directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [34/75] [abbrv] [partial] directory-fortress-core git commit: FC-109 - rename rbac package to impl
Date Tue, 09 Jun 2015 03:15:40 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrFactory.java
deleted file mode 100755
index d235524..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrFactory.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap.group;
-
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.util.Config;
-import org.apache.directory.fortress.core.util.ClassUtil;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.model.Session;
-import org.apache.directory.fortress.core.model.VUtil;
-
-/**
- * Creates an instance of the ConfigMgr object.
- * <p/>
- * The default implementation class is specified as {@link GroupMgrImpl} but can be overridden by
- * adding the {@link org.apache.directory.fortress.core.GlobalIds#GROUP_IMPLEMENTATION} config property.
- * <p/>
-
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public final class GroupMgrFactory
-{
-    private static String groupClassName = Config.getProperty( GlobalIds.GROUP_IMPLEMENTATION );
-    private static final String CLS_NM = GroupMgrFactory.class.getName();
-    private static final String CREATE_INSTANCE_METHOD = CLS_NM + ".createInstance";
-
-    /**
-     * Prevent instantiation.
-     */
-    private GroupMgrFactory()
-    {
-    }
-
-    /**
-     * Create and return a reference to {@link GroupMgr} object using HOME context.
-     *
-     * @return instance of {@link org.apache.directory.fortress.core.AdminMgr}.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event of failure during instantiation.
-     */
-    public static GroupMgr createInstance()
-        throws SecurityException
-    {
-        return createInstance( GlobalIds.HOME );
-    }
-
-    /**
-     * Create and return a reference to {@link GroupMgr} object.
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return instance of {@link GroupMgr}.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event of failure during instantiation.
-     */
-    public static GroupMgr createInstance(String contextId)
-        throws SecurityException
-    {
-        VUtil.assertNotNull( contextId, GlobalErrIds.CONTEXT_NULL, CREATE_INSTANCE_METHOD );
-        
-        if ( Strings.isEmpty( groupClassName ) )
-        {
-            groupClassName = GroupMgrImpl.class.getName();
-        }
-
-        GroupMgr groupMgr = (GroupMgr) ClassUtil.createInstance(groupClassName);
-        groupMgr.setContextId(contextId);
-        
-        return groupMgr;
-    }
-
-
-    /**
-     * Create and return a reference to {@link GroupMgr} object using HOME context.
-     *
-     * @param adminSess contains a valid Fortress A/RBAC Session object.
-     * @return instance of {@link org.apache.directory.fortress.core.AdminMgr}.
-     * @throws SecurityException in the event of failure during instantiation.
-     */
-    public static GroupMgr createInstance(Session adminSess)
-        throws SecurityException
-    {
-        return createInstance( GlobalIds.HOME, adminSess );
-    }
-
-    /**
-     * Create and return a reference to {@link GroupMgr} object.
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @param adminSess contains a valid Fortress A/RBAC Session object.
-     * @return instance of {@link org.apache.directory.fortress.core.AdminMgr}.
-     * @throws SecurityException in the event of failure during instantiation.
-     */
-    public static GroupMgr createInstance(String contextId, Session adminSess)
-        throws SecurityException
-    {
-        GroupMgr groupMgr = createInstance(contextId);
-        groupMgr.setAdmin(adminSess);
-        
-        return groupMgr;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrImpl.java
deleted file mode 100755
index dcde5df..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupMgrImpl.java
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap.group;
-
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.ReviewMgr;
-import org.apache.directory.fortress.core.ReviewMgrFactory;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.model.Group;
-import org.apache.directory.fortress.core.rbac.Manageable;
-import org.apache.directory.fortress.core.model.User;
-import org.apache.directory.fortress.core.model.VUtil;
-import org.apache.directory.fortress.core.util.ObjUtil;
-
-import java.util.ArrayList;
-import java.util.List;
-
-
-/**
- * This Manager impl supplies CRUD methods used to manage groups stored within the ldap directory.
- * LDAP group nodes are used for utility and security functions within various systems and apps.
- * <p/>
- * This class is thread safe.
- * <p/>
-
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class GroupMgrImpl extends Manageable implements GroupMgr
-{
-    private static final String CLS_NM = GroupMgrImpl.class.getName();
-    private static final GroupP GROUP_P = new GroupP();
-
-    /**
-     * Create a new group node.  Must have a name and at least one member.
-     *
-     * @param group contains {@link org.apache.directory.fortress.core.model.Group}.
-     * @return {@link org.apache.directory.fortress.core.model.Group} containing entity just added.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    @Override
-    public Group add( Group group ) throws org.apache.directory.fortress.core.SecurityException
-    {
-        String methodName = "add";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        if(!group.isMemberDn())
-        {
-            loadUserDns( group );
-        }
-
-        return GROUP_P.add( group );
-    }
-
-    /**
-     * Modify existing group node.  The name is required.  Does not update members or properties.
-     * Use {@link GroupMgr#add( Group group, String key, String value )}, {@link GroupMgr#delete( Group group, String key, String value )},
-     * {@link GroupMgr#assign( Group group, String member) }, or {@link GroupMgr#deassign( Group group, String member) } for multi-occurring attributes.
-     *
-     * @param group contains {@link Group}.
-     * @return {@link Group} containing entity just modified.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    @Override
-    public Group update( Group group ) throws SecurityException
-    {
-        String methodName = "update";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        return GROUP_P.update( group );
-    }
-
-    /**
-     * Delete existing group node.  The name is required.
-     *
-     * @param group contains {@link Group}.
-     * @return {@link Group} containing entity just removed.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    @Override
-    public Group delete( Group group ) throws SecurityException
-    {
-        String methodName = "delete";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        return GROUP_P.delete( group );
-    }
-
-    /**
-     * Add a property to an existing group node.  The name is required.
-     *
-     * @param group contains {@link Group}.
-     * @param key contains the property key.
-     * @param value contains contains the property value.
-     * @return {@link Group} containing entity just modified.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    public Group add( Group group, String key, String value ) throws SecurityException
-    {
-        String methodName = "addProperty";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        return GROUP_P.add( group, key, value );
-    }
-
-    /**
-     * Delete existing group node.  The name is required.
-     *
-     * @param group contains {@link Group}.
-     * @param key contains the property key.
-     * @param value contains contains the property value.
-     * @return {@link Group} containing entity just modified.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    public Group delete( Group group, String key, String value ) throws SecurityException
-    {
-        String methodName = "deleteProperty";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        return GROUP_P.delete( group, key, value );
-    }
-
-    /**
-     * Read an existing group node.  The name is required.
-     *
-     * @param group contains {@link Group} with name field set with an existing group name.
-     * @return {@link Group} containing entity found.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    @Override
-    public Group read( Group group ) throws SecurityException
-    {
-        String methodName = "read";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        return GROUP_P.read( group );
-    }
-
-    /**
-     * Search using a full or partial group node.  The name is required.
-     *
-     * @param group contains {@link Group}.
-     * @return List of type {@link Group} containing entities found.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    @Override
-    public List<Group> find( Group group ) throws SecurityException
-    {
-        String methodName = "find";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        
-        return GROUP_P.search( group );
-    }
-
-    /**
-     * Search for groups by userId.  Member (maps to userId) and is required.
-     *
-     * @param user contains userId that maps to Group member attribute.
-     * @return {@link Group} containing entity just added.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event system error.
-     */
-    public List<Group> find( User user ) throws SecurityException
-    {
-        String methodName = "findWithUsers";
-        assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
-        checkAccess(CLS_NM, methodName);
-        loadUserDn( user );
-        
-        return GROUP_P.search( user );
-    }
-
-    /**
-     * Assign a user to an existing group node.  The name is required and userDn are required.
-     *
-     * @param group contains {@link Group}.
-     * @param member is the relative distinguished name (rdn) of an existing user in ldap.
-     * @return {@link Group} containing entity to assign.
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry already present or other system error.
-     */
-    @Override
-    public Group assign( Group group, String member ) throws SecurityException
-    {
-        String methodName = "assign";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
-        User user = reviewMgr.readUser( new User( member ) );
-        
-        return GROUP_P.assign( group, user.getDn() );
-    }
-
-    /**
-     * Deassign a user from an existing group node.  The name is required and userDn are required.
-     *
-     * @param group contains {@link Group}.
-     * @param member is the relative distinguished name (rdn) of an existing user in ldap.
-     * @return {@link Group} containing entity to deassign
-     * @throws org.apache.directory.fortress.core.SecurityException in the event entry already present or other system error.
-     */
-    @Override
-    public Group deassign( Group group, String member ) throws SecurityException
-    {
-        String methodName = "deassign";
-        assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
-        checkAccess(CLS_NM, methodName);
-        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
-        User user = reviewMgr.readUser( new User( member ) );
-        
-        return GROUP_P.deassign( group, user.getDn() );
-    }
-
-    private void loadUserDns( Group group ) throws SecurityException
-    {
-        if( ObjUtil.isNotNullOrEmpty( group.getMembers() ))
-        {
-            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
-            List<String> userDns = new ArrayList<String>();
-            
-            for( String member : group.getMembers() )
-            {
-                User user = reviewMgr.readUser( new User( member ) );
-                userDns.add( user.getDn() );
-            }
-            
-            group.setMembers( userDns );
-        }
-    }
-
-    private void loadUserDn( User inUser ) throws SecurityException
-    {
-        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
-        User outUser = reviewMgr.readUser( inUser );
-        inUser.setDn( outUser.getDn() );
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupP.java b/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupP.java
deleted file mode 100755
index baf36c5..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/group/GroupP.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap.group;
-
-
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.model.Group;
-import org.apache.directory.fortress.core.model.User;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.model.VUtil;
-
-import java.util.List;
-
-
-/**
- * Process module for the group node of Fortress directory structure.
- * This class is thread safe.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-final class GroupP
-{
-    private static final String CLS_NM = GroupP.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    private static GroupDAO gDao = new GroupDAO();
-
-
-    /**
-     * Add a group node to the Directory Information Tree (DIT).
-     *
-     * @param group contains the group entity for target node.
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          in event of validation or system error.
-     */
-    Group add( Group group ) throws SecurityException
-    {
-        validate( group );
-
-        return gDao.create( group );
-    }
-
-
-    /**
-     * Modify a group node within the Directory Information Tree (DIT).
-     *
-     * @param group contains the group entity for target node.
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          in event of validation or system error.
-     */
-    Group update( Group group ) throws SecurityException
-    {
-        validate( group );
-
-        return gDao.update( group );
-    }
-
-
-    /**
-     * Remove the group node.
-     *
-     * @param group contains the group entity for target node.
-     * @throws SecurityException in event of validation or system error.
-     */
-    Group delete( Group group ) throws SecurityException
-    {
-        return gDao.remove( group );
-    }
-
-
-    /**
-     * Add a new property to an existing Group
-     *
-     * @param group
-     * @param key
-     * @param value
-     * @return
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *
-     */
-    Group add( Group group, String key, String value ) throws SecurityException
-    {
-        return gDao.add( group, key, value );
-    }
-
-
-    /**
-     * Remove an existing property value from an existing Group
-     *
-     * @param group
-     * @param key
-     * @param value
-     * @return
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *
-     */
-    Group delete( Group group, String key, String value ) throws SecurityException
-    {
-        return gDao.delete( group, key, value );
-    }
-
-
-    /**
-     * Method will add the "member" attribute on LDAP entry which represents a Group assignment.
-     *
-     * @param entity contains the group name targeted.
-     * @param userDn String contains the dn for the user entry that is being assigned the RBAC Role.
-     * @return Group containing copy of input data.
-     * @throws SecurityException in the event of data validation or DAO system error.
-     */
-    Group assign( Group entity, String userDn ) throws SecurityException
-    {
-        return gDao.assign( entity, userDn );
-    }
-
-
-    /**
-     * Method will remove the "member" attribute on LDAP entry which represents a Group assignment.
-     *
-     * @param entity contains the role name targeted.
-     * @param userDn String contains the dn for the user entry that is being assigned the RBAC Role.
-     * @return Role containing copy of input data.
-     * @throws SecurityException in the event of data validation or DAO system error.
-     */
-    Group deassign( Group entity, String userDn ) throws SecurityException
-    {
-        return gDao.deassign( entity, userDn );
-    }
-
-
-    /**
-     * Return a fully populated Group entity for a given name.  If matching record not found a
-     * SecurityException will be thrown.
-     *
-     * @param group contains full group name for entry in directory.
-     * @return Group entity containing all attributes associated.
-     * @throws SecurityException in the event not found or DAO search error.
-     */
-    Group read( Group group ) throws SecurityException
-    {
-        return gDao.get( group );
-    }
-
-
-    /**
-     * Takes a search string that contains full or partial Group name in directory.
-     *
-     * @param group contains full or partial name.
-     * @return List of type Group containing fully populated matching entities.  If no records found this will be empty.
-     * @throws SecurityException in the event of DAO search error.
-     */
-    List<Group> search( Group group ) throws SecurityException
-    {
-        return gDao.find( group );
-    }
-
-
-    /**
-     * Takes a search string that contains full or partial Group name in directory.
-     *
-     * @param user contains full dn for existing user.
-     * @return List of type Group containing fully populated matching entities.  If no records found this will be empty.
-     * @throws SecurityException in the event of DAO search error.
-     */
-    List<Group> search( User user ) throws SecurityException
-    {
-        return gDao.find( user );
-    }
-
-
-    /**
-     * Method will perform simple validations to ensure the integrity of the {@link Group} entity targeted for insertion
-     * or deletion in directory.
-     *
-     * @param entity contains the enum type to validate
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          thrown in the event the attribute is null.
-     */
-    private void validate( Group entity ) throws SecurityException
-    {
-        if ( Strings.isEmpty( entity.getName() ) )
-        {
-            String error = "validate name validation failed, null or empty value";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.GROUP_NAME_NULL, error );
-        }
-
-        if ( entity.getName().length() > GlobalIds.OU_LEN )
-        {
-            String name = entity.getName();
-            String error = "validate name [" + name + "] invalid length [" + entity.getName().length() + "]";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.GROUP_NAME_INVLD, error );
-        }
-
-        if ( entity.getProtocol().length() > GlobalIds.OU_LEN )
-        {
-            String error = "validate protocol [" + entity.getProtocol() + "] invalid length [" + entity.getProtocol()
-                .length() + "]";
-            LOG.warn( error );
-            throw new ValidationException( GlobalErrIds.GROUP_PROTOCOL_INVLD, error );
-        }
-
-        if ( !Strings.isEmpty( entity.getDescription() ) )
-        {
-            VUtil.description( entity.getDescription() );
-        }
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/ldap/group/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/group/package.html b/src/main/java/org/apache/directory/fortress/core/ldap/group/package.html
deleted file mode 100755
index 28db54b..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/group/package.html
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
--->
-<html>
-   <head>
-      <title>Package Documentation for org.apache.directory.fortress.ldap.group</title>
-   </head>
-   <body>
-      <p>
-         This package contains APIs to perform create and teardown the ldap group node.
-      </p>
-      <p>
-          The <b>org.apache.directory.fortress.ldap.group</b> package provides apis to add and remove group node, <b>dcObject</b>.
-          The group node is common throughout ldap operartions and is commonly used to define sets of users or other data types.
-      </p>
-   </body>
-</html>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/AdminRole.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/AdminRole.java b/src/main/java/org/apache/directory/fortress/core/model/AdminRole.java
index 47c7970..08b8b17 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/AdminRole.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/AdminRole.java
@@ -40,13 +40,13 @@ import org.apache.directory.fortress.core.util.time.Constraint;
  * (3) DAO layer where persistence with the OpenLDAP server occurs.
  * <h4>Fortress Processing Layers</h4>
  * <ol>
- * <li>Manager layer: {@link org.apache.directory.fortress.core.rbac.DelAdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.DelAccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.DelReviewMgrImpl},...</li>
- * <li>Process layer: {@link org.apache.directory.fortress.core.rbac.AdminRoleP}, {@link org.apache.directory.fortress.core.rbac.OrgUnitP},...</li>
- * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.AdminRoleDAO}, {@link org.apache.directory.fortress.core.rbac.OrgUnitDAO},...</li>
+ * <li>Manager layer: {@link org.apache.directory.fortress.core.impl.DelAdminMgrImpl}, {@link org.apache.directory.fortress.core.impl.DelAccessMgrImpl}, {@link org.apache.directory.fortress.core.impl.DelReviewMgrImpl},...</li>
+ * <li>Process layer: {@link org.apache.directory.fortress.core.impl.AdminRoleP}, {@link org.apache.directory.fortress.core.impl.OrgUnitP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.impl.AdminRoleDAO}, {@link org.apache.directory.fortress.core.impl.OrgUnitDAO},...</li>
  * </ol>
  * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
  * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #name} set before passing into {@link org.apache.directory.fortress.core.rbac.DelAdminMgrImpl} or  {@link org.apache.directory.fortress.core.rbac.DelReviewMgrImpl} APIs.
+ * For example, this entity requires {@link #name} set before passing into {@link org.apache.directory.fortress.core.impl.DelAdminMgrImpl} or  {@link org.apache.directory.fortress.core.impl.DelReviewMgrImpl} APIs.
  * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
  * <p/>
  * This entity extends the {@link org.apache.directory.fortress.core.model.Role} entity and is used to store the ARBAC AdminRole assignments that comprise the many-to-many relationships between Users and Administrative Permissions.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java b/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
index a235f2e..d5f41b2 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/OrgUnit.java
@@ -40,13 +40,13 @@ import javax.xml.bind.annotation.XmlType;
  * (3) DAO layer where persistence with the OpenLDAP server occurs.
  * <h4>Fortress Processing Layers</h4>
  * <ol>
- * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.DelAdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.DelAccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.DelReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.AdminRoleP}, {@link org.apache.directory.fortress.core.rbac.OrgUnitP},...</li>
- * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.AdminRoleDAO}, {@link org.apache.directory.fortress.core.rbac.OrgUnitDAO},...</li>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.impl.DelAdminMgrImpl}, {@link org.apache.directory.fortress.core.impl.DelAccessMgrImpl}, {@link org.apache.directory.fortress.core.impl.DelReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.impl.AdminRoleP}, {@link org.apache.directory.fortress.core.impl.OrgUnitP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.impl.AdminRoleDAO}, {@link org.apache.directory.fortress.core.impl.OrgUnitDAO},...</li>
  * </ol>
  * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
  * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #name} and {@link #type} set before passing into {@link org.apache.directory.fortress.core.rbac.DelAdminMgrImpl} or  {@link org.apache.directory.fortress.core.rbac.DelReviewMgrImpl} APIs.
+ * For example, this entity requires {@link #name} and {@link #type} set before passing into {@link org.apache.directory.fortress.core.impl.DelAdminMgrImpl} or  {@link org.apache.directory.fortress.core.impl.DelReviewMgrImpl} APIs.
  * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
  * <p/>
  * This entity implements both User and Permission OU pool functionality that defines org membership of entities for ARBAC02 style admin checks..

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/PermObj.java b/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
index 98307e2..f6c5b88 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/PermObj.java
@@ -41,20 +41,20 @@ import javax.xml.bind.annotation.XmlType;
  * (3) DAO layer where persistence with the OpenLDAP server occurs.
  * <h4>Fortress Processing Layers</h4>
  * <ol>
- * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
- * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.impl.AdminMgrImpl}, {@link org.apache.directory.fortress.core.impl.AccessMgrImpl}, {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.impl.UserP}, {@link org.apache.directory.fortress.core.impl.RoleP}, {@link org.apache.directory.fortress.core.impl.PermP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.impl.UserDAO}, {@link org.apache.directory.fortress.core.impl.RoleDAO}, {@link org.apache.directory.fortress.core.impl.PermDAO},...</li>
  * </ol>
  * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
  * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #objName} and {@link #ou} attributes set before passing into {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl} or  {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl} APIs.
+ * For example, this entity requires {@link #objName} and {@link #ou} attributes set before passing into {@link org.apache.directory.fortress.core.impl.AdminMgrImpl} or  {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl} APIs.
  * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
  * <p/>
  * <h4>PermObj entity attribute usages include</h4>
  * <ul>
- * <li>{@link #setObjName} and {@link #setOu} attributes set before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addPermObj(PermObj)}.
- * <li>{@link #addProperty} may be set before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addPermObj(PermObj)}.
- * <li>{@link #getProperty} may be set after calling {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#findPermObjs(PermObj)}.
+ * <li>{@link #setObjName} and {@link #setOu} attributes set before calling {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addPermObj(PermObj)}.
+ * <li>{@link #addProperty} may be set before calling {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addPermObj(PermObj)}.
+ * <li>{@link #getProperty} may be set after calling {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#findPermObjs(PermObj)}.
  * </ul>
  * <p/>
  * <h4>More Permission entity notes</h4>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/Permission.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Permission.java b/src/main/java/org/apache/directory/fortress/core/model/Permission.java
index 641075e..90f37e7 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/Permission.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/Permission.java
@@ -58,21 +58,21 @@ import javax.xml.bind.annotation.XmlType;
  * (3) DAO layer where persistence with the OpenLDAP server occurs.
  * <h4>Fortress Processing Layers</h4>
  * <ol>
- * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
- * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.impl.AdminMgrImpl}, {@link org.apache.directory.fortress.core.impl.AccessMgrImpl}, {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.impl.UserP}, {@link org.apache.directory.fortress.core.impl.RoleP}, {@link org.apache.directory.fortress.core.impl.PermP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.impl.UserDAO}, {@link org.apache.directory.fortress.core.impl.RoleDAO}, {@link org.apache.directory.fortress.core.impl.PermDAO},...</li>
  * </ol>
  * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
  * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #setObjName} and {@link #setOpName} attributes set before passing into {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl} APIs.
+ * For example, this entity requires {@link #setObjName} and {@link #setOpName} attributes set before passing into {@link org.apache.directory.fortress.core.impl.AccessMgrImpl} APIs.
  * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
  * <p/>
  * <h4>Permission entity attribute usages include</h4>
  * <ul>
- * <li>{@link #setObjName} and {@link #setOpName} attributes set before calling {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#checkAccess(Session, Permission)}.
- * <li>{@link #getRoles} may be set after calling {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#readPermission(Permission)} or {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#sessionPermissions(Session)}.
+ * <li>{@link #setObjName} and {@link #setOpName} attributes set before calling {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#checkAccess(Session, Permission)}.
+ * <li>{@link #getRoles} may be set after calling {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#readPermission(Permission)} or {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#sessionPermissions(Session)}.
  *
- * <li>{@link #getUsers} may be set after calling {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#readPermission(Permission)} or {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#sessionPermissions(Session)}.
+ * <li>{@link #getUsers} may be set after calling {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#readPermission(Permission)} or {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#sessionPermissions(Session)}.
  *
  * </ul>
  * <p/>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/PwMessage.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/PwMessage.java b/src/main/java/org/apache/directory/fortress/core/model/PwMessage.java
index 971a36e..308168f 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/PwMessage.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/PwMessage.java
@@ -50,7 +50,7 @@ public interface PwMessage
 
 
     /**
-     * Contains the message that corresponds to password.  These messages map to {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds#pwMsgs}
+     * Contains the message that corresponds to password.  These messages map to {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds#pwMsgs}
      *
      * @param message
      */
@@ -60,7 +60,7 @@ public interface PwMessage
     /**
      * Return the message that corresponds to last password check.
      *
-     * @return message maps to {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds#pwMsgs}
+     * @return message maps to {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds#pwMsgs}
      */
     String getMsg();
 
@@ -82,7 +82,7 @@ public interface PwMessage
 
 
     /**
-     * Return the warning id that pertain to User's password. This attribute maps to values between 0 and 100 contained within here {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds}
+     * Return the warning id that pertain to User's password. This attribute maps to values between 0 and 100 contained within here {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds}
      *
      * @param warning contains warning id.
      */
@@ -95,7 +95,7 @@ public interface PwMessage
     //void setWarningId(int warning);
 
     /**
-     * Set the warning id that pertain to User's password. This attribute maps to values between 0 and 100 contained within here {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds}
+     * Set the warning id that pertain to User's password. This attribute maps to values between 0 and 100 contained within here {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds}
      *
      * @return warning contains warning id.
      */
@@ -105,17 +105,17 @@ public interface PwMessage
     //int getWarningId();
 
     /**
-     * Set the error id that pertain to User's password. This attribute maps to values greater than or equal to 100 contained within here {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds}
+     * Set the error id that pertain to User's password. This attribute maps to values greater than or equal to 100 contained within here {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds}
      *
-     * @param error contains error id that maps to {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds#pwIds}
+     * @param error contains error id that maps to {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds#pwIds}
      */
     void setErrorId( int error );
 
 
     /**
-     * Return the error id that pertain to User's password. This attribute maps to values greater than or equal to 100 contained within here {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds}
+     * Return the error id that pertain to User's password. This attribute maps to values greater than or equal to 100 contained within here {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds}
      *
-     * @return error contains error id that maps to {@link org.apache.directory.fortress.core.rbac.GlobalPwMsgIds#pwIds}
+     * @return error contains error id that maps to {@link org.apache.directory.fortress.core.impl.GlobalPwMsgIds#pwIds}
      */
     int getErrorId();
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/Role.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Role.java b/src/main/java/org/apache/directory/fortress/core/model/Role.java
index cff1b9a..eca7a79 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/Role.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/Role.java
@@ -44,20 +44,20 @@ import org.apache.directory.fortress.core.util.time.Constraint;
  * (3) DAO layer where persistence with the OpenLDAP server occurs.
  * <h4>Fortress Processing Layers</h4>
  * <ol>
- * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
- * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.impl.AdminMgrImpl}, {@link org.apache.directory.fortress.core.impl.AccessMgrImpl}, {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.impl.UserP}, {@link org.apache.directory.fortress.core.impl.RoleP}, {@link org.apache.directory.fortress.core.impl.PermP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.impl.UserDAO}, {@link org.apache.directory.fortress.core.impl.RoleDAO}, {@link org.apache.directory.fortress.core.impl.PermDAO},...</li>
  * </ol>
  * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
  * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #setName} attribute set before passing into {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl} APIs.
+ * For example, this entity requires {@link #setName} attribute set before passing into {@link org.apache.directory.fortress.core.impl.AdminMgrImpl} APIs.
  * Create methods sometimes require more attributes (than Read) due to constraints enforced between entities although only {@link Role#setName} is required for {@link Role}.
  * <p/>
  * <h4>Role entity attribute usages include</h4>
  * <ul>
- * <li>{@link #setName} attribute must be set before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addRole(Role)}, {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#updateRole(Role)} or  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#deleteRole(Role)}
- * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} may be set <b>before</b> calling method {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addRole(Role)}.
- * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} will be <b>returned</b> to caller on methods like {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#readRole(Role)} or {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#findRoles(String)} iff persisted to entity prior to call.
+ * <li>{@link #setName} attribute must be set before calling {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addRole(Role)}, {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#updateRole(Role)} or  {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#deleteRole(Role)}
+ * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} may be set <b>before</b> calling method {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addRole(Role)}.
+ * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} will be <b>returned</b> to caller on methods like {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#readRole(Role)} or {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#findRoles(String)} iff persisted to entity prior to call.
  * </ul>
  * <p/>
  * This entity is used to store the RBAC Role assignments that comprise the many-to-many relationships between {@link User}s and {@link org.apache.directory.fortress.core.model.Permission}s.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/Session.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Session.java b/src/main/java/org/apache/directory/fortress/core/model/Session.java
index 2b8004e..57cf150 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/Session.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/Session.java
@@ -346,7 +346,7 @@ public class Session  extends FortEntity implements PwMessage, Serializable
 
     /**
      * Return the list of User's RBAC Roles that have been activated into User's session.  This list will not include
-     * ascendant RBAC roles which may be retrieved using {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#authorizedRoles(Session)}.
+     * ascendant RBAC roles which may be retrieved using {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#authorizedRoles(Session)}.
      *
      * @return List containing User's RBAC roles.  This list may be empty if User not assigned RBAC.
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/User.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/User.java b/src/main/java/org/apache/directory/fortress/core/model/User.java
index c672c1f..88092ae 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/User.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/User.java
@@ -45,9 +45,9 @@ import org.apache.directory.fortress.core.util.time.Constraint;
  * <p/>
  * <h4>Fortress Processing Layers</h4>
  * <ol>
- * <li>Manager layer:  {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl}, {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl}, {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
- * <li>DAO layer: {@link org.apache.directory.fortress.core.rbac.UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
+ * <li>Manager layer:  {@link org.apache.directory.fortress.core.impl.AdminMgrImpl}, {@link org.apache.directory.fortress.core.impl.AccessMgrImpl}, {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl},...</li>
+ * <li>Process layer:  {@link org.apache.directory.fortress.core.impl.UserP}, {@link org.apache.directory.fortress.core.impl.RoleP}, {@link org.apache.directory.fortress.core.impl.PermP},...</li>
+ * <li>DAO layer: {@link org.apache.directory.fortress.core.impl.UserDAO}, {@link org.apache.directory.fortress.core.impl.RoleDAO}, {@link org.apache.directory.fortress.core.impl.PermDAO},...</li>
  * </ol>
  * Fortress clients must first instantiate the data entity before invoking one of the Manager APIs.  The caller must first
  * provide enough information to uniquely identity target record for the particular ldap operation performed.<br />
@@ -57,11 +57,11 @@ import org.apache.directory.fortress.core.util.time.Constraint;
  * <p/>
  * <h4>User entity attribute usages include</h4>
  * <ul>
- * <li>{@link #setPassword(char[])} must be set before calling {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#authenticate} and {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#createSession(User, boolean)} (unless trusted).
- * <li>{@link #setOu} is required before calling {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addUser(User)} to add a new user to ldap.
- * <li>{@link #setRoles} will be set for {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#createSession(User, boolean)} when selective RBAC Role activation is required.
- * <li>{@link #setAdminRoles} will be set for {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#createSession(User, boolean)} when selective Administrative Role activation is required.
- * <li>{@link #setPwPolicy} may be set for {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#updateUser(User)} to assign User to a policy {@link org.apache.directory.fortress.core.model.PwPolicy}.
+ * <li>{@link #setPassword(char[])} must be set before calling {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#authenticate} and {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#createSession(User, boolean)} (unless trusted).
+ * <li>{@link #setOu} is required before calling {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addUser(User)} to add a new user to ldap.
+ * <li>{@link #setRoles} will be set for {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#createSession(User, boolean)} when selective RBAC Role activation is required.
+ * <li>{@link #setAdminRoles} will be set for {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#createSession(User, boolean)} when selective Administrative Role activation is required.
+ * <li>{@link #setPwPolicy} may be set for {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#updateUser(User)} to assign User to a policy {@link org.apache.directory.fortress.core.model.PwPolicy}.
  * <li>{@link #password} is the only case sensitive attribute on this entity.
  * </ul>
  * <p/>
@@ -863,7 +863,7 @@ public class User extends FortEntity implements Constraint, Serializable
 
     /**
      * Set the optional password attribute associated for a User.  Note, this value is required before User will pass Fortress
-     * authentication in {@link org.apache.directory.fortress.core.rbac.AccessMgrImpl#createSession(User, boolean)}.
+     * authentication in {@link org.apache.directory.fortress.core.impl.AccessMgrImpl#createSession(User, boolean)}.
      * Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.
      *
      * @param password maps to 'userPassword' attribute in 'inetOrgPerson' object class.
@@ -988,7 +988,7 @@ public class User extends FortEntity implements Constraint, Serializable
 
     /**
      * Returns orgUnit name for User.  This attribute is validated and constrained by Fortress and must contain name of existing User OU.
-     * This attribute is required on {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addUser(User)} but not on {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#readUser(User)}.
+     * This attribute is required on {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addUser(User)} but not on {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#readUser(User)}.
      *
      * @return value that is mapped to 'ou' in 'inetOrgPerson' object class.
      */
@@ -1000,7 +1000,7 @@ public class User extends FortEntity implements Constraint, Serializable
 
     /**
      * Set the orgUnit name associated with User.  This attribute is validated and constrained by Fortress and must contain name of existing User OU.
-     * This attribute is required on {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl#addUser(User)} but not on {@link org.apache.directory.fortress.core.rbac.ReviewMgrImpl#readUser(User)}.
+     * This attribute is required on {@link org.apache.directory.fortress.core.impl.AdminMgrImpl#addUser(User)} but not on {@link org.apache.directory.fortress.core.impl.ReviewMgrImpl#readUser(User)}.
      *
      * @param ou mapped to same name in 'inetOrgPerson' object class.
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/model/UserAudit.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/UserAudit.java b/src/main/java/org/apache/directory/fortress/core/model/UserAudit.java
index 26646e4..f0cef4b 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/UserAudit.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/UserAudit.java
@@ -31,7 +31,7 @@ import java.util.Date;
 
 /**
  * This entity is used to pass search criteria into the {@link org.apache.directory.fortress.core.AuditMgr} APIs, down through the
- * {@link org.apache.directory.fortress.core.rbac.AuditP} process layer and finally into the {@link org.apache.directory.fortress.core.rbac.AuditDAO} data access layer.  Once the data has been
+ * {@link org.apache.directory.fortress.core.impl.AuditP} process layer and finally into the {@link org.apache.directory.fortress.core.impl.AuditDAO} data access layer.  Once the data has been
  * retrieved from the directory it will be passed back to the caller using one of audit output entities.
  * <p/>
  * All audit data is returned to user using one of the following:
@@ -84,8 +84,8 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
     /**
      * Get the optional objName attribute which limits set by {@link org.apache.directory.fortress.core.model.Permission#objName}.
-     * For modification search, this attr maps to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQMOD}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQDN}.
-     * The object name is derived from another class name which represents targets for Fortress authorizations. For example {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl} or 'CustomerCheckOutPage'.
+     * For modification search, this attr maps to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQMOD}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQDN}.
+     * The object name is derived from another class name which represents targets for Fortress authorizations. For example {@link org.apache.directory.fortress.core.impl.AdminMgrImpl} or 'CustomerCheckOutPage'.
      *
      * @return the name of the object which maps to 'reqDn' for 'auditSearch' target, or 'reqMod' for 'auditMod' search.
      */
@@ -97,8 +97,8 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
     /**
      * Set the optional objName attribute which limits set by {@link org.apache.directory.fortress.core.model.Permission#objName}.
-     * For modification search, this attr maps to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQMOD}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQDN}.
-     * The object name is derived from another class name which represents targets for Fortress authorizations. For example {@link org.apache.directory.fortress.core.rbac.AdminMgrImpl} or 'CustomerCheckOutPage'.
+     * For modification search, this attr maps to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQMOD}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQDN}.
+     * The object name is derived from another class name which represents targets for Fortress authorizations. For example {@link org.apache.directory.fortress.core.impl.AdminMgrImpl} or 'CustomerCheckOutPage'.
      *
      * @param objName maps to 'reqDn' for 'auditSearch' target, or 'reqMod' for 'auditMod' search.
      */
@@ -112,9 +112,9 @@ public class UserAudit extends FortEntity implements java.io.Serializable
      * The failedOnly flag will limit result set to include only authN or authZ events that have failed.
      * <p/>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchInvalidUsers(UserAudit)} maps to ({@link org.apache.directory.fortress.core.rbac.AuditDAO#REQENTRIES} == 0)
-     * <li>{@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchAuthZs(UserAudit)} maps to ({@link org.apache.directory.fortress.core.rbac.AuditDAO#REQENTRIES} == 0)
-     * <li>{@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchBinds(UserAudit)} maps to ({@link org.apache.directory.fortress.core.rbac.AuditDAO#REQRESULT} >= 1)
+     * <li>{@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchInvalidUsers(UserAudit)} maps to ({@link org.apache.directory.fortress.core.impl.AuditDAO#REQENTRIES} == 0)
+     * <li>{@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchAuthZs(UserAudit)} maps to ({@link org.apache.directory.fortress.core.impl.AuditDAO#REQENTRIES} == 0)
+     * <li>{@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchBinds(UserAudit)} maps to ({@link org.apache.directory.fortress.core.impl.AuditDAO#REQRESULT} >= 1)
      * </ul>
      *
      * @return boolean if true will limit search to failed events.
@@ -129,9 +129,9 @@ public class UserAudit extends FortEntity implements java.io.Serializable
      * The failedOnly flag will limit result set to include only authN or authZ events that have failed.
      * <p/>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchInvalidUsers(UserAudit)} maps to ({@link org.apache.directory.fortress.core.rbac.AuditDAO#REQENTRIES} == 0)
-     * <li>{@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchAuthZs(UserAudit)} maps to ({@link org.apache.directory.fortress.core.rbac.AuditDAO#REQENTRIES} == 0)
-     * <li>{@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchBinds(UserAudit)} maps to ({@link org.apache.directory.fortress.core.rbac.AuditDAO#REQRESULT} >= 1)
+     * <li>{@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchInvalidUsers(UserAudit)} maps to ({@link org.apache.directory.fortress.core.impl.AuditDAO#REQENTRIES} == 0)
+     * <li>{@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchAuthZs(UserAudit)} maps to ({@link org.apache.directory.fortress.core.impl.AuditDAO#REQENTRIES} == 0)
+     * <li>{@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchBinds(UserAudit)} maps to ({@link org.apache.directory.fortress.core.impl.AuditDAO#REQRESULT} >= 1)
      * </ul>
      *
      * @param failedOnly if boolean true search will limit to failed only.
@@ -143,7 +143,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
 
     /**
-     * Get the optional opName attribute which limits {@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchAdminMods(UserAudit)} by {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQMOD}.
+     * Get the optional opName attribute which limits {@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchAdminMods(UserAudit)} by {@link org.apache.directory.fortress.core.impl.AuditDAO#REQMOD}.
      * The operation name is derived from a method name of a class which represents targets for Fortress authorizations. For example 'read', 'search' or 'add'.
      *
      * @return value that maps to 'reqMod' on 'auditMod' object class.
@@ -155,7 +155,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
 
     /**
-     * Set the optional opName attribute which limits {@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchAdminMods(UserAudit)} by {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQMOD}.
+     * Set the optional opName attribute which limits {@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchAdminMods(UserAudit)} by {@link org.apache.directory.fortress.core.impl.AuditDAO#REQMOD}.
      * The operation name is derived from a method name of a class which represents targets for Fortress authorizations. For example 'read', 'search' or 'add'.
      *
      * @param opName attribute maps to 'reqMod' on 'auditMod' object class.
@@ -168,7 +168,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
     /**
      * Get the optional userId attribute which limits set by {@link org.apache.directory.fortress.core.model.User#userId}.
-     * For authentication searchs, this attr maps to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQDN}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQUAUTHZID}.
+     * For authentication searchs, this attr maps to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQDN}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQUAUTHZID}.
      * The userId for this search represents the end user.
      *
      * @return the userId which maps to 'reqDn' for authentications or 'reqAuthzID' for authorization events.
@@ -181,7 +181,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
     /**
      * Set the optional userId attribute which limits set by {@link org.apache.directory.fortress.core.model.User#userId}.
-     * For authentication searchs, this attr maps to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQDN}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQUAUTHZID}.
+     * For authentication searchs, this attr maps to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQDN}.  For authorization search, it will map to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQUAUTHZID}.
      * The userId for this search represents the end user.
      *
      * @param userId maps to 'reqDn' for authentications or 'reqAuthzID' for authorization events.
@@ -194,7 +194,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
     /**
      * Get the optional internalUserId attribute which limits set by {@link org.apache.directory.fortress.core.model.User#internalId}.
-     * For {@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchUserSessions(UserAudit)} this attr maps to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQMOD}.
+     * For {@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchUserSessions(UserAudit)} this attr maps to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQMOD}.
      * The internalUserId for this search represents the end user but is stored as its internal id.
      *
      * @return the internalUserId which maps to 'reqMod' for 'auditModify' object class searches.
@@ -207,7 +207,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
     /**
      * Set the optional internalUserId attribute which limits set by {@link org.apache.directory.fortress.core.model.User#internalId}.
-     * For {@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchUserSessions(UserAudit)} this attr maps to {@link org.apache.directory.fortress.core.rbac.AuditDAO#REQMOD}.
+     * For {@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchUserSessions(UserAudit)} this attr maps to {@link org.apache.directory.fortress.core.impl.AuditDAO#REQMOD}.
      * The internalUserId for this search represents the end user but is stored as its internal id.
      *
      * @param internalUserId maps to 'reqMod' for 'auditModify' object class searches.
@@ -264,7 +264,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
 
     /**
-     * Get the optional dn attribute can be used to constraint {@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchUserSessions(UserAudit)}.
+     * Get the optional dn attribute can be used to constraint {@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchUserSessions(UserAudit)}.
      * The dn for this search may represent any target entry in DIT that has been recently modified or deleted.
      *
      * @return the dn which maps to 'reqDn' for 'auditModify' object class searches.
@@ -276,7 +276,7 @@ public class UserAudit extends FortEntity implements java.io.Serializable
 
 
     /**
-     * Set the optional dn attribute can be used to constraint {@link org.apache.directory.fortress.core.rbac.AuditMgrImpl#searchUserSessions(UserAudit)}.
+     * Set the optional dn attribute can be used to constraint {@link org.apache.directory.fortress.core.impl.AuditMgrImpl#searchUserSessions(UserAudit)}.
      * The dn for this search may represent any target entry in DIT that has been recently modified or deleted.
      *
      * @param dn maps to 'reqDn' for 'auditModify' object class searches.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
deleted file mode 100644
index a823468..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.List;
-
-import org.apache.directory.fortress.core.AccelMgr;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.model.Permission;
-import org.apache.directory.fortress.core.model.Session;
-import org.apache.directory.fortress.core.model.User;
-import org.apache.directory.fortress.core.model.UserRole;
-import org.apache.directory.fortress.core.model.VUtil;
-
-
-/**
- * Implementation class that performs runtime access control operations on data objects of type Fortress entities
- * This class performs runtime access control operations on objects that are provisioned RBAC entities
- * that reside in LDAP directory.  These APIs map directly to similar named APIs specified by ANSI and NIST
- * RBAC system functions.
- * Many of the java doc function descriptions found below were taken directly from ANSI INCITS 359-2004.
- * The RBAC Functional specification describes administrative operations for the creation
- * and maintenance of RBAC element sets and relations; administrative review functions for
- * performing administrative queries; and system functions for creating and managing
- * RBAC attributes on user sessions and making access control decisions.
- * <p/>
- * <hr>
- * <h4>RBAC0 - Core</h4>
- * Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions.  API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
- * <p/>
- * <img src="../doc-files/RbacCore.png">
- * <hr>
- * <h4>RBAC1 - General Hierarchical Roles</h4>
- * Simplifies role engineering tasks using inheritance of one or more parent roles.
- * <p/>
- * <img src="../doc-files/RbacHier.png">
- * <hr>
- * <h4>RBAC2 - Static Separation of Duty (SSD) Relations</h4>
- * Enforce mutual membership exclusions across role assignments.  Facilitate dual control policies by restricting which roles may be assigned to users in combination.  SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
- * <p/>
- * <img src="../doc-files/RbacSSD.png">
- * <hr>
- * <h4>RBAC3 - Dynamic Separation of Duty (DSD) Relations</h4>
- * Control allowed role combinations to be activated within an RBAC session.  DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
- * <p/>
- * <img src="../doc-files/RbacDSD.png">
- * <hr>
- * <p/>
- * This class is NOT thread safe if parent instance variables ({@link #contextId} or {@link #adminSess}) are set.
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class AccelMgrImpl extends Manageable implements AccelMgr
-{
-    private static final String CLS_NM = AccessMgrImpl.class.getName();
-    private static final AcceleratorDAO aDao = new org.apache.directory.fortress.core.rbac.AcceleratorDAO();
-
-
-    /**
-     * package private constructor ensures outside classes must use factory: {@link org.apache.directory.fortress.core.AccelMgrFactory}
-     */
-    public AccelMgrImpl()
-    {
-    }
-
-
-    /**
-     * Perform user authentication {@link org.apache.directory.fortress.core.model.User#password} and role activations.<br />
-     * This method must be called once per user prior to calling other methods within this class.
-     * The successful result is {@link org.apache.directory.fortress.core.model.Session} that contains target user's RBAC {@link org.apache.directory.fortress.core.model.User#roles} and Admin role {@link org.apache.directory.fortress.core.model.User#adminRoles}.<br />
-     * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.model.User#pwPolicy}..<br />
-     * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.model.FortEntity}.
-     * <h4> This API will...</h4>
-     * <ul>
-     * <li> authenticate user password if trusted == false.
-     * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">password policy evaluation</a>.
-     * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.model.User#isLocked()}, regardless of trusted flag being set as parm on API.
-     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link org.apache.directory.fortress.core.model.User}, {@link org.apache.directory.fortress.core.model.UserRole} and {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
-     * <li> process selective role activations into User RBAC Session {@link org.apache.directory.fortress.core.model.User#roles}.
-     * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.model.User#roles}.
-     * <li> process selective administrative role activations {@link org.apache.directory.fortress.core.model.User#adminRoles}.
-     * <li> return a {@link org.apache.directory.fortress.core.model.Session} that contains a reference to an object stored on the RBAC server..
-     * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
-     * <li> throw a {@link SecurityException} for system failures.
-     * <li> throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
-     * <li> throw a {@link org.apache.directory.fortress.core.ValidationException} for data validation errors.
-     * <li> throw a {@link org.apache.directory.fortress.core.FinderException} if User id not found.
-     * </ul>
-     * <h4>
-     * The function is valid if and only if:
-     * </h4>
-     * <ul>
-     * <li> the user is a member of the USERS data set
-     * <li> the password is supplied (unless trusted).
-     * <li> the (optional) active role set is a subset of the roles authorized for that user.
-     * </ul>
-     * <h4>
-     * The following attributes may be set when calling this method
-     * </h4>
-     * <ul>
-     * <li> {@link org.apache.directory.fortress.core.model.User#userId} - required
-     * <li> {@link org.apache.directory.fortress.core.model.User#password}
-     * <li> {@link org.apache.directory.fortress.core.model.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session.  Default is all authorized RBAC roles will be activated into this Session.
-     * <li> {@link org.apache.directory.fortress.core.model.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation.  Default is all authorized ARBAC roles will be activated into this Session.
-     * <li> {@link org.apache.directory.fortress.core.model.User#props} collection of name value pairs collected on behalf of User during signon.  For example hostname:myservername or ip:192.168.1.99
-     * </ul>
-     * <h4>
-     * Notes:
-     * </h4>
-     * <ul>
-     * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
-     * <li> role activations will proceed in same order as supplied to User entity setter, see {@link org.apache.directory.fortress.core.model.User#setRole(String)}.
-     * </ul>
-     * </p>
-     *
-     * @param user Contains {@link org.apache.directory.fortress.core.model.User#userId}, {@link org.apache.directory.fortress.core.model.User#password} (optional if {@code isTrusted} is 'true'), optional {@link org.apache.directory.fortress.core.model.User#roles}, optional {@link org.apache.directory.fortress.core.model.User#adminRoles}
-     * @param isTrusted if true password is not required.
-     * @return Session object will contain authentication result code {@link org.apache.directory.fortress.core.model.Session#errorId},
-     * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
-     */
-    @Override
-    public Session createSession( User user, boolean isTrusted )
-        throws SecurityException
-    {
-        String methodName = "createSession";
-        assertContext( CLS_NM, methodName, user, GlobalErrIds.USER_NULL );
-        return aDao.createSession( user );
-    }
-
-
-    /**
-     * This function requests the RBAC server to delete the session from cache.
-     *
-     * @param session object contains the user's returned RBAC session from the createSession method.
-     * @throws SecurityException in the event runtime error occurs with system.
-     */
-    @Override
-    public void deleteSession( Session session )
-        throws SecurityException
-    {
-        String methodName = "deleteSession";
-        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
-        aDao.deleteSession( session );
-    }
-
-
-    /**
-     * This function returns the active roles associated with a session. The function is valid if
-     * and only if the session is a valid Fortress session.
-     *
-     * @param session object contains the user's returned RBAC session from the createSession method.
-     * @return List<UserRole> containing all roles active in user's session.  This will NOT contain inherited roles.
-     * @throws SecurityException is thrown if session invalid or system. error.
-     */
-    public List<UserRole> sessionRoles(Session session)
-        throws SecurityException
-    {
-        String methodName = "sessionRoles";
-        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
-        return aDao.sessionRoles( session );
-    }
-
-
-    /**
-     * Perform user rbac authorization.  This function returns a Boolean value meaning whether the subject of a given session is
-     * allowed or not to perform a given operation on a given object. The function is valid if and
-     * only if the session is a valid Fortress session, the object is a member of the OBJS data set,
-     * and the operation is a member of the OPS data set. The session's subject has the permission
-     * to perform the operation on that object if and only if that permission is assigned to (at least)
-     * one of the session's active roles. This implementation will verify the roles or userId correspond
-     * to the subject's active roles are registered in the object's access control list.
-     *
-     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, of permission User is trying to access.
-     * @param session This object must be instantiated by calling {@link AccessMgrImpl#createSession} method before passing into the method.  No variables need to be set by client after returned from createSession.
-     * @return True if user has access, false otherwise.
-     * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
-     */
-    @Override
-    public boolean checkAccess( Session session, Permission perm )
-        throws SecurityException
-    {
-        String methodName = "checkAccess";
-        assertContext( CLS_NM, methodName, perm, GlobalErrIds.PERM_NULL );
-        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
-        VUtil.assertNotNullOrEmpty( perm.getOpName(), GlobalErrIds.PERM_OPERATION_NULL, getFullMethodName( CLS_NM,
-            methodName ) );
-        VUtil.assertNotNullOrEmpty( perm.getObjName(), GlobalErrIds.PERM_OBJECT_NULL, getFullMethodName( CLS_NM,
-            methodName ) );
-        return aDao.checkAccess( session, perm );
-    }
-
-
-    /**
-     * This function returns the permissions of the session, i.e., the permissions assigned
-     * to its authorized roles. The function is valid if and only if the session is a valid Fortress session.
-     *
-     * @param session object contains the user's returned RBAC session from the createSession method.
-     * @return List<Permission> containing permissions (op, obj) active for user's session.
-     * @throws SecurityException in the event runtime error occurs with system.
-     */
-    @Override
-    public List<Permission> sessionPermissions( Session session )
-        throws SecurityException
-    {
-        throw new java.lang.UnsupportedOperationException();
-    }
-
-
-    /**
-     * This function adds a role as an active role of a session whose owner is a given user.
-     * <p>
-     * The function is valid if and only if:
-     * <ul>
-     * <li> the user is a member of the USERS data set
-     * <li> the role is a member of the ROLES data set
-     * <li> the role inclusion does not violate Dynamic Separation of Duty Relationships
-     * <li> the session is a valid Fortress session
-     * <li> the user is authorized to that role
-     * <li> the session is owned by that user.
-     * </ul>
-     * </p>
-     *
-     * @param session object contains the user's returned RBAC session from the createSession method.
-     * @param role object contains the role name, {@link UserRole#name}, to be activated into session.
-     * @throws SecurityException is thrown if user is not allowed to activate or runtime error occurs with system.
-     */
-    @Override
-    public void addActiveRole( Session session, UserRole role )
-        throws SecurityException
-    {
-        String methodName = "addActiveRole";
-        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
-        assertContext( CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL );
-        VUtil.assertNotNullOrEmpty( role.getUserId(), GlobalErrIds.USER_ID_NULL,
-            getFullMethodName( CLS_NM, methodName ) );
-        VUtil.assertNotNullOrEmpty( role.getName(), GlobalErrIds.ROLE_NM_NULL, getFullMethodName( CLS_NM,
-            methodName ) );
-        aDao.addActiveRole( session, role );
-    }
-
-
-    /**
-     * This function deletes a role from the active role set of a session owned by a given user.
-     * The function is valid if and only if the user is a member of the USERS data set, the
-     * session object contains a valid Fortress session, the session is owned by the user,
-     * and the role is an active role of that session.
-     *
-     * @param session object contains the user's returned RBAC session from the createSession method.
-     * @param role object contains the role name, {@link UserRole#name}, to be deactivated.
-     * @throws SecurityException is thrown if user is not allowed to deactivate or runtime error occurs with system.
-     */
-    @Override
-    public void dropActiveRole( Session session, UserRole role )
-        throws SecurityException
-    {
-        String methodName = "dropActiveRole";
-        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
-        assertContext( CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL );
-        VUtil.assertNotNullOrEmpty( role.getUserId(), GlobalErrIds.USER_ID_NULL,
-            getFullMethodName( CLS_NM, methodName ) );
-        VUtil.assertNotNullOrEmpty( role.getName(), GlobalErrIds.ROLE_NM_NULL, getFullMethodName( CLS_NM,
-            methodName ) );
-        aDao.dropActiveRole( session, role );
-    }
-}
\ No newline at end of file


Mime
View raw message