLockDate",
+        "endTime",
+        "timeout",
+        "rawData"
+})
+@XmlSeeAlso(
+    {
+        AdminRole.class
+})
+public class Role extends FortEntity implements Constraint, Graphable, java.io.Serializable
+{
+private static final long serialVersionUID = 1L;
+private String id; // this maps to ftId
+private String name; // this is ftRoleName
+private String description; // this is description
+@XmlTransient
+private String dn; // this attribute is automatically saved to each ldap record.
+@XmlTransient
+private List<String> occupants;
+private Set<String> parents;
+private Set<String> children;
+private String beginTime; // this attribute is ftCstr
+private String endTime; // this attribute is ftCstr
+private String beginDate; // this attribute is ftCstr
+private String endDate; // this attribute is ftCstr
+private String beginLockDate;// this attribute is ftCstr
+private String endLockDate; // this attribute is ftCstr
+private String dayMask; // this attribute is ftCstr
+private int timeout; // this attribute is ftCstr
+
+
+/**
+ * Default constructor is used by internal Fortress classes.
+ */
+public Role()
+{
+}
+
+
+/**
+ * Construct a Role entity with a given name.
+ *
+ * @param name maps to 'cn' attribute on 'organizationalrole' object class.
+ */
+public Role( String name )
+{
+    this.name = name;
+}
+
+
+/**
+ * Construct an RBAC Role with a given temporal constraint.
+ *
+ * @param con maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+public Role( Constraint con )
+{
+    CUtil.copy( con, this );
+}
+
+
+/**
+ * Required on DAO classes convert Temporal attributes stored on entity to raw data object format needed for ldap.  For internal use only.
+ *
+ * @return String that maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+public String getRawData()
+{
+    return rawData;
+}
+
+
+/**
+ * Required on DAO classes convert Temporal from raw ldap data to entity attributes.  For internal use only.
+ *
+ * @param rawData maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+public void setRawData( String rawData )
+{
+    this.rawData = rawData;
+}
+
+private String rawData;
+
+
+/**
+ * Gets the name required attribute of the Role object
+ *
+ * @return attribute maps to 'cn' attribute on 'organizationalrole' object class.
+ */
+public String getName()
+{
+    return name;
+}
+
+
+/**
+ * Sets the required name attribute on the Role object
+ *
+ */
+public void setName( String name )
+{
+    this.name = name;
+}
+
+
+/**
+ * Set the occupant attribute with the contents of the User dn.
+ * @param occupant maps to 'roleOccupant' attribute on 'organizationalrole' object class.
+ */
+public void setOccupant( String occupant )
+{
+    if ( this.occupants == null )
+    {
+        this.occupants = new ArrayList<>();
+    }
+    this.occupants.add( occupant );
+}
+
+
+/**
+ * Return list of occupants for a particular Role entity.
+ * @return List of type String containing User dn that maps to 'roleOccupant' attribute on 'organizationalrole' object class.
+ */
+public List<String> getOccupants()
+{
+    return occupants;
+}
+
+
+/**
+ * Set a list of occupants for a particular Role entity.
+ * @param occupants contains a List of type String which maps to 'roleOccupant' attribute on 'organizationalrole' object class.
+ */
+public void setOccupants( List<String> occupants )
+{
+    this.occupants = occupants;
+}
+
+
+/**
+ * Returns optional description that is associated with Role.  This attribute is validated but not constrained by Fortress.
+ *
+ * @return value that is mapped to 'description' in 'organizationalrole' object class.
+ */
+public String getDescription()
+{
+    return this.description;
+}
+
+
+/**
+ * Sets the optional description that is associated with Role.  This attribute is validated but not constrained by Fortress.
+ *
+ * @param description that is mapped to same name in 'organizationalrole' object class.
+ */
+public void setDescription( String description )
+{
+    this.description = description;
+}
+
+
+/**
+ * Return the internal id that is associated with Role.  This attribute is generated automatically
+ * by Fortress when new Role is added to directory and is not known or changeable by external client.
+ *
+ * @return attribute maps to 'ftId' in 'ftRls' object class.
+ */
+public String getId()
+{
+    return id;
+}
+
+
+/**
+ * Generate an internal Id that is associated with Role.  This method is used by DAO class and
+ * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftRls' object class.
+ */
+public void setId()
+{
+    // generate a unique id that will be used as the rDn for this entry:
+    UUID uuid = UUID.randomUUID();
+    this.id = uuid.toString();
+}
+
+
+/**
+ * Set the internal Id that is associated with Role.  This method is used by DAO class and
+ * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
+ * This method can be used by client for search purposes only.
+ *
+ * @param id maps to 'ftId' in 'ftRls' object class.
+ */
+public void setId( String id )
+{
+    this.id = id;
+}
+
+
+/**
+ * temporal boolean flag is used by internal Fortress components.
+ *
+ * @return boolean indicating if temporal constraints are placed on Role.
+ */
+@Override
+public boolean isTemporalSet()
+{
+    return ( beginTime != null || endTime != null || beginDate != null || endDate != null || beginLockDate != null
+        || endLockDate != null || dayMask != null );
+}
+
+
+/**
+ * Contains the begin time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getBeginTime()
+{
+    return this.beginTime;
+}
+
+
+/**
+ * Set the begin time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param beginTime maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setBeginTime( String beginTime )
+{
+    this.beginTime = beginTime;
+}
+
+
+/**
+ * Contains the end time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getEndTime()
+{
+    return this.endTime;
+}
+
+
+/**
+ * Set the end time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param endTime maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setEndTime( String endTime )
+{
+    this.endTime = endTime;
+}
+
+
+/**
+ * Contains the begin date when Role is allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getBeginDate()
+{
+    return this.beginDate;
+}
+
+
+/**
+ * Set the beginDate when Role is allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param beginDate maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setBeginDate( String beginDate )
+{
+    this.beginDate = beginDate;
+}
+
+
+/**
+ * Contains the end date when Role is allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getEndDate()
+{
+    return this.endDate;
+}
+
+
+/**
+ * Set the end date when Role is not allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param endDate maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setEndDate( String endDate )
+{
+    this.endDate = endDate;
+}
+
+
+/**
+ * Contains the begin lock date when Role is temporarily not allowed to be activated in session.  The format is - YYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getBeginLockDate()
+{
+    return this.beginLockDate;
+}
+
+
+/**
+ * Set the begin lock date when Role is temporarily not allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param beginLockDate maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setBeginLockDate( String beginLockDate )
+{
+    this.beginLockDate = beginLockDate;
+}
+
+
+/**
+ * Contains the end lock date when Role is allowed to be activated in session once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getEndLockDate()
+{
+    return this.endLockDate;
+}
+
+
+/**
+ * Set the end lock date when Role is allowed to be activated in session once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param endLockDate maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setEndLockDate( String endLockDate )
+{
+    this.endLockDate = endLockDate;
+}
+
+
+/**
+ * Get the daymask that indicates what days of week Role is allowed to be activated in session.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public String getDayMask()
+{
+    return this.dayMask;
+}
+
+
+/**
+ * Set the daymask that specifies what days of week Role is allowed to be activated in session.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param dayMask maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setDayMask( String dayMask )
+{
+    this.dayMask = dayMask;
+}
+
+
+/**
+ * Return the integer timeout that contains total time (in seconds) that Role may remain inactive in User's session before it is deactivated.
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @return int maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public Integer getTimeout()
+{
+    return this.timeout;
+}
+
+
+/**
+ * Set the integer timeout that contains max time (in seconds) that Role may remain inactive in User's session before it is deactivated.
+ * This attribute is optional but if set will be validated for reasonableness.
+ *
+ * @param timeout maps to 'ftCstr' attribute in 'ftRls' object class.
+ */
+@Override
+public void setTimeout( Integer timeout )
+{
+    this.timeout = timeout;
+}
+
+
+/**
+ * Get the names of roles that are parents (direct ascendants) of this role.
+ * @return Set of parent role names assigned to this role.
+ */
+@Override
+public Set<String> getParents()
+{
+    if ( this.parents == null )
+    {
+        this.parents = new HashSet<>();
+    }
+    return parents;
+}
+
+
+/**
+ * Set the names of roles names that are parents (direct ascendants) of this role.
+ * @param parents contains the Set of parent role names assigned to this role.
+ */
+@Override
+public void setParents( Set<String> parents )
+{
+    this.parents = parents;
+}
+
+
+/**
+ * Set the occupant attribute with the contents of the User dn.
+ * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
+ */
+@Override
+public void setParent( String parent )
+{
+    if ( this.parents == null )
+    {
+        this.parents = new HashSet<>();
+    }
+    this.parents.add( parent );
+}
+
+
+/**
+ * Set the occupant attribute with the contents of the User dn.
+ * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
+ */
+@Override
+public void delParent( String parent )
+{
+    if ( this.parents != null )
+    {
+        this.parents.remove( parent );
+    }
+}
+
+
+/**
+ * Return the Set of child role names (direct descendants) of this role.
+ * @return Set of child role names assigned to this role.
+ */
+public Set<String> getChildren()
+{
+    return children;
+}
+
+
+/**
+ * Set the Set of child role names (direct descendants) of this role
+ * @param children contains the Set of child role names assigned to this role.
+ */
+public void setChildren( Set<String> children )
+{
+    this.children = children;
+}
+
+
+/**
+ * Matches the name from two Role entities.
+ *
+ * @param thatObj contains a Role entity.
+ * @return boolean indicating both objects contain matching Role names.
+ */
+public boolean equals( Object thatObj )
+{
+    if ( this == thatObj )
+    {
+        return true;
+    }
+
+    if ( name == null )
+    {
+        return false;
+    }
+
+    if ( !( thatObj instanceof Role ) )
+    {
+        return false;
+    }
+
+    Role thatRole = ( Role ) thatObj;
+
+    if ( thatRole.getName() == null )
+    {
+        return false;
+    }
+
+    return thatRole.getName().equalsIgnoreCase( name );
+}
+
+
+@Override
+public int hashCode()
+{
+    int result = id != null ? id.hashCode() : 0;
+    result = 31 * result + ( name != null ? name.hashCode() : 0 );
+    result = 31 * result + ( description != null ? description.hashCode() : 0 );
+    result = 31 * result + ( dn != null ? dn.hashCode() : 0 );
+    result = 31 * result + ( occupants != null ? occupants.hashCode() : 0 );
+    result = 31 * result + ( parents != null ? parents.hashCode() : 0 );
+    result = 31 * result + ( children != null ? children.hashCode() : 0 );
+    result = 31 * result + ( beginTime != null ? beginTime.hashCode() : 0 );
+    result = 31 * result + ( endTime != null ? endTime.hashCode() : 0 );
+    result = 31 * result + ( beginDate != null ? beginDate.hashCode() : 0 );
+    result = 31 * result + ( endDate != null ? endDate.hashCode() : 0 );
+    result = 31 * result + ( beginLockDate != null ? beginLockDate.hashCode() : 0 );
+    result = 31 * result + ( endLockDate != null ? endLockDate.hashCode() : 0 );
+    result = 31 * result + ( dayMask != null ? dayMask.hashCode() : 0 );
+    result = 31 * result + timeout;
+    result = 31 * result + ( rawData != null ? rawData.hashCode() : 0 );
+    return result;
+}
+
+
+/**
+ * @see Object#toString()
+ */
+protected String toString( String tabs )
+{
+    StringBuilder sb = new StringBuilder();
+
+    sb.append( tabs ).append( "Role[" );
+
+    // The name
+    sb.append( name ).append( ", " );
+
+    if ( ( description != null ) && ( description.length() > 0 ) )
+    {
+        sb.append( description ).append( ", " );
+    }
+
+    // the date
+    sb.append( "date : <" ).append( beginDate ).append( ", " ).append( endDate ).append( ">, " );
+
+    // The time
+    sb.append( "time : <" ).append( beginTime ).append( ", " ).append( endTime ).append( ">, " );
+
+    // The lock date
+    sb.append( "lock date : <" ).append( beginLockDate ).append( ", " ).append( endLockDate ).append( ">, " );
+
+    // The timeout
+    sb.append( "timeout : " ).append( timeout ).append( ", " );
+
+    // The day mask
+    sb.append( "daymask : " ).append( dayMask );
+
+    // The parents if any
+    if ( ( parents != null ) && ( parents.size() > 0 ) )
+    {
+        sb.append( ", parents : {" );
+
+        boolean isFirst = true;
+
+        for ( String parent : parents )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                sb.append( '|' );
+            }
+
+            sb.append( parent );
+        }
+
+        sb.append( '}' );
+    }
+
+    // The children if any
+    if ( ( children != null ) && ( children.size() > 0 ) )
+    {
+        sb.append( ", children : {" );
+
+        boolean isFirst = true;
+
+        for ( String child : children )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                sb.append( '|' );
+            }
+
+            sb.append( child );
+        }
+
+        sb.append( '}' );
+    }
+
+    sb.append( ']' );
+
+    return sb.toString();
+}
+
+
+/**
+ * @see Object#toString()
+ */
+public String toString()
+{
+    return toString( "" );
+}
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/RolePerm.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/RolePerm.java b/src/main/java/org/apache/directory/fortress/core/model/RolePerm.java
new file mode 100755
index 0000000..0c423ca
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/RolePerm.java
@@ -0,0 +1,89 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+import org.apache.directory.fortress.core.model.FortEntity;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Role;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * This entity is used by en masse to communicate {@link org.apache.directory.fortress.core.model.Role}, {@link Permission} and {@link org.apache.directory.fortress.core.model.Session} information to the server for access control decisions.
+ * <p/>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortRolePerm")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "rolePerm", propOrder = {
+    "role",
+    "perm"
+})
+public class RolePerm extends FortEntity implements Serializable
+{
+    private static final long serialVersionUID = 1L;
+    
+    private Role role;
+    private Permission perm;
+
+    public Role getRole()
+    {
+        return role;
+    }
+
+    
+    public void setRole(Role role)
+    {
+        this.role = role;
+    }
+    
+
+    public Permission getPerm()
+    {
+        return perm;
+    }
+
+    
+    public void setPerm(Permission perm)
+    {
+        this.perm = perm;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "RolePerm object: \n" );
+
+        sb.append( "    role :" ).append( role ).append( '\n' );
+        sb.append( "    perm :" ).append( perm ).append( '\n' );
+
+        return sb.toString();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/RoleRelationship.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/RoleRelationship.java b/src/main/java/org/apache/directory/fortress/core/model/RoleRelationship.java
new file mode 100755
index 0000000..aa75a9c
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/RoleRelationship.java
@@ -0,0 +1,87 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+import org.apache.directory.fortress.core.model.FortEntity;
+import org.apache.directory.fortress.core.model.Role;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * This entity is used by en masse to communicate parent and child {@link org.apache.directory.fortress.core.model.Role} information to the server.
+ * <p/>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortRoleRelationship")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "roleRelationship", propOrder = {
+    "child",
+    "parent"
+})
+public class RoleRelationship extends FortEntity implements Serializable
+{
+    private static final long serialVersionUID = 1L;
+    private Role parent;
+    private Role child;
+
+    public Role getParent()
+    {
+        return parent;
+    }
+
+    
+    public void setParent(Role parent)
+    {
+        this.parent = parent;
+    }
+
+    
+    public Role getChild()
+    {
+        return child;
+    }
+
+    
+    public void setChild(Role child)
+    {
+        this.child = child;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "RoleRelationship object: \n" );
+
+        sb.append( "    parent :" ).append( parent ).append( '\n' );
+        sb.append( "    child :" ).append( child ).append( '\n' );
+
+        return sb.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/SDSet.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/SDSet.java b/src/main/java/org/apache/directory/fortress/core/model/SDSet.java
new file mode 100755
index 0000000..ad8a719
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/SDSet.java
@@ -0,0 +1,437 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.UUID;
+
+
+/**
+ * <h4>Static Separation of Duties Schema</h4>
+ * The Fortress SDSet entity is a composite of the following other Fortress structural and aux object classes:
+ * <p/>
+ * 1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
+ * <pre>
+ * ------------------------------------------
+ * objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ *  DESC 'RFC2256: an organizational role'
+ *  SUP top STRUCTURAL
+ *  MUST cn
+ *  MAY (
+ *      x121Address $ registeredAddress $ destinationIndicator $
+ *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ *      telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ *      seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ *      postOfficeBox $ postalCode $ postalAddress $
+ *      physicalDeliveryOfficeName $ ou $ st $ l $ description
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 2. The RBAC Separation of14:14 Duties includes:
+ * <p/> Static Separation of Duties
+ * <img src="../doc-files/RbacSSD.png">
+ * <pre>
+ * ------------------------------------------
+ * Fortress Dynamic Separation of Duties Structural Object Class
+ *  objectclass    ( 1.3.6.1.4.1.38088.2.5
+ *  NAME 'ftDSDSet'
+ *  DESC 'Fortress Role Dynamic Separation of Duty Set Structural Object Class'
+ *  SUP organizationalrole
+ *  STRUCTURAL
+ *  MUST (
+ *      ftId $
+ *      ftSetName $
+ *      ftSetCardinality
+ *  )
+ *  MAY (
+ *      ftRoles $
+ *      description
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * OR
+ * <p/> Dynamic Separation of Duties
+ * <img src="../doc-files/RbacDSD.png">
+ * <pre>
+ * ------------------------------------------
+ * Fortress Static Separation of Duties Structural Object Class
+ *  objectclass    ( 1.3.6.1.4.1.38088.2.4
+ *  NAME 'ftSSDSet'
+ *  DESC 'Fortress Role Static Separation of Duty Set Structural Object Class'
+ *  SUP organizationalrole
+ *  STRUCTURAL
+ *  MUST (
+ *      ftId $
+ *      ftSetName $
+ *      ftSetCardinality
+ *  )
+ *  MAY (
+ *      ftRoles $
+ *      description
+ *  )
+ *)
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ *  NAME 'ftMods'
+ *  DESC 'Fortress Modifiers AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftModifier $
+ *      ftModCode $
+ *      ftModId
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortSet")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "sdset", propOrder =
+    {
+        "name",
+        "id",
+        "description",
+        "cardinality",
+        "members",
+        "type"
+})
+public class SDSet extends FortEntity implements Serializable, Comparable<SDSet>
+{
+    /** Default serialVersionUID */
+    private static final long serialVersionUID = 1L;
+    private String id;
+    private String name;
+    private String description;
+    private Integer cardinality;
+    @XmlElement(nillable = true)
+    private Set<String> members;
+    private SDType type;
+
+    /**
+     * enum for SSD or DSD data sets.  Both nodes will be stored in the same LDAP container but use different
+     * object classes.
+     * SDType determines if 'ftSSDSet' or 'ftDSDSet' object class is used.
+     */
+    @XmlType(name = "sdtype")
+    @XmlEnum
+    public enum SDType
+    {
+        /**
+         * Static Separation of Duty data set.
+         */
+        STATIC,
+
+        /**
+         * Dynamic Separation of Duty data set.
+         */
+        DYNAMIC
+    }
+
+
+    /**
+     * Get the required type of SD Set - 'STATIC' Or 'DYNAMIC'.
+     *
+     * @return type that maps to either 'ftSSDSet' or 'ftDSDSet' object class is used.
+     */
+    public SDType getType()
+    {
+        return type;
+    }
+
+
+    /**
+     * Set the required type of SD Set - 'STATIC' Or 'DYNAMIC'.
+     *
+     * @param type maps to either 'ftSSDSet' or 'ftDSDSet' object class is used.
+     */
+    public void setType( SDType type )
+    {
+        this.type = type;
+    }
+
+
+    /**
+     * Create a new, empty map that is used to load Role members.  This method is called by any class
+     * that needs to create an SDSet set.
+     *
+     * @return Set that sorts members by alphabetical order.
+     */
+    private static Set<String> createMembers()
+    {
+        return new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
+    }
+
+
+    /**
+     * Return the name of SDSet entity.  This field is required.
+     *
+     * @return attribute maps to 'cn' attribute on the 'organizationalRole' object class.
+     */
+    public String getName()
+    {
+        return this.name;
+    }
+
+
+    /**
+     * Set the name of SDSet entity.  This field is required.
+     *
+     * @param name maps to 'cn' attribute on the 'organizationalRole' object class.
+     */
+    public void setName( String name )
+    {
+        this.name = name;
+    }
+
+
+    /**
+     * Returns optional description that is associated with SDSet.  This attribute is validated but not constrained by Fortress.
+     *
+     * @return value that is mapped to 'description' in 'organizationalrole' object class.
+     */
+    public String getDescription()
+    {
+        return this.description;
+    }
+
+
+    /**
+     * Sets the optional description that is associated with SDSet.  This attribute is validated but not constrained by Fortress.
+     *
+     * @param description that is mapped to same name in 'organizationalrole' object class.
+     */
+    public void setDescription( String description )
+    {
+        this.description = description;
+    }
+
+
+    /**
+     * Return the internal id that is associated with SDSet.  This attribute is generated automatically
+     * by Fortress when new SDSet is added to directory and is not known or changeable by external client.
+     *
+     * @return attribute maps to 'ftId' in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public String getId()
+    {
+        return id;
+    }
+
+
+    /**
+     * Generate an internal Id that is associated with SDSet.  This method is used by DAO class and
+     * is not available to outside classes.   The generated attribute maps to 'ftId' in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public void setId()
+    {
+        // generate a unique id that will be used as the rDn for this entry:
+        UUID uuid = UUID.randomUUID();
+        this.id = uuid.toString();
+    }
+
+
+    /**
+     * Set the internal Id that is associated with Role.  This method is used by DAO class and
+     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
+     * This method can be used by client for search purposes only.
+     *
+     * @param id maps to 'ftId' in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public void setId( String id )
+    {
+        this.id = id;
+    }
+
+
+    /**
+     * Return the numeric value that reflects the membership cardinality for SDSet.  A value of '2' indicates
+     * the Role membership is mutually exclusive amongst members.  A value of '3' indicates no more than two Roles
+     * in set can be assigned to a single User (SSD) or activated within a single Session (DSD).  A value of '4' indicates
+     * no more than three Roles may be used at a time, etc...
+     *
+     * @return attribute maps to 'ftSetCardinality' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public Integer getCardinality()
+    {
+        return cardinality;
+    }
+
+
+    /**
+     * Set the numeric value that reflects the membership cardinality for SDSet.  A value of '2' indicates
+     * the Role membership is mutually exclusive amongst members.  A value of '3' indicates no more than two Roles
+     * in set can be assigned to a single User (SSD) or activated within a single Session (DSD).  A value of '4' indicates
+     * no more than three Roles may be used at a time, etc...
+     *
+     */
+    public void setCardinality( Integer cardinality )
+    {
+        this.cardinality = cardinality;
+    }
+
+
+    /**
+     * Return the alphabetically sorted Set containing Role membership to SDSet.
+     *
+     * @return attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    //@XmlJavaTypeAdapter(SetAdapter.class)
+    public Set<String> getMembers()
+    {
+        return members;
+    }
+
+
+    /**
+     * Set an alphabetically sorted Set containing Role membership to SDSet.
+     *
+     * @param members attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public void setMembers( Set<String> members )
+    {
+        this.members = members;
+    }
+
+
+    /**
+     * Add a member to the set.
+     *
+     * @param member role name.
+     */
+    public void setMember( String member )
+    {
+        if ( this.members == null )
+        {
+            this.members = new HashSet<>();
+        }
+        this.members.add( member );
+    }
+
+
+    /**
+     * Add a member to an alphabetically sorted Set containing Role membership to SDSet.
+     *
+     * @param role attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public void addMember( String role )
+    {
+        if ( this.members == null )
+        {
+            this.members = createMembers();
+        }
+        this.members.add( role );
+    }
+
+
+    /**
+     * Remove a member from the alphabetically sorted Set containing Role membership to SDSet.
+     *
+     * @param role attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
+     */
+    public void delMember( String role )
+    {
+        if ( this.members == null )
+        {
+            return;
+        }
+        this.members.remove( role );
+    }
+
+
+    public int compareTo( SDSet that )
+    {
+        return name.compareToIgnoreCase( that.getName() );
+    }
+
+
+    /**
+     * Matches the name from two SDSet entities.
+     *
+     * @param thatObj contains an SDSet entity.
+     * @return boolean indicating both objects contain matching SDSet names.
+     */
+    public boolean equals( Object thatObj )
+    {
+        if ( this == thatObj )
+        {
+            return true;
+        }
+        if ( this.getName() == null )
+        {
+            return false;
+        }
+        if ( ( thatObj instanceof Role ) )
+        {
+            return false;
+        }
+        SDSet thatSet = ( SDSet ) thatObj;
+        if ( thatSet.getName() == null )
+        {
+            return false;
+        }
+        return thatSet.getName().equalsIgnoreCase( this.getName() );
+    }
+
+
+    @Override
+    public int hashCode()
+    {
+        int result = id != null ? id.hashCode() : 0;
+        result = 31 * result + ( name != null ? name.hashCode() : 0 );
+        result = 31 * result + ( description != null ? description.hashCode() : 0 );
+        result = 31 * result + ( cardinality != null ? cardinality.hashCode() : 0 );
+        result = 31 * result + ( members != null ? members.hashCode() : 0 );
+        result = 31 * result + ( type != null ? type.hashCode() : 0 );
+        return result;
+    }
+
+
+    @Override
+    public String toString()
+    {
+        return "SDSet{" +
+            "name='" + name + '\'' +
+            '}';
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/Session.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Session.java b/src/main/java/org/apache/directory/fortress/core/model/Session.java
new file mode 100755
index 0000000..3d8e8f8
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/Session.java
@@ -0,0 +1,775 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+import org.apache.directory.fortress.core.rbac.PwMessage;
+import org.apache.directory.fortress.core.rbac.Warning;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+/**
+ * This contains attributes related to a user's RBAC session.
+ * The following example shows the mapping to Session attributes on this entity:
+ * <p/>
+ * <ul> <li><code>Session</code>
+ * <li> <code>session.getUserId() => demoUser4</code>
+ * <li> <code>session.getInternalUserId() => be2dd2e:12a82ba707e:-7fee</code>
+ * <li> <code>session.getMessage() => Fortress checkPwPolicies userId <demouser4> VALIDATION GOOD</code>
+ * <li> <code>session.getErrorId() => 0</code>
+ * <li> <code>session.getWarningId() => 11</code>
+ * <li> <code>session.getExpirationSeconds() => 469831</code>
+ * <li> <code>session.getGraceLogins() => 0</code>
+ * <li> <code>session.getIsAuthenticated() => true</code>
+ * <li> <code>session.getLastAccess() => 1283623680440</code>
+ * <li> <code>session.getSessionId() => -7410986f:12addeea576:-7fff</code>
+ * <li>  ------------------------------------------
+ * <li> <code>User user = session.getUser();</code>
+ * <ul> <li> <code>user.getUserId() => demoUser4</code>
+ * <li> <code>user.getInternalId() => be2dd2e:12a82ba707e:-7fee</code>
+ * <li> <code>user.getCn() => JoeUser4</code>
+ * <li> <code>user.getDescription() => Demo Test User 4</code>
+ * <li> <code>user.getOu() => test</code>
+ * <li> <code>user.getSn() => User4</code>
+ * <li> <code>user.getBeginDate() => 20090101</code>
+ * <li> <code>user.getEndDate() => none</code>
+ * <li> <code>user.getBeginLockDate() => none</code>
+ * <li> <code>user.getEndLockDate() => none</code>
+ * <li> <code>user.getDayMask() => 1234567</code>
+ * <li> <code>user.getTimeout() => 60</code>
+ * <li> <code>List<UserRole> roles = session.getRoles();</code>
+ * <ul> <li><code>UserRole userRole = roles.get(i);</code>
+ * <li> <code>userRole.getName() => role1</code>
+ * <li> <code>userRole.getBeginTime() => 0000</code>
+ * <li> <code>userRole.getEndTime() => 0000</code>
+ * <li> <code>userRole.getBeginDate() => none</code>
+ * <li> <code>userRole.getEndDate() => none</code>
+ * <li> <code>userRole.getBeginLockDate() => null</code>
+ * <li> <code>userRole.getEndLockDate() => null</code>
+ * <li> <code>userRole.getDayMask() => null</code>
+ * <li> <code>userRole.getTimeout() => 0</code>
+ * <li> <code>List<UserAdminRole> adminRoles = session.getAdminRoles();</code>
+ * </ul>
+ * <ul> <li><code>UserAdminRole userAdminRole = adminRoles.get(i);</code>
+ * <li> <code>userAdminRole.getName() => DemoAdminUsers</code>
+ * <li> <code>userAdminRole.getBeginTime() => 0000</code>
+ * <li> <code>userAdminRole.getEndTime() => 0000</code>
+ * <li> <code>userAdminRole.getBeginDate() => none</code>
+ * <li> <code>userAdminRole.getEndDate() => none</code>
+ * <li> <code>userAdminRole.getBeginLockDate() => null</code>
+ * <li> <code>userAdminRole.getEndLockDate() => null</code>
+ * <li> <code>userAdminRole.getDayMask() => null</code>
+ * <li> <code>userAdminRole.getTimeout() => 0</code>
+ * <li> <code>userAdminRole.getOsPs() => [ftT3POrg10, ftT4POrg10]</code>
+ * <li> <code>userAdminRole.getOsUs() => [ftT1UOrg10, ftT2UOrg10]</code>
+ * <li> <code>userAdminRole.getBeginRange() => ftT14Role1</code>
+ * <li> <code>userAdminRole.getEndRange() => ftT14Role10</code>
+ * <li> <code>userAdminRole.getBeginInclusive() => true</code>
+ * <li> <code>userAdminRole.getEndInclusive() => false</code>
+ * </ul>
+ * </ul>
+ * <p/>
+ * Sample Data data contained within this Entity.
+ * <p/>
+ * Ses UID      [demoUser4]:<br />
+ * Ses IID      [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
+ * Ses ERR      [0]<br />
+ * Ses WARN     [10]<br />
+ * Ses MSG      [checkPwPolicies for userId <demouser4> PASSWORD CHECK SUCCESS]<br />
+ * Ses EXP      [0]<br />
+ * Ses GRAC     [0]<br />
+ * Ses AUTH     [true]<br />
+ * Ses LAST     [1297408501356]<br />
+ * Ses SID      [fc228713-1242-4061-9d8a-d4860bf8d3d8]<br />
+ * ------------------------------------------<br />
+ * Usr UID      [demoUser4]<br />
+ * Usr IID      [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
+ * Usr CN       [JoeUser4]<br />
+ * Usr DESC     [Demo Test User 4]<br />
+ * Usr OU       [demousrs1]<br />
+ * Usr SN       [User4]<br />
+ * Usr BDTE     [20090101]<br />
+ * Usr EDTE     [20990101]<br />
+ * Usr BLDT     [none]<br />
+ * Usr ELDT     [none]<br />
+ * Usr DMSK     [1234567]<br />
+ * Usr TO       [60]<br />
+ * Usr REST     [false]<br />
+ * Usr PROP1    [customerNumber, 3213432]<br />
+ * <p/>
+ * USER RBAC ROLE[0]:<br />
+ * Rle  role name       [role1]<br />
+ * Rle  begin time      [0000]<br />
+ * Rle  end time        [0000]<br />
+ * Rle  begin date      [20110101]<br />
+ * Rle  end date        [none]<br />
+ * Rle  begin lock      [none]<br />
+ * Rle  end lock        [none]<br />
+ * Rle  day mask        [all]<br />
+ * Rle  time out        [60]<br />
+ * <p/>
+ * USER ADMIN ROLE[0]:<br />
+ * Adm  admin role name [DemoAdminUsers]<br />
+ * Adm  OsU             [Dev1]<br />
+ * Adm  OsP             [App1]<br />
+ * Adm  begin range     [role1]<br />
+ * Adm  end range       [role3]<br />
+ * Adm  begin time      [0000]<br />
+ * Adm  end time        [0000]<br />
+ * Adm  begin date      [20110101]<br />
+ * Adm  end date        [none]<br />
+ * Adm  begin lock      [none]<br />
+ * Adm  end lock        [none]<br />
+ * Adm  day mask        [23456]<br />
+ * Adm  time out        [30]<br />
+ * <p/>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortSession")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "session", propOrder = {
+    "user",
+    "isAuthenticated",
+    "sessionId",
+    "lastAccess",
+    "timeout",
+    "errorId",
+    "expirationSeconds",
+    "graceLogins",
+    "message",
+    "warnings"
+/*    "warningId"*/
+})
+public class Session  extends FortEntity implements PwMessage, Serializable
+{
+    private static final long serialVersionUID = 1L;
+    private User user;
+    private String sessionId;
+    private long lastAccess;
+    private int timeout;
+/*    private int warningId;*/
+    private int errorId;
+    private int graceLogins;
+    private int expirationSeconds;
+    private boolean isAuthenticated;
+    private String message;
+    @XmlElement(nillable = true)
+    private List<Warning> warnings;
+
+    /**
+     * A 'true' value here indicates user successfully authenticated with Fortress.
+     *
+     * @return boolean indicating successful authentication.
+     */
+    public boolean isAuthenticated()
+    {
+        return isAuthenticated;
+    }
+    
+
+    private void init()
+    {
+        // generate a unique id that will be used as the id for this session:
+        UUID uuid = UUID.randomUUID();
+        this.sessionId = uuid.toString();
+    }
+    
+
+    /**
+     * Copy values from incoming Session object.
+     *
+     * @param inSession contains Session values.
+     */
+    public void copy( Session inSession )
+    {
+        this.user = inSession.getUser();
+        // don't copy session id:
+        //this.sessionId = inSession.getSessionId();
+        this.lastAccess = inSession.getLastAccess();
+        this.timeout = inSession.getTimeout();
+/*        this.warningId = inSession.getWarningId();*/
+        this.errorId = inSession.getErrorId();
+        this.graceLogins = inSession.getGraceLogins();
+        this.expirationSeconds = inSession.expirationSeconds;
+        this.isAuthenticated = inSession.isAuthenticated();
+        this.message = inSession.getMsg();
+        this.warnings = inSession.getWarnings();
+    }
+    
+
+    /**
+     * Default constructor for Fortress Session.
+     */
+    public Session()
+    {
+        init();
+        // this class will not check for null on user object.
+        user = new User();
+    }
+    
+
+    /**
+     * Construct a new Session instance with given User entity.
+     *
+     * @param user contains the User attributes that are associated with the Session.
+     */
+    public Session( User user )
+    {
+        init();
+        this.user = user;
+    }
+    
+
+    /**
+     * Construct a new Session instance with given User entity.
+     *
+     * @param user contains the User attributes that are associated with the Session.
+     */
+    public Session (User user, String sessionId )
+    {
+        this.sessionId = sessionId;
+        this.user = user;
+    }
+    
+
+    /**
+     * Return the unique id that is associated with User.  This attribute is generated automatically
+     * by Fortress when new Session is created and is not known or changeable by external client.
+     *
+     * @return attribute maps to unique sessionId associated with user's session.
+     */
+    public String getSessionId()
+    {
+        return sessionId;
+    }
+
+
+    /**
+     * Return the User entity that is associated with this entity.
+     *
+     * Sample User data contained in Session object:
+     * <p/>
+     * ------------------------------------------<br />
+     * U   UID  [demoUser4]<br />
+     * U   IID  [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
+     * U   CN   [JoeUser4]<br />
+     * U   DESC [Demo Test User 4]<br />
+     * U   OU   [demousrs1]<br />
+     * U   SN   [User4]<br />
+     * U   BDTE [20090101]<br />
+     * U   EDTE [20990101]<br />
+     * U   BLDT [none]<br />
+     * U   ELDT [none]<br />
+     * U   DMSK [1234567]<br />
+     * U   TO   [60]<br />
+     * U   REST [false]<br />
+     * U   PROP[0]=customerNumber VAL=3213432<br />
+     * <p/>
+     * USER ROLE[0]:<br />
+     * role name <role1><br />
+     * begin time <0000><br />
+     * end time <0000><br />
+     * begin date <none><br />
+     * end date <none><br />
+     * begin lock <none><br />
+     * end lock <none><br />
+     * day mask <all><br />
+     * time out <0><br />
+     * <p/>
+     * USER ADMIN ROLE[0]:<br />
+     * admin role name <DemoAdminUsers><br />
+     * OsU <null><br />
+     * OsP <null><br />
+     * begin range <null><br />
+     * end range <null><br />
+     * begin time <0000><br />
+     * end time <0000><br />
+     * begin date <none><br />
+     * end date <none><br />
+     * begin lock <none><br />
+     * end lock <none><br />
+     * day mask <all><br />
+     * time out <0><br />
+     * <p/>
+     * @return User entity that contains userid, roles and other attributes valid for Session.
+     */
+    public User getUser()
+    {
+        return this.user;
+    }
+    
+
+    /**
+     * Return the userId that is associated with this Session object.
+     *
+     * @return userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
+     */
+    public String getUserId()
+    {
+        return this.user.getUserId();
+    }
+    
+
+    /**
+     * Return the internal userId that is associated with User.  This attribute is generated automatically
+     * by Fortress when new User is added to directory and is not known or changeable by external client.
+     *
+     * @return attribute maps to 'ftId' in 'ftUserAttrs' object class.
+     */
+    public String getInternalUserId()
+    {
+        return this.user.getInternalId();
+    }
+    
+
+    /**
+     * Return the list of User's RBAC Roles that have been activated into User's session.  This list will not include
+     * ascendant RBAC roles which may be retrieved using {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#authorizedRoles(Session)}.
+     *
+     * @return List containing User's RBAC roles.  This list may be empty if User not assigned RBAC.
+     */
+    public List<UserRole> getRoles()
+    {
+        List<UserRole> roles = null;
+
+        if ( user != null )
+        {
+            roles = user.getRoles();
+        }
+
+        return roles;
+    }
+    
+
+    /**
+     * Return a list of User's Admin Roles  that have been activated into User's session.  This list will not include
+     * ascendant ARBAC roles which may be retrieved using {@link org.apache.directory.fortress.core.DelAccessMgr#authorizedAdminRoles(Session)}.
+     *
+     * @return List containing User's Admin roles.  This list may be empty if User not assigned Administrative role.
+     */
+    public List<UserAdminRole> getAdminRoles()
+    {
+        List<UserAdminRole> roles = null;
+
+        if ( user != null )
+        {
+            roles = user.getAdminRoles();
+        }
+
+        return roles;
+    }
+
+    /**
+     * Returns the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond,
+     * the granularity of the value depends on the underlying operating system and may be larger. For example, many
+     * operating systems measure time in units of tens of milliseconds.
+     *
+     * @return the difference, measured in milliseconds, between the last access time and midnight, January 1, 1970 UTC.
+     */
+    public long getLastAccess()
+    {
+        return lastAccess;
+    }
+    
+
+    /**
+     * Gets the message that is associated with the user's last authentication attempt.
+     *
+     * @return String contains text explaining result of user's last authentication.
+     */
+    public String getMsg()
+    {
+        return message;
+    }
+    
+
+    /**
+     * Gets the attribute that specifies the number of times an expired password can
+     * be used to authenticate before failure.
+     *
+     * @return The number of logins the user has left before password fails.
+     */
+    public int getGraceLogins()
+    {
+        return graceLogins;
+    }
+    
+
+    /**
+     * This attribute specifies the maximum number of seconds before a
+     * password is due to expire that expiration warning messages will be
+     * returned to an authenticating user.
+     * <p/>
+     * If this attribute is not present, or if the value is 0 no warnings
+     * will be returned.  If not 0, the value must be smaller than the value
+     * of the pwdMaxAge attribute.
+     *
+     * @return attribute is computed based on last time user has changed their password.
+     */
+    public int getExpirationSeconds()
+    {
+        return expirationSeconds;
+    }
+    
+
+    /**
+     * Get the integer timeout that contains max time (in seconds) that User's session may remain inactive.
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return int maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+     */
+    private int getTimeout()
+    {
+        return timeout;
+    }
+    
+
+    /**
+     * Get the value that will be set to 'true' if user has successfully authenticated with Fortress for this Session.  This value is set by
+     * the Fortress DAO object.
+     *
+     * @return value indicates result of authentication.
+     */
+    public boolean setAuthenticated()
+    {
+        return isAuthenticated;
+    }
+    
+
+    /**
+     * Return the error id that is associated with the password policy checks.  a '0' indicates no errors.
+     * <ul>
+     * <li> <code>INVALID_PASSWORD_MESSAGE = -10;</code>
+     * <li> <code>GOOD = 0;</code>
+     * <li> <code>PASSWORD_HAS_EXPIRED = 100;</code>
+     * <li> <code>ACCOUNT_LOCKED = 101;</code>
+     * <li> <code>CHANGE_AFTER_RESET = 102;</code>
+     * <li> <code>NO_MODIFICATIONS = 103;</code>
+     * <li> <code>MUST_SUPPLY_OLD = 104;</code>
+     * <li> <code>INSUFFICIENT_QUALITY = 105;</code>
+     * <li> <code>PASSWORD_TOO_SHORT = 106;</code>
+     * <li> <code>PASSWORD_TOO_YOUNG = 107;</code>
+     * <li> <code>HISTORY_VIOLATION = 108;</code>
+     * <li> <code>ACCOUNT_LOCKED_CONSTRAINTS = 109;</code>
+     * </ul>
+     * <p/>
+     *
+     * @return int contains the error id that was generated on the user's last authentication.
+     */
+    public int getErrorId()
+    {
+        return errorId;
+    }
+
+    
+    /**
+     * Set a User entity into the Session.
+     * Sample User data contained in Session object:
+     * <p/>
+     * ------------------------------------------<br />
+     * U   UID  [demoUser4]<br />
+     * U   IID  [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
+     * U   CN   [JoeUser4]<br />
+     * U   DESC [Demo Test User 4]<br />
+     * U   OU   [demousrs1]<br />
+     * U   SN   [User4]<br />
+     * U   BDTE [20090101]<br />
+     * U   EDTE [20990101]<br />
+     * U   BLDT [none]<br />
+     * U   ELDT [none]<br />
+     * U   DMSK [1234567]<br />
+     * U   TO   [60]<br />
+     * U   REST [false]<br />
+     * U   PROP[0]=customerNumber VAL=3213432<br />
+     * <p/>
+     * USER ROLE[0]:<br />
+     * role name <role1><br />
+     * begin time <0000><br />
+     * end time <0000><br />
+     * begin date <none><br />
+     * end date <none><br />
+     * begin lock <none><br />
+     * end lock <none><br />
+     * day mask <all><br />
+     * time out <0><br />
+     * <p/>
+     * USER ADMIN ROLE[0]:<br />
+     * admin role name <DemoAdminUsers><br />
+     * OsU <null><br />
+     * OsP <null><br />
+     * begin range <null><br />
+     * end range <null><br />
+     * begin time <0000><br />
+     * end time <0000><br />
+     * begin date <none><br />
+     * end date <none><br />
+     * begin lock <none><br />
+     * end lock <none><br />
+     * day mask <all><br />
+     * time out <0><br />
+     * <p/>
+     * @param user Contains userId, roles and other security attributes used for access control.
+     */
+    public void setUser( User user )
+    {
+        this.user = user;
+    }
+    
+
+    /**
+     * Set the internal userId that is associated with User.  This method is used by DAO class and
+     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
+     * This method can be used by client for search purposes only.
+     *
+     * @param internalUserId maps to 'ftId' in 'ftUserAttrs' object class.
+     */
+    public void setInternalUserId( String internalUserId )
+    {
+        this.user.setInternalId( internalUserId );
+    }
+    
+
+    /**
+     * Set the value to 'true' indicating that user has successfully authenticated with Fortress.  This value is set by
+     * the Fortress DAO object.
+     *
+     * @param authenticated indicates result of authentication.
+     */
+    public void setAuthenticated( boolean authenticated )
+    {
+        isAuthenticated = authenticated;
+    }
+    
+
+    /**
+     * Set the userId that is associated with User.  UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
+     *
+     * @param userId maps to 'uid' attribute in 'inNetOrgPerson' object class.
+     */
+    public void setUserId( String userId )
+    {
+        user.setUserId( userId );
+    }
+
+
+    /**
+     * Add a list of RBAC Roles to this entity that have been activated into Session or are under consideration for activation.
+     *
+     * @param roles List of type UserRole that contains at minimum UserId and Role name.
+     */
+    public void setRoles( List<UserRole> roles )
+    {
+        user.setRoles( roles );
+    }
+    
+
+    /**
+     * Add a single user-role object to the list of UserRoles for User.
+     *
+     * @param role UserRole contains at least userId and role name (activation) and additional constraints (assignment)
+     */
+    public void setRole( UserRole role )
+    {
+        user.setRole( role );
+    }
+    
+
+    /**
+     * Set the integer timeout that contains max time (in seconds) that User's session may remain inactive.
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param timeout maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
+     */
+    private void setTimeout(int timeout)
+    {
+        this.timeout = timeout;
+    }
+    
+
+    /**
+     * Set the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond,
+     * the granularity of the value depends on the underlying operating system and may be larger. For example, many
+     * operating systems measure time in units of tens of milliseconds.
+     */
+    public void setLastAccess()
+    {
+        lastAccess = System.currentTimeMillis();
+    }
+    
+
+    /**
+     * Set the message that is associated with the user's last authentication attempt.
+     *
+     * @param message Contains text explaining result of user's last authentication.
+     */
+    public void setMsg( String message )
+    {
+        this.message = message;
+    }
+    
+
+    /**
+     * Set the error id that is associated with the password policy checks.  a '0' indicates no errors.
+     * <ul>
+     * <li> <code>INVALID_PASSWORD_MESSAGE = -10;</code>
+     * <li> <code>GOOD = 0;</code>
+     * <li> <code>PASSWORD_HAS_EXPIRED = 100;</code>
+     * <li> <code>ACCOUNT_LOCKED = 101;</code>
+     * <li> <code>CHANGE_AFTER_RESET = 102;</code>
+     * <li> <code>NO_MODIFICATIONS = 103;</code>
+     * <li> <code>MUST_SUPPLY_OLD = 104;</code>
+     * <li> <code>INSUFFICIENT_QUALITY = 105;</code>
+     * <li> <code>PASSWORD_TOO_SHORT = 106;</code>
+     * <li> <code>PASSWORD_TOO_YOUNG = 107;</code>
+     * <li> <code>HISTORY_VIOLATION = 108;</code>
+     * <li> <code>ACCOUNT_LOCKED_CONSTRAINTS = 109;</code>
+     * </ul>
+     * <p/>
+     *
+     * @param error contains the error id that was generated on the user's last authentication.
+     */
+    public void setErrorId( int error )
+    {
+        this.errorId = error;
+    }
+    
+
+    /**
+     * This attribute specifies the number of times an expired password can
+     * be used to authenticate.
+     *
+     * @param grace The number of logins the user has left before password fails.
+     */
+    public void setGraceLogins( int grace )
+    {
+        this.graceLogins = grace;
+    }
+    
+
+    /**
+     * This attribute specifies the maximum number of seconds before a
+     * password is due to expire that expiration warning messages will be
+     * returned to an authenticating user.
+     * <p/>
+     * If this attribute is not present, or if the value is 0 no warnings
+     * will be returned.  If not 0, the value must be smaller than the value
+     * of the pwdMaxAge attribute.
+     *
+     * @param expire attribute is computed based on last time user has changed their password.
+     */
+    public void setExpirationSeconds( int expire )
+    {
+        this.expirationSeconds = expire;
+    }
+    
+
+    /**
+     * Get the warnings attached to this Session.  Used for processing password policy scenarios, e.g.. password expiring message.
+     *
+     * @return null value, zero or more objects of type {@link Warning} will be returned.  Note: the caller of this method must ensure a not null condition before use.
+     */
+    public List<Warning> getWarnings()
+    {
+        return warnings;
+    }
+    
+
+    /**
+     * Set the warnings on this Session.  Used for processing password policy scenarios, e.g.. password expiring message.
+     * Not intended for use outside of Fortress packages.
+     *
+     * @param warnings zero or more objects of type warning may be set on a Fortress session.
+     */
+    public void setWarnings( List<Warning> warnings )
+    {
+        this.warnings = warnings;
+    }
+    
+
+    /**
+     * Add a warning to the collection into Fortress Session object.  Used for processing password policy scenarios, e.g.. password expiring message.
+     * Not intended for use outside of Fortress packages.
+     *
+     * @param warning one object of type warning will be added to Fortress session.
+     */
+    public void setWarning( Warning warning )
+    {
+        if ( warnings == null )
+        {
+            warnings = new ArrayList<Warning>();
+        }
+        
+        this.warnings.add( warning );
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "Session object: \n" );
+
+        sb.append( "    sessionId :" ).append( sessionId ).append( '\n' );
+        sb.append( "    user :" ).append( user ).append( '\n' );
+        sb.append( "    isAuthenticated :" ).append( isAuthenticated ).append( '\n' );
+        sb.append( "    lastAccess :" ).append( lastAccess ).append( '\n' );
+        sb.append( "    timeout :" ).append( timeout ).append( '\n' );
+        sb.append( "    graceLogins :" ).append( graceLogins ).append( '\n' );
+        sb.append( "    expirationSeconds :" ).append( expirationSeconds ).append( '\n' );
+        sb.append( "    errorId :" ).append( errorId ).append( '\n' );
+        sb.append( "    message :" ).append( message ).append( '\n' );
+
+        if ( warnings != null )
+        {
+            sb.append( "    warnings : " );
+
+            boolean isFirst = true;
+
+            for ( Warning warning : warnings )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    sb.append( ", " );
+                }
+
+                sb.append( warning );
+            }
+
+            sb.append( '\n' );
+        }
+
+        return sb.toString();
+    }
+}
\ No newline at end of file


Mime
View raw message