directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [15/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:20 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/Context.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Context.java b/src/main/java/org/apache/directory/fortress/core/model/Context.java
new file mode 100644
index 0000000..64105e7
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/Context.java
@@ -0,0 +1,118 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+/**
+ * This class contains the Context id which is used as container for segregating data by customer 
+ * within the LDAP Directory Information Tree.
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class Context
+{
+    /** The context ID */
+    private String name;
+    
+    /** The content description */ 
+    private String description;
+
+
+    /**
+     * Generate instance of context.
+     *
+     * @param name        contains the id to use for sub-directory within the DIT.
+     * @param description maps to 'description' attribute in 'organizationalUnit' object class.
+     */
+    public Context(String name, String description)
+    {
+        this.name = name;
+        this.description = description;
+    }
+
+    /**
+     * Default constructor used by {@link org.apache.directory.fortress.core.ant.FortressAntTask}
+     */
+    public Context()
+    {
+    }
+    
+
+    /**
+     * Get the id to use for sub-directory within the DIT.  This attribute is required.
+     *
+     * @return name maps to 'dcObject' object class.
+     */
+    public String getName()
+    {
+        return name;
+    }
+    
+
+    /**
+     * Set the id to use for sub-directory within the DIT.  This attribute is required.
+     *
+     * @param name maps to 'dcObject' object class.
+     */
+    public void setName(String name)
+    {
+        this.name = name;
+    }
+    
+
+    /**
+     * Get the description for the context.  This value is not required or constrained
+     * but is validated on reasonability.
+     *
+     * @return field maps to 'description' attribute on 'organizationalUnit'.
+     */
+    public String getDescription()
+    {
+        return description;
+    }
+    
+
+    /**
+     * Set the description for the context.  This value is not required or constrained
+     * but is validated on reasonability.
+     *
+     * @param description maps to to 'description' attribute on 'organizationalUnit'.
+     */
+    public void setDescription(String description)
+    {
+        this.description = description;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "Context object: \n" );
+        sb.append( "    name :" ).append( name ).append( '\n' );
+        sb.append( "    description :" ).append( description ).append( '\n' );
+
+        return sb.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/FortEntity.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/FortEntity.java b/src/main/java/org/apache/directory/fortress/core/model/FortEntity.java
new file mode 100755
index 0000000..9b75f4d
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/FortEntity.java
@@ -0,0 +1,236 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import java.util.UUID;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlTransient;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * This abstract class is extended by other Fortress entities.  It is used to store contextual data that can be used for
+ * administrative RBAC checking in addition to associating an audit context with every LDAP operation.
+ * <p>
+ * <h4>Audit Context Schema</h4>
+ * The FortEntity Class is used to tag all Fortress LDAP records with variables contained within this auxiliary object class:
+ * <p/>
+ * ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ *  NAME 'ftMods'
+ *  DESC 'Fortress Modifiers AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftModifier $
+ *      ftModCode $
+ *      ftModId
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * This class is not thread safe.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortEntity")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "fortEntity", propOrder =
+    {
+        "modId",
+        "modCode",
+        "sequenceId"
+})
+@XmlSeeAlso(
+    {
+        Role.class,
+        SDSet.class,
+        OrgUnit.class,
+        UserRole.class,
+        User.class,
+        Permission.class,
+        PermObj.class,
+        PwPolicy.class,
+        RoleRelationship.class,
+        PermGrant.class,
+        Session.class,
+        AdminRoleRelationship.class,
+        OrgUnitRelationship.class,
+        RolePerm.class,
+        UserAudit.class,
+        AuthZ.class,
+        Bind.class,
+        Mod.class,
+        Props.class
+})
+public abstract class FortEntity
+{
+    protected String modCode;
+    protected String modId;
+    @XmlTransient
+    protected Session adminSession;
+    protected long sequenceId;
+    @XmlTransient
+    protected String contextId;
+    
+    
+    /**
+     * Default constructor will call the setter to load a new internal ID into entity.
+     */
+    public FortEntity()
+    {
+        setInternalId();
+    }
+    
+    
+    /**
+     * Use this constructor to load administrative RBAC session into this entity.
+     *
+     * @param adminSession contains ARBAC Session object.
+     */
+    public FortEntity( Session adminSession )
+    {
+        setInternalId();
+        this.adminSession = adminSession;
+    }
+    
+    
+    /**
+     * This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap.
+     * This generated internal id is associated with PermObj.  This method is used by DAO class and
+     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftObject' object class.
+     */
+    private void setInternalId()
+    {
+        UUID uuid = UUID.randomUUID();
+        this.modId = uuid.toString();
+    }
+    
+    
+    /**
+     * Return the ARBAC Session object that was loaded into this entity.
+     *
+     * @return ARBAC Session object.
+     */
+    public Session getAdminSession()
+    {
+        return adminSession;
+    }
+    
+    
+    /**
+     * Load an ARBAC Session object into this entity.  Once loaded, all Fortress Manager's will perform administrative
+     * permission checks against the User who is contained within the Session.
+     *
+     * @param adminSession
+     */
+    public void setAdminSession( Session adminSession )
+    {
+        this.adminSession = adminSession;
+    }
+    
+    
+    /**
+     * Contains the Fortress modification code to be associated with an audit record.  This is the ObjectName.methodName
+     * for the Manager API that was called.
+     *
+     * @return String contains the modification code maps to 'ftModCode' attribute in 'FortEntity' object class.
+     */
+    public String getModCode()
+    {
+        return modCode;
+    }
+    
+    
+    /**
+     * Set the Fortress modification code to be associated with an audit record.  Contains the Fortress modification code
+     * which is ObjectName.methodName for the Manager API that was called.
+     *
+     * @param modCode contains the modification code maps to 'ftModCode' attribute in 'FortEntity' object class.
+     */
+    public void setModCode( String modCode )
+    {
+        this.modCode = modCode;
+    }
+    
+    
+    /**
+     * Get the unique ID that is to be associated with a particular audit record in directory.
+     *
+     * @return attribute that maps to 'ftModId' attribute in 'FortEntity' object class.
+     */
+    public String getModId()
+    {
+        return modId;
+    }
+    
+    
+    /**
+     * Return the contextId for this record.  The contextId is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT
+     *
+     * @return value maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+     */
+    public String getContextId()
+    {
+        return contextId;
+    }
+    
+    
+    /**
+     * Set the contextId associated with this record.  The contextId is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT.
+     * Package private to prevent outside classes from setting.
+     *
+     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+     */
+    public void setContextId( String contextId )
+    {
+        this.contextId = contextId;
+    }
+    
+    
+    /**
+     * Sequence id is used internal to Fortress.
+     *
+     * @return long value contains sequence id.
+     */
+    public long getSequenceId()
+    {
+        return sequenceId;
+    }
+    
+    
+    /**
+     * Sequence id is used internal to Fortress
+     *
+     * @param sequenceId contains sequence to use.
+     */
+    public void setSequenceId( long sequenceId )
+    {
+        this.sequenceId = sequenceId;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/Hier.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Hier.java b/src/main/java/org/apache/directory/fortress/core/model/Hier.java
new file mode 100755
index 0000000..b6d145d
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/Hier.java
@@ -0,0 +1,389 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.directory.api.util.Strings;
+
+
+/**
+ * All entities (User, Role, Permission, Policy, SDSet, etc...) are used to carry data between Fortress's
+ * layers starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
+ * (3) DAO layer where persistence with the OpenLDAP server occurs.  The clients must instantiate an Fortress entity before use
+ * and must provide enough information to uniquely identity target record for reads.
+ * <p/>
+ * <h4>Hierarchical Relationship Schema</h4>
+ * <p/>
+ * The Fortress ftHier Entity Class is used internal to Fortress and usually does not require manipulation by external program.  The
+ * entity is a composite of 3 different LDAP Schema object classes:
+ * <p/>
+ * 1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
+ * <pre>
+ * ------------------------------------------
+ * objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ *  DESC 'RFC2256: an organizational role'
+ *  SUP top STRUCTURAL
+ *  MUST cn
+ *  MAY (
+ *      x121Address $ registeredAddress $ destinationIndicator $
+ *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ *      telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ *      seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ *      postOfficeBox $ postalCode $ postalAddress $
+ *      physicalDeliveryOfficeName $ ou $ st $ l $ description
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 2. ftHier AUXILIARY Object Class is used to store parent to child relationships on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Hierarchies Structural Object Class
+ * objectclass    ( 1.3.6.1.4.1.38088.2.7
+ * NAME 'ftHier'
+ * DESC 'Fortress Hierarchy Structural Object Class'
+ * SUP organizationalrole
+ * STRUCTURAL
+ * MUST (
+ *      cn
+ *  )
+ * MAY (
+ *      ftRels $
+ *      description
+ *  )
+ * )
+ * <p/>
+ * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ *  NAME 'ftMods'
+ *  DESC 'Fortress Modifiers AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftModifier $
+ *      ftModCode $
+ *      ftModId
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class Hier extends FortEntity implements Serializable
+{
+    private static final long serialVersionUID = 1L;
+
+    /** The operation */
+    public Op op;
+
+    /** The hierarchy type - ROLE, AROLE, USER, PERM */
+    public Type type;
+
+    /** the list of relationships that are set in collection on this entity */
+    private List<Relationship> relationships;
+
+
+    /**
+     * default constructor is used by internal components.
+     */
+    public Hier()
+    {
+    }
+
+
+    /**
+     * construct hierarchy given a list of parent-child relationships.
+     *
+     * @param relationships maps to 'ftRels' attribute on 'ftHier' object class.
+     */
+    public Hier( List<Relationship> relationships )
+    {
+        this.relationships = relationships;
+    }
+
+
+    /**
+     * Construct entity given a hierarchy type - ROLE, AROLE, USER, PERM.
+     *
+     * @param type determines where the target node resides.  For example the 'ROLE' type will specify the RBAC Role container as target.
+     */
+    public Hier( Type type )
+    {
+        this.type = type;
+    }
+
+
+    /**
+     * Construct entity given a parent, child and a hierarchy type.
+     *
+     * @param type   determines where the target node resides.  For example the 'ROLE' type will specify the RBAC Role container as target.
+     * @param child  maps to the 'ftRels' attribute in 'ftHier' object class.
+     * @param parent maps to the 'ftRels' attribute in 'ftHier' object class.
+     */
+    public Hier( Type type, String child, String parent )
+    {
+        this.type = type;
+        setRelationship( child, parent );
+    }
+
+
+    /**
+     * Construct entity given a parent and child.
+     *
+     * @param child  maps to the 'ftRels' attribute in 'ftHier' object class.
+     * @param parent maps to the 'ftRels' attribute in 'ftHier' object class.
+     */
+    public Hier( String child, String parent )
+    {
+        setRelationship( child, parent );
+    }
+
+    /**
+     * Operation type specifies if Add, Update or Deletion of relationship is being targeted.
+     */
+    public enum Op
+    {
+        /**
+         * Add a new hierarchical relationship to the data set.
+         */
+        ADD,
+
+        /**
+         * Modify an existing hierarchical relationship in the data set.
+         */
+        MOD,
+
+        /**
+         * Remove an existing hierarchical relationship from the data set.
+         */
+        REM
+    }
+
+
+    /**
+     * Return the operation to execute on behalf of this entity.
+     *
+     * @return Op value which maps to Add, Update or Delete attribute targets.
+     */
+    public Op getOp()
+    {
+        return op;
+    }
+
+
+    /**
+     * The the operation for which this entity is bound for.  Add, Update or Delete.
+     *
+     * @param op type contains 'ADD', 'MOD', or 'REM'.
+     */
+    public void setOp( Op op )
+    {
+        this.op = op;
+    }
+
+    /**
+     * Enumeration is used to specify which hierarchy node this entity is bound to.  RBAC Role, Admin Roles, User OU or Perm OU.
+     */
+    public enum Type
+    {
+        /**
+         * RBAC Role data set
+         */
+        ROLE,
+
+        /**
+         * Administrative Role data set
+         */
+        AROLE,
+
+        /**
+         * User OU data set
+         */
+        USER,
+
+        /**
+         * Permission OU data set
+         */
+        PERM
+    }
+
+
+    /**
+     * Return required the type of node this entity is bound to.
+     *
+     * @return variable specifies which directory node the hierarchy entity is bound to.
+     */
+    public Type getType()
+    {
+        return type;
+    }
+
+
+    /**
+     * Set the required type which determines which directory node this entity is bound to.
+     *
+     * @param type variable specifies which directory node the hierarchy entity is bound to.
+     */
+    public void setType( Type type )
+    {
+        this.type = type;
+    }
+
+
+    /**
+     * Return true if child and parent represent a valid relationship that is contained within the collection of
+     * relationships.
+     *
+     * @param role   attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     * @param parent attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     */
+    public boolean isRelationship( String role, String parent )
+    {
+        boolean result = false;
+
+        if ( relationships != null )
+        {
+            result = relationships.contains(
+                new Relationship( Strings.toUpperCase( role ), Strings.toUpperCase( parent ) ) );
+        }
+
+        return result;
+    }
+
+
+    /**
+     * Set the child and parent into the collection of valid relationships stored in this entity.
+     *
+     * @param role   attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     * @param parent attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     */
+    public void setRelationship( String role, String parent )
+    {
+        if ( relationships == null )
+        {
+            relationships = new ArrayList<Relationship>();
+        }
+
+        relationships.add(
+            new Relationship( Strings.toUpperCase( role ), Strings.toUpperCase( parent ) ) );
+    }
+
+
+    /**
+     * Set the relationship object into the collection of valid relationships stored in this entity.
+     *
+     * @param rel attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     */
+    public void setRelationship( Relationship rel )
+    {
+        if ( relationships == null )
+        {
+            relationships = new ArrayList<Relationship>();
+        }
+
+        relationships.add( rel );
+    }
+
+
+    /**
+     * Remove the specified relationship from the collection of valid relationships stored in this entity.
+     *
+     * @param role   attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     * @param parent attribute maps to the 'ftRels' attribute on 'ftHier' object class.
+     */
+    public void removeRelationship( String role, String parent )
+    {
+        if ( relationships != null )
+        {
+            relationships.remove(
+                new Relationship( Strings.toUpperCase( role ), Strings.toUpperCase( parent ) ) );
+        }
+    }
+
+
+    /**
+     * Return the list of relationships that are set in collection on this entity.
+     *
+     * @return List of relationships that map to the 'ftRels' attribute on the 'ftHier' object class.
+     */
+    public List<Relationship> getRelationships()
+    {
+        return relationships;
+    }
+
+
+    /**
+     * Set the list of relationships that are set in collection on this entity.
+     *
+     * @param relationships that map to the 'ftRels' attribute on the 'ftHier' object class.
+     */
+    public void setRelationships( List<Relationship> relationships )
+    {
+        this.relationships = relationships;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "Hier object: \n" );
+
+        sb.append( "    operation :" ).append( op ).append( '\n' );
+        sb.append( "    type :" ).append( type ).append( '\n' );
+
+        if ( relationships != null )
+        {
+            sb.append( "    relationships : " );
+
+            boolean isFirst = true;
+
+            for ( Relationship relationship : relationships )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    sb.append( ", " );
+                }
+
+                sb.append( relationship );
+            }
+
+            sb.append( '\n' );
+        }
+
+        return sb.toString();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/Mod.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Mod.java b/src/main/java/org/apache/directory/fortress/core/model/Mod.java
new file mode 100755
index 0000000..2c1334b
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/Mod.java
@@ -0,0 +1,350 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+import java.io.Serializable;
+import java.util.List;
+
+
+/**
+ * This entity class contains OpenLDAP slapd access log records that correspond to modifications made to the directory.
+ * <p/>
+ * <p/>
+ * The auditModify Structural object class is used to store Fortress update and delete events that can later be queried via ldap API.<br />
+ * The deletions can be recorded in this manner and associated with Fortress context because deletions will perform a modification first
+ * if audit is enabled.
+ * <p/>
+ * <code>The Modify operation contains a description  of  modifications  in  the</code><br />
+ * <code>reqMod  attribute,  which  was  already  described  above  in  the  Add</code><br />
+ * <code>operation. It may optionally  contain  the  previous  contents  of  any</code><br />
+ * <code>modified  attributes  in the reqOld attribute, using the same format as</code><br />
+ * <code>described above for the Delete operation.  The reqOld attribute is only</code><br />
+ * <code>populated  if  the  entry  being modified matches the configured logold</code><br />
+ * <code>filter.</code><br />
+ * <ul>
+ * <li>  ------------------------------------------
+ * <li> <code>objectclass (  1.3.6.1.4.1.4203.666.11.5.2.9</code>
+ * <li> <code>NAME 'auditModify'</code>
+ * <li> <code>DESC 'Modify operation'</code>
+ * <li> <code>SUP auditWriteObject STRUCTURAL</code>
+ * <li> <code>MAY reqOld MUST reqMod )</code>
+ * <li> ------------------------------------------
+ * </ul>
+ * <p/>
+ * Note this class uses descriptions pulled from man pages on slapd access log.
+ * <p/>
+
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortMod")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "mod", propOrder =
+    {
+        "reqSession",
+        "objectClass",
+        "reqAuthzID",
+        "reqDN",
+        "reqResult",
+        "reqStart",
+        "reqEnd",
+        "reqMod",
+        "reqType",
+        "sequenceId"
+})
+public class Mod extends FortEntity implements Serializable
+{
+    /** Default serialVersionUID */
+    private static final long serialVersionUID = 1L;
+    private String reqSession;
+    private String objectClass;
+    private String reqAuthzID;
+    private String reqDN;
+    private String reqResult;
+    private String reqStart;
+    private String reqEnd;
+    private String reqType;
+    @XmlElement(nillable = true)
+    private List<String> reqMod;
+    private long sequenceId;
+
+
+    /**
+     * The reqMod attribute carries all of the attributes of the original entry being added.
+     * (Or in the case of a Modify operation, all of the modifications being performed.)
+     * The values are formatted as attribute:<+|-|=|#> [ value] Where '+' indicates an Add of a value,
+     * '-' for Delete, '=' for Replace, and '#' for Increment. In an Add operation, all of  the
+     * reqMod  values will have the '+' designator.
+     *
+     * @return collection of Strings that map to 'reqMod' attribute on 'auditModify' object class.
+     */
+    public List<String> getReqMod()
+    {
+        return reqMod;
+    }
+
+
+    /**
+     * The reqMod attribute carries all of the attributes of the original entry being added.
+     * (Or in the case of a Modify operation, all of the modifications being performed.)
+     * The values are formatted as attribute:<+|-|=|#> [ value] Where '+' indicates an Add of a value,
+     * '-' for Delete, '=' for Replace, and '#' for Increment. In an Add operation, all of  the
+     * reqMod  values will have the '+' designator.
+     *
+     * @param reqMod contains collection of Strings that map to 'reqMod' attribute on 'auditModify' object class.
+     */
+    public void setReqMod( List<String> reqMod )
+    {
+        this.reqMod = reqMod;
+    }
+
+
+    /**
+     * reqEnd provide the end time of the operation. It uses generalizedTime syntax.
+     *
+     * @return value that maps to 'reqEnd' attribute on 'auditModify' object class.
+     */
+    public String getReqEnd()
+    {
+        return reqEnd;
+    }
+
+
+    /**
+     * reqEnd provide the end time of the operation. It uses generalizedTime syntax.
+     *
+     * @param reqEnd value that maps to same name on 'auditModify' object class.
+     */
+    public void setReqEnd( String reqEnd )
+    {
+        this.reqEnd = reqEnd;
+    }
+
+
+    /**
+     * The reqSession attribute is an implementation-specific identifier  that
+     * is  common to all the operations associated with the same LDAP session.
+     * Currently this is slapd's internal connection ID, stored in decimal.
+     *
+     * @return value that maps to 'reqSession' attribute on 'auditModify' object class.
+     */
+    public String getReqSession()
+    {
+        return reqSession;
+    }
+
+
+    /**
+     * The reqSession attribute is an implementation-specific identifier  that
+     * is  common to all the operations associated with the same LDAP session.
+     * Currently this is slapd's internal connection ID, stored in decimal.
+     *
+     * @param reqSession maps to same name on 'auditModify' object class.
+     */
+    public void setReqSession( String reqSession )
+    {
+        this.reqSession = reqSession;
+    }
+
+
+    /**
+     * Get the object class name of the audit record.  For this entity, this value will always be 'auditModify'.
+     *
+     * @return value that maps to 'objectClass' attribute on 'auditModify' obejct class.
+     */
+    public String getObjectClass()
+    {
+        return objectClass;
+    }
+
+
+    /**
+     * Set the object class name of the audit record.  For this entity, this value will always be 'auditModify'.
+     *
+     * @param objectClass value that maps to same name on 'auditModify' obejct class.
+     */
+    public void setObjectClass( String objectClass )
+    {
+        this.objectClass = objectClass;
+    }
+
+
+    /**
+     * The  reqAuthzID  attribute  is  the  distinguishedName of the user that
+     * performed the operation.  This will usually be the  same  name  as  was
+     * established  at  the  start of a session by a Bind request (if any) but
+     * may be altered in various circumstances.
+     * For Fortress bind operations this will map to {@link User#userId}
+     *
+     * @return value that maps to 'reqAuthzID' on 'auditModify' object class.
+     */
+    public String getReqAuthzID()
+    {
+        return reqAuthzID;
+    }
+
+
+    /**
+     * The  reqAuthzID  attribute  is  the  distinguishedName of the user that
+     * performed the operation.  This will usually be the  same  name  as  was
+     * established  at  the  start of a session by a Bind request (if any) but
+     * may be altered in various circumstances.
+     * For Fortress bind operations this will map to {@link User#userId}
+     *
+     */
+    public void setReqAuthzID( String reqAuthzID )
+    {
+        this.reqAuthzID = reqAuthzID;
+    }
+
+
+    /**
+     * The reqDN attribute is the  distinguishedName  of  the  target  of  the
+     * operation.  E.g.,for a Bind request, this is the Bind DN. For an Add
+     * request, this is the DN of the entry being added. For a Search request,
+     * this is the base DN of the search.
+     *
+     * @return value that map to 'reqDN' attribute on 'auditModify' object class.
+     */
+    public String getReqDN()
+    {
+        return reqDN;
+    }
+
+
+    /**
+     * The reqDN attribute is the  distinguishedName  of  the  target  of  the
+     * operation. E.g., for a Bind request, this is the Bind DN. For an Add
+     * request, this is the DN of the entry being added. For a Search request,
+     * this is the base DN of the search.
+     *
+     * @param reqDN maps to 'reqDN' attribute on 'auditModify' object class.
+     */
+    public void setReqDN( String reqDN )
+    {
+        this.reqDN = reqDN;
+    }
+
+
+    /**
+     * The reqResult attribute is the numeric LDAP result code of the
+     * operation, indicating either success or a particular LDAP  error  code.
+     * An  error code may be accompanied by a text error message which will be
+     * recorded in the reqMessage attribute.
+     *
+     * @return value that maps to 'reqResult' attribute on 'auditModify' object class.
+     */
+    public String getReqResult()
+    {
+        return reqResult;
+    }
+
+
+    /**
+     * The reqResult attribute is the numeric LDAP result code of the
+     * operation, indicating either success or a particular LDAP  error  code.
+     * An  error code may be accompanied by a text error message which will be
+     * recorded in the reqMessage attribute.
+     *
+     * @param reqResult maps to same name on 'auditModify' object class.
+     */
+    public void setReqResult( String reqResult )
+    {
+        this.reqResult = reqResult;
+    }
+
+
+    /**
+     * reqStart provide the start of the operation, They use generalizedTime syntax.
+     * The reqStart attribute is also used as the RDN for each log entry.
+     *
+     * @return value that maps to 'reqStart' attribute on 'auditModify' object class.
+     */
+    public String getReqStart()
+    {
+        return reqStart;
+    }
+
+
+    /**
+     * reqStart provide the start of the operation, They use generalizedTime syntax.
+     * The reqStart attribute is also used as the RDN for each log entry.
+     *
+     * @param reqStart maps to same name on 'auditModify' object class.
+     */
+    public void setReqStart( String reqStart )
+    {
+        this.reqStart = reqStart;
+    }
+
+
+    /**
+     * The reqType attribute is a simple string containing the type of
+     * operation being logged, e.g.  add, delete, search,  etc.  For  extended
+     * operations, the  type also includes the OID of the extended operation,
+     * e.g. extended(1.1.1.1)
+     *
+     * @return value that maps to 'reqType' attribute on 'auditModify' object class.
+     */
+    public String getReqType()
+    {
+        return reqType;
+    }
+
+
+    /**
+     * The reqType attribute is a simple string containing the type of
+     * operation being logged, e.g. add, delete, search, etc. For extended
+     * operations,  the  type also includes the OID of the extended operation,
+     * e.g.extended(1.1.1.1)
+     *
+     * @param reqType maps to same name on 'auditModify' object class.
+     */
+    public void setReqType( String reqType )
+    {
+        this.reqType = reqType;
+    }
+
+
+    /**
+     * Sequence id is used internal to Fortress.
+     * @return long value contains sequence id.
+     */
+    public long getSequenceId()
+    {
+        return sequenceId;
+    }
+
+
+    /**
+     * Sequence id is used internal to Fortress
+     * @param sequenceId contains sequence to use.
+     */
+    public void setSequenceId( long sequenceId )
+    {
+        this.sequenceId = sequenceId;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java b/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
new file mode 100755
index 0000000..cfd21a9
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
@@ -0,0 +1,522 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import org.apache.directory.fortress.core.rbac.Graphable;
+
+import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlEnum;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * All entities ({@link AdminRole}, {@link OrgUnit},
+ * {@link SDSet} etc...) are used to carry data between three Fortress
+ * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
+ * (3) DAO layer where persistence with the OpenLDAP server occurs.
+ * <h4>Fortress Processing Layers</h4>
+ * <ol>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.DelAdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.DelAccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.DelReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.AdminRoleP}, {@link org.apache.directory.fortress.core.rbac.OrgUnitP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.AdminRoleDAO}, {@link org.apache.directory.fortress.core.rbac.OrgUnitDAO},...</li>
+ * </ol>
+ * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
+ * provide enough information to uniquely identity the entity target within ldap.<br />
+ * For example, this entity requires {@link #name} and {@link #type} set before passing into {@link org.apache.directory.fortress.core.rbac.DelAdminMgrImpl} or  {@link org.apache.directory.fortress.core.rbac.DelReviewMgrImpl} APIs.
+ * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
+ * <p/>
+ * This entity implements both User and Permission OU pool functionality that defines org membership of entities for ARBAC02 style admin checks..
+ * <br />The unique key to locate an OrgUnit entity (which is subsequently assigned both to Users and Permissions) is 'OrgUnit.name' and 'OrgUnit.Type'.<br />
+ * <p/>
+ * An OrgUnit name may contain alphanumeric and simple symbols that are safe text (.,:;-_).  Any non-safe text will be
+ * encoded before persistence.  Valid names include:
+ * <ol>
+ * <li>123</li>
+ * <li>OneTwoThree</li>
+ * <li>One-Two-Three</li>
+ * <li>One_Two_Three</li>
+ * <li>One:2:3</li>
+ * <li>1:2:3</li>
+ * <li>1.2.3</li>
+ * <li>1,2,3</li>
+ * <li>1_2_3</li>
+ * <li>etc...</li>
+ * </ol>
+ * <p/>
+ * There is a Many-to-One relationship between a User and OrgUnit.
+ * <h3>{@link User}*<->1 {@link OrgUnit}</h3>
+ * <p/>
+ * There is a Many-to-One relationship between a {@link PermObj} object and {@link OrgUnit}.
+ * <h3>{@link PermObj}*<->1 {@link OrgUnit}</h3>
+ * <p/>
+ * Example to create new ARBAC User OrgUnit:
+ * <p/>
+ * <code>OrgUnit myUserOU = new OrgUnit("MyUserOrgName", OrgUnit.Type.USER);</code><br />
+ * <code>myUserOU.setDescription("This is a test User OrgUnit");</code><br />
+ * <code>DelAdminMgr delAdminMgr = DelAdminMgrFactory.createInstance();</code><br />
+ * <code>delAdminMgr.add(myUserOU);</code><br />
+ * <p/>
+ * This will create a User OrgUnit that can be used as a target for User OU and AdminRole OS-U assignments.
+ * <p/>
+ * Example to create new ARBAC Perm OrgUnit:
+ * <p/>
+ * <code>OrgUnit myPermOU = new OrgUnit("MyPermOrgName", OrgUnit.Type.PERM);</code><br />
+ * <code>myPermOU.setDescription("This is a test Perm OrgUnit");</code><br />
+ * <code>DelAdminMgr delAdminMgr = DelAdminMgrFactory.createInstance();</code><br />
+ * <code>delAdminMgr.add(myPermOU);</code><br />
+ * <p/>
+ * This will create a Perm OrgUnit that can be used as a target for Perm OU and AdminRole OS-P assignments.
+ * <p/>
+ * <h4>OrgUnit Schema</h4>
+ * The Fortress OrgUnit entity is a composite of the following other Fortress structural and aux object classes:
+ * <p/>
+ * 1. organizationalUnit Structural Object Class is used to store basic attributes like ou and description.
+ * <pre>
+ * ------------------------------------------
+ * objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ *  DESC 'RFC2256: an organizational unit'
+ *  SUP top STRUCTURAL
+ *  MUST ou
+ *  MAY (
+ *      userPassword $ searchGuide $ seeAlso $ businessCategory $
+ *      x121Address $ registeredAddress $ destinationIndicator $
+ *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ *      telephoneNumber $ internationaliSDNNumber $
+ *      facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ *      postalAddress $ physicalDeliveryOfficeName $ st $ l $ description
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 2. ftOrgUnit Structural objectclass is used to store the OrgUnit internal id.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Organizational Structural Object Class
+ * objectclass    ( 1.3.6.1.4.1.38088.2.6
+ *  NAME 'ftOrgUnit'
+ *  DESC 'Fortress OrgUnit Structural Object Class'
+ *  SUP organizationalunit
+ *  STRUCTURAL
+ *  MUST (
+ *      ftId
+ *  )
+ *  MAY (
+ *      ftParents
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ *  NAME 'ftMods'
+ *  DESC 'Fortress Modifiers AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftModifier $
+ *      ftModCode $
+ *      ftModId
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortOrgUnit")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "orgUnit", propOrder =
+    {
+        "children",
+        "description",
+        "id",
+        "name",
+        "parents",
+        "type"
+})
+public class OrgUnit extends FortEntity implements Graphable, Serializable
+{
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Maps to the location for a particular OrgUnit entity to either the User, 
+     * {@code ou=OS-U}, or Permission, {@code ou=OS-P}, tree in ldap.
+     */
+    public Type type;
+
+    /** The name required attribute of the OrgUnit object */
+    private String name;
+
+    /** the internal id that is associated with OrgUnit */
+    private String id;
+
+    /** The description that is associated with OrgUnit */
+    private String description;
+
+    /** The names of orgUnits that are parents (direct ascendants) of this orgUnit */
+    @XmlElement(nillable = true)
+    private Set<String> parents;
+
+    /** The set of child orgUnit names (direct descendants) of this orgUnit */
+    @XmlElement(nillable = true)
+    private Set<String> children;
+
+
+    /**
+     * Default constructor is used by internal Fortress classes.
+     */
+    public OrgUnit()
+    {
+    }
+
+
+    /**
+     * Construct a OrgUnit entity with a given ou name.
+     *
+     * @param ou maps to same name on on 'organizationalUnit' object class.
+     */
+    public OrgUnit( String ou )
+    {
+        this.name = ou;
+    }
+
+
+    /**
+     * Construct a OrgUnit entity with a given ou name and specified type - 'USER' or 'PERM'.
+     *
+     * @param ou   maps to same name on on 'organizationalUnit' object class.
+     * @param type is used to determine which OrgUnit tree is being targeted - 'USER' or 'PERM'.
+     */
+    public OrgUnit( String ou, Type type )
+    {
+        this.name = ou;
+        this.type = type;
+    }
+
+
+    /**
+     * Get the name required attribute of the OrgUnit object
+     *
+     * @return attribute maps to 'ou' attribute on 'organizationalUnit' object class.
+     */
+    public String getName()
+    {
+        return name;
+    }
+
+
+    /**
+     * Sets the required name attribute on the OrgUnit object
+     *
+     */
+    public void setName( String name )
+    {
+        this.name = name;
+    }
+
+
+    /**
+     * Return the internal id that is associated with OrgUnit.  This attribute is generated automatically
+     * by Fortress when new OrgUnit is added to directory and is not known or changeable by external client.
+     *
+     * @return attribute maps to 'ftId' in 'ftOrgUnit' object class.
+     */
+    public String getId()
+    {
+        return id;
+    }
+
+
+    /**
+     * Set the internal Id that is associated with OrgUnit.  This method is used by DAO class and
+     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
+     * This method can be used by client for search purposes only.
+     *
+     * @param id maps to 'ftId' in 'ftOrgUnit' object class.
+     */
+    public void setId( String id )
+    {
+        this.id = id;
+    }
+
+
+    /**
+     * Generate an internal Id that is associated with OrgUnit.  This method is used by DAO class and
+     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftOrgUnit' object class.
+     */
+    public void setId()
+    {
+        // generate a unique id that will be used as the rDn for this entry:
+        UUID uuid = UUID.randomUUID();
+        this.id = uuid.toString();
+    }
+
+    /**
+     * The OrgUnit 'Type' attribute is required and used to specify which OrgUnit tree a particular entity is in reference to.
+     */
+    @XmlType(name = "type")
+    @XmlEnum
+    public enum Type
+    {
+        /**
+         * Type {@link User} nodes reside in User OU pool.
+         */
+        USER,
+        /**
+         * Type {@link org.apache.directory.fortress.core.model.Permission} nodes reside in Perm OU pool.
+         */
+        PERM
+    }
+
+
+    /**
+     * Return the type of OrgUnit for this entity.  This field is required for this entity.
+     *
+     * @return Type contains 'PERM' or 'USER'.
+     */
+    public Type getType()
+    {
+        return type;
+    }
+
+
+    /**
+     * Get the type of OrgUnit for this entity.  This field is required for this entity.
+     *
+     * @param type contains 'PERM' or 'USER'.
+     */
+    public void setType( Type type )
+    {
+        this.type = type;
+    }
+
+
+    /**
+     * Returns optional description that is associated with OrgUnit.  This attribute is validated but not constrained by Fortress.
+     *
+     * @return value that is mapped to 'description' in 'organizationalUnit' object class.
+     */
+    public String getDescription()
+    {
+        return description;
+    }
+
+
+    /**
+     * Sets the optional description that is associated with OrgUnit.  This attribute is validated but not constrained by Fortress.
+     *
+     * @param description that is mapped to same name in 'organizationalUnit' object class.
+     */
+    public void setDescription( String description )
+    {
+        this.description = description;
+    }
+
+
+    /**
+     * Get the names of orgUnits that are parents (direct ascendants) of this orgUnit.
+     * @return Set of parent orgUnit names assigned to this orgUnit.
+     */
+    public Set<String> getParents()
+    {
+        return parents;
+    }
+
+
+    /**
+     * Set the names of orgUnit names that are parents (direct ascendants) of this orgUnit.
+     * @param parents contains the Set of parent orgUnit names assigned to this orgUnit.
+     */
+    public void setParents( Set<String> parents )
+    {
+        this.parents = parents;
+    }
+
+
+    /**
+     * Set the occupant attribute with the contents of the User dn.
+     * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
+     */
+    public void setParent( String parent )
+    {
+        if ( this.parents == null )
+        {
+            this.parents = new HashSet<>();
+        }
+
+        this.parents.add( parent );
+    }
+
+
+    /**
+     * Set the occupant attribute with the contents of the User dn.
+     * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
+     */
+    public void delParent( String parent )
+    {
+        if ( this.parents != null )
+        {
+            this.parents.remove( parent );
+        }
+    }
+
+
+    /**
+     * Return the Set of child orgUnit names (direct descendants) of this orgUnit.
+     * @return Set of child orgUnit names assigned to this orgUnit.
+     */
+    public Set<String> getChildren()
+    {
+        return children;
+    }
+
+
+    /**
+     * Set the Set of child orgUnit names (direct descendants) of this orgUnit
+     * @param children contains the Set of child orgUnit names assigned to this orgUnit.
+     */
+    public void setChildren( Set<String> children )
+    {
+        this.children = children;
+    }
+
+
+    /**
+     * @param thatObj
+     * @return boolean value of 'true if objects match
+     */
+    public boolean equals( Object thatObj )
+    {
+        if ( this == thatObj )
+        {
+            return true;
+        }
+
+        if ( this.getName() == null )
+        {
+            return false;
+        }
+
+        if ( !( thatObj instanceof OrgUnit ) )
+        {
+            return false;
+        }
+
+        OrgUnit thatOrg = ( OrgUnit ) thatObj;
+
+        if ( thatOrg.getName() == null )
+        {
+            return false;
+        }
+
+        return thatOrg.getName().equalsIgnoreCase( this.getName() );
+    }
+
+
+    @Override
+    public int hashCode()
+    {
+        int result = type != null ? type.hashCode() : 0;
+        result = 31 * result + ( name != null ? name.hashCode() : 0 );
+        result = 31 * result + ( id != null ? id.hashCode() : 0 );
+        result = 31 * result + ( description != null ? description.hashCode() : 0 );
+        result = 31 * result + ( parents != null ? parents.hashCode() : 0 );
+        result = 31 * result + ( children != null ? children.hashCode() : 0 );
+        return result;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "OrgUnit object: \n" );
+
+        sb.append( "    name : " ).append( name ).append( '\n' );
+        sb.append( "    id : " ).append( id ).append( '\n' );
+        sb.append( "    description : " ).append( description ).append( '\n' );
+        sb.append( "    type : " ).append( type ).append( '\n' );
+
+        if ( parents != null )
+        {
+            sb.append( "    parents : " );
+
+            boolean isFirst = true;
+
+            for ( String parent : parents )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    sb.append( ", " );
+                }
+
+                sb.append( parent );
+            }
+
+            sb.append( '\n' );
+        }
+
+        if ( children != null )
+        {
+            sb.append( "    children : " );
+
+            boolean isFirst = true;
+
+            for ( String child : children )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    sb.append( ", " );
+                }
+
+                sb.append( child );
+            }
+
+            sb.append( '\n' );
+        }
+
+        return sb.toString();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/OrgUnitRelationship.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/OrgUnitRelationship.java b/src/main/java/org/apache/directory/fortress/core/model/OrgUnitRelationship.java
new file mode 100755
index 0000000..8c3d867
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/OrgUnitRelationship.java
@@ -0,0 +1,87 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * This entity is used by en masse to communicate parent and child {@link OrgUnit} information to the server.
+ * <p/>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortOrgUnitRelationship")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "orgrelationship", propOrder = {
+    "child",
+    "parent"
+})
+public class OrgUnitRelationship extends FortEntity implements Serializable
+{
+    private static final long serialVersionUID = 1L;
+    
+    private OrgUnit parent;
+    private OrgUnit child;
+
+    public OrgUnit getParent()
+    {
+        return parent;
+    }
+
+    
+    public void setParent(OrgUnit parent)
+    {
+        this.parent = parent;
+    }
+
+    
+    public OrgUnit getChild()
+    {
+        return child;
+    }
+
+    
+    public void setChild(OrgUnit child)
+    {
+        this.child = child;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "OrgUnitRelationship object: \n" );
+
+        sb.append( "    parent :" ).append( parent ).append( '\n' );
+        sb.append( "    child :" ).append( child ).append( '\n' );
+
+        return sb.toString();
+    }
+}
+

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/ParentUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/ParentUtil.java b/src/main/java/org/apache/directory/fortress/core/model/ParentUtil.java
new file mode 100644
index 0000000..e4e24b2
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/ParentUtil.java
@@ -0,0 +1,37 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.fortress.core.model;
+
+import java.util.Set;
+/**
+ * This interface provides a callback mechanism for entities {@link UserRole} and {@link UserAdminRole} and is implemented by RoleUtil.*
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface
+    ParentUtil
+{
+    /**
+     * Get the parents of a particular role.
+     *
+     * @return Set of parent role names for this role.
+     */
+    Set<String> getParentsCB( String name, String contextId );
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/PermGrant.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/PermGrant.java b/src/main/java/org/apache/directory/fortress/core/model/PermGrant.java
new file mode 100755
index 0000000..fa47916
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/PermGrant.java
@@ -0,0 +1,213 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * This entity is used by {@link org.apache.directory.fortress.core.ant.FortressAntTask} to add {@link Permission} grants to
+ * RBAC {@link Role}, or ARBAC {@link AdminRole}.
+ * Can also be used to grant Permissions directly to {@link User}s.
+ * This entity is used for Ant and En Masse processing only.
+ * <p/>
+
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortGrant")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "permGrant", propOrder = {
+    "objName",
+    "opName",
+    "objId",
+    "userId",
+    "roleNm",
+    "admin"
+})
+public class PermGrant extends FortEntity implements Serializable
+{
+    private static final long serialVersionUID = 1L;
+    
+    /** The permission object name */
+    private String objName;
+    
+    /** The permission operation name */
+    private String opName;
+    
+    /** The permission object ID */
+    private String objId;
+    
+    /** The userId attribute from this entity */
+    private String userId;
+    
+    /** The role name associated from this entity */
+    private String roleNm;
+    
+    /** Tells if the entity is stored with administrative permissions */
+    private boolean admin;
+
+    /**
+     * Return the permission object name.
+     * @return maps to 'ftObjNm' attribute on 'ftOperation' object class.
+     */
+    public String getObjName()
+    {
+        return objName;
+    }
+    
+
+    /**
+     * Set the permission object name.
+     * @param objName maps to 'ftObjNm' attribute on 'ftOperation' object class.
+     */
+    public void setObjName(String objName)
+    {
+        this.objName = objName;
+    }
+    
+
+    /**
+     * Return the permission object id.
+     * @return maps to 'ftObjId' attribute on 'ftOperation' object class.
+     */
+    public String getObjId()
+    {
+        return objId;
+    }
+    
+
+    /**
+     * Set the permission object id.
+     * @param objId maps to 'ftObjId' attribute on 'ftOperation' object class.
+     */
+    public void setObjId(String objId)
+    {
+        this.objId = objId;
+    }
+    
+
+    /**
+     * Return the permission operation name.
+     * @return maps to 'ftOpNm' attribute on 'ftOperation' object class.
+     */
+    public String getOpName()
+    {
+        return opName;
+    }
+    
+
+    /**
+     * Set the permission operation name.
+     * @param opName maps to 'ftOpNm' attribute on 'ftOperation' object class.
+     */
+    public void setOpName(String opName)
+    {
+        this.opName = opName;
+    }
+    
+
+    /**
+     * Get the userId attribute from this entity.
+     *
+     * @return maps to 'ftUsers' attribute on 'ftOperation' object class.
+     */
+    public String getUserId()
+    {
+        return userId;
+    }
+
+    
+    /**
+     * Set the userId attribute on this entity.
+     *
+     * @param userId maps to 'ftUsers' attribute on 'ftOperation' object class.
+     */
+    public void setUserId(String userId)
+    {
+        this.userId = userId;
+    }
+    
+
+    /**
+     * Get the role name associated from this entity.
+     *
+     * @return maps to 'ftRoles' attribute on 'ftOperation' object class.
+     */
+    public String getRoleNm()
+    {
+        return roleNm;
+    }
+    
+
+    /**
+     * Set the role name associated with this entity.
+     *
+     * @param roleNm maps to 'ftRoles' attribute on 'ftOperation' object class.
+     */
+    public void setRoleNm(String roleNm)
+    {
+        this.roleNm = roleNm;
+    }
+
+
+    /**
+     * If set to true entity will be stored in ldap subdirectory associated with administrative permissions {@link org.apache.directory.fortress.core.GlobalIds#ADMIN_PERM_ROOT}.
+     * otherwise will be RBAC permissions {@link org.apache.directory.fortress.core.GlobalIds#PERM_ROOT}
+     * @return boolean if administrative entity.
+     */
+    public boolean isAdmin()
+    {
+        return admin;
+    }
+    
+
+    /**
+     * Return boolean value that will be set to true if this entity will be stored in Administrative Permissions.
+     * @param admin will be true if administrative entity.
+     */
+    public void setAdmin(boolean admin)
+    {
+        this.admin = admin;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "PermGrant object: \n" );
+
+        sb.append( "    roleNm :" ).append( roleNm ).append( '\n' );
+        sb.append( "    objName :" ).append( objName ).append( '\n' );
+        sb.append( "    objId :" ).append( objId ).append( '\n' );
+        sb.append( "    userId :" ).append( userId ).append( '\n' );
+        sb.append( "    opName :" ).append( opName ).append( '\n' );
+        sb.append( "    isAdmin :" ).append( admin ).append( '\n' );
+
+        return sb.toString();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/PermObj.java b/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
new file mode 100755
index 0000000..98307e2
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
@@ -0,0 +1,583 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import java.io.Serializable;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Properties;
+import java.util.UUID;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
+import javax.xml.bind.annotation.XmlType;
+
+
+/**
+ * All entities ({@link User}, {@link Role}, {@link org.apache.directory.fortress.core.model.Permission},
+ * {@link PwPolicy} {@link SDSet} etc...) are used to carry data between three Fortress
+ * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
+ * (3) DAO layer where persistence with the OpenLDAP server occurs.
+ * <h4>Fortress Processing Layers</h4>
+ * <ol>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
+ * </ol>
+ * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
+ * provide enough information to uniquely identity the entity target within ldap.<br />
+ * For example, this entity requires {@link #objName} and {@link #ou} attributes set before passing into {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl} or  {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl} APIs.
+ * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
+ * <p/>
+ * <h4>PermObj entity attribute usages include</h4>
+ * <ul>
+ * <li>{@link #setObjName} and {@link #setOu} attributes set before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addPermObj(PermObj)}.
+ * <li>{@link #addProperty} may be set before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addPermObj(PermObj)}.
+ * <li>{@link #getProperty} may be set after calling {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#findPermObjs(PermObj)}.
+ * </ul>
+ * <p/>
+ * <h4>More Permission entity notes</h4>
+ * <ul>
+ * <li>The {@link PermObj} entity is not used for authorization checks, rather contains {@link org.apache.directory.fortress.core.model.Permission} which are themselves authorization targets.<br />
+ * <li>This entity must be associated with a valid Perm OU {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM} that is contained within the {@code ou=OS-P,ou=ARBAC,dc=example,dc=com} location in ldap.
+ * <li>The object to operation pairings enable application resources to be mapped to Fortress permissions in a way that is natural for object oriented programming.
+ * <li>Permissions = Object {@link PermObj} 1<->* Operations {@link org.apache.directory.fortress.core.model.Permission}
+ * <p/>
+ * <img src="../doc-files/RbacCore.png">
+ * <li>The unique key to locate an Fortress PermObj entity is {@code PermObj#objName}.
+ * <li>For sample code usages check out {@link org.apache.directory.fortress.core.model.Permission} javadoc.
+ * </ul>
+ * <p/>
+ * <h4>PermObj Schema</h4>
+ * The Fortress PermObj Entity Class is a composite of 3 different LDAP Schema object classes:
+ * <p/>
+ * 1. ftObject STRUCTURAL Object Class is used to store object name, id and type variables on target entity.
+ * <pre>
+ * Fortress Permission Structural Object Class
+ * objectclass    ( 1.3.6.1.4.1.38088.2.2
+ *  NAME 'ftObject'
+ *  DESC 'Fortress Permission Object Class'
+ *  SUP organizationalunit
+ *  STRUCTURAL
+ *  MUST (
+ *      ftId $
+ *      ftObjNm
+ *  )
+ *  MAY (
+ *      ftType
+ *  )
+ * )
+ * 2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
+ * This aux object class can be used to store custom attributes<br />
+ * The properties collections consist of name/value pairs and are not constrainted by Fortress.<br />
+ * <pre>
+ * ------------------------------------------
+ * AC2: Fortress Properties Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.2
+ *  NAME 'ftProperties'
+ *  DESC 'Fortress Properties AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftProps
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress Audit Modification Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.4
+ *  NAME 'ftMods'
+ *  DESC 'Fortress Modifiers AUX Object Class'
+ *  AUXILIARY
+ *  MAY (
+ *      ftModifier $
+ *      ftModCode $
+ *      ftModId
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement(name = "fortObject")
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlType(name = "permObj", propOrder =
+    {
+        "objName",
+        "description",
+        "internalId",
+        "ou",
+        "type",
+        "props",
+        "admin"
+})
+public class PermObj extends FortEntity implements Serializable
+{
+    private static final long serialVersionUID = 1L;
+
+    private boolean admin;
+    private String internalId;
+    private String objName;
+    private String description;
+    @XmlElement(nillable = true)
+    private Props props = new Props();
+    //private Properties props;
+    private String ou;
+    private String type;
+    @XmlTransient
+    private String dn;
+
+
+    /**
+     * Default Constructor used internal to Fortress.
+     */
+    public PermObj()
+    {
+
+    }
+
+
+    /**
+     * Construct an Fortress PermObj entity given an object name.
+     *
+     * @param objName maps to 'ftObjNm' attribute in 'ftObject' object class.
+     */
+    public PermObj( String objName )
+    {
+        this.objName = objName;
+    }
+
+
+    /**
+     * Construct an Fortress PermObj entity given an object and perm ou name.
+     *
+     * @param objName maps to 'ftObjNm' attribute in 'ftObject' object class.
+     * @param ou maps to 'ou' attribute in 'ftObject' object class.
+     */
+    public PermObj( String objName, String ou )
+    {
+        this.objName = objName;
+        this.ou = ou;
+    }
+
+
+    /**
+     * Get the authorization target's object name.  This is typically mapped to the class name for component
+     * that is the target for Fortress authorization check. For example 'PatientRelationshipInquire'.
+     *
+     * @return the name of the object which maps to 'ftObjNm' attribute in 'ftObject' object class.
+     */
+    public String getObjName()
+    {
+        return objName;
+    }
+
+
+    /**
+     * This attribute is required and sets the authorization target object name.  This name is typically derived from the class name
+     * for component that is the target for Fortress authorization check. For example 'CustomerCheckOutPage'.
+     *
+     */
+    public void setObjName( String objName )
+    {
+        this.objName = objName;
+    }
+
+
+    /**
+     * This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap.
+     * This generated internal id is associated with PermObj.  This method is used by DAO class and
+     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftObject' object class.
+     */
+    public void setInternalId()
+    {
+        // generate a unique id that will be used as the rDn for this entry:
+        UUID uuid = UUID.randomUUID();
+        this.internalId = uuid.toString();
+
+        //UID iid = new UID();
+        // assign the unique id to the internal id of the entity:
+        //this.internalId = iid.toString();
+    }
+
+
+    /**
+     * Set the internal id that is associated with PermObj.  This method is used by DAO class and
+     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
+     * This method can be used by client for search purposes only.
+     *
+     * @param internalId maps to 'ftId' in 'ftObject' object class.
+     */
+    public void setInternalId( String internalId )
+    {
+        this.internalId = internalId;
+    }
+
+
+    /**
+     * Return the internal id that is associated with PermObj.  This attribute is generated automatically
+     * by Fortress when new PermObj is added to directory and is not known or changeable by external client.
+     *
+     * @return attribute maps to 'ftId' in 'ftObject' object class.
+     */
+    public String getInternalId()
+    {
+        return internalId;
+    }
+
+
+    /**
+     * If set to true, this entity will be loaded into the Admin Permission data set.
+     *
+     * @return boolean indicating if entity is an RBAC (false) or Admin (true) Permission Object.
+     */
+    public boolean isAdmin()
+    {
+        return admin;
+    }
+
+
+    /**
+     * If set to true, this entity will be loaded into the Admin Permission data set.
+     *
+     * @param admin boolean variable indicates if entity is an RBAC or ARBAC Permission Object.
+     */
+
+    public void setAdmin( boolean admin )
+    {
+        this.admin = admin;
+    }
+
+
+    /**
+     * Sets the optional description that is associated with PermObj.  This attribute is validated but not constrained by Fortress.
+     *
+     * @param description that is mapped to same name in 'organizationalUnit' object class.
+     */
+    public void setDescription( String description )
+    {
+        this.description = description;
+    }
+
+
+    /**
+     * Returns optional description that is associated with PermObj.  This attribute is validated but not constrained by Fortress.
+     *
+     * @return value that is mapped to 'description' in 'organizationalUnit' object class.
+     */
+    public String getDescription()
+    {
+        return description;
+    }
+
+
+    /**
+      * Gets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
+      *
+      * @return
+      *     possible object is
+      *     {@link Props }
+      *
+      */
+    public Props getProps()
+    {
+        return props;
+    }
+
+
+    /**
+     * Sets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
+     *
+     * @param value
+     *     allowed object is
+     *     {@link Props }
+     *
+     */
+    public void setProps( Props value )
+    {
+        this.props = value;
+    }
+
+
+    /**
+     * Add name/value pair to list of properties associated with PermObj.  These values are not constrained by Fortress.
+     * Properties are optional.
+     *
+     * @param key   contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     * @param value
+     */
+    public void addProperty( String key, String value )
+    {
+        Props.Entry entry = new Props.Entry();
+        entry.setKey( key );
+        entry.setValue( value );
+        this.props.getEntry().add( entry );
+    }
+
+
+    /**
+     * Get a name/value pair attribute from list of properties associated with PermObj.  These values are not constrained by Fortress.
+     * Properties are optional.
+     *
+     * @param key contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     * @return value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     */
+    public String getProperty( String key )
+    {
+        List<Props.Entry> props = this.props.getEntry();
+        Props.Entry keyObj = new Props.Entry();
+        keyObj.setKey( key );
+
+        String value = null;
+        int indx = props.indexOf( keyObj );
+        if ( indx != -1 )
+        {
+            Props.Entry entry = props.get( props.indexOf( keyObj ) );
+            value = entry.getValue();
+        }
+
+        return value;
+    }
+
+
+    /**
+     * Add new collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
+     * Properties are optional.
+     *
+     * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     */
+    public void addProperties( Properties props )
+    {
+        if ( props != null )
+        {
+            for ( Enumeration<?> e = props.propertyNames(); e.hasMoreElements(); )
+            {
+                // This LDAP attr is stored as a name-value pair separated by a ':'.
+                String key = ( String ) e.nextElement();
+                String val = props.getProperty( key );
+                addProperty( key, val );
+            }
+        }
+    }
+
+
+    /**
+     * Return the collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
+     * Properties are optional.
+     *
+     * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     */
+    public Properties getProperties()
+    {
+        Properties properties = null;
+        List<Props.Entry> props = this.props.getEntry();
+        if ( props.size() > 0 )
+        {
+            properties = new Properties();
+            //int size = props.size();
+            for ( Props.Entry entry : props )
+            {
+                String key = entry.getKey();
+                String val = entry.getValue();
+                properties.setProperty( key, val );
+            }
+        }
+        return properties;
+    }
+
+
+    /**
+    * Add name/value pair to list of properties associated with PermObj.  These values are not constrained by Fortress.
+    * Properties are optional.
+    *
+    * @param key   contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+    * @param value
+    */
+    //public void addProperty(String key, String value)
+    //{
+    //    if (props == null)
+    //    {
+    //        props = new Properties();
+    //    }
+
+    //    this.props.setProperty(key, value);
+    //}
+
+    /**
+     * Add new collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
+     * Properties are optional.
+     *
+     * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     */
+    //public void addProperties(Properties props)
+    //{
+    //    this.props = props;
+    //}
+
+    /**
+     * Return the collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
+     * Properties are optional.
+     *
+     * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
+     */
+    //public Properties getProperties()
+    //{
+    //    return this.props;
+    //}
+
+    /**
+     * Set the orgUnit name associated with PermObj.  This attribute is validated and constrained by Fortress and must contain name of existing Perm OU.
+     * This attribute is required on add but not on read.
+     *
+     * @param ou mapped to same name in 'ftObject' object class.
+     */
+    public void setOu( String ou )
+    {
+        this.ou = ou;
+    }
+
+
+    /**
+     * Return orgUnit name for PermObj.  This attribute is validated and constrained by Fortress and must contain name of existing Perm OU.
+     * This attribute is required on add but not on read.
+     *
+     * @return value that is mapped to 'ou' in 'ftObject' object class.
+     */
+    public String getOu()
+    {
+        return ou;
+    }
+
+
+    /**
+     * Sets the type attribute of the Perm object.  Currently the type is not constrained to any
+     * preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.
+     *
+     * @param type maps to attribute name 'ftType' in 'ftObject' object class.
+     */
+    public void setType( String type )
+    {
+        this.type = type;
+    }
+
+
+    /**
+     * Get the type attribute of the Perm object.  Currently the type is not constrained to any
+     * preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.
+     *
+     * @return maps to attribute name 'ftType' in 'ftObject' object class.
+     */
+    public String getType()
+    {
+        return type;
+    }
+
+
+    /**
+     * Set distinguished name associated with PermObj.  This attribute is used by DAO and is not allowed for outside classes.
+     * This attribute should not be set by external callers.
+     *
+     * @param dn that is mapped to same name in 'organizationalUnit' object class.
+     */
+    public void setDn( String dn )
+    {
+        this.dn = dn;
+    }
+
+
+    /**
+     * Returns distinguished name associated with PermObj.  This attribute is generated by DAO and is not allowed for outside classes to modify.
+     * This attribute is for internal user only and need not be processed by external clients.
+     *
+     * @return value that is mapped to 'dn' in 'organizationalUnit' object class.
+     */
+    public String getDn()
+    {
+        return dn;
+    }
+
+
+    @Override
+    public int hashCode()
+    {
+        int result = ( admin ? 1 : 0 );
+        result = 31 * result + ( internalId != null ? internalId.hashCode() : 0 );
+        result = 31 * result + ( objName != null ? objName.hashCode() : 0 );
+        result = 31 * result + ( description != null ? description.hashCode() : 0 );
+        result = 31 * result + ( props != null ? props.hashCode() : 0 );
+        result = 31 * result + ( ou != null ? ou.hashCode() : 0 );
+        result = 31 * result + ( type != null ? type.hashCode() : 0 );
+        result = 31 * result + ( dn != null ? dn.hashCode() : 0 );
+        return result;
+    }
+
+
+    /**
+     * Matches the objName from two PermObj entities.
+     *
+     * @param thatObj contains a PermObj entity.
+     * @return boolean indicating both objects contain matching objNames.
+     */
+    public boolean equals( Object thatObj )
+
+    {
+        if ( this == thatObj )
+        {
+            return true;
+        }
+
+        if ( this.getObjName() == null )
+        {
+            return false;
+        }
+
+        if ( !( thatObj instanceof PermObj ) )
+        {
+            return false;
+        }
+
+        PermObj thatPermObj = ( PermObj ) thatObj;
+
+        if ( thatPermObj.getObjName() == null )
+        {
+            return false;
+        }
+
+        return thatPermObj.getObjName().equalsIgnoreCase( this.getObjName() );
+    }
+
+
+    @Override
+    public String toString()
+    {
+        return "Permission Object {" +
+            "name='" + objName + '\'' +
+            '}';
+    }
+}


Mime
View raw message