directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [63/75] [abbrv] directory-fortress-core git commit: FC-109 - move a couple utils to model
Date Tue, 09 Jun 2015 03:16:09 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
index 4fd40d1..dae7270 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
@@ -32,8 +32,6 @@ import javax.xml.bind.annotation.XmlType;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.util.time.CUtil;
-import org.apache.directory.fortress.core.util.time.Constraint;
 
 
 /**
@@ -41,7 +39,7 @@ import org.apache.directory.fortress.core.util.time.Constraint;
  * values.
  * The contents of the UserRole entity will be stored on the User entity in the 'ftRA' (Role name) and 'ftRC'
  * (Temporal Constraints) attributes on the 'ftUserAttrs' object class.
- * The UserRole entity carries elements of {@link org.apache.directory.fortress.core.util.time.Constraint}.  Any attributes of
+ * The UserRole entity carries elements of {@link Constraint}.  Any attributes of
  * Constraint not set within this entity
  * will use same attribute from the {@link org.apache.directory.fortress.core.model.Role} entity.  Thus the UserRole can override
  * Constraint attributes from it's corresponding Role if required by caller.
@@ -127,7 +125,7 @@ public class UserRole extends FortEntity implements Serializable, Constraint
     public UserRole( String userId, Constraint con )
     {
         this.userId = userId;
-        CUtil.copy( con, this );
+        ConstraintUtil.copy( con, this );
     }
 
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/package.html b/src/main/java/org/apache/directory/fortress/core/package.html
index 4db4b37..c4e082c 100755
--- a/src/main/java/org/apache/directory/fortress/core/package.html
+++ b/src/main/java/org/apache/directory/fortress/core/package.html
@@ -43,7 +43,7 @@
       <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a>,
       <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> and 
       <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policy for LDAP Directories</a>.
-      A {@link org.apache.directory.fortress.core.util.time.Constraint} mechanism is used by fortress to control the 
+      A {@link org.apache.directory.fortress.core.model.Constraint} mechanism is used by fortress to control the
       {@link org.apache.directory.fortress.core.util.time.Time}, {@link org.apache.directory.fortress.core.util.time.Date} and 
       {@link org.apache.directory.fortress.core.util.time.Day} of week for when a
       {@link org.apache.directory.fortress.core.model.User} or {@link org.apache.directory.fortress.core.model.UserRole}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
index c59755b..5b3a04d 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
@@ -123,9 +123,9 @@ public class AccessMgrRestImpl extends Manageable implements AccessMgr
      * <li> authenticate user password if trusted == false.
      * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">password policy evaluation</a>.
      * <li> fail for any user who is locked by OpenLDAP's policies {@link User#isLocked()}, regardless of trusted flag being set as parm on API.
-     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link UserRole} and {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
+     * <li> evaluate temporal {@link org.apache.directory.fortress.core.model.Constraint}(s) on {@link User}, {@link UserRole} and {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
      * <li> process selective role activations into User RBAC Session {@link User#roles}.
-     * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.impl.DSDChecker#validate(Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link User#roles}.
+     * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.impl.DSDChecker#validate(Session, org.apache.directory.fortress.core.model.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link User#roles}.
      * <li> process selective administrative role activations {@link User#adminRoles}.
      * <li> return a {@link Session} containing {@link Session#getUser()}, {@link Session#getRoles()} and (if admin user) {@link Session#getAdminRoles()} if everything checks out good.
      * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java b/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
index 382ce4d..42ebf43 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/AdminMgrRestImpl.java
@@ -555,7 +555,7 @@ public final class AdminMgrRestImpl extends Manageable implements AdminMgr
      * <li>{@link Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
      * </ul>
      *
-     * @param role must contains {@link Role#name} and may contain new description or {@link org.apache.directory.fortress.core.util.time.Constraint}
+     * @param role must contains {@link Role#name} and may contain new description or {@link org.apache.directory.fortress.core.model.Constraint}
      * @throws org.apache.directory.fortress.core.SecurityException
      *          in the event of validation or system error.
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/PropUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/PropUtil.java b/src/main/java/org/apache/directory/fortress/core/util/PropUtil.java
deleted file mode 100644
index ff8ef99..0000000
--- a/src/main/java/org/apache/directory/fortress/core/util/PropUtil.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.util;
-
-import org.apache.directory.fortress.core.GlobalIds;
-
-import java.util.List;
-import java.util.Properties;
-import java.util.StringTokenizer;
-
-/**
- *  Utilities to convert to/from property formats.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public final class PropUtil
-{
-    /**
-     * Convert from a {@link java.util.List} of properties stored as name:value pairs to
-     * a {@link java.util.Properties}.
-     *
-     * @param propList contains a list of name-value pairs separated by a ':'.
-     * @return reference to a Properties collection.
-     */
-    public static Properties getProperties(List<String> propList)
-    {
-        return getProperties(propList, GlobalIds.PROP_SEP );
-    }
-
-    /**
-     * Convert from a {@link java.util.List} of properties stored as name:value pairs to
-     * a {@link java.util.Properties}.
-     *
-     * @param propList contains a list of name-value pairs separated by a ':'.
-     * @param separator contains char to be used to separate key and value.
-     * @return reference to a Properties collection.
-     */
-    public static Properties getProperties( List<String> propList, char separator )
-    {
-        Properties props = null;
-        if (propList != null && propList.size() > 0)
-        {
-            props = new Properties();
-            propList.size();
-            for (String raw : propList)
-            {
-                int indx = raw.indexOf(separator);
-                if (indx >= 1)
-                {
-                    props.setProperty(raw.substring(0, indx), raw.substring(indx + 1));
-                }
-            }
-        }
-        return props;
-    }
-
-    /**
-     * Convert from a comma delimited list of name-value pairs separated by a ':'.  Return the pros as {@link java.util.Properties}.
-     *
-     * @param inputString contains comma delimited list of properties.
-     * @return java collection class containing props.
-     */
-    public static Properties getProperties( String inputString )
-    {
-        return getProperties( inputString, GlobalIds.PROP_SEP );
-    }
-
-    /**
-     * Convert from a comma delimited list of name-value pairs separated by a ':'.  Return the pros as {@link java.util.Properties}.
-     *
-     * @param inputString contains comma delimited list of properties.
-     * @param separator contains char to be used to separate key and value.
-     * @return java collection class containing props.
-     */
-    public static Properties getProperties( String inputString, char separator )
-    {
-        return getProperties( inputString, separator, GlobalIds.DELIMITER );
-    }
-
-    /**
-     * Convert from a comma delimited list of name-value pairs separated by a ':'.  Return the pros as {@link java.util.Properties}.
-     *
-     * @param inputString contains comma delimited list of properties.
-     * @param separator contains char to be used to separate key and value.
-     * @param delimiter contains a single char specifying delimiter between properties.
-     * @return java collection class containing props.
-     */
-    public static Properties getProperties( String inputString, char separator, String delimiter )
-    {
-        Properties props = new Properties();
-        if (inputString != null && inputString.length() > 0)
-        {
-            StringTokenizer maxTkn = new StringTokenizer(inputString, delimiter);
-            if (maxTkn.countTokens() > 0)
-            {
-                while (maxTkn.hasMoreTokens())
-                {
-                    String val = maxTkn.nextToken();
-                    int indx = val.indexOf(separator);
-                    if (indx >= 1)
-                    {
-                        String name = val.substring(0, indx).trim();
-                        String value = val.substring(indx + 1).trim();
-                        props.setProperty(name, value);
-                    }
-                }
-            }
-        }
-        return props;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/VUtil.java b/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
index 35d12a3..5ebe1e0 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
@@ -22,14 +22,24 @@ package org.apache.directory.fortress.core.util;
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.util.ArrayList;
 import java.util.Enumeration;
+import java.util.List;
+import java.util.ListIterator;
 import java.util.Properties;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.directory.fortress.core.*;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.Constraint;
+import org.apache.directory.fortress.core.model.ObjectFactory;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.UserRole;
+import org.apache.directory.fortress.core.model.Warning;
+import org.apache.directory.fortress.core.util.time.TUtil;
+import org.apache.directory.fortress.core.util.time.Time;
+import org.apache.directory.fortress.core.util.time.Validator;
 import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.ValidationException;
 
 
 /**
@@ -599,4 +609,168 @@ public final class VUtil
         return result;
     }
 */
+
+
+private static List<Validator> validators;
+private static final String DSDVALIDATOR = Config.getProperty( GlobalIds.DSD_VALIDATOR_PROP );
+
+
+    /**
+     * enum specifies what type of constraint is being targeted - User or Rold.
+     */
+    public static enum ConstraintType
+    {
+        /**
+         * Specifies {@link org.apache.directory.fortress.core.model.User}
+         */
+        USER,
+        /**
+         * Specifies {@link org.apache.directory.fortress.core.model.Role}
+         */
+        ROLE
+    }
+
+    /**
+     * static initializer retrieves Validators names from config and constructs for later processing.
+     */
+    static
+    {
+        try
+        {
+            validators = getValidators();
+        }
+        catch ( org.apache.directory.fortress.core.SecurityException ex )
+        {
+            LOG.error( "static initialzier caught SecurityException=" + ex.getMessage(), ex );
+        }
+    }
+
+
+    /**
+     * This utility iterates over all of the Validators initialized for runtime and calls them passing the {@link org.apache.directory.fortress.core.model.Constraint} contained within the
+     * targeted entity.  If a particular {@link org.apache.directory.fortress.core.model.UserRole} violates constraint it will not be activated.  If {@link org.apache.directory.fortress.core.model.User} validation fails a ValidationException will be thrown thus preventing User logon.
+     *
+     * @param session contains {@link org.apache.directory.fortress.core.model.User} and {@link org.apache.directory.fortress.core.model.UserRole} constraints {@link org.apache.directory.fortress.core.model.Constraint} to be checked.
+     * @param type    specifies User {@link ConstraintType#USER} or rOLE {@link ConstraintType#ROLE}.
+     * @param checkDsd will check DSD constraints if true
+     * @throws org.apache.directory.fortress.core.SecurityException in the event validation fails for User or system error occurs.
+     */
+    public static void validateConstraints( Session session, ConstraintType type, boolean checkDsd )
+        throws SecurityException
+    {
+        String location = "validateConstraints";
+        int rc;
+        if ( validators == null )
+        {
+            if ( LOG.isDebugEnabled() )
+            {
+                LOG.debug( "{} userId [{}]  no constraints enabled", location, session.getUserId() );
+            }
+            return;
+        }
+        // no need to continue if the role list is empty and we're trying to check role constraints:
+        else if ( type == ConstraintType.ROLE && !ObjUtil.isNotNullOrEmpty( session.getRoles() )
+            && !ObjUtil.isNotNullOrEmpty( session.getAdminRoles() ) )
+        {
+            if ( LOG.isDebugEnabled() )
+            {
+                LOG.debug( "{} userId [{}]  has no roles assigned", location, session.getUserId() );
+            }
+            return;
+        }
+        for ( Validator val : validators )
+        {
+            Time currTime = TUtil.getCurrentTime();
+            // first check the constraint on the user:
+            if ( type == ConstraintType.USER )
+            {
+                rc = val.validate( session, session.getUser(), currTime );
+                if ( rc > 0 )
+                {
+                    String info = location + " user [" + session.getUserId() + "] was deactivated reason code [" + rc
+                        + "]";
+                    throw new ValidationException( rc, info );
+                }
+            }
+            // Check the constraints for each activated role:
+            else
+            {
+                if ( ObjUtil.isNotNullOrEmpty( session.getRoles() ) )
+                {
+                    // now check the constraint on every role activation candidate contained within session object:
+                    ListIterator<UserRole> roleItems = session.getRoles().listIterator();
+
+                    while ( roleItems.hasNext() )
+                    {
+                        Constraint constraint = roleItems.next();
+                        rc = val.validate( session, constraint, currTime );
+
+                        if ( rc > 0 )
+                        {
+                            String msg = location + " role [" + constraint.getName() + "] for user ["
+                                + session.getUserId() + "] was deactivated reason code [" + rc + "]";
+                            LOG.info( msg );
+                            roleItems.remove();
+                            session.setWarning( new ObjectFactory().createWarning( rc, msg, Warning.Type.ROLE,
+                                constraint.getName() ) );
+                        }
+                    }
+                }
+                if ( ObjUtil.isNotNullOrEmpty( session.getAdminRoles() ) )
+                {
+                    // now check the constraint on every arbac role activation candidate contained within session object:
+                    ListIterator roleItems = session.getAdminRoles().listIterator();
+                    while ( roleItems.hasNext() )
+                    {
+                        Constraint constraint = ( Constraint ) roleItems.next();
+                        rc = val.validate( session, constraint, currTime );
+                        if ( rc > 0 )
+                        {
+                            String msg = location + " admin role [" + constraint.getName() + "] for user ["
+                                + session.getUserId() + "] was deactivated reason code [" + rc + "]";
+                            LOG.info( msg );
+                            roleItems.remove();
+                            session.setWarning( new ObjectFactory().createWarning( rc, msg, Warning.Type.ROLE,
+                                constraint.getName() ) );
+                        }
+                    }
+                }
+            }
+        }
+
+        // now perform DSD validation on session's impl roles:
+        if ( checkDsd && DSDVALIDATOR != null && DSDVALIDATOR.length() > 0 && type == ConstraintType.ROLE
+            && ObjUtil.isNotNullOrEmpty( session.getRoles() ) )
+        {
+            Validator dsdVal = ( Validator ) ClassUtil.createInstance( DSDVALIDATOR );
+            dsdVal.validate( session, session.getUser(), null );
+        }
+        // reset the user's last access timestamp:
+        session.setLastAccess();
+    }
+
+
+    /**
+     * Utility is used internally by this class to retrieve a list of all Validator class names, instantiate and return.
+     *
+     * @return list of type {@link Validator} containing all active validation routines for entity constraint processing.
+     * @throws org.apache.directory.fortress.core.CfgException in the event validator cannot be instantiated.
+     */
+    private static List<Validator> getValidators()
+        throws CfgException
+    {
+        List<Validator> validators = new ArrayList<>();
+        for ( int i = 0;; i++ )
+        {
+            String prop = GlobalIds.VALIDATOR_PROPS + i;
+            String className = Config.getProperty( prop );
+            if ( className == null )
+            {
+                break;
+            }
+
+            validators.add( ( Validator ) ClassUtil.createInstance( className ) );
+        }
+        return validators;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/CUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/CUtil.java b/src/main/java/org/apache/directory/fortress/core/util/time/CUtil.java
deleted file mode 100755
index 97f2e41..0000000
--- a/src/main/java/org/apache/directory/fortress/core/util/time/CUtil.java
+++ /dev/null
@@ -1,553 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.util.time;
-
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.CfgException;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.model.ObjectFactory;
-import org.apache.directory.fortress.core.util.Config;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.util.ClassUtil;
-import org.apache.directory.fortress.core.model.Session;
-import org.apache.directory.fortress.core.model.UserRole;
-import org.apache.directory.fortress.core.model.Warning;
-import org.apache.directory.fortress.core.util.VUtil;
-import org.apache.directory.fortress.core.util.ObjUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.StringTokenizer;
-
-
-/**
- * This class contains utilities for temporal constraint processing that are used by Fortress internal.  All of the methods are static and the class
- * is thread safe.
- * The Validators are configured via properties set in Fortress cfg:
- * <p/>
- * <h4> Validators supported include</h4>
- * <ol>
- * <li>{@link org.apache.directory.fortress.core.GlobalIds#VALIDATOR_PROPS}0={@link Date}</li>
- * <li>{@link org.apache.directory.fortress.core.GlobalIds#VALIDATOR_PROPS}1={@link LockDate}</li>
- * <li>{@link org.apache.directory.fortress.core.GlobalIds#VALIDATOR_PROPS}2={@link Timeout}</li>
- * <li>{@link org.apache.directory.fortress.core.GlobalIds#VALIDATOR_PROPS}3={@link ClockTime}</li>
- * <li>{@link org.apache.directory.fortress.core.GlobalIds#VALIDATOR_PROPS}4={@link Day}</li>
- * <li>{@link org.apache.directory.fortress.core.GlobalIds#DSD_VALIDATOR_PROP}={@link org.apache.directory.fortress.core.impl.DSDChecker}</li>
- * </ol>
- * </p>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public final class CUtil
-{
-    private static final String CLS_NM = CUtil.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    private static List<Validator> validators;
-    private static final String DSDVALIDATOR = Config.getProperty( GlobalIds.DSD_VALIDATOR_PROP );
-
-    /**
-     * Private constructor
-     *
-     */
-    private CUtil()
-    {
-    }
-
-    /**
-     * Used by DAO utilities to convert from a string with comma delimited values to fortress internal format {@link Constraint}.
-     *
-     * @param inputString contains raw data format which is comma delimited containing temporal data.
-     * @param constraint  used by internal processing to perform validations.
-     */
-    public static void setConstraint( String inputString, Constraint constraint )
-    {
-        if ( StringUtils.isNotEmpty( inputString ) )
-        {
-            StringTokenizer tkn = new StringTokenizer( inputString, GlobalIds.DELIMITER, true );
-            if ( tkn.countTokens() > 0 )
-            {
-                int count = tkn.countTokens();
-                int index = 0;
-                boolean previousTokenWasDelimiter = false;
-                for ( int i = 0; i < count; i++ )
-                {
-                    String szValue = tkn.nextToken();
-                    if ( szValue.equals( GlobalIds.DELIMITER ) && !previousTokenWasDelimiter )
-                    {
-                        previousTokenWasDelimiter = true;
-                    }
-                    else if ( szValue.equals( GlobalIds.DELIMITER ) )
-                    {
-                        previousTokenWasDelimiter = true;
-                        index++;
-                    }
-                    else
-                    {
-                        previousTokenWasDelimiter = false;
-                        switch ( index++ )
-                        {
-                            case 0:
-                                // only set the name attr if it isn't already set:
-                                if ( ( constraint.getName() == null ) || ( constraint.getName().length() == 0 ) )
-                                {
-                                    constraint.setName( szValue );
-                                }
-
-                                break;
-                            case 1:
-                                constraint.setTimeout( Integer.parseInt( szValue ) );
-                                break;
-                            case 2:
-                                constraint.setBeginTime( szValue );
-                                break;
-                            case 3:
-                                constraint.setEndTime( szValue );
-                                break;
-                            case 4:
-                                constraint.setBeginDate( szValue );
-                                break;
-                            case 5:
-                                constraint.setEndDate( szValue );
-                                break;
-                            case 6:
-                                constraint.setBeginLockDate( szValue );
-                                break;
-                            case 7:
-                                constraint.setEndLockDate( szValue );
-                                break;
-                            case 8:
-                                constraint.setDayMask( szValue );
-                                break;
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-
-    /**
-     * Convert from fortress {@link Constraint} to comma delimited ldap format.
-     *
-     * @param constraint contains the temporal data.
-     * @return string containing raw data bound for ldap.
-     */
-    public static String setConstraint( Constraint constraint )
-    {
-        String szConstraint = null;
-        if ( constraint != null )
-        {
-            StringBuilder sb = new StringBuilder();
-            sb.append( constraint.getName() );
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getTimeout() != null )
-            {
-                sb.append( constraint.getTimeout() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getBeginTime() != null )
-            {
-                sb.append( constraint.getBeginTime() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getEndTime() != null )
-            {
-                sb.append( constraint.getEndTime() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getBeginDate() != null )
-            {
-                sb.append( constraint.getBeginDate() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getEndDate() != null )
-            {
-                sb.append( constraint.getEndDate() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getBeginLockDate() != null )
-            {
-                sb.append( constraint.getBeginLockDate() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getEndLockDate() != null )
-            {
-                sb.append( constraint.getEndLockDate() );
-            }
-
-            sb.append( GlobalIds.DELIMITER );
-
-            if ( constraint.getDayMask() != null )
-            {
-                sb.append( constraint.getDayMask() );
-            }
-
-            szConstraint = sb.toString();
-        }
-        return szConstraint;
-    }
-
-
-    /**
-     * Validate the non-null attributes on the constraint.
-     *
-     * @param c1 contains the temporal values associated with an entity.
-     * @throws org.apache.directory.fortress.core.ValidationException on first invalid attribute found.
-     */
-    public static void validate( Constraint c1 )
-        throws ValidationException
-    {
-        if ( ObjUtil.isNotNullOrEmpty( c1.getTimeout() ) )
-        {
-            VUtil.timeout( c1.getTimeout() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getBeginTime() ) )
-        {
-            VUtil.beginTime( c1.getBeginTime() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getEndTime() ) )
-        {
-            VUtil.endTime( c1.getEndTime() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getBeginDate() ) )
-        {
-            VUtil.beginDate( c1.getBeginDate() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getEndDate() ) )
-        {
-            VUtil.endDate( c1.getEndDate() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getDayMask() ) )
-        {
-            VUtil.dayMask( c1.getDayMask() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getBeginLockDate() ) )
-        {
-            VUtil.beginDate( c1.getBeginLockDate() );
-        }
-        if ( StringUtils.isNotEmpty( c1.getEndLockDate() ) )
-        {
-            VUtil.endDate( c1.getEndLockDate() );
-        }
-    }
-
-
-    /**
-     * Utility is used during processing of constraint values.  The rule used here is if the target constraint will
-     * accept the source constraint attribute only when not set initially.  If target constraint's attribute is set,
-     * validation on the constraint will be performed.
-     *
-     * @param srcC Contains instantiated constraint with one or more attributes to be copied.
-     * @param trgC instantiated object may contain zero or more attributes set.  Copy will not be performed on set attrs.
-     * @throws org.apache.directory.fortress.core.ValidationException on first invalid attribute found.
-     */
-    public static void validateOrCopy( Constraint srcC, Constraint trgC )
-        throws ValidationException
-    {
-        //VUtil.timeout(trgC.getTimeout());
-        if ( ObjUtil.isNotNullOrEmpty( trgC.getTimeout() ) )
-        {
-            srcC.setTimeout( trgC.getTimeout() );
-        }
-        else if ( ObjUtil.isNotNullOrEmpty( srcC.getTimeout() ) )
-        {
-            trgC.setTimeout( srcC.getTimeout() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getBeginTime() ) )
-        {
-            VUtil.beginTime( trgC.getBeginTime() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getBeginTime() ) )
-        {
-            trgC.setBeginTime( srcC.getBeginTime() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getEndTime() ) )
-        {
-            VUtil.endTime( trgC.getEndTime() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getEndTime() ) )
-        {
-            trgC.setEndTime( srcC.getEndTime() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getBeginDate() ) )
-        {
-            VUtil.beginDate( trgC.getBeginDate() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getBeginDate() ) )
-        {
-            trgC.setBeginDate( srcC.getBeginDate() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getEndDate() ) )
-        {
-            VUtil.endDate( trgC.getEndDate() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getEndDate() ) )
-        {
-            trgC.setEndDate( srcC.getEndDate() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getDayMask() ) )
-        {
-            VUtil.dayMask( trgC.getDayMask() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getDayMask() ) )
-        {
-            trgC.setDayMask( srcC.getDayMask() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getBeginLockDate() ) )
-        {
-            VUtil.beginDate( trgC.getBeginLockDate() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getBeginLockDate() ) )
-        {
-            trgC.setBeginLockDate( srcC.getBeginLockDate() );
-        }
-        if ( StringUtils.isNotEmpty( trgC.getEndLockDate() ) )
-        {
-            VUtil.endDate( trgC.getEndLockDate() );
-        }
-        else if ( StringUtils.isNotEmpty( srcC.getEndLockDate() ) )
-        {
-            trgC.setEndLockDate( srcC.getEndLockDate() );
-        }
-    }
-
-    /**
-     * enum specifies what type of constraint is being targeted - User or Rold.
-     */
-    public static enum ConstraintType
-    {
-        /**
-         * Specifies {@link org.apache.directory.fortress.core.model.User}
-         */
-        USER,
-        /**
-         * Specifies {@link org.apache.directory.fortress.core.model.Role}
-         */
-        ROLE
-    }
-
-    /**
-     * static initializer retrieves Validators names from config and constructs for later processing.
-     */
-    static
-    {
-        try
-        {
-            validators = getValidators();
-        }
-        catch ( SecurityException ex )
-        {
-            LOG.error( "static initialzier caught SecurityException=" + ex.getMessage(), ex );
-        }
-    }
-
-
-    /**
-     * Copy source constraint to target. Both must be created before calling this utility.
-     *
-     * @param srcC contains constraint source.
-     * @param trgC contains target constraint.
-     */
-    public static void copy( Constraint srcC, Constraint trgC )
-    {
-        // Both variables must be instantiated before being passed in to this method.
-        trgC.setTimeout( srcC.getTimeout() );
-
-        if ( StringUtils.isNotEmpty( srcC.getName() ) )
-        {
-            trgC.setName( srcC.getName() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getBeginTime() ) )
-        {
-            trgC.setBeginTime( srcC.getBeginTime() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getEndTime() ) )
-        {
-            trgC.setEndTime( srcC.getEndTime() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getDayMask() ) )
-        {
-            trgC.setDayMask( srcC.getDayMask() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getBeginDate() ) )
-        {
-            trgC.setBeginDate( srcC.getBeginDate() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getEndDate() ) )
-        {
-            trgC.setEndDate( srcC.getEndDate() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getBeginLockDate() ) )
-        {
-            trgC.setBeginLockDate( srcC.getBeginLockDate() );
-        }
-        if ( StringUtils.isNotEmpty( srcC.getEndLockDate() ) )
-        {
-            trgC.setEndLockDate( srcC.getEndLockDate() );
-        }
-    }
-
-
-    /**
-     * This utility iterates over all of the Validators initialized for runtime and calls them passing the {@link Constraint} contained within the
-     * targeted entity.  If a particular {@link org.apache.directory.fortress.core.model.UserRole} violates constraint it will not be activated.  If {@link org.apache.directory.fortress.core.model.User} validation fails a ValidationException will be thrown thus preventing User logon.
-     *
-     * @param session contains {@link org.apache.directory.fortress.core.model.User} and {@link org.apache.directory.fortress.core.model.UserRole} constraints {@link Constraint} to be checked.
-     * @param type    specifies User {@link ConstraintType#USER} or rOLE {@link ConstraintType#ROLE}.
-     * @param checkDsd will check DSD constraints if true
-     * @throws org.apache.directory.fortress.core.SecurityException in the event validation fails for User or system error occurs.
-     */
-    public static void validateConstraints( Session session, ConstraintType type, boolean checkDsd )
-        throws SecurityException
-    {
-        String location = "validateConstraints";
-        int rc;
-        if ( validators == null )
-        {
-            if ( LOG.isDebugEnabled() )
-            {
-                LOG.debug( "{} userId [{}]  no constraints enabled", location, session.getUserId() );
-            }
-            return;
-        }
-        // no need to continue if the role list is empty and we're trying to check role constraints:
-        else if ( type == ConstraintType.ROLE && !ObjUtil.isNotNullOrEmpty( session.getRoles() )
-            && !ObjUtil.isNotNullOrEmpty( session.getAdminRoles() ) )
-        {
-            if ( LOG.isDebugEnabled() )
-            {
-                LOG.debug( "{} userId [{}]  has no roles assigned", location, session.getUserId() );
-            }
-            return;
-        }
-        for ( Validator val : validators )
-        {
-            Time currTime = TUtil.getCurrentTime();
-            // first check the constraint on the user:
-            if ( type == ConstraintType.USER )
-            {
-                rc = val.validate( session, session.getUser(), currTime );
-                if ( rc > 0 )
-                {
-                    String info = location + " user [" + session.getUserId() + "] was deactivated reason code [" + rc
-                        + "]";
-                    throw new ValidationException( rc, info );
-                }
-            }
-            // Check the constraints for each activated role:
-            else
-            {
-                if ( ObjUtil.isNotNullOrEmpty( session.getRoles() ) )
-                {
-                    // now check the constraint on every role activation candidate contained within session object:
-                    ListIterator<UserRole> roleItems = session.getRoles().listIterator();
-
-                    while ( roleItems.hasNext() )
-                    {
-                        Constraint constraint = roleItems.next();
-                        rc = val.validate( session, constraint, currTime );
-
-                        if ( rc > 0 )
-                        {
-                            String msg = location + " role [" + constraint.getName() + "] for user ["
-                                + session.getUserId() + "] was deactivated reason code [" + rc + "]";
-                            LOG.info( msg );
-                            roleItems.remove();
-                            session.setWarning( new ObjectFactory().createWarning( rc, msg, Warning.Type.ROLE,
-                                constraint.getName() ) );
-                        }
-                    }
-                }
-                if ( ObjUtil.isNotNullOrEmpty( session.getAdminRoles() ) )
-                {
-                    // now check the constraint on every arbac role activation candidate contained within session object:
-                    ListIterator roleItems = session.getAdminRoles().listIterator();
-                    while ( roleItems.hasNext() )
-                    {
-                        Constraint constraint = ( Constraint ) roleItems.next();
-                        rc = val.validate( session, constraint, currTime );
-                        if ( rc > 0 )
-                        {
-                            String msg = location + " admin role [" + constraint.getName() + "] for user ["
-                                + session.getUserId() + "] was deactivated reason code [" + rc + "]";
-                            LOG.info( msg );
-                            roleItems.remove();
-                            session.setWarning( new ObjectFactory().createWarning( rc, msg, Warning.Type.ROLE,
-                                constraint.getName() ) );
-                        }
-                    }
-                }
-            }
-        }
-
-        // now perform DSD validation on session's impl roles:
-        if ( checkDsd && DSDVALIDATOR != null && DSDVALIDATOR.length() > 0 && type == ConstraintType.ROLE
-            && ObjUtil.isNotNullOrEmpty( session.getRoles() ) )
-        {
-            Validator dsdVal = ( Validator ) ClassUtil.createInstance( DSDVALIDATOR );
-            dsdVal.validate( session, session.getUser(), null );
-        }
-        // reset the user's last access timestamp:
-        session.setLastAccess();
-    }
-
-
-    /**
-     * Utility is used internally by this class to retrieve a list of all Validator class names, instantiate and return.
-     *
-     * @return list of type {@link Validator} containing all active validation routines for entity constraint processing.
-     * @throws org.apache.directory.fortress.core.CfgException in the event validator cannot be instantiated.
-     */
-    private static List<Validator> getValidators()
-        throws CfgException
-    {
-        List<Validator> validators = new ArrayList<>();
-        for ( int i = 0;; i++ )
-        {
-            String prop = GlobalIds.VALIDATOR_PROPS + i;
-            String className = Config.getProperty( prop );
-            if ( className == null )
-            {
-                break;
-            }
-
-            validators.add( ( Validator ) ClassUtil.createInstance( className ) );
-        }
-        return validators;
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/ClockTime.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/ClockTime.java b/src/main/java/org/apache/directory/fortress/core/util/time/ClockTime.java
index 9cc6f57..3969d93 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/ClockTime.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/ClockTime.java
@@ -22,13 +22,14 @@ package org.apache.directory.fortress.core.util.time;
 
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.Session;
 
 
 /**
- * This class performs time validation for {@link Constraint}.  This validator will ensure the current time falls between {@link Constraint#getBeginTime()} and {@link Constraint#getEndTime()}
+ * This class performs time validation for {@link org.apache.directory.fortress.core.model.Constraint}.  This validator will ensure the current time falls between {@link org.apache.directory.fortress.core.model.Constraint#getBeginTime()} and {@link Constraint#getEndTime()}
  * The format requires military time, i.e. 0800 for 8:00 am, 1700 for 5:00 pm.  The constant {@link org.apache.directory.fortress.core.GlobalIds#NONE} may be used to disable checks for a particular entity.
- * for {@link Constraint} validations that occur in
+ * for {@link org.apache.directory.fortress.core.model.Constraint} validations that occur in
  * <h4> Constraint Targets include</h4>
  * <ol>
  * <li>{@link org.apache.directory.fortress.core.model.User} maps to 'ftCstr' attribute on 'ftUserAttrs' object class</li>
@@ -45,8 +46,8 @@ public class ClockTime
     implements Validator
 {
     /**
-     * This method is called during entity activation, {@link CUtil#validateConstraints} and ensures the current time is
-     * between {@link Constraint#getBeginTime()} and {@link Constraint#getBeginTime()}.
+     * This method is called during entity activation, {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints} and ensures the current time is
+     * between {@link Constraint#getBeginTime()} and {@link org.apache.directory.fortress.core.model.Constraint#getBeginTime()}.
      *
      * @param session    required for {@link Validator} interface but not used here.
      * @param constraint contains the begin and end times.  Maps listed above.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/Constraint.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/Constraint.java b/src/main/java/org/apache/directory/fortress/core/util/time/Constraint.java
deleted file mode 100755
index 11178db..0000000
--- a/src/main/java/org/apache/directory/fortress/core/util/time/Constraint.java
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.util.time;
-
-
-/**
- * The Fortress Constraint interface prescribes attributes that are used to store, process and retrieve temporal validation attributes on
- * {@link org.apache.directory.fortress.core.model.User}, {@link org.apache.directory.fortress.core.model.UserRole}, {@link org.apache.directory.fortress.core.model.Role},
- * {@link org.apache.directory.fortress.core.model.AdminRole}, {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
- * <p/>
- * <img src="../../doc-files/TemporalRbac.png">
- * <p/>
- * <h3>Temporal Constraints on User and Role Assignments</h3>
- * In addition to the standard RBAC support, Fortress provides coverage for temporal constraints on role and user activation into session.
- * Temporal constraints affect when Users may activate Roles within runtime system at a particular point in time.  For example a nurse may be assigned to the "ChargeNurse" role but be limited as to when she is permitted to perform those duties, i.e. weekend graveyard shift.  Another example is a bank teller who is assigned to a "Teller" role but may only act within role between the hours of 9:00 to 5:00 on Monday thru Friday during normal business hours.
- * Additionally Fortress temporal constraints are checked during user authentication to control when a user is actually permitted to sign-on to a system.  The constraints may also be applied to enforce temporary blackout periods to cover vacations, leave of absences, sabbaticals, etc.
- * <p/>
- * <h4>Constraint Schema</h4>
- * The entity maps to Fortress LDAP Schema object classes:
- * <p/>
- * 1. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass    ( 1.3.6.1.4.1.38088.2.1</code>
- * <li> <code>NAME 'ftRls'</code>
- * <li> <code>DESC 'Fortress Role Object Class'</code>
- * <li> <code>SUP organizationalrole</code>
- * <li> <code>STRUCTURAL</code>
- * <li> <code>MUST ( ftId $ ftRoleName )</code>
- * <li> <code>MAY ( description $ ftCstr ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <p/>
- * 2. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.1</code>
- * <li> <code>NAME 'ftUserAttrs'</code>
- * <li> <code>DESC 'Fortress User Attribute AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MUST ( ftId )</code>
- * <li> <code>MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr</code>
- * <li>  ------------------------------------------
- * </ul>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public interface Constraint
-{
-    /**
-     * temporal boolean flag is used by internal Fortress components.
-     *
-     * @return boolean indicating if temporal constraints are placed on user.
-     */
-    boolean isTemporalSet();
-
-
-    /**
-     * Set the integer timeout that contains max time (in seconds) that entity may remain inactive.
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param timeout maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setTimeout( Integer timeout );
-
-
-    /**
-     * Set the begin time of day entity is allowed to be activated in system.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param beginTime maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setBeginTime( String beginTime );
-
-
-    /**
-     * Set the end time of day entity is allowed to be activated in system.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param endTime maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setEndTime( String endTime );
-
-
-    /**
-     * Set the beginDate when entity is allowed to be activated in system.  The format is - YYYYMMDD, i.e. 20100101 (January 1, 2001).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param beginDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setBeginDate( String beginDate );
-
-
-    /**
-     * Set the end date when entity is not allowed to be activated in system.  The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param endDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setEndDate( String endDate );
-
-
-    /**
-     * Set the daymask that specifies what days of week entity is allowed to be activated in system.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param dayMask maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setDayMask( String dayMask );
-
-
-    /**
-     * Set the begin lock date when entity is temporarily not allowed to be activated in system.  The format is - YYYYMMDD, 20100101 (January 1, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param beginLockDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setBeginLockDate( String beginLockDate );
-
-
-    /**
-     * Set the end lock date when entity is allowed to be activated in system once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param endLockDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    void setEndLockDate( String endLockDate );
-
-
-    /**
-     * This is used internally by Fortress for Constraint operations.  Values set here by external caller will be ignored.
-     *
-     * @param name contains attribute used internally for constraint checking.
-     */
-    void setName( String name );
-
-
-    /**
-     * Required on DAO classes convert from raw data to object format.  Not intended for external use.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getRawData();
-
-
-    /**
-     * Return the integer timeout that contains total time (in seconds) that entity may remain inactive.
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return int that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    Integer getTimeout();
-
-
-    /**
-     * Contains the begin time of day entity is allowed to be activated in system.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to 'ftCstr', 'ftRC', 'ftARC' attributes in 'ftUserAttrs' object class and 'ftCstr' attribute in 'ftRls' object class.
-     */
-    String getBeginTime();
-
-
-    /**
-     * Contains the end time of day entity is allowed to be activated in system.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getEndTime();
-
-
-    /**
-     * Contains the begin date when entity is allowed to be activated in system.  The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getBeginDate();
-
-
-    /**
-     * Contains the end date when entity is allowed to be activated in system.  The format is - YYYYMMDD, i.e. 20101231 (December 31, 2011).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getEndDate();
-
-
-    /**
-     * Contains the begin lock date when entity is temporarily not allowed to activated in system.  The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getBeginLockDate();
-
-
-    /**
-     * Contains the end lock date when entity is allowed to be activated in system once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getEndLockDate();
-
-
-    /**
-     * Get the daymask that indicates what days of week entity is allowed to be activated in system.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getDayMask();
-
-
-    /**
-     * This is used internally by Fortress for Constraint operations.
-     *
-     * @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
-     */
-    String getName();
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/Date.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/Date.java b/src/main/java/org/apache/directory/fortress/core/util/time/Date.java
index c66ca2f..bafa628 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/Date.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/Date.java
@@ -21,6 +21,7 @@ package org.apache.directory.fortress.core.util.time;
 
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.Session;
 
 /**
@@ -42,7 +43,7 @@ public class Date
     implements Validator
 {
     /**
-     * This method is called during entity activation, {@link CUtil#validateConstraints} and ensures the current date is
+     * This method is called during entity activation, {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints} and ensures the current date is
      * between {@link Constraint#getBeginDate()} and {@link Constraint#getEndDate()}.
      *
      * This validation routine allows for either beginDate or endDate to be null or set to "none" which will disable the corresponding check.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/Day.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/Day.java b/src/main/java/org/apache/directory/fortress/core/util/time/Day.java
index 2391690..a6ba24a 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/Day.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/Day.java
@@ -21,6 +21,7 @@ package org.apache.directory.fortress.core.util.time;
 
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.Session;
 
 /**
@@ -42,8 +43,8 @@ public class Day
     implements Validator
 {
     /**
-     * This method is called during entity activation, {@link CUtil#validateConstraints} and ensures the current day falls
-     * within {@link Constraint#getDayMask()} range.
+     * This method is called during entity activation, {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints} and ensures the current day falls
+     * within {@link org.apache.directory.fortress.core.model.Constraint#getDayMask()} range.
      *
      * @param session    required for {@link Validator} interface but not used here.
      * @param constraint contains the days of week entity may be activated.  Data mappings listed above.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/LockDate.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/LockDate.java b/src/main/java/org/apache/directory/fortress/core/util/time/LockDate.java
index 3bbf81f..402f50d 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/LockDate.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/LockDate.java
@@ -22,10 +22,11 @@ package org.apache.directory.fortress.core.util.time;
 
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.Session;
 
 /**
- * This class performs lock date validation for {@link Constraint}.  This validator will ensure the current date falls outside {@link Constraint#getBeginLockDate()} and {@link Constraint#getEndLockDate()} range.
+ * This class performs lock date validation for {@link org.apache.directory.fortress.core.model.Constraint}.  This validator will ensure the current date falls outside {@link org.apache.directory.fortress.core.model.Constraint#getBeginLockDate()} and {@link Constraint#getEndLockDate()} range.
  * The idea is an entity can be barred from activation for a particular blackout period, i.e. vacation, leave of absence, etc.
  * The data format requires YYYYMMDD, i.e. 20110101 for January 1, 2011.  The constant {@link org.apache.directory.fortress.core.GlobalIds#NONE} may be used to disable checks for a particular entity.
  * <h4> Constraint Targets include</h4>
@@ -44,8 +45,8 @@ public class LockDate
     implements Validator
 {
     /**
-     * This method is called during entity activation, {@link CUtil#validateConstraints} and ensures the current date falls
-     * outside the {@link Constraint#getBeginLockDate()} and {@link Constraint#getEndLockDate()} range.
+     * This method is called during entity activation, {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints} and ensures the current date falls
+     * outside the {@link org.apache.directory.fortress.core.model.Constraint#getBeginLockDate()} and {@link org.apache.directory.fortress.core.model.Constraint#getEndLockDate()} range.
      *
      * This validation routine will automatically pass if either beginLockDate or endLockDate equals null or "none".
      * If both beginLockDate and endLockDate are set the validator will ensure current date does not fall between the date range.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/TUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/TUtil.java b/src/main/java/org/apache/directory/fortress/core/util/time/TUtil.java
index 9565ae4..7eee60e 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/TUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/TUtil.java
@@ -27,7 +27,7 @@ import java.util.*;
 
 
 /**
- * Utility class to convert current time/date into internal format, {@link Time}, used for {@link Constraint} checks {@link CUtil#validateConstraints(org.apache.directory.fortress.core.model.Session, CUtil.ConstraintType, boolean)}.
+ * Utility class to convert current time/date into internal format, {@link Time}, used for {@link org.apache.directory.fortress.core.model.Constraint} checks {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)}.
  * This utility processes custom date formats and should not be used by external programs.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/Time.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/Time.java b/src/main/java/org/apache/directory/fortress/core/util/time/Time.java
index 95cea6f..aa1d5fd 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/Time.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/Time.java
@@ -20,7 +20,7 @@
 package org.apache.directory.fortress.core.util.time;
 
 /**
- * Class contains a custom timestamp that is processed by {@link Validator} to check {@link Constraint}.
+ * Class contains a custom timestamp that is processed by {@link Validator} to check {@link org.apache.directory.fortress.core.model.Constraint}.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/Timeout.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/Timeout.java b/src/main/java/org/apache/directory/fortress/core/util/time/Timeout.java
index 65af03a..253dcd9 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/Timeout.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/Timeout.java
@@ -21,11 +21,12 @@ package org.apache.directory.fortress.core.util.time;
 
 
 import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.Session;
 
 
 /**
- * This class performs timeout validation for {@link Constraint}.  This validator will ensure the elapsed time an entity is active is less than {@link Constraint#getTimeout()} and {@link Constraint#getEndTime()}
+ * This class performs timeout validation for {@link Constraint}.  This validator will ensure the elapsed time an entity is active is less than {@link org.apache.directory.fortress.core.model.Constraint#getTimeout()} and {@link Constraint#getEndTime()}
  * The timeout is in minutes and is stored as integer value.  i.e. 30 for 30 minutes.  A value of '0' specifies no timeout for a particular entity.
  * <h4> Constraint Targets include</h4>
  * <ol>
@@ -42,7 +43,7 @@ import org.apache.directory.fortress.core.model.Session;
 public class Timeout implements Validator
 {
     /**
-     * This method is called during entity activation, {@link CUtil#validateConstraints} and ensures the elapsed time a particular entity has been activated does not exceed specified.
+     * This method is called during entity activation, {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints} and ensures the elapsed time a particular entity has been activated does not exceed specified.
      * value {@link Constraint#getTimeout()}.
      *
      * @param session    required for {@link Validator} interface but not used here.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/main/java/org/apache/directory/fortress/core/util/time/Validator.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/time/Validator.java b/src/main/java/org/apache/directory/fortress/core/util/time/Validator.java
index aa911fc..5b5ef17 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/time/Validator.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/time/Validator.java
@@ -20,6 +20,7 @@
 package org.apache.directory.fortress.core.util.time;
 
 
+import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.Session;
 
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/AdminMgrConsole.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/AdminMgrConsole.java b/src/test/java/org/apache/directory/fortress/core/AdminMgrConsole.java
index 1a778df..b22ef67 100755
--- a/src/test/java/org/apache/directory/fortress/core/AdminMgrConsole.java
+++ b/src/test/java/org/apache/directory/fortress/core/AdminMgrConsole.java
@@ -37,7 +37,7 @@ import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.ObjUtil;
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.jgrapht.UndirectedGraph;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/ReviewMgrConsole.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/ReviewMgrConsole.java b/src/test/java/org/apache/directory/fortress/core/ReviewMgrConsole.java
index 3a4c6cc..38c526c 100755
--- a/src/test/java/org/apache/directory/fortress/core/ReviewMgrConsole.java
+++ b/src/test/java/org/apache/directory/fortress/core/ReviewMgrConsole.java
@@ -30,7 +30,7 @@ import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 
 import java.util.ArrayList;
 import java.util.List;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/example/Example.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/example/Example.java b/src/test/java/org/apache/directory/fortress/core/example/Example.java
index b3185f7..7b03727 100755
--- a/src/test/java/org/apache/directory/fortress/core/example/Example.java
+++ b/src/test/java/org/apache/directory/fortress/core/example/Example.java
@@ -20,7 +20,7 @@
 package org.apache.directory.fortress.core.example;
 
 
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 
 import java.rmi.server.UID;
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/example/ExampleDAO.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/example/ExampleDAO.java b/src/test/java/org/apache/directory/fortress/core/example/ExampleDAO.java
index 987dbcb..1e9b304 100755
--- a/src/test/java/org/apache/directory/fortress/core/example/ExampleDAO.java
+++ b/src/test/java/org/apache/directory/fortress/core/example/ExampleDAO.java
@@ -34,7 +34,7 @@ import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.fortress.core.FinderException;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-import org.apache.directory.fortress.core.util.time.CUtil;
+import org.apache.directory.fortress.core.model.ConstraintUtil;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.LoggerFactory;
 import org.apache.directory.fortress.core.CreateException;
@@ -110,7 +110,7 @@ public class ExampleDAO extends ApacheDsDataProvider
 
             //AttrHelper.loadTemporalAttrs(entity, attrs);
             entity.setName("EXAMPLE");
-            entry.add( GlobalIds.CONSTRAINT, CUtil.setConstraint( entity ) );
+            entry.add( GlobalIds.CONSTRAINT, ConstraintUtil.setConstraint( entity ) );
             add(ld, entry);
         }
         catch (LdapException e)
@@ -152,7 +152,7 @@ public class ExampleDAO extends ApacheDsDataProvider
 
             }
 
-            String szRawData = CUtil.setConstraint( entity );
+            String szRawData = ConstraintUtil.setConstraint( entity );
             if (szRawData != null && szRawData.length() > 0)
             {
                 mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.CONSTRAINT, szRawData ) );

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index b328fce..fe4d99c 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -27,6 +27,7 @@ import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
+import org.apache.directory.fortress.core.model.ConstraintUtil;
 import org.apache.directory.fortress.core.model.PermObj;
 import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.Role;
@@ -43,7 +44,6 @@ import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.ReviewMgr;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.util.LogUtil;
-import org.apache.directory.fortress.core.util.time.CUtil;
 
 
 /**
@@ -1441,7 +1441,7 @@ public class AdminMgrImplTest extends TestCase
                     User user = UserTestData.getUser( usr );
                     Role role = RoleTestData.getRole( rle );
                     UserRole uRole = new UserRole();
-                    CUtil.copy( role, uRole );
+                    ConstraintUtil.copy( role, uRole );
                     if ( !setTemporal )
                     {
                         // test the default constraints for role
@@ -1492,7 +1492,7 @@ public class AdminMgrImplTest extends TestCase
                 Role role = RoleTestData.getRole( rArray[i] );
                 UserRole uRole = new UserRole();
                 uRole.setUserId( UserTestData.getUserId( usr ) );
-                CUtil.copy( role, uRole );
+                ConstraintUtil.copy( role, uRole );
                 adminMgr.assignUser( uRole );
                 i++;
             }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/impl/AdminRoleTestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminRoleTestData.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminRoleTestData.java
index 574e4d8..1019763 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminRoleTestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminRoleTestData.java
@@ -28,7 +28,7 @@ import junit.framework.TestCase;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.fortress.core.model.AdminRole;
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/impl/RoleTestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/RoleTestData.java b/src/test/java/org/apache/directory/fortress/core/impl/RoleTestData.java
index da2f0e1..0d892be 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/RoleTestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/RoleTestData.java
@@ -37,7 +37,7 @@ import org.apache.directory.fortress.core.model.UserRole;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/impl/TestUtils.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/TestUtils.java b/src/test/java/org/apache/directory/fortress/core/impl/TestUtils.java
index b97c327..b3d0ec7 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/TestUtils.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/TestUtils.java
@@ -34,7 +34,7 @@ import junit.framework.TestCase;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/559c280e/src/test/java/org/apache/directory/fortress/core/impl/UserTestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/UserTestData.java b/src/test/java/org/apache/directory/fortress/core/impl/UserTestData.java
index 72e3fe6..e0d69e2 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/UserTestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/UserTestData.java
@@ -36,7 +36,7 @@ import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.model.Address;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.util.ObjUtil;
-import org.apache.directory.fortress.core.util.time.Constraint;
+import org.apache.directory.fortress.core.model.Constraint;
 
 
 /**


Mime
View raw message